In 2016, we advised Japanese multinationals that their growing significance in the global economy, primarily as a key source of outward bound investment and merger & acquisition (“M&A”) activity, translated into growing anti-bribery, anti-corruption (“ABAC”) compliance and other enforcement risks. In that article, found here, we detailed booming economic activity alongside significant then-recent enforcement activity against Japanese multinationals by the U.S. government, primarily under the Foreign Corrupt Practices Act (“FCPA”) but also the U.S. Anti-Kickback Statute (“AKS”), for activities in major targets of Japanese outward bound investment—the U.S., China, and emerging Asia markets such as Vietnam. In particular, the May 2016 $646 million mega-resolution with Olympus Corp. for FCPA and AKS violations (to this day still the largest medical device company and AKS resolution of all time) constituted a foreboding example of economic expansion without sufficient compliance controls. Consequently, we advised Japanese multinationals to take a proactive approach to ABAC compliance.
Today, Japanese multinationals continue to be key players in the global economy, and the corresponding ABAC compliance and other enforcement risks likewise remain significant. In particular, whereas several years ago the threat of ABAC enforcement from Japanese regulators seemed far-fetched at best, recent enhancements to the Japanese government’s investigative tools—most notably its implementation of a novel corporate plea bargaining procedure—and the OECD Working Group on Bribery’s (“WGB”) Phase 4 report on the Japanese government’s implementation of the OECD Anti-Bribery Convention, issued in June 2019, indicate greater enforcement may be on the horizon. At the same time, there remains an ever-present risk of ABAC enforcement from U.S. regulators, who as recently as May 19, 2020 signaled that FCPA enforcement will not be slowing down. Therefore, proactive compliance efforts—and in particular risk and compliance program assessments—continue to be imperative. As evidenced in the updated “Evaluation of Corporate Compliance Program” guidance (“U.S. DOJ 2020 Guidance”) issued by the U.S. Department of Justice (the “U.S. DOJ”) on June 1, 2020), regulators expect proactive, dynamic compliance program assessments and enhancements, and companies would benefit from them.
Continued Growth in Outward Bound Investment by Japanese Multinationals
Japan remains among the largest sources of global foreign direct investment (“FDI”) outflows with $227 billion FDI outflows reported in 2019, up from $143.1 billion in 2018. Significant recipients of Japan’s FDI outflows include jurisdictions with aggressive ABAC enforcement, namely, the United States ($48.26 billion (the largest recipient)) and the United Kingdom ($5.8 billion). They also include high-risk jurisdictions neighboring Japan, such as China ($14.37 billion) and South Korea ($2.47 billion). Of Japan’s 2019 FDI outflows, approximately $42.55 billion came from Japan’s chemical and pharmaceutical industry, up from $14.8 billion in 2018.
Deal and M&A activity also remain significant, as outbound deals from Japan increased nearly 16% from 2017 to 2018, reaching an all-time high of 777 deals. One of those outbound deals included a Japanese multi-national’s notable takeover of Shire plc for $81 billion. Indeed, in Q1 2019 alone, M&A activity amounted to $22.8 billion, a significant increase from $12.5 billion in Q1 2018.
Compliance and Enforcement Risks Remain Significant
Emerging ABAC Enforcement Risk from Japan
With increasing outward bound investment and foreign deal activity comes increasing compliance and corruption risk. This notion has not been lost on the OECD’s WGB, which continues to encourage Japan, an OECD member, to police foreign bribery in a manner proportional to the “size of Japan’s economy and the high-risk regions and sectors in which its companies operate.” Since 2005, the OECD’s WGB has evaluated Japan’s implementation of the OECD Anti-Bribery Convention in several reports, including, most recently, in July 2019 (the “Phase 4 Report”), and in each report, the WGB has asked Japan to do more to prosecute foreign bribery offenses. Notably, the Phase 4 Report deemed Japan’s track record of investigating 36 of 40 known allegations, resulting in only five foreign bribery cases, “particularly low” in view of Japan’s international operations. To improve this trend, the WGB recommended that Japan “urgently take steps to more pro-actively investigate foreign bribery cases and improve the gathering of evidence,” and recommended a host of investigative tools aimed at improving investigation and prosecution of foreign bribery. One can expect Japan to make improvements in response to these recommendations.
