Corruption, money laundering, tax evasion and sanctions
Risk, why is it your problem?
As businesses continue to face a challenging economic environment in most developed economies and are looking towards rapid-growth markets with potentially better prospects, they also face the risk of higher levels of bribery and corruption. The rising trend of cross-border regulatory action and the increasing focus of investors on governance and transparency have brought these risks into sharper perspective. Leading companies are responding with enhanced compliance and due diligence measures, robust internal audits, enhanced investigative capabilities, whistleblowing and leveraging off the latest data analytical tools. The precautionary adage: better safe than sorry, has never been more pertinent.
In a recent panel discussion hosted by Deloitte on the subject of “Risk, why is it your problem?” it emerged that corporate counsels in the region have two immediate concerns related to navigating the challenges that come with operating in an international business environment over the next 6-12 months: the increased volume and complexity of international regulatory and legal obligations on the one hand, and the risks associated with expansion into new markets on the other. Those two factors frequently converge – especially when the expansion involves emerging or lesser-developed markets where prevailing local business practices are at odds with international norms. With that tension comes one very large risk: the risk of the company committing an act that yields a cross-border regulatory enforcement action.
Attendees were especially concerned about the reputational damage, fines and profit disgorgements that can accompany non-compliance with cross-border regulations. This is notably acute for those expanding into emerging markets where pressures to establish and grow their business in a new market frequently raise challenges with regard to regulation and compliance.
The impact of cross-border business practices are placed in even sharper perspective through an increasing trend under the Foreign Corrupt Practices Act (FCPA) of prosecuting executives and individuals with control responsibility over organizations that have violated anticorruption legislations.
What are the cross-border enforcement priorities that companies should be concerned about?
There are numerous methods that companies and the individuals who run them can brush up against the long arm of the U.S. authorities. Examples of current priority matters for U.S. authorities include corruption, money laundering and tax evasion.
Corruption - The driving force of anti-corruption enforcement continues to be the U.S. Securities Exchange Commission (SEC) and U.S. Department of Justice (DoJ) through the FCPA, with recent fines amounting to over USD 2.7 billion between 2010-2012. In 2012 the SEC and DoJ collectively enforced actions against 23 corporations. During the first six months alone of 2013, 17 actions have been enforced. With the passing of the U.K. Bribery Act in 2010 and the aggressive promotion of anti-corruption legislation by Organization for Economic Cooperation and Development (OECD) countries, bribery and corruption are appearing increasingly on the agenda of governments around the world. Although enforcement of the U.K. Bribery Act has gained little public traction, the Act does give the U.K. Serious Fraud Office sweeping powers to prosecute bribery anywhere in the world and thus compliance with it needs to be a headline issue for companies with U.K. connections, irrespective of the geography of their operations.
Money laundering - Anti-money laundering regulations have yielded U.S. authorities some of the largest fines on record, underscoring the challenge that international financial institutions face in enforcing consistent compliance of policies across widespread and looselyintegrated overseas networks. However, it is not just extra-territorial enforcement that organizations face, local authorities are also tightening their regulations.
The Dubai Financial Services Authority (DFSA), for instance, has just published a new Anti Money Laundering (AML) rulebook, which came into force on 14 July, 2013. As anticipated, this rulebook places significant focus on a “risk-based approach” and on the assessment of money laundering risk, in terms of both business risk and customer risk assessment. Organizations operating in the Dubai International Financial Center (DIFC) will need to familiarize themselves with the changes in the regulations.
Tax evasion - Another U.S. law designed specifically with cross-border enforcement in mind is the Foreign Account Tax Compliance Act (FATCA). FATCA, designed to prevent tax avoidance of U.S. citizens abroad through foreign (non-US) financial institutions (FFIs) will begin to be implemented in 2014, is and should be an immediate and current concern for any financial services institutions. The Act requires FFIs and non-US non-financial entities to identify and disclose their U.S. account holders and members or face a new 30 percent U.S. withholding tax. The U.S. Internal Revenue Service (IRS) expects the Act to raise USD 7.6 billion in tax revenue over a 10-year period (and perhaps a small fortune in fines as well), and will have a direct and profound impact on FFIs that have any U.S. proprietary investments, account holders, or financial dealings. Compliance with FACTA will require organizations in the financial services sector to implement enhanced Know Your Client (KYC) and AML due diligence and acquire deeper knowledge of IRS rules.
Economic and trade sanctions - Particularly relevant in the Middle East – given the region’s history as a trading entrepôt and the presence of sanctioned regimes – are the host of laws and regulations controlling trade and flow of funds that add an additional layer of risk and complexity to conducting business internationally. These laws, covering a range of goods and services, target an even wider range of regimes, organizations and individuals even. Authorities such as the U.S. Office of Foreign Assets Control (OFAC) are aggressively employing new tools to more closely and effectively implement sanctions, such as prohibiting international banks from accessing U.S. dollar markets if they are considered to be providing financial services to entities on sanctions lists. OFAC in 2012 completed or settled 16 enforcement actions and collected penalties of over USD 1.1 billion. There is no sign that OFAC’s vigor is dying down.
How can companies avoid being the next headline story?
