Yesterday I reviewed the facts surround Total SA’s (Total) lengthy bribery scheme to win contracts in Iran. At this point, the settlement documents consist of the Deferred Prosecution Agreement (DPA), which was filed by the US Department of Justice (DOJ), and the Securities and Exchange Commission’s (SEC) Cease and Desist Order (the Order). Today begins a two-part discussion of Total’s obligations going forward under the settlement documents. In the DPA, there are two Attachments which speak to its ongoing obligations under its settlement with the DOJ. Attachment C is entitled “Corporate Compliance Obligations” and Attachment D is entitled, “Independent Corporate Monitor”. Today I will review the 13-point best practices compliance program in the context of lessons learned for the compliance practitioner going forward and tomorrow I will discuss the Monitor as required under the DPA and the Compliance Consultant as required under the Order.
The DPA and Total’s Corporate Compliance Obligations
The information included in Total’s Corporate Compliance Program provides the Foreign Corrupt Practices Act (FCPA) compliance practitioner with the most current components that the DOJ believes should be included in a FCPA compliance program. Hence, this information is a valuable tool by which companies can assess if they need to adopt new or modify their existing internal controls, policies, and procedures in order to ensure that their FCPA compliance program maintains: (a) a system of internal accounting controls designed to ensure that Total makes and keeps fair and accurate books, records, and accounts; and (b) a rigorous anti-corruption compliance code, standards, and procedures designed to detect and deter violations of the FCP A and other applicable anti-corruption laws. Total’s obligations are:
1. Written Compliance Code. Total should develop and promulgate a clearly articulated and visible corporate policy against violations of the FCPA, including its anti-bribery, books and records, and internal controls provisions, and other applicable foreign law counterparts (collectively, the “anti-corruption laws”), which policy should be memorialized in a written compliance code.
2. Tone at the Top. The Company will ensure that its Board of Directors and senior management provides strong, explicit, and visible support and commitment to its corporate policy against violations of the anti-corruption laws and its compliance code.
3. Anti-Corruption Policies and Procedures. Total should develop and promulgate compliance standards and procedures designed to reduce the prospect of violations of the anti-corruption laws and the Company’s compliance code, and the Company should take appropriate measures to encourage and support the observance of ethics and compliance standards and procedures against foreign bribery by personnel at all levels of the company. These anti-corruption standards and procedures shall apply to all directors, officers, and employees and, where necessary and appropriate, outside parties acting on behalf of the Company in a foreign jurisdiction, including but not limited to, agents and intermediaries, consultants, representatives, distributors, teaming partners, contractors and suppliers, consortia, and joint venture partners (collectively, “agents and business partners”), to the extent that agents and business partners may be employed under the Company’s corporate policy. The Company shall notify all employees that compliance with the standards and procedures is the duty of individuals at all levels of the company. Such standards and procedures shall include policies governing:
hospitality, entertainment, and expenses;
charitable donations and sponsorships;
facilitation payments; and
solicitation and extortion
4. Use of Risk Assessment. Total should develop these compliance standards and procedures, including internal controls, ethics, and compliance programs on the basis of a risk assessment addressing the individual circumstances of the Company, in particular the foreign bribery risks facing the Company, including, but not limited to, its geographical organization, interactions with various types and levels of government officials, industrial sectors of operation, involvement in joint venture arrangements, importance of licenses and permits in the company’s operations, degree of governmental oversight and inspection, and volume and importance of goods and personnel clearing through customs and immigration.
5. Annual Review. Total should review its anti-corruption compliance standards and procedures, including internal controls, ethics, and compliance programs, no less than annually, and update them as appropriate, taking into account relevant developments in the field and evolving international and industry standards, and update and adapt them as necessary to ensure their continued effectiveness.
6. Sr. Management Oversight and Reporting. Total should assign responsibility to one or more senior corporate executives of the Company for the implementation and oversight of the Company’s anti-corruption policies, standards, and procedures. Such corporate official(s) shall have direct reporting obligations to the Company’s Legal Counsel or Legal Director as well as the Company’s independent monitoring bodies, including internal audit, the Board of Directors, or any appropriate committee of the Board of Directors, and shall have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy.
