Foreign Corruption

Corruption Crack-Down

Governments around the globe step up efforts to wipe out corruption.
By: | October 15, 2013 • 7 min read

Around the world, social pressure against public corruption is resulting in huge demonstrations, investigations and legislation. And that is rebounding on multinationals that face their own pressure to keep business above board while trying to expand in countries where bribery is often necessary to get permits and permission.

A survey of CFOs and board members by Ernst & Young found that 95 percent of the respondents were “very” or “fairly” concerned about the potential liability resulting from fraud and corruption in Latin America — the area that offers the most concern.

Not far below were the Middle East and Africa, at 87 percent, and Central and Eastern Europe, at 84 percent.

While laws are almost universally clear — don’t do it — the risks are increasingly complex, as anti-corruption laws and their enforcement evolve both in the United States and overseas.

In the United States, investigators appear to be scouring industries that traditionally have not attracted notice, according to attorneys and experts in the field.

Retailers have been in the spotlight, for instance, ever since news surfaced in April 2012 of a probe into Wal-Mart. The retail giant is alleged to have paid bribes in Mexico to speed growth there.

Enforcement is intensifying in other countries as well, pushed along by public protests as well as by an anti-bribery convention overseen by the Paris-based Organisation for Economic Co-operation and Development. Forty countries, including Argentina, Russia and South Africa, have signed the OECD convention since it was drafted in 1997.

Today, more than 300 investigations are underway in 24 countries, according to Patrick Moulette, head of the OECD’s anti-corruption division. “It has not doubled from last year or the year before, but it’s 10 or 20 more every year, so maybe this is a positive sign,” said Moulette, who hopes greater attention will spur countries to crack down harder.

Advertisement




Other nations, notably China, are dusting off their own anti-bribery laws, exposing U.S. companies to potentially costly legal action on new fronts.

“It’s very hard to find a country anywhere where bribery is legal,” said Brian Loughman, Americas leader for Fraud Investigation and Dispute Services with Ernst & Young. “The challenge is always, what’s the enforcement like.”

To top it off, foreign prosecutors today are more likely to share information with their U.S. counterparts. “The world is smaller for prosecutors, too,” Loughman said.

For decades, U.S. companies only had to worry about the Foreign Corrupt Practices Act of 1977, or FCPA, which bans bribery of public officials in other countries. American executives often complain they are disadvantaged by the statute, as it does not apply to businesses based outside the United States.

Enforcement eventually prompted stronger controls and tougher policies, but investigators remain aggressive, according to Michael Himmel, an attorney and chair of the litigation and white-collar criminal defense departments at the law firm of Lowenstein Sandler.

“More and more cases are being investigated, and prosecutors are tending to take harder lines,” said Himmel. Over the last five years, he said, investigators have asked companies to open up more of their operations to review. “That’s obviously going to be a greater expense,” he said.

Equal Opportunity Scrutiny

Investigators also seem to be eyeing new sectors, expanding beyond defense, energy and mining to include pharmaceuticals and retail.

It’s a costly occurrence for the probed companies. The ongoing probe into Wal-Mart so far has cost the company more than $150 million, according to company filings with the U.S. Securities and Exchange Commission.

The SEC and the Department of Justice, which enforce the FCPA, do not explicitly target industries, said Timothy P. Peterson, a partner in the Washington, D.C., office of Murphy & McGonigle. But as investigators dig into one company’s operations, they may follow a trail to others in the same sector.

“The real danger for retailers is that when there are very large investigations, the government is going to start to get familiar with how that business works,” Peterson said. “They may, as they get more familiar with the business, decide they want to find more companies that operate in a similar way.”

It’s not just government investigators. Corporate rivals are another source of FCPA-related allegations, said Brett W. Johnson, a partner in the Phoenix office of law firm Snell & Wilmer. Companies may arouse suspicion if they are moving goods or opening stores more quickly than competitors, especially in countries where corruption is considered rife.

“The default is, ‘He’s paying somebody off,’ ” Johnson said.

For retailers, corruption risks extend throughout the supply chain, and they are compounded by the pressure to stock shelves in time to meet buyers’ needs. Bathing suits don’t sell well in November, at least in the northern hemisphere.

