By Paul Hastings Professional
In 2016, we advised Japanese multinationals that their growing significance in the global economy, primarily as a key source of outward bound investment and merger & acquisition (“M&A”) activity, translated into growing anti-bribery, anti-corruption (“ABAC”) compliance and other enforcement risks. In that article, found
Today, Japanese multinationals continue to be key players in the global economy, and the corresponding ABAC compliance and other enforcement risks likewise remain significant. In particular, whereas several years ago the threat of ABAC enforcement from Japanese regulators seemed far-fetched at best, recent enhancements to the Japanese government’s investigative tools—most notably its implementation of a novel corporate plea bargaining procedure—and the OECD Working Group on Bribery’s (“WGB”) Phase 4 report on the Japanese government’s implementation of the OECD Anti-Bribery Convention, issued in June 2019, indicate greater enforcement may be on the horizon. At the same time, there remains an ever-present risk of ABAC enforcement from U.S. regulators, who as recently as May 19, 2020 signaled that FCPA enforcement will not be slowing down. Therefore, proactive compliance efforts—and in particular risk and compliance program assessments—continue to be imperative. As evidenced in the updated “Evaluation of Corporate Compliance Program” guidance (“U.S. DOJ 2020 Guidance”) issued by the U.S. Department of Justice (the “U.S. DOJ”) on June 1, 2020), regulators expect proactive, dynamic compliance program assessments and enhancements, and companies would benefit from them.
Continued Growth in Outward Bound Investment by Japanese Multinationals
Japan remains among the largest sources of global foreign direct investment (“FDI”) outflows with $227 billion FDI outflows reported in 2019, up from $143.1 billion in 2018.
Deal and M&A activity also remain significant, as outbound deals from Japan increased nearly 16% from 2017 to 2018, reaching an all-time high of 777 deals.
Compliance and Enforcement Risks Remain Significant
Emerging ABAC Enforcement Risk from Japan
With increasing outward bound investment and foreign deal activity comes increasing compliance and corruption risk. This notion has not been lost on the OECD’s WGB, which continues to encourage Japan, an OECD member, to police foreign bribery in a manner proportional to the “size of Japan’s economy and the high-risk regions and sectors in which its companies operate.”
Indeed, Japan has improved its ABAC enforcement regime with each report, including, most notably, by implementing a novel criminal plea bargaining system (the “Agreement Procedure”) in June 2018 (which was specifically acknowledged in the Phase 4 Report as a positive move). The Agreement Procedure incentivizes disclosure and cooperation by offering leniency to cooperating individuals and companies involved in foreign bribery, and false accounting and money laundering predicated on foreign bribery. Such implementation appears to be a direct response to the WGB’s Phase 2b and Phase 3 reports, which recommend offering granting immunity to cooperating witnesses. Indeed, the WGB acknowledged the Agreement Procedure as a partial implementation of this recommendation, and its potential to encourage voluntary disclosures and enhance evidence-gathering for transnational crimes.
Japanese multinationals have since taken advantage of the Agreement Procedure in at least two known cases, including a foreign bribery case. First, in July 2018, Japanese prosecutors agreed to forego prosecution of Mitsubishi-Hitachi Power Systems (MHPS), a Japanese power plant company, in exchange for disclosing potential bribery by former executives in Thailand and providing “essential” information to understanding the scheme. Similarly, in May 2019, prosecutors utilized the Agreement Procedure with Nissan executives who provided evidence that Nissan agreed to pay former Chairman Carlos Ghosn a fixed amount after his retirement in violation of the Financial Instrument and Exchange Act §§ 197(1), 197-2(6) and the Companies Act §960(1). Ghosn had been arrested in November 2018 for underreporting his compensation.