Indeed, Japan has improved its ABAC enforcement regime with each report, including, most notably, by implementing a novel criminal plea bargaining system (the “Agreement Procedure”) in June 2018 (which was specifically acknowledged in the Phase 4 Report as a positive move). The Agreement Procedure incentivizes disclosure and cooperation by offering leniency to cooperating individuals and companies involved in foreign bribery, and false accounting and money laundering predicated on foreign bribery. Such implementation appears to be a direct response to the WGB’s Phase 2b and Phase 3 reports, which recommend offering granting immunity to cooperating witnesses. Indeed, the WGB acknowledged the Agreement Procedure as a partial implementation of this recommendation, and its potential to encourage voluntary disclosures and enhance evidence-gathering for transnational crimes.
Japanese multinationals have since taken advantage of the Agreement Procedure in at least two known cases, including a foreign bribery case. First, in July 2018, Japanese prosecutors agreed to forego prosecution of Mitsubishi-Hitachi Power Systems (MHPS), a Japanese power plant company, in exchange for disclosing potential bribery by former executives in Thailand and providing “essential” information to understanding the scheme. Similarly, in May 2019, prosecutors utilized the Agreement Procedure with Nissan executives who provided evidence that Nissan agreed to pay former Chairman Carlos Ghosn a fixed amount after his retirement in violation of the Financial Instrument and Exchange Act §§ 197(1), 197-2(6) and the Companies Act §960(1). Ghosn had been arrested in November 2018 for underreporting his compensation.
U.S. Enforcement against Japanese Multinationals: Consistent and Evolving
Japanese multinationals can also expect continued policing of foreign bribery, fraud, and abuse from U.S. regulators. Over the past 10 years, U.S. enforcement against Japanese multinationals has remained steady, with there being seven FCPA enforcement actions against Japanese multinationals and 16 enforcement actions against the U.S. subsidiaries of Japanese multinationals under the False Claims Act (“FCA”)—a key U.S. domestic anti-fraud and abuse statute. The U.S. government shows no serious signs of slowing down on enforcement under either of these statutes. To the contrary, as recently as May 19, 2020, the chiefs of the FCPA unit at the U.S. DOJ and the Securities and Exchange Commission (“U.S. SEC”) signaled continued focus on foreign corruption amidst the COVID-19 pandemic. Most notably, U.S. DOJ FCPA Unit Chief, Dennis Kahn, shared that their work is “ploughing ahead” and doubted re-allocation of resources from the unit. The U.S. SEC FCPA Unit Chief, Dennis Cain, revealed that they “are not hitting the pause button on our investigations.”
Japanese multinationals should also take note of significant recent enforcement action under both above-referenced statutes. On the FCPA front, in 2018, the subsidiary of a Japanese multinational paid $280.4 million to the U.S. DOJ and U.S. SEC to resolve allegations that it violated the FCPA. The multinational entered into a deferred prosecution agreement and agreed to significant compliance program commitments, including a two-year independent monitor. According to the U.S. DOJ’s criminal information, the subsidiary caused the multinational’s books and records to mischaracterize certain potentially improper consultant payments to a government official in the Middle East and other markets, and sales commissions to unauthorized sales agents in Asia. The U.S. DOJ specifically noted that subsidiary executives failed to properly address warnings and red flags, and that multinational personnel failed to review relevant budgets.
At the domestic level, in 2017, Shire Pharmaceuticals LLC and subsidiaries of Shire plc, a Japanese multinational, paid $350 million to the U.S. DOJ to settle FCA and AKS allegations that its salespersons provided physicians with luxurious dinners and hospitality, free medical supplies, case studies, honoraria payments, cash, credits, and rebates to induce purchases of a Shire product. More recently, in 2019 Inform Diagnostics, a subsidiary of a Japanese company, paid $63.5 million to resolve allegations that it violated the AKS and other laws by providing subsidies and free or discounted technology consulting services to physicians who referred business to the company.
Risk Assessments: The Critical First Step in Mitigating Compliance Risks in Overseas Operations
In light of these enforcement risks from Japan and the U.S., Japanese multinationals should consider whether their compliance programs are effective at combatting corruption in their overseas operations. An essential first step to designing an effective multinational compliance program is to conduct an organized and thorough assessment of risk across the organization, starting from Japan then looking out globally to individual markets. A global compliance program, no matter how built out, cannot be fully effective in the absence of risk identification, as the U.S. DOJ recognizes, “one-size-fits-all compliance programs are generally ill-conceived and ineffective.”
