Anti-Corruption Compliance Benchmarking: Program Implementation Best Practices

June 21 ,2017 Incorporating your compliance program into your organization’s overall business strategy

1. Key compliance program elements under the microscope and how to strengthen your program

2. Requirements and expectations for:

o The compliance functiono Empowermento Independenceo A seat at the tableo Line-of-sight

o Resourceso Involvement of senior

managemento Compliance subject-matter

expertise

Draft for discussion purposes only

Anti-Corruption Compliance BenchmarkingJune 21, 2017

2

Andrés CedronStryker - Senior Legal Counsel and Senior Director of Compliance

Aleksandra CuprysUnivision Communications Inc. - Vice President & Assistant General Counsel, Compliance

Steve ListAPR Energy - General Counsel, Secretary & Chief Compliance Officer

Julia MoldWells Fargo Bank - VP Regional Senior Compliance Officer, Global Financial Institutions Compliance & Risk

Sandee Parrado

PwC – Forensic Services Partner

Draft for discussion purposes only

Compliance Program Maturity CurveWhere is your Compliance Program on the maturity curve?

3

Draft for discussion purposes only

What are the challenges faced in implementing the compliance program in your day-to-day operations?

View at the top vs operations on the ground• How to ensure your people who may be miles away from your head office

are doing the right thing?• Do you understand the specific realities on the ground?

Executive commitment and communication• When senior management support compliance programs, do they “walk the

talk”?• Are your employees aware of the compliance program?

Lack of ownership• Who has ownership?• Is there clarity in roles and responsibilities?• Is there a formal reporting line to compliance?

Lack of feedback loop• Are there opportunities for employees to provide feedback to compliance?• Are there monitoring procedures in place?

4

Draft for discussion purposes only

How do you assess your compliance programs’ effectiveness and measure its success?

5

Does it identify and

resolve issues in a timely

matter?

Is the program embedded into business processes?

Are employees and business partners being trained?

Does it identify program shortcomings and risks?

Does it identify and resolve issues in a timely manner?

Draft for discussion purposes only

Key Compliance Program ElementsDOJ’s Evaluation of Corporate Compliance Programs

11 topical areas assesses by the DOJ:

1. Analysis and remediation of underlying misconduct

2. Senior and middle management

3. Autonomy and resources

4. Policies and procedures

5. Risk Assessment

6. Training and communication

7. Confidential reporting and investigation

8. Incentives and disciplinary measures

9. Continuous improvement, periodic testing and review

10. Third party management

11. Mergers and acquisitions

6

Draft for discussion purposes only

Key Compliance Program ElementsFCPA violations involving third party intermediaries

7

79% of company FCPA settlements involve third partiesFrom 2012 to present, 56 out of 71 companies charged with FCPA-related violations involved a third party intermediary

A company’s subsidiaries made payments to foreign

government officials to win millions of dollars of business

in Russia, Brazil, China and Poland. Payments funnelled

through marketing agreements with offshore entities,

third parties chosen by government customers, or

distributors

A company’s subsidiaries, employees, and agents in

Bulgaria, China, Croatia, Czech Republic, Italy,

Kazakhstan, Russia, and Serbia made improper payments

to foreign officials to obtain regulatory approvals and

increase sales for the company’s products

A medical equipment manufacturing company’s

subsidiaries used a distributor to create a slush fund to

make illicit payments to public doctors or agencies

Draft for discussion purposes only

Key Compliance Program ElementsA different twist to thinking of third parties

8

Correspondent Banking: Evaluating risks potentially posed by third parties when those third parties are not your customers

What are third parties and what are the risks?

• In a correspondent relationship, third parties are the non financial institution customers of your correspondent bank client.

• Third parties also represent risks because due diligence conducted typically focuses on the correspondent bank client and not on the customers of the correspondent customer – the third parties using the correspondent account.

KYCC - Enhanced due diligence should focus on identifying key customers of the correspondent using the correspondent account to understand:

• Third parties’ geographic locations, business formation and reason for using correspondent account

• Services and products used by third parties • Correspondent’s due diligence on its own customers, particularly high risk third

parties• Correspondent’s controls over transactions with high risk countries and customer

types.

Draft for discussion purposes only

Key Compliance Program ElementsMergers and acquisitions

M&A Considerations

Pre-acquisition

• FCPA Guide - A company that does not perform adequate FCPA due diligence prior to a merger or acquisition may face both legal and business risks.

• From 2012 to present, companies have been fined over $130 million by the SEC for internal control violations related to lack of or inadequate M&A due diligence.

Post-acquisition

• DOJ Procedure Opinion Release (No. 08-02, 14-02) – Perform risk-based FCPA and anti-corruption due diligence work plan that organize the due diligence effort into high risk, medium risk, and lowest risk elements. An illustrative example of the post acquisition due diligence timeline described in Release 08-02:

9

Draft for discussion purposes only

Tailoring compliance program to address compliance risks

10

“…there is no “one size fits all” compliance program. Rather, effective compliance programs are those that are tailored to the unique needs, risks and structure of each business or industry.”

- Assistant Attorney General Leslie R. Caldwell

“Effective compliance programs are tailored to the company’s specific business and to the risks associated with that business. They are dynamic and evolve as the business and the markets change.”

- DOJ and SEC FCPA Guide

“We recognize that each company's risk profile and solutions to reduce its risks warrant particularized evaluation. Accordingly, we make an individualized determination in each case.”

- DOJ Evaluation of Corporate Compliance Programs

Draft for discussion purposes only

USD 5.2 Billion in DOJ and SEC Settlements

11

-

5

10

15

20

25

30

2012 2013 2014 2015 2016 2017

Nu

mb

er

of

Co

mp

an

y S

ett

lem

en

ts

Amounts in USD

721 M1,566 M

261 M

Avg.

80 M

Avg.

22 M Avg.

157 M

Avg.

14 M

71 Companies Settled from Jan. 2012 – Apr. 2017 (Avg. Value: USD 73M)

139 M

Avg.

97 M

2,435 MAvg.

93 M

87 MAvg.

17 M

YTD 2017

Draft for discussion purposes only

Thank you!

12

Andrés CedronStryker - Senior Legal Counsel and Senior Director of Compliance

Aleksandra CuprysUnivision Communications Inc. - Vice President & Assistant General Counsel, Complianceacuprys@univision.net

Steve ListAPR Energy - General Counsel, Secretary & Chief Compliance Officer stevenlist@ymail.com

Julia MoldWells Fargo Bank - VP Regional Senior Compliance Officer, Global Financial Institutions Compliance & Risk

Sandra Parrado

PwC – Forensic Services Partnersandra.maria.t.parrado@pwc.com