U.S. Enforcement against Japanese Multinationals: Consistent and Evolving
Japanese multinationals can also expect continued policing of foreign bribery, fraud, and abuse from U.S. regulators. Over the past 10 years, U.S. enforcement against Japanese multinationals has remained steady, with there being seven FCPA enforcement actions against Japanese multinationals and 16 enforcement actions against the U.S. subsidiaries of Japanese multinationals under the False Claims Act (“FCA”)—a key U.S. domestic anti-fraud and abuse statute. The U.S. government shows no serious signs of slowing down on enforcement under either of these statutes. To the contrary, as recently as May 19, 2020, the chiefs of the FCPA unit at the U.S. DOJ and the Securities and Exchange Commission (“U.S. SEC”) signaled continued focus on foreign corruption amidst the COVID-19 pandemic. Most notably, U.S. DOJ FCPA Unit Chief, Dennis Kahn, shared that their work is “ploughing ahead” and doubted re-allocation of resources from the unit. The U.S. SEC FCPA Unit Chief, Dennis Cain, revealed that they “are not hitting the pause button on our investigations.”
Japanese multinationals should also take note of significant recent enforcement action under both above-referenced statutes. On the FCPA front, in 2018, the subsidiary of a Japanese multinational paid $280.4 million to the U.S. DOJ and U.S. SEC to resolve allegations that it violated the FCPA. The multinational entered into a deferred prosecution agreement and agreed to significant compliance program commitments, including a two-year independent monitor. According to the U.S. DOJ’s criminal information, the subsidiary caused the multinational’s books and records to mischaracterize certain potentially improper consultant payments to a government official in the Middle East and other markets, and sales commissions to unauthorized sales agents in Asia. The U.S. DOJ specifically noted that subsidiary executives failed to properly address warnings and red flags, and that multinational personnel failed to review relevant budgets.
At the domestic level, in 2017, Shire Pharmaceuticals LLC and subsidiaries of Shire plc, a Japanese multinational, paid $350 million to the U.S. DOJ to settle FCA and AKS allegations that its salespersons provided physicians with luxurious dinners and hospitality, free medical supplies, case studies, honoraria payments, cash, credits, and rebates to induce purchases of a Shire product.
Risk Assessments: The Critical First Step in Mitigating Compliance Risks in Overseas Operations
In light of these enforcement risks from Japan and the U.S., Japanese multinationals should consider whether their compliance programs are effective at combatting corruption in their overseas operations. An essential first step to designing an effective multinational compliance program is to conduct an organized and thorough assessment of risk across the organization, starting from Japan then looking out globally to individual markets. A global compliance program, no matter how built out, cannot be fully effective in the absence of risk identification, as the U.S. DOJ recognizes, “one-size-fits-all compliance programs are generally ill-conceived and ineffective.”
U.S. and Japan Regulators: Expectations on Risk Assessments
Risk assessments are recognized in the U.S. and abroad, including Japan, as a critical component of compliance programs. For example, the U.S. DOJ and SEC, through their well-recognized joint FCPA Guidance, have recognized risk assessments as a hallmark of an effective compliance program, noting that “assessment of risk is fundamental to developing a strong compliance program”.
The risk-based approach and risk assessment concept is also recognized in Japan—namely, in guidance issued by the Japan Ministry of Economy, Trade and Industry (“METI”) and the Japan Federation of Bar Associations (“JFBA”). METI guidance in particular is critical, as it is the agency responsible for implementing Japan’s foreign bribery law, Article 18 of the Unfair Competition Prevention Act (“UCPL”), and law enforcement agencies look to METI for interpretive guidance.
METI’s guidance is largely based on METI’s Guidelines to Prevent Bribery of Foreign Public Officials (the “METI Guidance”), which METI issued “to support companies involved in international commercial transactions to voluntarily take a preventative approach to the prevention of bribery of foreign public officials.”
As for the JFBA—in recognizing that Japan’s enforcement framework has “strengthened recently” and the increasing application of FCPA and other enforcement against Japanese multinationals—it issued the 2016 Guidance on Prevention of Foreign Bribery (the “JFBA Guidance”) to provide “practical guidelines for Japanese companies (and counsel who provide legal advice to them) in relation to implementation of anti-bribery measures.” In particular, Part I (Implementation of Anti-Bribery Compliance Program), Article 2 (Risk-based approach) of the JFBA Guidance provides an overview on (1) conducting risk assessments (i.e., what types of risk to evaluate and what information-gathering methods to utilize), (2) establishing measures proportionate to the level of bribery risks, and (3) the need to conduct continual and periodic risk assessments. Notably, while the JFBA Guidance is a nonbinding supplement to the METI Guidance, the JFBA expects that Japanese multinationals “will implement anti-bribery measures in reliance on this Guidance in order for their directors to fulfil their duty to implement an internal control system and develop their business abroad in a sustainable manner without being found to have fallen afoul of regulations in foreign countries and incurring penalties.” Accordingly, Japanese multinationals should consider the JFBA Guidance as a useful risk assessment resource.