U.S. and Japan Regulators: Expectations on Risk Assessments
Risk assessments are recognized in the U.S. and abroad, including Japan, as a critical component of compliance programs. For example, the U.S. DOJ and SEC, through their well-recognized joint FCPA Guidance, have recognized risk assessments as a hallmark of an effective compliance program, noting that “assessment of risk is fundamental to developing a strong compliance program”. The U.S. DOJ 2020 Guidance, which is the U.S. DOJ’s most recent and comprehensive compliance guidance document, explicitly advises federal prosecutors engaged in enforcement actions to evaluate “[t]he effectiveness of the company’s risk assessment” and, in that evaluation, “endeavor to understand why the company has chosen to set up the compliance program the way that it has, and why and how the company’s compliance program has evolved over time.” The guidance further emphasizes the importance of dynamic risk assessments that are based on continuous access to data, rather than a “snapshot” in time, and incorporate lessons learned from company investigations and industry trends.
The risk-based approach and risk assessment concept is also recognized in Japan—namely, in guidance issued by the Japan Ministry of Economy, Trade and Industry (“METI”) and the Japan Federation of Bar Associations (“JFBA”). METI guidance in particular is critical, as it is the agency responsible for implementing Japan’s foreign bribery law, Article 18 of the Unfair Competition Prevention Act (“UCPL”), and law enforcement agencies look to METI for interpretive guidance.
METI’s guidance is largely based on METI’s Guidelines to Prevent Bribery of Foreign Public Officials (the “METI Guidance”), which METI issued “to support companies involved in international commercial transactions to voluntarily take a preventative approach to the prevention of bribery of foreign public officials.”Regarding risk assessments, it notes that it is “particularly important” for companies to consider, among other things, a “risk-based approach” when “establishing and operating Preventive Systems [(e.g., compliance systems)].” The METI Guidance also states, among other things, that “[t]he degree of Bribery Risk should be generally assessed with overall consideration of key points such as the Bribery Risk of the relevant country, the Bribery Risk of the relevant business area [(e.g., projects that tend to foster close relationships with foreign public officials)] and the types of activities that have the potential to be used for offering bribery.” Particularly relevant for Japanese multinationals is the METI Guidance’s point on “the need to take action at a subsidiary level” and the “need to ensure that subsidiaries within the corporate group establish and operate Preventive Systems as appropriate to the degree of risk.” Accordingly, Japanese multinationals should ensure that their subsidiaries proactively conduct risk assessments when evaluating and establishing their compliance programs.
As for the JFBA—in recognizing that Japan’s enforcement framework has “strengthened recently” and the increasing application of FCPA and other enforcement against Japanese multinationals—it issued the 2016 Guidance on Prevention of Foreign Bribery (the “JFBA Guidance”) to provide “practical guidelines for Japanese companies (and counsel who provide legal advice to them) in relation to implementation of anti-bribery measures.” In particular, Part I (Implementation of Anti-Bribery Compliance Program), Article 2 (Risk-based approach) of the JFBA Guidance provides an overview on (1) conducting risk assessments (i.e., what types of risk to evaluate and what information-gathering methods to utilize), (2) establishing measures proportionate to the level of bribery risks, and (3) the need to conduct continual and periodic risk assessments. Notably, while the JFBA Guidance is a nonbinding supplement to the METI Guidance, the JFBA expects that Japanese multinationals “will implement anti-bribery measures in reliance on this Guidance in order for their directors to fulfil their duty to implement an internal control system and develop their business abroad in a sustainable manner without being found to have fallen afoul of regulations in foreign countries and incurring penalties.” Accordingly, Japanese multinationals should consider the JFBA Guidance as a useful risk assessment resource.
The correlation between risk assessments and an effective compliance program is also discussed at length in literature issued by prominent international organizations, including, without limitation, the OECD, the United Nations Office on Drugs and Crime, and the U.K. chapter of Transparency International. As well-accepted international standards go, the gold standard for many countries for management systems would be International Organization for Standardization’s 37001 Anti-bribery Management Systems (“ISO 37001”), issued in October 2016. ISO 37001 mandated that “[t]he organization shall undertake regular bribery risk assessments,” and that the “organization shall retain documented information that demonstrates that the bribery risk assessment has been conducted and used to design or improve the anti-bribery management system.”
