Embed Size (px)
Citation preview
Compliance in the mining industry
www.pwc.com.br
Focus on anti-bribery & corruption (ABC) and fraud
Martin Whitehead – November 2014
Agenda
1. Global scenario and impact on the mining industry in Brazil 2. Anti-bribery/corruption and fraud compliance programs 3. Procurement fraud
Global scenario and impact on the mining industry in Brazil
PwC
Chronology – anti-corruption laws
Mining 2014 4
Anti-corruption discussions beginning
Anti-corruption legislation around the world developing fast. Enforecment growing
Brazilian anti-corruption legislation
1977 US anti-corruption law - FCPA
Decree Awaiting approval
1997 OECD created the “Convention on Combating Bribery of Foreign Public Officials in International Business Transactions ”
1997 Brazil, 34 members and other countries signed the Convention. (Currently 40 countries have signed up)
2013 Brazilian Clean Company Act (12.846) Company’ - civil and administrative liability
2010 United Kingdom: UK Bribery Act Most strict anti-corruption legislation
PwC
Mining 2014 5
Brazil Clean Company Act (12.846/13)
What is it? Liability of a company (civil and administrative) for acts when dealing with national or foreign public officials In determining offence and liability the existence of an Integrity Program (Compliance Program) will be taken into account Pending regulation: What do regulators expect? Compliance Program under international standards
Sanctions (administrative and civil – examples) Fines from 0.1% to 20% of gross sales or BRL 6.000 to BRL 60 mi. Restitution of lost value/advantage obtained. Suspension or interdiction of business activities. Company dissolution. Prohibition to receive incentives, subsidies, grants, donations or loans from public entities for the period 1-5 years.
IMPORTANT Administrative penalties do not
avoid judicial sanctions.
PwC
FCPA enforcement by industry segment
6
Source: fcpamap.com
Energy (O+G, mining) $2,12 Bi
Manufactoring $225,80 Mi
Aviation and defense $457,09Mi
Consulting and diverse $882,74 Mi
Health and Pharma $231,26 Mi
Telecom $313,30 Mi
Agribusiness $50,83 Mi
Infraestructure $148,16 Mi
Total $4,84 Bi
PwC
Fraud losses in mining Sorted by median loss
7
Mining industry
Highly regulated
High-value commodities
Large spend
Environmental impact
Often involve public concessions or large “big bet” investments
Complex environment with continuously evolving rules and global reach
Source: ACFE - 2014
Mining
$900.000
Real Estate
$ 555.000
Oil and Gas
$ 450.000
Wholesale Trade
$ 375.000
Agriculture, Forestry, Fishing and Hunting
$ 242.000
Cases involving corruption
69%
PwC
Bribery & Corruption - where are the risks?
Regions reporting – PwC Global Economic Crime Survey 2014
8
14%
North America
25%
Latin America
39%
Africa
39%
Eastern Europe
12%
Western Europe 35%
Middle East
30%
Asia Pacific
In Brazil 3rd most prevalent type of economic crime affecting 28% of respondents
PwC
FCPA related cases
9
Company Country Year Fine (US$
Mi)
Siemens Alemanha 2008 800
KBR / Halliburton EUA 2009 579
BAE Inglaterra 2010 400
Total França 2013 398
Alcoa USA 2014 384
Snamprogetti /ENI Holanda / Itália 2010 365
Technip França 2010 338
JCG Japão 2011 218
Daimler Alemanha 2010 185
Weatherford International Suíça 2013 152
“Top 10” FCPA violations.
Updated until 11/2014
PwC
US$ 384 Mi
FCPA case
10
Mining company.
1 Who?
2 What?
3 Issue
4 Fine
American company pioneer in the aluminum industry over 125 years ago, and today has 60,000 people in 30 countries producing light weight metals technology products.
USD $ 110 Mi in corrupt payments to Bahraini officials regarding contracts between Alcoa and a major government-operated aluminum plant.
Lack of sufficient internal controls to prevent and detect bribe. Improper books and records – recorded as a legitimate commission or sales to a distributor. Failure to conduct due diligence on the consultants or to identify if it was a legitimate business.
