Upload
brittney-hutchinson
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
Welcome to Control Risks Presentation
| March 2015
Tom Bruun Andersen, Market Director NorwayNiels Lindholm, Associate Director CIIT Western Europe
Compliance
We enable our clients to succeed in complex environments
Control Risks is a global, independent risk consultancy specialising in political, integrity and security risk
Since 1975 we have worked in over 150 countries for more than 5,300 clients
Served Norwegian clients since 1985
Trusted advisor to more than 80% of the Fortune 500
36 offices on 5 continents
Ethical and independent
We monitor and advise organisations on political, operational and security issues across the globe
2) Scope of work
Security threats
Conflict Political violence Strikes, riots and civil
commotion Kidnap-for-ransom Petty crime Violent crime Domestic terrorism International terrorism Direct action
Strength & independence of judicial system
Capacity of law enforcement Labour issues/industrial
action Efficiency & probity of
bureaucracy Administrative corruption High-level corruption Weak infrastructure
International business issues Corporate responsibility Corruption Intellectual Property
protection Money-laundering
Key information Key facts Key political figures (head of
state, prime minister, ruling party, other parties)
Key players Key issues
Politics and economics Political system Government and opposition Succession Insurable political risks External risks Economic stability: General condition Government management Foreign investment Key sectors
Security threats Operational threats Political threats
13 March 2015
How to maximize the value of integrity due diligence?
Our assumptions
You do not want to hear too much about FCPA or UKBA
or you have heard enough, or you will hear enough later
You are familiar with IDD requirements
Thanks to your FCPA, UKBA experience and regulatory and ethical commitments
You wonder how to extract value out of IDD investments
It’s always difficult to prove a negative, i.e avoidance of the costs of something going wrong, but did not happen thanks to your IDD program
Our assertions
Business ventures should be subject to a holistic risk assessment
outbound M&A is intrinsically high risk and the risk profiles need to be defined
IDD programs run better when they are proportionate and integrated
Local knowledge of operating environment essential / There is no one-size fits all
It’s the use you make of the IDD that will trigger its value
Value of “Check The Box” IDD harder to demonstrate
The value is in the acquired intelligence used to wise up business decisions and build a culture of good governance
The value is delivered throughout the life cycle of the project
Hang on a minute. Before getting on to risk assessments and intelligence…
What is Risk?
“the effect of uncertainty on objectives”ISO 31000 (2009)
“The likelihood of an event, and its impact on objectives.”
How do we assess it?
“The likelihood of an event, and its impact on objectives.”
Source Item, group or activity that has the potential for impact.
ThreatFactor (motive / condition) that could lead a source to cause an event (identify intention and capability)
VulnerabilityMeasure of ability to anticipate, prevent, resist, respond and recover from an event (ie your exposure)
Risk
What is integrity risk?
Lack of Transparency
Financial crimes typically seen as “internal company issues”
No Independent Oversight
Asset or liability?Political Connections
Significant integrity risks related to business partners and counterpartiesReputational
Extended and often convoluted third party networks raises anti-bribery and corruption risks
Complex Network
Opaque business practices and low disclosure requirements
The most common integrity risks companies face when investing include:
What risks do you assess, before investing?
Data room Public domain
information (Overt) intelligence-
gathering (Internal) institutional
knowledge
Financial
Legal
Commercial
What are the objectives?
Strategic value add?
Fair (risk-adjusted) value?
Seamless integration?
Commercial potential?
Reputation and Regulatory impact?
What is the risk appetite? Compliance and ethics
tighter than regulatory requirements
Needs to be defined early on
Early warning IDD (red flags) can save you time upfront
Need to factor Risk financing in the valuation
Third party risk environment – understand the inherent risk level
Move beyond the data room and consider the ways in which intelligence-gathering can help you:
compliant < risk-based < strategic
Crucial to managing your exposure is knowing your business partners and third parties, and understanding:
What is the risk of corruption and fraud in this country?