Accordingly, companies need a documented assessment of risk to serve as the foundation of their compliance programs. Those multinationals that have, for whatever reason, not gotten the message on these scores, should move quickly to satisfy regulator expectations.
Practical Considerations for Conducting Risk Assessments
The risk assessment process will vary depending on, among other things, the market, size, structure, resources, and location of the multinational and its subsidiaries as well as their nature, scale, and location of activities. Provided below, however, are some high-level considerations for how Japanese multinationals can conduct effective risk assessments.
- Obtain Senior Management (or Parent Company) Support. Support, both tangible and intangible, from middle to senior management and/or a parent company is critical for suitably staffing, resourcing, and respecting the risk assessment process. A risk assessment certainly involves review of documents and records, but, at its core, effectiveness resides in the very people who know the enterprise best taking the time to share their views on risk. There needs to be horizontal and vertical buy-in, and parent management needs to drive it. Additionally, such buy-in from middle and senior leadership can help bolster the record that there is an appropriate, compliance-centric tone among the company’s leadership (from middle/regional to senior/executive management).
- Consider Utilizing a Qualified Third Party. The complexity of a risk assessment or an organization’s specific needs may require help from a qualified third party (e.g., a law firm or consulting company). In addition to subject matter expertise, utilizing a qualified third party can afford benefits such as benchmarking opportunities and objectivity. Benchmarking, which always brings value, could now be particularly important, as the U.S. DOJ—when evaluating a company’s program—will inquire whether a company has reviewed and adapted its compliance program not only based on lessons learned from its own misconduct, but also from the misconduct of other companies facing similar risks. Doing the correct math would quickly reveal that most multinationals simply do not have enough employees with the experience and/or bandwidth (i.e., available hours) to focus on what really needs to be done. Additionally, in the U.S., using an outside law firm may generally afford an organization a broader net of attorney-client privilege.
- Conduct a Comprehensive Review. Risk assessment should look for risks presented by, among other factors, the location of its operations, industry, and activities as well as the competitiveness of the market, the regulatory landscape, transactions with foreign governments, and use of third-party vendors. Additionally, risk assessments should draw upon multiple perspectives (from leadership to those working on the front line) and sources of information/data. This cannot be the proverbial “check the box” exercise. Indeed, a global risk assessment should be among one of the more robust undertakings of any compliance or legal department as these kinds of projects go.
- Document and Communicate Findings and Plans of Action. Companies should thoroughly document the risk assessment methodology, results, and any potential plans of action or recommendations, and communicate them to appropriate individuals in preparation for putting the risk assessment into action. To the extent regulators in Japan, the U.S. and elsewhere will want to know that the companies before them have conducted a comprehensive risk assessment, there needs to be an equally comprehensive record of having done so and having conducted appropriate follow up. It is arguably a worse result to have identified the risk and then have done nothing to have managed it, perhaps via a compliance program or control enhancement.
- Timing of Risk Assessments. To have a current and accurate understanding of their risks, multinationals should conduct risk assessments periodically (e.g., annually). Certain events (e.g., entry into new markets (especially emerging markets), significant reorganizations, and M&A activity), however, may trigger the need for ad-hoc risk assessments. Accordingly, multinationals should embed the risk assessment process into their businesses to ensure that opportunities for planned and ad-hoc assessments are timely identified and properly executed.
7 The OECD has explained that “[t]here is an expectation that Adherents will do their utmost to fully implement a Recommendation,” and recommendations are “not legally binding but practice accords them great moral force as representing the political will of Adherents.” OECD Legal Instruments, ORG. FOR ECON. CO-OPERATION & DEV. https://www.oecd.org/legal/legal-instruments.htm (last visited Apr. 23, 2020).
8 Press Release, U.S. Dep’t of Justice, Shire PLC Subsidiaries to Pay $350 Million to Settle False Claims Act Allegations (Jan. 11, 2017).
9 Press Release, U.S. Dep’t of Justice, Pathology Laboratory Agrees to Pay $63.5 Million for Providing Illegal Inducements to Referring Physicians (Jan. 30, 2019).