Managing Anti-Corruption Efforts in the New Era of Enforcement The Sustainable Foreign Corruption Practice Act (FCPA) Compliance Program for Life Sciences Organizations June 21, 2012 Christopher P. Cieslok Director Project Management Europe, MetricStream

Managing Anti -Corruption Efforts in the New Era of

  • Upload

  • View

  • Download

Embed Size (px)

Citation preview

Page 1: Managing Anti -Corruption Efforts in the New Era of

Managing Anti-Corruption Efforts in the New Era of Enforcement

The Sustainable Foreign Corruption Practice Act (FCPA) Compliance Program for Life Sciences Organizations

June 21, 2012

Christopher P. Cieslok Director Project Management Europe, MetricStream

Page 2: Managing Anti -Corruption Efforts in the New Era of


Backgroun and Introduction

FCPA in the Context of the Life Science Industry

Best Practices for Implementing FCPA Compliance Program

Leveraging Technology for FCPA Compliance

Page 3: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Background and Introduction

*From Wikipedia; 20-June-2012 http://en.wikipedia.org/wiki/Corruption


Page 4: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Lessons Learned On Compliance and Ethics © Thomas R. Fox / tomfoxlaw.com PC

Page 5: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Legal Disclaimer

• The views stated herein are solely that of the presenter.

• Everything in this presentation is a generalization and is subject to numerous exceptions.

© Thomas R. Fox / tomfoxlaw.com PC

Page 6: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.


Who or what is regulated?

Basis for regulation

What is prohibited?

Foreign Corrupt Practices Act

people, books & records

Listing of company’s securities on U.S. stock exchange,

nationality (“domestic concern”)

bribes, inaccurate books and records

Export and reexport controls

goods, software and technology

national origin of content

certain end uses, end users or end


Money Laundering people

nationality (such as citizenship, residency, physical

presence, or employing or parent company)

transactions involving certain

persons, countries or activities

Page 7: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

FCPA Compliance Program

1. Code of Conduct

2. Tone at the Top

3. Anti-Corruption Policies and Procedures

4. Use of Risk Assessment

5. Annual Review

6. Senior Management Oversight and Reporting

7. Internal Controls

8. Training

9. Ongoing Advice and Guidance

10. Discipline

11. Use of Agents and Other Business Partners

12. Contractual Compliance Terms and Conditions

13. Ongoing Assessment

© Thomas R. Fox / tomfoxlaw.com PC

Page 8: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Third Party Relationship Check Up

• Do you have a list or database of all your third parties and their information?

• Have you done a risk assessment of your third parties and prioritized them by level of risk?

• Do you have a due diligence process for the selection of third parties, based on the risk assessment?

• Once the risk categories have been determined, create a written due diligence process.

• One the third party has been selected based on the due diligence process, do you have a contract with the third party stating all the expectations?

• Is there someone in your organization who is responsible for the management of each of your third parties?

• What are “red flags” regarding a third party?

Page 9: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Red Flags

• Named as a Designated Party, SDN or on any similar list.

• Connections to countries identified as non-cooperative with international efforts against money laundering.

• Providing false or misleading information.

• Refusal to disclose the nature and source of assets.

• Refusal to identify a beneficial owner.

• Acting as the agent for an undisclosed principal.

• Company address is not a physical site but a PO box.

• Use of a shell company.

• Lack of concern regarding risks or transaction costs.

• Structuring transactions to avoid reporting requirements.

• Offering to engage in transaction with no or little business justification.

• A request that funds be transferred to an undisclosed third party or in another jurisdiction.

• Any transaction designed to evade taxes.

Page 10: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

UK Bribery Act Adequate Procedures

1. Proportionate Procedures-a company’s anti-corruption procedures should be proportionate to the bribery risks it faces and to the nature, scale and complexity of its activities.

2. Top level commitment – this concerns establishing a culture across the organization in which bribery is unacceptable. If your business is small or medium sized this may not require much sophistication but the theme is making the message clear, unambiguous and regularly made to all staff and business partners.

3. Risk Assessment – this is about knowing and keeping up to date with the bribery risks you face in your sector and market.

4. Due diligence – this is about knowing who you do business with; knowing why, when and to whom you are releasing funds and seeking reciprocal anti-bribery agreements; and being in a position to feel confident that business relationships are transparent and ethical.