The correlation between risk assessments and an effective compliance program is also discussed at length in literature issued by prominent international organizations, including, without limitation, the OECD, the United Nations Office on Drugs and Crime, and the U.K. chapter of Transparency International. As well-accepted international standards go, the gold standard for many countries for management systems would be International Organization for Standardization’s 37001 Anti-bribery Management Systems (“ISO 37001”), issued in October 2016. ISO 37001 mandated that “[t]he organization shall undertake regular bribery risk assessments,” and that the “organization shall retain documented information that demonstrates that the bribery risk assessment has been conducted and used to design or improve the anti-bribery management system.”
Accordingly, companies need a documented assessment of risk to serve as the foundation of their compliance programs. Those multinationals that have, for whatever reason, not gotten the message on these scores, should move quickly to satisfy regulator expectations.
Practical Considerations for Conducting Risk Assessments
The risk assessment process will vary depending on, among other things, the market, size, structure, resources, and location of the multinational and its subsidiaries as well as their nature, scale, and location of activities. Provided below, however, are some high-level considerations for how Japanese multinationals can conduct effective risk assessments.
Obtain Senior Management (or Parent Company) Support. Support, both tangible and intangible, from middle to senior management and/or a parent company is critical for suitably staffing, resourcing, and respecting the risk assessment process. A risk assessment certainly involves review of documents and records, but, at its core, effectiveness resides in the very people who know the enterprise best taking the time to share their views on risk. There needs to be horizontal and vertical buy-in, and parent management needs to drive it. Additionally, such buy-in from middle and senior leadership can help bolster the record that there is an appropriate, compliance-centric tone among the company’s leadership (from middle/regional to senior/executive management).
Consider Utilizing a Qualified Third Party. The complexity of a risk assessment or an organization’s specific needs may require help from a qualified third party (e.g., a law firm or consulting company). In addition to subject matter expertise, utilizing a qualified third party can afford benefits such as benchmarking opportunities and objectivity. Benchmarking, which always brings value, could now be particularly important, as the U.S. DOJ—when evaluating a company’s program—will inquire whether a company has reviewed and adapted its compliance program not only based on lessons learned from its own misconduct, but also from the misconduct of other companies facing similar risks. Doing the correct math would quickly reveal that most multinationals simply do not have enough employees with the experience and/or bandwidth (i.e., available hours) to focus on what really needs to be done. Additionally, in the U.S., using an outside law firm may generally afford an organization a broader net of attorney-client privilege.
Conduct a Comprehensive Review. Risk assessment should look for risks presented by, among other factors, the location of its operations, industry, and activities as well as the competitiveness of the market, the regulatory landscape, transactions with foreign governments, and use of third-party vendors. Additionally, risk assessments should draw upon multiple perspectives (from leadership to those working on the front line) and sources of information/data. This cannot be the proverbial “check the box” exercise. Indeed, a global risk assessment should be among one of the more robust undertakings of any compliance or legal department as these kinds of projects go.
Document and Communicate Findings and Plans of Action. Companies should thoroughly document the risk assessment methodology, results, and any potential plans of action or recommendations, and communicate them to appropriate individuals in preparation for putting the risk assessment into action. To the extent regulators in Japan, the U.S. and elsewhere will want to know that the companies before them have conducted a comprehensive risk assessment, there needs to be an equally comprehensive record of having done so and having conducted appropriate follow up. It is arguably a worse result to have identified the risk and then have done nothing to have managed it, perhaps via a compliance program or control enhancement.
Timing of Risk Assessments. To have a current and accurate understanding of their risks, multinationals should conduct risk assessments periodically (e.g., annually). Certain events (e.g., entry into new markets (especially emerging markets), significant reorganizations, and M&A activity), however, may trigger the need for ad-hoc risk assessments. Accordingly, multinationals should embed the risk assessment process into their businesses to ensure that opportunities for planned and ad-hoc assessments are timely identified and properly executed.