Alcoa
Anti-bribery/corruption and fraud compliance programs
PwC
Fraud pyramid
12
Rationalization Opportunity
Pressure
13% 74%
13%
Most fraudsters in Brazil commit fraud because “they can”. So use robust controls and a Compliance Program to reduce the opportunity
PwC
Anti-bribery/corruption and fraud Compliance Programs
• Compliance as fundamental element of corporate governance
• What does an effective Compliance Program look like?
• Benchmarking Code of Conduct & Code of Ethics
• Undertaking a risk assessment
• Driving awareness of specific risks & policies
• Engaging in 3rd party due diligence
• Initiating an investigation
13
PwC
Respose & Remediation
Components of an effective Compliance Program
Control environment “Tone at the Top”
Risk Assessment
Monitoring Control activities
• Monitor fraud risk factors & indicators
• Audit for “red flags”
4. Monitoring activities
• Develop new / enhance existing controls.
• Validate operating effectiveness
• Evaluate controls design
3. Entity and business process level control activities
• Identify entity level scheme & scenario risks
• Assess likehood & impact • Conduct self-assessment
at function & local business unit levels.
2. Fraud event identification and risk assessment
• Board oversight • Codes of ethics /conduct • Anonymous reporting • Other entity level activities
1.Control environment “Tone at the top”
1. Tone at the top
• Investigate • Perform root cause analysis • Search for other misconduct • Enhance controls
5. Response & remediation
4. Monitoring
Develop a risk response
Continuous reassessment
PwC
Compliance is essential part of Corporate Risk Management
15
Compliance management integrates corporate risk management structure, as “compliance” is one of the risks to be mitigated. Effective implementation of risk management models improves companies’ governance structure. The picture below presents characteristics of each structure and their interrelationship:
• Establish qualitative and quantitative objetives and KPIs;
• Develop strategies to achieve objectives;
• Document corporate policies and best practicies standards;
• Review and measure progress towards objectives;
• Review financial results, auditor reports and legal issues;
• Investigate whisle-blower claims; and
• Establish remuneration for key management.
• Identify compliance requirements;
• Document and implement business processes and controls;
• Identify, monitor controls effectiveness and remediate control issues;
• Periodically review and update control environment;
• Generate body of evidence to support auditor requirements; and
• Assess impact of key events on controls.
Compliance
• Identify risks and opportunity costs;
• Identify relationships between risks;
• Determine risk appetite;
• Implement risk management methodologies;
• Measure risk impact and probability;
• Review and reassess risk profile periodically; and
• Monitor for key events and assess impact on risk profile.
Risks Governance
PwC
What to expect from the Clean Company Act federal regulation?
16
• Federal government will define criteria to evaluate Compliance Programs
• It is expected to publish a substantive list of elements to build an effective Compliance Program
• It is not clear how this regulation will accomodate companies with different realities and exposure to different risk landscapes
• Criteria to assess Compliance Programs are based on 3 pilars
according to CGU: 1. Program structure; 2. Company’s characteristics/specifics; 3. Effectiveness of Compliance Program (“in reality”)
• It is expected the regulation will follow international
standards
PwC
Compliance programs – benchmarking US FCPA guidance
In 2012 the Securities and Exchange Commission (SEC) and the US Department of Justice (DOJ) issued a guidance and recommendations to build effective compliance programs.
17
Tone at
the top Communication:
Code of Conduct,
Policies and
Procedures
Autonomy and
resources for the
Integrity
Program
Risk
Assessment
Training and
Continuing Advice
Incentives and
Disciplinary
Measures
Third parties
Due Diligence
Internal
Investigations
and Hotline
Continuous
Improvement
M&A due
diligence -
pre-acquisition
and post-
integration
10 hallmarks of effective
Compliance Programs
PwC
Benchmarking Code of Ethics and Conduct Best practices and big playes
Metodologia - Programa de ComplianceCódigo de conduta
Diagnóstico e revisão
Tópicos Melhores práticas (%) Benchmarking (%)
OrganizaçãoCódigo de ética? 75 47
Código de conduta? 100 95
Apresentação? 0 47
Introdução? 25 53
Objetivos? 25 42
Abrangência? (a quem se aplica) 38 89
Mensagem do Presidente ou equivalente? 13 53
Gestão? (Comitês e responsáveis pela gestão do código) 38 58
Papéis e responsabilidades dos colaboradores 38 68
Missão? 50 11
Valores? 63 58
Atrela valores aos princípios? 63 58
Valores relacionados com ética e integridade? 71 58
Estrutura e layout -
Data última atualização? 25 42
Previsão de revisão? 13 11
Aprovadores? 25 21
Atinge público interno? 50 100
Atinge público externo? 25 58
É divulgado no site da empresa? 50 95
Garante que todos receberam o código? 50 32
Development of methodologies to make sure the Code, values and
companies culture are adherent.