7. Internal Controls. Total should ensure that it has a system of financial and accounting procedures, including a system of internal controls, reasonably designed to ensure the maintenance of fair and accurate books, records, and accounts to ensure that they cannot be used for the purpose of foreign bribery or concealing such bribery.
8. Training. Total should implement mechanisms designed to ensure that its anti-corruption policies, standards, and procedures are communicated effectively to all directors, officers, employees, and, where necessary and appropriate, agents and business partners. These mechanisms shall include: (a) periodic training for all directors and officers, and, where necessary and appropriate, employees, agents, and business partners; and (b) annual certifications by all such directors and officers, and, where necessary and appropriate, employees, agents, and business partners, certifying compliance with the training requirements.
9. Ongoing Advice and Guidance. The Company should establish or maintain an effective system for:
Providing guidance and advice to directors, officers, employees, and, where necessary and appropriate, agents and business partners, on complying with the Company’s anti-corruption compliance policies, standards, and procedures, including when they need advice on an urgent basis or in any foreign jurisdiction in which the Company operates;
Internal and, where possible, confidential reporting by, and protection of, directors, officers, employees, and, where necessary and appropriate, agents and business partners, not willing to violate professional standards or ethics under instructions or pressure from hierarchical superiors, as well as for directors, officers, employees, and, where appropriate, agents and business partners, willing to report breaches of the law or professional standards or ethics concerning anticorruption occurring within the company, suspected criminal conduct, and/or violations of the compliance policies, standards, and procedures regarding the anticorruption laws for directors, officers, employees, and, where necessary and appropriate, agents and business partners; and
Responding to such requests and undertaking necessary and appropriate action in response to such reports.
10. Discipline. Total should have appropriate disciplinary procedures to address, among other things, violations of the anti-corruption laws and the Company’s anti-corruption compliance code, policies, and procedures by the Company’s directors, officers, and employees. Total should implement procedures to ensure that where misconduct is discovered, reasonable steps are taken to remedy the harm resulting from such misconduct, and to ensure that appropriate steps are taken to prevent further similar misconduct, including assessing the internal controls, ethics, and compliance program and making modifications necessary to ensure the program is effective.
11. Use of Agents and Other Business Partners. To the extent that the use of agents and business partners is permitted at all by the Company, it should institute appropriate due diligence and compliance requirements pertaining to the retention and oversight of all agents and business partners, including:
Properly documented risk-based due diligence pertaining to the hiring and appropriate and regular oversight of agents and business partners;
Informing agents and business partners of the Company’s commitment to abiding by laws on the prohibitions against foreign bribery, and of the Company’s ethics and compliance standards and procedures and other measures for preventing and detecting such bribery; and
Seeking a reciprocal commitment from agents and business partners.
12. Contractual Compliance Terms and Conditions. Total should include standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption laws, which may, depending upon the circumstances, include: (a) anticorruption representations and undertakings relating to compliance with the anticorruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.
13. Ongoing Assessment. Total should conduct periodic review and testing of its anticorruption compliance code, standards, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anticorruption laws and the Company’s anti-corruption code, standards and procedures, taking into account relevant developments in the field and evolving international and industry standards.
Interestingly, the Total DPA returns to the 13 point minimum best practices compliance regime that had been articulated by the DOJ prior to the FCPA Guidance. In the Non-Prosecution Agreement (NPA) sustained by Ralph Lauren in April, there was an 18 point compliance program set forth, which had all of the elements present in the Total compliance program plus one additional one which was a section relating to Ralph Lauren’s compliance obligations during mergers and acquisitions. However I think that the gist is that Total’s compliance obligations supplements the Ten Hallmarks of an Effective Compliance Program set out in the FCPA Guidance.
For the compliance practitioner, the opportunity is to use either the Total DPA (or Ralph Lauren NPA) in conjunction with the Ten Hallmarks to evaluate your own compliance program. Both the Ten Hallmarks and the Total DPA/Ralph Lauren NPA discuss the need for annual evaluations of a compliance program. You need to assess where your program is in light of legal developments, compliance developments, new product or services offerings your company may have developed and any new geographic territories that present updated compliance risks for your company.