practice area articles
Anti-Corruption Investigations: Global Outlook
By Paul Hastings Professional
Anti-corruption Investigations: Global Outlook
From the enactment of new laws to the changes that come with a new administration, the global investigations and compliance landscape is constantly evolving. Hear from our partners on recent developments that may create complex challenges for companies seeking growth while ensuring compliance, especially across borders:
United Kingdom: The Criminal Finances Act
France: The Implications of Sapin II
Recently we brought together a group of senior business leaders, in-house counsel, and leading practitioners and academics in Paris for a roundtable discussion on the implications of Sapin II, France’s new anti-corruption and transparency law, for French corporations operating in a multi-jurisdictional environment. In our Q&A, Litigation partners
How does France’s approach to anticorruption and transparency with the Sapin II law differ from the approach taken by the U.S. and UK?
In enacting Sapin II, France has followed a distinctly different path than the U.S. and the UK. The UK Bribery Act (UKBA) creates a strict liability criminal offense for corporations based or acting in the UK that engage in acts of overseas bribery of public officials. But the UKBA includes a Corporate Offence of Failing to Prevent Bribery. It also includes a statutory affirmative defense for companies with a compliance program that includes key features set out by guideline.
Despite various failed legislative attempts, the U.S. Foreign Corrupt Practices Act (FCPA) does not include an affirmative “compliance” defense; but the Fraud Section of the U.S. Department of Justice (DOJ), which oversees enforcement under the statute, specifically takes into account the state of a company’s compliance program in deciding whether to pursue criminal charges and what penalty is appropriate. The U.S. Sentencing Guidelines likewise expressly take into account the existence of an effective compliance program.
By contrast, if Sapin II also includes a Corporate Offence of Failing to Prevent Bribery, it imposes a specific legislative requirement on certain corporations to maintain a compliance program and can enforce the requirement through fines against the company, its management, and directors, as well as through monitorships. The compliance obligation applies regardless of whether there has been a predicate act of bribery. And the enhanced penalties against public official bribery, by contrast, do not include any affirmative defense for compliance or any expectation of leniency for those companies that maintained a robust compliance program.
In many respects, these three distinct approaches together offer a kind of laboratory for testing conceptual approaches to encouraging corporate compliance. In practice, for many companies operating in all three environments, this will further complicate their approach to addressing potential problems.
Will Sapin II impact the U.S. government’s role in investigating French companies?
In enacting Sapin II, it appears that French legislators and regulators believed that the existence of a comprehensive compliance and anti-bribery statute would cause the United States to step back from trying to take a primary role in investigations of French companies. However, the DOJ has privately advised French regulators that the mere passage of Sapin II will not generate a change in U.S. policy. Rather, U.S. regulators will watch for signs that France intends aggressively to pursue enforcement matters and impose penalties that the U.S. regards as appropriate. The U.S. will defer to the French only if (and only after) it sees signs of intensified enforcement.
Does Sapin II present new challenges for French companies doing business across jurisdictions? What critical issues or changes presented by Sapin II do French companies need to address?
According to the UN Global Compact, 1,600 companies potentially meet the thresholds in Sapin II requiring a suitable compliance program. (In the case of consolidated accounts, the requirement extends to the subsidiaries and affiliates.) Of these, a handful of the largest French companies already operate in the international environment, subject to (among others) U.S. and UK law; these companies, by and large, already have implemented robust compliance programs that will likely satisfy the standards to be promulgated by French regulators. The rest, however, will face a daunting challenge to understand, adapt, and adopt modern compliance tools to their particular environment.
It was the consensus of the group that the “risk assessment” requirement may be the most challenging. While many companies have policies and procedures in place, few understand or have implemented a risk-based approach to compliance. On the whole, however, given the relatively small size of the potential penalties, the fact that the remedies are non-criminal, and the scale of the resources likely to be devoted to enforcement of the compliance obligation, the consensus of the group was that compliance was the most novel of Sapin II’s requirements, but not likely to be its greatest challenge.