We analyse aspects as:
Code organization;
Structure and layout;
Language;
Principles ;
Content.
Creation of objective criteria to correspond to national and international regulators expectatives regarding to Code of Ethics and Conduct.
Benchmarking
PwC
Risk assessment
19
Risk
assessment
Company and department
Risk profile
Government relations
Compliance culture
Risk assessment
Code of conduct, policies and procedures
Third party and its payments
Hotline and internal investigations
Monitoring and review
Through walkthroughs, interviews, workshops and/or questionaire it is possible map main risk.
Consider: inherent risks, existent controls and residual risks.
Data analysis
PwC
Key mining industry risks
20
Relationships with public officials Federal Police, Mines and Energy Ministry, CADE and etc. 01 Political risk Strategic industry which requires frequent interaction with public officials. There is local, state and federal legilsation 02 Interaction with fiscal and environmental public officials 0 3 Getting loans and financing from public institutions 0 4
PwC
Driving awareness of risks through ongoing training – specific areas of risk in Brazil
21
• Who is a government official?
• Gifts & entertainment
• Donations & lobbying
• Corporate Social Responsibility payments
• 3rd party payments – agents, despachantes
• Public procurement
• Acquisitions
• Facilitation payments
• Maintaining accurate and complete books & records • Establishing a system of internal controls
PwC
Know your Third Party – Are they who they say they are?
• Government sanctions and watch lists, PEP list, public and private supplier ban lists, adverse media sources, civil and criminal litigation records, financial disclosures
• Company profile, business registration, corporate affiliations
• Conflicts of interest disclosures
Know your Third Party’s business – How do they conduct their business?
• Review Code of Conduct and ABC policies
• Perform site visits (e.g. shell companies, adequate physical facilities)
• Obtain financial statements (e.g. solvency record, cash flow)
• Establish business track record (e.g. list of clients and business partners)
Continuous Third Party Monitoring
• Management and oversight of existing third party relationships (e.g. re-perform third party due diligence on a regular basis especially for recurring / long term contracts)
Third Party Due Diligence – how?
22
PwC
Methods of fraud detection in Brazil
23
Corporate controls were responsible
for identifying more than half of the frauds detected.
Internal audit is reported as the main method of identification.
Corporate culture
seems to be important
17%
14%
7%
7%
7%
0%
14%
10%
10%
7%
3%
0%
0%
3%
12%
16%
2%
5%
9%
11%
11%
5%
7%
7%
2%
3%
5%
4%
0% 5% 10% 15% 20%
Internal audit (routine)
Suspicious transactionreporting
Rotation of personnel
Corporate security(both IT and physical security)
Data Analytics
Fraud risk management
Tip-off (internal)
Whistle-blowing system
Tip-off (external)
By accident
Investigative media
By law enforcement
Other detection methods(please specify)
Don't Know
Brazil Global
Co
rp
or
ate
Co
ntr
ols
C
or
po
ra
te
Cu
ltu
re
B
ey
on
d t
he
In
flu
en
ce
PwC
Conducting an investigation - aspects to be considered
• Objectives
• Scope of work
• Scope creep
• Availability of information / documents / evidence
• Context – what else is going on?
• Expected results & likely use of reports
• How to manage expectations throughout the assignment
• Confidentiality
• Have a clear written strategy before starting
PwC
Investigation Strategy
Why do you need a strategy?
- Time may be critical
- Stop the bleeding
- Maintain legitimacy and control over the investigation
- Avoid inadvertently taking steps that could damage the investigation
- Resilience: Avoid interruption or harm to regular business activities, and protect reputation
Who will run the investigation?
Board, Audit Committee, CFO, CCO, GC, HR?