Reputation is key to every organization – it is good to be in the news, but only for the right reasons. Once damaged, reputation can be very difficult to repair, particularly where integrity is called into question. Violating anti-corruption, tax evasion, money laundering, trade sanctions or human rights laws are examples of a handful of different ways that a company can tarnish its reputation through careless overseas activities. Allegations of corruption seem to get the most attention recently, because of the high-value fines being doled out by the U.S. authorities, as well as their eagerness to cast the broadest shadow possible. Risks are increasing, but standards are not. It seems there are few companies who can truly claim to be exempt from U.S. oversight.
Third-party due diligence - FCPA corruption settlements frequently cite the role of third-party agents such as vendors, joint venture partners, government liaisons, customs and immigration agents and acquired entities in alleged violations. Although we are seeing a greater reliance on outsourcing key functions to thirdparties, especially in emerging markets, it is no longer possible to circumvent risk through a third-party. Determining the potential risk of third-party corruption requires organizations to consider factors such as the type of third-party with which they are planning to engage, the services to be provided, the locations in which parties operate and the level of interaction that they may have with the public sector. Organizations looking to expand into new markets should regularly perform integrity and corruption due diligence on third-parties and should ensure that they conduct KYC procedures on new clients to ensure compliance with anti-bribery and corruption and AML regulations.
Compliance culture and “t one from the top”
To avoid falling foul of the FCPA or any of the local authorities who are increasingly joining the enforcement bandwagon, organizations and executives responsible for compliance can take a number of steps – including demonstrating a strong “tone from the top” approach and implementing a robust corporate governance framework containing a defined ethics and compliance policy. Officers, directors and employees should be issued guidelines, policies, and should be regularly trained on anti-bribery, anti-corruption (ABC) compliance. Potential risks should be highlighted to employees and suppliers, whilst compliance covenants should be included in contractual agreements.
Internal risk assessment and risk management -
Another proactive step that companies can take is to conduct risk assessments. This is critical in any area of compliance concern (be it corruption, fraud, environmental or other) and includes conducting reviews of operations, comparing the objectives of controls with individuals’ understanding of those controls and their responsibilities, identifying deficiencies and developing a prioritized action plan to plug any gaps. Furthermore, implementation of a whistleblowing hotline and regular reviews of compliance with an understanding of the firm’s policy are all crucial to demonstrate to authorities that organizations are committed to compliance and that any violations are the result of individual or “rogue” action, rather than the result of shoddy controls or, worse, corrupt business practices.
|The US Dodd-Frank Act poses a significant challenge to companies operating in the crosshairs of U.S. regulators. Provisions for whistleblower protection and reward mean that every company needs to be especially diligent about implementing a robust compliance program. A fundamental component of that program should be a whistleblowing program that encourages employees to report their concerns internally, rather than succumb to the temptation to report externally and seek a reward from the U.S. authorities.|
Companies should also consider including a broader review of fraud risks in any corruption risk assessment and vigorously investigate any potential violations. Organizations should be aware that would-be makers of corrupt payments frequently use methods that mirror other forms of fraud thus, an emphasis on fraud in the corruption risk assessments may help tighten down controls in areas that might escape the attention of the anti-corruption compliance teams. Proactively tackling any corruption or fraud identified within an organization embeds the notion that the company is attentive to the subject. The knowledge that someone is watching is in itself the greatest deterrent to would-be perpetrators of any number of potential violations.
Whistleblowers - Another significant piece of U.S. legislation that is likely to have significant ramifications on extra-territorial enforcement is the Dodd-Frank Act. A component of Dodd-Frank is a whistleblower protection and reward program that effectively offers a bounty to whistleblowers who take their allegations directly to the SEC/DoJ (should their allegation yield a fine to either authority). The policy allows employees to disclose information without fear of reprisal, thereby enhancing corporate transparency and accountability. It however also encourages employees to report concerns internally (rather than externally) which can lead the company to self-investigate and report if necessary.
Given these pressures, it may well be that non-U.S. companies should consider implementing a new form of risk assessment: the risk of U.S. regulatory action to establish a clear and complete picture of the different ways in which they may be exposed to cross-border enforcement by significant overseas regulators, and evaluate the controls and monitoring mechanisms they have in place to alert themselves to risk as it arises. Companies should prevent being caught by surprise with an overseas authority brandishing a statute they never thought would apply to them.
In light of the growing emphasis on cross-border enforcement and the very direct impact it can have on the control persons within an organization, the question arises: who should be responsible for these risks within an organization? While it is certainly important to have a broad range of staff trained on matters of critical risks and to generally raise risk awareness within an organization, there may be no “one size fits all” risk framework applicable to all companies and industries. It is important that the risk management framework is fit for purpose and each organization should be aware of the risk factors most relevant to it and its industry. Assessing what is appropriate can be complex and many companies seek external advice to ensure that they are benchmarked appropriately. Going forward, it may be important to include in that benchmarking the company’s awareness and attentiveness to the complex web of international regulations to which they may be exposed. Growth and expansion can no longer be separated from corporate awareness and ethical conduct.
by Ralph Stobwasser, director, Forensic, Deloitte Corporate Finance Limited (Regulated by the DFSA), Middle East and Collin Keeney, director, Forensic, Deloitte Corporate Finance Limited (Regulated by the DFSA), Middle East
1 Held at Legal Week’s 6th annual Middle East Corporate Counsel Forum in Dubai on 15 May, 2013.