5. Communications– this concerns both internal and external communications. It should begin with a strong “Tone at the Top” but also focus on implementation of policies and procedures. There should be policies for gifts, hospitality, travel & entertainment, charitable and political contribution and sufficient internal controls. Training for both at-risk employees and similarly situated third parties. Strong Code of Conduct.

6. Monitoring and review – this relates to auditing and financial controls that are sensitive to bribery and are transparent, considering how regularly you need to review your policies and procedures.

Page 11: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Life Sciences Enforcement Actions

Page 12: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Johnson and Johnson

• $77 MM fine

• Cooperation regarding competitors

• Enhanced compliance obligations

• Credibility-can you make a comeback?


Page 13: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Smith and Nephew

• Use of distributors to pay bribes

$22MM fines and penalties

External Monitor


Page 14: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.


• UK action-pre Bribery Act implementation

Individual Prosecution of John Robert Dougall

One Year Jail time


Page 15: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.


• Bribes paid to doctors to use products

Failure of Internal Audit

$22.6 MM in fines and penalties

Three Year Compliance Monitor


Page 16: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Compliance Convergence

Page 17: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Export Control Compliance Program

1. Top and Middle Management Committee.

2. Continuous Risk Assessment.

3. A written policy back up by a procedures manual.

4. Ongoing training of employees.

5. Ongoing screening of employees, contractors, customers, products and transactions.

6. Record Keeping.

7. Period Audits.

8. An internal program for the reporting of violations and appropriate mechanism for escalation of any export violations.

9. Appropriate corrective actions to hold employees accountable under a progressive disciplinary program and voluntary self-disclosure.

Page 18: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

AML Program

1. Communications and Training – specific communications and training for the high-risk market should be designed and implemented with a country-specific approach which identifies the risks and the compliance response to the risk.

2. Enhanced Controls and Review – additional controls for each policy should be implemented with greater scrutiny of auditing of expenditures.

3. Due Diligence – the hiring of third parties should be subject to even greater scrutiny than typical in the high-risk country. A conservative compliance response to any red flags is imperative.

4. Monitoring and Auditing – the monitoring of activities in a high-risk country is a key aspect of any high-risk program. Auditing of every aspect of the operation should be conducted on a regular basis.

Page 19: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Managing Anti-Corruption Efforts in the New Era of Enforcement FCPA Compliance Program for Life Sciences Organizations Christopher P. Cieslok Product Marketing Manager, Corporate Compliance Solutions

Page 20: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

• Growth of organizations across boundaries

• The need for a common compliance framework to manage diverse regulations

• Siloed approach towards the different aspects of compliance management

• Ineffective management of related policies, training programs, risks, internal controls, issues and corrective action

• Lack of a single, centralized view of the compliance program status

Organization Drivers

Page 21: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

FCPA Compliance Program Elements Policy and Procedures

Creation, Distribution, Attestation

Chief Ethics and Compliance Officer Tone from the Top

Risk Assessment Qualitative and Quantitative

Managing Controls Built-in Control Libraries, Testing,


Audit Management

Incident Management and Corrective Action

Training Program Management

Page 22: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Best Practices in Technology Adoption

• Multiple Requirements, but a single framework

• Integrate the different components together – policies, procedures, risk, controls, audit

• Seamless integration with external systems, for eg., financial continuous control monitoring systems

• Ability to keep track of changing regulatory landscape

• Adaptable to the changing business processes

• Tone from the Top

• Scalable and alignment with the organizational growth

Page 23: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Integrating the Compliance Program Elements

Incident Management/

Corrective Action

Regulatory Compliance (FCPA, UK Anti-

Bribery, Industry specific regulations)

Audit Management

Policy & Procedure


Risk Assessment And


Dashboards & Reporting

Manage Control Hierarchy Test controls Remediation

Risk Factors Key Risk Indicators What-If Analysis Risk Scoring – Inherent and


Closed Loop Incident Management

Control Assessment Control Improvement


Training Management

Page 24: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Integrating with External Sources

• Capturing alerts and events from reliable sources for timely and relevant policy and compliance activities

• Analysis and mapping to compliance and risk categories, business units

• Triggering compliance risk assessments, policy updates



Transparency Intl.