Secrecy
Overt or covert? When to involve law enforcement or regulators
Required by law Beneficial Control
Internal resources:
Internal counsel Internal Audit Investigative resources Technological
External resources
Outside counsel needed? Independent outside counsel? Professional services firm Forensic Technology
Evidentiary considerations
Privilege and work product doctrine Document and information preservation: Legal requirements Company policy Privacy law and cross-border use of personal information Reporting policy and practices
PwC
• An anonymous tip came to the regulators
• Alstom SA allegedly used intermediaries to facilitate payments to government officials
• The UK, France, Switzerland and the US are all investigating the company for suspected money laundering and bribery of foreign public officials
• Brazil has also launched its own investigation of potential improper payments of $6.5M to win a $45M contract to deliver equipment and render services on energy sector to São Paulo state government
• Investigations are on-going
26
Recent investigation in Brazil
Procurement fraud
PwC
Top 5 economic crimes in Brazil
28
“... Almost a half of all reported economic
crimes involve procurement fraud –
this must be a key area of concern to CFOs”
Martin Whitehead – Partner
GECS 2014
17%
25%
28%
44%
72%
22%
22%
38%
36%
71%
20%
19%
25%
27%
74%
24%
22%
27%
29%
69%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Cybercrime
Accounting fraud
Bribery and corruption
Procurement fraud
Asset misappropriation
Global
Latin America
Emerging Markets
Brazil
PwC
Procurement ... A key risk area in Mining industry
• Mining is vulnerable
- Large operational spend – operating materials, contractors, 3rd parties
- Large capex spend – US$57bn in Brazil 2013 (source- E&MJ)
- Procurement often undertaken in circumstances of time pressure, limited knowledge of market conditions, lack of proper vetting
• Procurement fraud in Brazil generally is probably under reported - difficult to detect and no mechanism to review
• Often involves senior management & collusion
• Abuse can persist over long periods of time
• Can involve a significant increase in COGS
PwC
Procurement ... A key risk area in Mining industry
• How is it done?
- Inflated prices
- No delivery or partial delivery
- Substandard product
- Contract fattening – period, volume, price
- Or all of the above
PwC
Procurement ... A key risk area in Mining industry
How to reduce the incidence?
- Procurement fraud risk assessment - where are the “hot spots” ?
- Technology – data analytics
- Training
- Regular but un-announced “spot reviews” by independent team
- Keep updating and improving controls
- Investigate & remediate
PwC
Mining in Brazil is particularly vulnerable to the risk of economic crime –
particularly bribery/corruption and fraud - with high operational and
capex spend, use of 3rd parties and exposure to the public sector.
Regulation and enforcement around ABC and fraud are increasing both
globally and in Brazil which has recently adopted a new anti-bribery law.
Adopting a robust Compliance Program is paramount to mitigating the
attendant risks as most fraud is opportunistic.
Compliance Programs work in Brazil. But only if these are treated as a key
component of the corporate governance regime and are adequately
resourced.
Particular attention should be paid to procurement fraud – often it is the
hardest fraud to detect, involves collusion that can persist over time, and
can represent material financial loss. Mining 2014 32
Key takeaways
PwC
© 2014 PricewaterhouseCoopers Auditores Independentes. Todos os direitos reservados. Neste documento, “PwC” refere-se à PricewaterhouseCoopers Auditores
Independentes, a qual é uma firma membro do network da PricewaterhouseCoopers, sendo que cada firma membro constitui-se em uma pessoa jurídica totalmente
separada e independente. O termo “PwC” refere-se à rede (network) de firmas membro da PricewaterhouseCoopers International Limited (PwCIL) ou, conforme o contexto
determina, a cada uma das firmas membro participantes da rede da PwC. Cada firma membro da rede constitui uma pessoa jurídica separada e independente e que não
atua como agente da PwCIL nem de qualquer outra firma membro. A PwCIL não presta serviços a clientes. A PwCIL não é responsável ou se obriga pelos atos ou
omissões de qualquer de suas firmas membro, tampouco controla o julgamento profissional das referidas firmas ou pode obrigá-las de qualquer forma. Nenhuma firma
membro é responsável pelos atos ou omissões de outra firma membro, nem controla o julgamento profissional de outra firma membro ou da PwCIL, nem pode obrigá-las de
qualquer forma.
Thank you!
33
Avenida Francisco Matarazzo, 1400 São Paulo [email protected] (11) 3674-2141 (11) 97334.8872
Martin Whitehead Partner