“Keeping the supply chain flowing is critical to a retailer, especially one that has any kind of seasonality,” said Randy Stephens, vice president of the Ethical Leadership Group of NAVEX Global Inc., a compliance technology firm based in Portland, Ore.

Foreign customs officials often recognize the time pressure — and the power it can give them to demand bribes, Stephens said.

“If you give them the sense that you’re going to participate in that scheme, at any level, you only open yourself up to more trouble, because you look like somebody who’s going to play that game,” Stephens said.

In addition to training employees and establishing clear policies, retailers need to examine internal incentives, Stephens said. If executives overseas are rewarded solely for growing revenue, opening more stores or hitting other bottom-line goals, they may overstep ethical boundaries.

Compensation should be tied, in part, to actions that avoid fines, penalties or stains on a company’s global reputation, Stephens said.

“You’ve got to be willing to let people make decisions that could negatively impact your supply chain, yet comply with the law.”

Another risk arises from the use of third-party agents, a requirement for doing business in some nations. When those agents pay bribes to expedite deals, the U.S. business is on the hook for any FCPA violations.

As a result, companies seeking overseas growth must know their foreign business partners and regularly audit their operations, as well as know the country’s laws and norms.

“You’ve got to be willing to let people make decisions that could negatively impact your supply chain, yet comply with the law.” —Randy Stephens, vice president, Ethical Leadership Group of NAVEX Global Inc.

What’s legal in one country may not be legal in another. And companies can no longer focus on the FCPA alone, attorneys said.

A Tangled Web of Compliance

The United Kingdom adopted a tough anti-bribery statute in 2011. And Brazil enacted a stringent new law this year, following public protests that coalesced around government corruption. In addition to increased penalties, the law allows companies to be found guilty of bribing public officials. Previously, only individuals could be found guilty of that crime.

Advertisement




“Very few companies today can comply, or attempt to comply, with just one home jurisdiction,” said Michel Léonard, chief economist and senior vice president of Emerging Markets for Alliant. “It’s a bit like antitrust laws. These days, mergers need to be approved in the U.S. and Europe as well.”

Experts said U.S. companies should partner with local attorneys who can can train employees, navigate the nuances of a country’s laws, and react quickly to problems.

“You’re not going to have the same processes; you’re not going to have the same protections,” said Joe Martini, co-chair of the White-Collar Defense, Investigations and Corporate Compliance Practice Group at the law firm of Wiggin and Dana.

Given the potential costs of an investigation, specialized insurance coverage is the next step in corporate compliance, said Machua Millett, a senior vice president with Marsh USA Inc. The brokerage firm introduced a specialized product in 2011.

In the past, Millett said, companies sought coverage for FCPA-related expenses under D&O policies. But underwriters and carriers hesitated, due to the size of the potential exposure.

Cooperation with the government does not necessarily lessen the expense. Although Ralph Lauren Corp. voluntarily disclosed bribes made by a subsidiary in Argentina, it still faced a penalty of $882,000.

Companies should focus first on compliance, with insurance as a backstop, Millett said. “At the end of the day, you might be able to show that you acted well.”

Joel Berg is a freelance writer and adjunct writing teacher based in York, Pa. He has covered business and regulatory issues. He can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

2017 RIMS

Resilience in Face of Cyber

New cyber model platforms will help insurers better manage aggregation risk within their books of business.
By: | April 26, 2017 • 3 min read

As insurers become increasingly concerned about the aggregation of cyber risk exposures in their portfolios, new tools are being developed to help them better assess and manage those exposures.

 One of those tools, a comprehensive cyber risk modeling application for the insurance and reinsurance markets, was announced on April 24 by AIR Worldwide.

Scott Stransky, assistant vice president and principal scientist, AIR Worldwide

Last year at RIMS, AIR announced the release of the industry’s first open source deterministic cyber risk scenario, subsequently releasing a series of scenarios throughout the year, and offering the service to insurers on a consulting basis.

Its latest release, ARC– Analytics of Risk from Cyber — continues that work by offering the modeling platform for license to insurance clients for internal use rather than on a consulting basis. ARC is separate from AIR’s Touchstone platform, allowing for more flexibility in the rapidly changing cyber environment.