However, publication of the administrative sanction, on the model of the other regulators such as Autorité de la Concurrence, Autorité des marchés financiers, and Autorité de Contrôle Prudentiel et de Résolution, could encourage French companies to develop their efforts to avoid the consequences of such advertising to investors, shareholders, customers and bankers, according to the “name and shame” principle.
What challenges does more vigorous enforcement create for management and for remediation efforts?
The group agreed that more vigorous enforcement is likely to pose a greater challenge in two key respects. First, any investigation into a potential improper payment necessarily calls into question the role of management, either because of their potential personal participation in any underlying problem or, alternatively, because of their potential failure to implement appropriate internal controls. As a result, the management teams of French companies are likely to find themselves in a potential conflict of interest in which their judgment about how to address a problem is called into question. The group agreed that this problem created a governance challenge for French companies, in which Supervisory Boards and their key committees – audit, ethics, and compliance – would be called upon to take a far more active role in these matters than they have in the past.
Second, a key aspect of a company’s response to any evidence of improper payments is remediation. The group expressed the view that more vigorous remedial steps than French companies have historically taken – particularly in the area of employee discipline – will be required. Recognizing the fundamental differences between U.S. and European employment law and practice, it was nevertheless agreed that companies will not be able to protect themselves from large penalties without finding ways to be more assertive in addressing historical misconduct.
What questions or issues have yet to be addressed when it comes to how Sapin II will be implemented? What are the key developments our clients should watch for?
There are two main areas where questions remain for French companies. First, there was no consensus – and great skepticism – about the merits of self-disclosure. U.S. enforcement policy, through the Pilot Program, as well as through past practice, places huge emphasis on voluntary self-disclosure of potential problems and full cooperation with U.S. authorities. But the U.S. authorities, in particular, have made clear that they will share any information they receive with other potentially affected jurisdictions, many of which either do not have a similar non-prosecution path (declinations, non-prosecution agreements, and deferred prosecution agreements[DPAs]) or whose experience with DPAs is so limited and so recent (UK and France) that companies have no basis on which to predict how a matter will be handled.
At least until there is greater clarity about how the UK and France will use their new DPA tools, there was a strong consensus that, in the absence of a reason to believe that disclosure to the government was imminent or inevitable, voluntary self-disclosure was a precarious course; the preferred route was internal investigation and robust remediation (including employee discipline and a review of internal procedures and controls). Second, the group returned repeatedly to the inherent problem of multiple or serial investigations by a growing number of jurisdictions, without any way to ensure that the investigations would be coordinated or that multiple punishments would not be imposed. There was a strong sentiment for some sort of process – whether through changes to the OECD Convention or some other sort of multilateral agreement or concertation – that would identify a primary jurisdiction for any multi-jurisdictional investigation and enforceable assurances that multiple penalties would not be imposed.
United States: The New Trump Administration
Latin America: Stay-Awake Issues
Cultivating a Culture of Compliance in Asian Firms
In our Q&A, partners
Why are global standard compliance programs necessary?
These types of programs are necessary because we want to cultivate a culture of compliance in Asian firms. While compliance programs have been around for a while in Europe and the U.S., they are still a relatively new and highly contentious topic throughout Asia. Many Asian companies have traditionally expanded their business operations by maintaining close ties to government officials and agencies and by lobbying and entertaining their customers, creditors, and regulators. Many of these activities would be conducted in discrete settings through non-transparent means. Due to the increased enforcement of such behavior by U.S. and European regulators and the increasing scrutiny by some Asian regulators, the risk of criminal (and accompanying administrative and civil) exposure to Asian companies has grown.
A compliance program is created to prevent wrongdoing. It lays out a list of what you can and cannot do and is essentially a thick book of guidelines – or a “prevention tool” to reduce risk for a company. A true global standard program takes one to two years to implement as it would completely change the way the operations of the company are managed and the divisions are structured. A properly established program would have to withstand a rigorous scrutiny and test by, for instance, the U.S. Department of Justice in case the company becomes involved in a U.S. criminal investigation.
