Multinational companies continue to face scrutiny from enforcement officials worldwide regarding their global compliance programmes. The importance of effective compliance programmes was highlighted in the DOJ and SEC’s Resource Guide to the US Foreign Corrupt Practices Act, which describes in detail the hallmarks of a successful compliance programme, including commitment from senior management, policies and procedures, oversight, risk assessments, training, appropriate disciplinary measures and third party controls. More recently, the DOJ offered additional insight through the publication of its 2017 Evaluation of Corporate Compliance Programs guidance. The DOJ reiterated the importance of certain elements and controls, such as the design, accessibility and communication of policies and procedures, providing ‘gatekeepers’ (persons with the authority to issue payments or review approvals) with clear guidance and training, incentivising compliance and ethical conduct, and conducting continuous, evolving audits and review. Operational integration, confidential reporting as well as risk management and assessment are also considered integral to well-functioning compliance processes. The DOJ further pointed out the importance of providing the compliance function with sufficient autonomy and resources.
Cases show that failure to adopt an effective, global compliance programme can lead to serious repercussions, as illustrated by recent US settlements involving Orthofix, Teva Pharmaceuticals and Olympus, where domestic companies faced scrutiny for failing to properly implement and maintain its compliance programmes globally, as they did not provide adequate training, monitoring and audits for operations outside the US. Moreover, international cooperation among regulators is increasing, as illustrated by the cases of Rolls Royce and Odebrecht. As such,
a comprehensive, global compliance programme becomes even more important for multinationals facing scrutiny across jurisdictions.
However, challenges will necessarily accompany the process of adapting a global compliance programme to local operations as multinationals seek to balance different priorities and needs. One key question is how to provide sufficient guidance at the global level while preserving the flexibility needed for compliance programmes to adapt to the different requirements and risk profiles in each jurisdiction. An extension of this question is deciding the level of guidance at a global level; requiring too much conformity may result in policies that are too restrictive or not restrictive enough at the local level. On the other hand, utilising only local policies or procedures may make it difficult for multinationals to provide effective oversight at the global level due to a lack of uniform standards and controls. Unfortunately, there is no straightforward solution to this question, as each company will need to evaluate what is likely to work best for it based on its unique circumstances, such as where itsoperations are located, historical relationships between offices, the level of complexity in applicable local laws and available resources. We discuss some of the key challenges in this process below and highlight a few proposed solutions.
Challenges faced by multinational companies
1.
Differences in the legal and regulatory environment
One obvious challenge is adopting a compliance programme that takes into account the various legal and regulatory requirements across different jurisdictions. For example, the FCPA allows for a facilitation exception, but many other anti-corruption laws, including the UKBA, do not. Additionally, Brazil’s Clean Companies Act applies strict liability regarding interactions with public officials, and South Korea’s Kim Young-ran Act has adopted a broader definition of public officials that includes actors traditionally considered to be from the private sector. This can be difficult to navigate, particularly when legal jurisdiction overlaps. Furthermore, different regulators often have different priorities and their standards for evaluating a company’s compliance programme will likely vary as well, which can
all lead to uncertainties in managing a compliance programme.
2.
Differences in cultural expectations and practices
Multinationals operate in
different jurisdictions with varying cultural practices, which affects many aspects of their compliance programmes. For example, training content may need to be tailored to offer guidance on responding to local customs on gifts and entertainment. Audit and forensic testing will need to take into account local practices and risks. Communications on compliance could get lost in translation so it may be difficult to ensure consistent tone at the top. Some cultures may also be less accepting of certain policies or procedures. For example, a culture that is more deferential to hierarchies may be less receptive to ‘speak up’ policies.
3. Resource limitations
Finally, a company may not always have sufficient compliance resources with local knowledge. On the other hand, multinationals will need to allocate their compliance resources in such a manner as to ensure sufficient coverage for all of its operations. As such, the allocation of compliance resources may not always be straightforward and will require thoughtful planning and strategising.
Finding solutions
While there is no simple answer to these challenges, the following points may be useful when considering the unique needs of each company.
1. Effective communications
Given the numerous legal, regulatory and cultural differences inherent in multinational organisations, it is important to establish efficient channels and means of communication to ensure compliance messages are communicated accurately and effectively. It is particularly important in situations where misunderstandings might arise due to cultural and linguistic differences that communications are not one-sided. For example, instead of conducting trainings via presentations, include roundtables or town halls as a part of compliance training to get a first-hand account of the issues and risks faced by employees in different jurisdictions. It may also be useful to utilise periodic surveys to gain insight on employees’ perception of compliance risk. These methods help send the message that the company is trying to help employees navigate specific issues that they are likely to encounter, instead of simply imposing dry, impersonal rules that seem to be far removed from their actual work. This may also help foster closer relationships between headquarters and local offices.
The UK Anti-Corruption Strategy 2017-2022 plan also calls for applying behavioural sciences to anti-corruption by better understanding what motivates people’s behaviour in different contexts. Fostering effective communications will help generate insight on what may incentivise or prevent employees from being compliant, resulting in a compliance programme that more effectively addresses situations that employees face on a day-to-day basis.
It is also crucial that functions playing key roles in a company’s compliance framework are organised and managed in a way that facilitates communication between headquarters and local offices to increase information sharing. For example, many compliance risks are identified by audits at the local and regional levels, but headquarters will be able to analyse the information on a macro level to identify trends and scope to provide an additional layer of analysis and monitoring.
2. Understand the landscape
It is important to be aware of the different areas where local knowledge is necessary, such as T&E, third-party due diligence, interactions with government entities, interactions with healthcare professionals, grants, donations and sponsorships, and free product and price concessions. Local standards in these areas are unlikely to be uniform across jurisdictions and will need to be integrated with the company’s control systems and local standard operating procedures. Local knowledge can also help multinationals utilise their resources more effectively, such as tailoring analytics tools to provide focus on priority risk areas for different locales.
3. Know your organisation
Different offices may have variations in resources and capabilities among compliance-related functions and it is important to understand their strengths and weaknesses to effectively designate roles and responsibilities. It is also important to understand the roles best situated to act as ‘gatekeepers’ and to ensure these individuals or functions have sufficient training, resources and support.
Finally, it is important to remember that compliance evolves. It is not a predetermined set of rules, but instead should be reactive to the different priorities, risks and conflicts that arise in each multinational’s operations. Companies have repeatedly been warned against a one-size-fits-all approach or simply ‘ticking the boxes’. This is particularly true for multinationals as they navigate the complexities of a multi-faceted legal and compliance landscape.