ARC allows insurers to get a better picture of their exposures across an entire book of business, with the help of a comprehensive industry exposure database that combines data from multiple public and commercial sources.

The recent attacks on Dyn and Amazon Web Services (AWS) provide perfect examples of how the ARC platform can be used to enhance the industry’s resilience, said Scott Stransky, assistant vice president and principal scientist for AIR Worldwide.

Stransky noted that insurers don’t necessarily have visibility into which of their insureds use Dyn, Amazon Web Services, Rackspace, or other common internet services providers.

In the Dyn and AWS events, there was little insured loss because the downtime fell largely just under policy waiting periods.

But,” said Stransky, “it got our clients thinking, well it happened for a few hours – could it happen for longer? And what does that do to us if it does? … This is really where our model can be very helpful.”

The purpose of having this model is to make the world more resilient … that’s really the goal.”Scott Stransky, assistant vice president and principal scientist, AIR Worldwide

AIR has run the Dyn incident through its model, with the parameters of a single day of downtime impacting the Fortune 1000. Then it did the same with the AWS event.

When we run Fortune 1000 for Dyn for one day, we get a half a billion dollars of loss,” said Stransky. “Taking it one step further – we’ve run the same exercise for AWS for one day, through the Fortune 1000 only, and the losses are about $3 billion.”

So once you expand it out to millions of businesses, the losses would be much higher,” he added.

The ARC platform allows insurers to assess cyber exposures including “silent cyber,” across the spectrum of business, be it D&O, E&O, general liability or property. There are 18 scenarios that can be modeled, with the capability to adjust variables broadly for a better handle on events of varying severity and scope.

Looking ahead, AIR is taking a closer look at what Stransky calls “silent silent cyber,” the complex indirect and difficult to assess or insure potential impacts of any given cyber event.

Stransky cites the 2014 hack of the National Weather Service website as an example. For several days after the hack, no satellite weather imagery was available to be fed into weather models.

Imagine there was a hurricane happening during the time there was no weather service imagery,” he said. “[So] the models wouldn’t have been as accurate; people wouldn’t have had as much advance warning; they wouldn’t have evacuated as quickly or boarded up their homes.”

It’s possible that the losses would be significantly higher in such a scenario, but there would be no way to quantify how much of it could be attributed to the cyber attack and how much was strictly the result of the hurricane itself.

It’s very, very indirect,” said Stransky, citing the recent hack of the Dallas tornado sirens as another example. Not only did the situation jam up the 911 system, potentially exacerbating any number of crisis events, but such a false alarm could lead to increased losses in the future.

The next time if there’s a real tornado, people make think, ‘Oh, its just some hack,’ ” he said. “So if there’s a real tornado, who knows what’s going to happen.”

Modeling for “silent silent cyber” remains elusive. But platforms like ARC are a step in the right direction for ensuring the continued health and strength of the insurance industry in the face of the ever-changing specter of cyber exposure.

Because we have this model, insurers are now able to manage the risks better, to be more resilient against cyber attacks, to really understand their portfolios,” said Stransky. “So when it does happen, they’ll be able to respond, they’ll be able to pay out the claims properly, they’ll be prepared.

The purpose of having this model is to make the world more resilient … that’s really the goal.”

Additional stories from RIMS 2017:

Blockchain Pros and Cons

If barriers to implementation are brought down, blockchain offers potential for financial institutions.

Embrace the Internet of Things

Risk managers can use IoT for data analytics and other risk mitigation needs, but connected devices also offer a multitude of exposures.

Feeling Unprepared to Deal With Risks

Damage to brand and reputation ranked as the top risk concern of risk managers throughout the world.

Reviewing Medical Marijuana Claims

Liberty Mutual appears to be the first carrier to create a workflow process for evaluating medical marijuana expense reimbursement requests.

Cyber Threat Will Get More Difficult

Companies should focus on response, resiliency and recovery when it comes to cyber risks.

RIMS Conference Held in Birthplace of Insurance in US

Carriers continue their vital role of helping insureds mitigate risks and promote safety.

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]