Who is behind the subject business? The subject’s connections, other
interests, track record, profile, reputation and integrity
What are the major third party risks? According to sources across the marketplace
Target company Industry Country-level
What a risk-based due diligence can deliver
Financial
Legal
Commercial
Target Valuation
Deal Structure
Management Liability
Bargaining Power
Operational Optimization
Legal Safeguards
Integration Planning
Reputation
Gov’t Relations
Shareholder Action
Post-trans Costs
Fully-Integrated
Acquisition
How does it work? >>>Proportionality
Step 1 – consensus building = macro view + red flags exercise
Step 2: Pre-due diligence: Identify high-risk areas / refine IDD
parameters
Step 3: due diligence phase = identify vulnerabilities and
hidden risks / scope proportionate to risk
Step 4: Agreement phase = leverage intelligence to better shape the deal /
determine mitigation needs
Roll out compliance program: Integrate,
train, monitor, respond
How does it work? >>>> Integration
Fully-Integrated
Acquisition
Data room Public domain
information (Overt) intelligence-
gathering (Internal) institutional
knowledge
Financial
Legal
Commercial
Macro to micro...
1. Political, sectorial, regulatory risk begin to understand the “third party” environment
2. Integrity risk assessment, with third parties a focus (what will the data room not tell you?)
3. Discreet intelligence gathering in to relevant third parties and your target’s business model
= Risk-based approach will add strategic and tactical value
Refine risks as you progress
Develop remedial plan with all risks in mind
Execute plan
Sustainable business practices
• Widen concept of “third parties”
• Consider key political and regulatory issues, communities and stakeholders
• Build up resilience
Know your costs and remediation
• Reassess asset value
• Remove bias
• Take high quality decisions
• Integrate within ERM
Intelligence-driven DD
• Move from “overt” to “covert”
• Adds business value, don’t just identify issues
Use intelligence, move from vulnerabilities to remediation, achieve sustainability…
Ongoing risk assessment within the ERM framework
You know the score on FCPA:
Successor liability: risks survive the transaction
Key steps to reduce liability: “Investigate, Disclose, Remediate, Cooperate”
Key case studies: GE/InVision (2004); Lockheed/Titan (2004); KBR/Halliburton (2009); AllianceOne (previously Dimon and Standard) (2010,2011); Pfizer/Wyeth (2012)
However, this was never enough.
Move from “corrupt practices” to “integrity risks”; make the due diligence count strategically, tactically as well as legally, compliantly.
How are businesses responding?
Control Risks surveyed 638 senior legal and compliance professionals from around the world.
Source: International Business Attitudes to Corruption Survey 2014-15
Manage your processes and information flow
Practical guidance in high risk jurisdictions
There are risks associated with doing business in new frontier markets where corruption can be systemic and entrenched, in part due to:
Dealing with governments or state owned or controlled entities,
Having regular contact with government officials, and
Depend on third parties ie intermediaries
But is that a cause to abandon business development due to corporate ethics and anti-bribery regulation?
Be known for doing the right thing
Jay Ireland, President and CEO, GE Africa,: “If you can be seen as a company engaged in the country’s long-term
development, and explain the benefits you and your team bring to support that development, it shows real commitment. Most importantly, it shows that
you’re here to stay.”
Tullow Oil Director, Aidan Heavey “if you start off doing things properly, people respect you for it, and when
you’re there for the long haul, politicians change, people change. You don’t have to be big like GE to participate in that dynamic”
Focus on good governance
• Focus efforts on “how a business obtains good governance” rather than on “how it avoids corruption.”
• The “just say no” approach of many compliance practitioners is far less efficient than the corporations that work with local governments in order to strengthen the systems of governance at the technical, institutional, and strategic level.
• Institutional systems that work well reduce the scope for human inconsistency, including corruption and fraud. This includes explaining FCPA and IDD requirements on the third party environment.
• In other words, help tackle the problem of governance, not the output of corruption, to make real progress towards ethical conduct and clean commerce.
• Don’t be fooled – rely on intelligence to always know more than you are willing to say
Embedding a culture of compliance
Business strategy:
Treat compliance as a strategic objective and competitive advantage
A value creator, not a cost driver
Incentives:
Review the potential impact of staff incentives on their business principles
Sales targets – are they compatible with the environment? do they introduce risks?
Resources:
Ensure involvement of business leaders, senior managers
Risk-based approach – Higher risk demands higher investment in ABC resources and controls
Communication:
Training – Ensure employees understand and accept responsibility for ethical behaviour
Intelligence:
“Be aware” – Whistle-blowers, Third party checks, ABC assessments
Confidentiality is key
In conclusion….
Legal / compliance / DD = commercial / integrity / value
GCs and CCOs can leverage intelligence from IDDs to generate long term value
Risk-based approach = maximize opportunity
before, during and after outbound M&A
Embed the process in the organization, bring in all stakeholders
a real opportunity for successful inter-disciplinary work
A requirement for building a culture of compliance
Questions?