What are the critical components for successfully implementing a compliance program?
Setting up a true compliance program means going straight to the top of an organization and asking the company’s leadership to spend a large amount of money on something that hasn’t even happened (and may not ever happen). Implementing a compliance program involves heavy employee education, changing systems of operation, and changing how people conduct their business. Reluctance and a lack of acceptance from different departments are to be expected.
We at Paul Hastings have worked directly with the CEOs and chairmen of leading companies to convey the value and importance of changing the corporate culture to bring transparency to corporate operations and conduct. Though reluctant at first to upset the present system, these leaders have come to appreciate the value that such changes would bring, especially the decrease in criminal exposure for their companies and their employees.
What positive impact have these compliance programs had on our clients? Building tailor-made programs that fit a particular firm’s culture while meeting global standards has added significant value and could potentially help clients save millions of dollars by not only avoiding lawsuits and government investigations, but also becoming eligible for potential benefits, such as government-imposed fine reductions.
The cost-savings potential for companies has proven to be enormous by helping avoid the risks and detecting wrong-doings long before their implications kick in. We are optimistic that a wave of other Asian firms will follow, and accordingly that we will have had a hand in cultivating a corporate culture of compliance across the region.
Turning to China, where the government’s anti-corruption efforts continue to be in the spotlight, are there significant recent changes in laws or regulations that our client should be aware of?
Chinese President Xi Jinping has led an aggressive, zero-tolerance anti-corruption campaign. According to news reports, the campaign has successfully punished more than one million officials, seized more than US$1 billion in assets, and extradited thousands of fugitives. Against this backdrop, the following legislative changes in Chinese rules and regulations can be observed in response to or in support of the campaign:
Judicial Interpretation on the Application of Law in Anti-Corruption and Anti-Bribery Criminal Cases1
New monetary thresholds for criminal sentencing standards:
Increased for both briber and bribee to match current economy status;
Same thresholds for both briber and bribee to show the administration’s determination to punish wrongdoers on both sides.
Definition of “things of value” clarified to include certain intangible benefits.
Definition of “seeking illegal benefits for others” expanded to include request 1) when bribee is aware that there is a specific request; and 2) when the bribee has no knowledge of a specific request during performance, but receives payments afterwards by virtue of the performance.
Anti-Unfair Competition Law
The draft amendment was issued by the People’s Congress to seek comments on February 26, 2017.2
Third parties come under scrutiny.
Business operators assume vicarious liability for acts of employees.
Both accepting and offering a bribe are punishable;
Criminal and administrative penalties can come in parallel;
Value of fine is increased;
Revocation of business license is possible;
However, forfeiture of illegal gains has been removed, potentially because it is difficult to determine “illegal gains.” Commentators are calling for the reconsideration of this removal because this might lower the deterrence against misconduct.
Cyber-Security Law (CSL)
The CSL went into effect on June 1, 2017, and is to be followed by the Security Assessment Measures regarding the Exit of Border of Personal Information and Important Data (“Draft Measures,” not yet effective, issued on April 11, 2017 for public comment)3 and the Amendments on the Draft Measures (“Amendments”). Both are intended to clarify the interpretation and implementation of the CSL.
Under the CSL:
Cross-border transfer of personal information is regulated
Consent by owner of the personal information may be required for out-of-China data transmission (Article 4 of the Draft Measures)
Consent may be inferred under certain circumstances, such as making international phone calls, sending emails or instant messages to individuals or organizations overseas, and making cross-border e-commerce transactions
Other activities initiated by data subjects based on the Amendments.
1 Judicial Interpretation on the Application of Law in Anti-Corruption and Anti-Bribery Criminal Cases, issued by the Supreme People’s Court and Supreme People’s Procuraterate on April 18, 2016
2 China IPR, February 2, 2017,