Page 25: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Policy and Procedure Management Creation, Review, Approve,


Certification and Self Assessments

Mapping to Controls & Risks

Aligning Policies to changing regulatory landscape

Awareness and Training Tracking and Visibility

Policies related to -Commission Payment -Expense Re-imbursement -Payment -Travel and Entertainment -Employee Background

Enforcing the policy and guidelines and ensuring compliance on employees and Third Parties

Page 26: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Risk Assessment

Library of Risks

Risk Factors

Residual Risk Inherent Risks


Ranking of Risks

Risk Scoping

Location/Division Statutory Group Product Line Commodity Group

What-If Analysis

Risk Mitigation

3rd Party Testing

Internal Audit

Internal Audit

Risk Mitigation

FCPA Compliance


Bribery Criminal Misconduct Policy Gaps

Value of business with governmental entities and other high risk organizations

use of agents and other intermediaries

Page 27: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Compliance Audit Management Risk Assessments and Scoping

User Homepage

Planning & Scheduling

Audit Fieldwork Auditing Controls, High-risk


Work Paper Review & Completion

Final Audit Report

Audit Remediation Control Improvement



Page 28: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Training Management

Assigning Courses to Employees

Initiate Training

Report Course Completion

Creating Questionnaire

Administering Tests

Reports - Training Gap

Creating and Assigning Competency


Training Objective •Understanding Corporate Anti-Corruption Policies •Potential Red Flags •Reporting and Escalation Mechanism Training Scope •Employees •3rd Party Training •Training for Employees at risk

Training Status •Reports – Training Medium, Gaps, Trained-Untrained Employee Breakup

Page 29: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Case Management and Corrective Action

Email, Phone, or Web based Employee Hotline Whistle-blowing Systems, Ombudsman Continuous Control Monitoring System

Capture Case

Analyze, Validate & Assign

Investigate Remedial Action

Approve & Close

Case Investigators oInternal Auditors oCompliance Officers oLegal Team oHR

Case Manager

Leadership Team

Monitoring , Reporting & Analytics


Page 30: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Continuous Control Monitoring ,

Segregation of Duties

Seamless Integration

Compliance System

FCPA Compliance Dashboard

External Data (Regulatory


Spread Sheets

Audit Analytics Systems

Ability to Co-Exist

Page 31: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Tone from the Top

• Offer the flexibility to link management objectives with processes, policies, risks, controls, incidents and corrective action

• Role based view of Compliance program, for eg: the CECO view to be broader and larger as compared to the BU Head view

• Support Complex Organization Hierarchies

• Aggregated View and ability to drill down to details

• Continuous Compliance Program Monitoring

Page 32: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Prevent Detect Respond

Training Status

Policy Certification

Performance of the Controls Implemented

Risk Metrics Score

Profile of Issues, Incidents and Cases

Remediation Status

Key Sustainable Metrics to Track

Page 33: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

About MetricStream

Delivering Business Performance through Integrated Governance, Risk and Compliance Vision


• Corporate Compliance • Risk Management • Audit Management • Policy & Procedure Management • Environmental Health & Safety

Contact us • Website: www.metricstream.com • Email: [email protected]

Analyst Recognition

Leader in Gartner GRC Magic Quadrant

Leader in Forrester GRC Wave

Market Leadership

• Serving Large Global Corporations • Industry Specific Quality and GRC Offerings • Patented GRC Platform Technology

• Supplier & Vendor Governance • Issue and Incident Management • IT GRC • Quality Management • Energy & Sustainability Management

Page 34: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.


A copy of this presentation will be made available through Life Science Forum Basel. Please visit www.metricstream.com for more details on upcoming webinars and presentations.

Questions? Thomas R. Fox Ph: 832-744-0264 www.tfoxlaw.com [email protected] Follow me at www.twitter.com/tfoxlaw. Follow my blog at http://tfoxlaw.wordpress.com/

Contact Us:

Christopher P. Cieslok Director Project Management Europe +41 78 677 3141 www..metricstream.com [email protected]

Page 35: Managing Anti -Corruption Efforts in the New Era of

© 2012 MetricStream, Inc. All Rights Reserved.

Thank You

Contact: Email: [email protected] Web: www.metricstream.com