1 / 45

Practical Lessons in Building and Sustaining a Global Ethics & Compliance Program

Practical Lessons in Building and Sustaining a Global Ethics & Compliance Program. January 13, 2012. Practical Lessons in Building and Sustaining a Global Ethics & Compliance Program. Agenda. 1. Current Regulatory Risk Environment. AGCO’s Background and Risk Profile. 2.

hope
Télécharger la présentation

Practical Lessons in Building and Sustaining a Global Ethics & Compliance Program

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program January 13, 2012

  2. Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program Agenda 1 Current Regulatory Risk Environment AGCO’s Background and Risk Profile 2 Anti-Corruption Program Design & Development 3 Auditing and Monitoring 4 Building out the Ethics & Compliance Program 5 Challenges & Lessons Learned 6

  3. Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program 1 Current Regulatory Risk Environment AGCO’s Background and Risk Profile 2 Anti-Corruption Program Design & Development 3 Auditing and Monitoring 4 Building out the Ethics & Compliance Program 5 Challenges & Lessons Learned 6

  4. Current Regulatory Risk Environment Navigating the Regulatory and Reputational Labyrinth Financial reform. Health reform. UK Bribery Act. Basel III. Wherever you sit in the world, an intricate patchwork of emerging regulations affects the way companies do business. Sixty percent of PwC’s 2011State of the Internal Audit Profession Study respondents expect an increase in attention to regulatory compliance programs in their audit plans.

  5. Current Regulatory Risk Environment Corruption Risk Trends – Key Drivers • US Regulators have been increasingly aggressive in expanding the reach of the FCPA • Continued high level of enforcement actions, particularly against individuals • Industry-focused investigations • Dodd-Frank measures to incentivize whistle blowers • Coordinated approaches to regulation and enforcement internationally • OECD Anti-Bribery Convention • UK Anti-Bribery Act • Double, or even multiple, jeopardy • Increased parallel investigations • Slow growth in mature markets drives further expansion into emerging markets • Inherent risk from culturally acceptable corruption • Populist sentiment against corruption (India movement) • China anti-bribery laws

  6. Current Regulatory Risk Environment Source: Philip Urofsky and Danforth Newcomb, Recent Trends and Patterns in the Enforcement of the FCPA, January 2011

  7. Current Regulatory Risk Environment Jan-Jun Source: Philip Urofsky, Recent Trends and Patterns in the Enforcement of the FCPA, July 2011. (www.shearman.com)

  8. Current Regulatory Risk Environment Source: Scott Peeler, A Study of Individual Liability under the Foreign Corrupt Practices Act,” Chadbourne Compliance Quarterly, October 2011

  9. Current Regulatory Risk Environment Source: Scott Peeler, “A Study of Individual Liability under the Foreign Corrupt Practices Act,” Chadbourne Compliance Quarterly, October 2011

  10. Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program 1 Current Regulatory Risk Environment AGCO’s Background and Risk Profile 2 Anti-Corruption Program Design & Development 3 Auditing and Monitoring 4 Building out the Ethics & Compliance Program 5 Challenges & Lessons Learned 6

  11. Founded in 1990 Headquartered in Duluth, GA Leading Pure Play global ag equipment company Full range of products and services Portfolio of Brands to meet different segments of the market Well-positioned in growing markets 2,600 independent dealers in 140 countries Two significant acquisition in Q4 2011 – GSI, Dafeng AGCO’s Background and Risk Profile Overview North America 22% South America 25% ROW 4% EAME 49%

  12. AGCO’s Background and Risk Profile Award Winning Products

  13. AGCO’s Background and Risk Profile Leading Brands SmartMachines.Serious Results. Efficient Technology A World of Experience – Working with You Individually Yours

  14. AGCO’s Background and Risk Profile Service for Our Customers

  15. AGCO’s Background and Risk Profile Global Presence

  16. United States – Corporate Headquarters and manufacturing centers United Kingdom – EAME shared service center China – over $200 million in planned investments France/Germany, Switzerland – European Principal Company, major manufacturing centers India, Russia, Brazil, Mexico – significant expansion, manufacturing centers, major joint ventures AGCO’s Background and Risk Profile Regulatory Challenges

  17. Oil for Food Investigation On February 2, 2006 AGCO received a government subpoena related to alleged violations of the Foreign Corrupt Practices Act from AGCO’s business practices conducted in Iraq under the Oil for Food Program. Management and the Department of Justice (DOJ) conducted an investigation and the results of the investigation revealed that AGCO’s books and records did not meet the full standards under the books and records provisions of the Foreign Corrupt Practices Act. A settlement was reached with the DOJ $20 million in penalties 3 year deferred prosecution agreement. Under this agreement, AGCO agreed to enhance its anti-corruption compliance programs. Additionally, AGCO was required to submit an annual update to the DOJ regarding the progress of the enhancements to the anti-corruption programs. Risk Profile

  18. Legacy Ethics & Compliance Program A Corporate Code of Conduct existed but: High level guidelines regarding applicable requirements and ethical business conduct Limited formal training and guidance Focus on requirements for SOX compliance Limited supporting infrastructure and processes General counsel driven with no supporting compliance organization Limited communication from the top Hotline not widely utilized Guidance related to FCPA was limited to one paragraph in the Code of Conduct AGCO Background and Risk Profile

  19. Auditors or Consultants? Are we the police or do we help? How do we keep independence and objectivity? Situation Immediate change needed No proven existing compliance organization or structure Limited internal resources and expertise available What AGCO chose Internal Audit was asked to participate as an advisor and developer Internal Audit to design the framework Internal Audit to design the procedures with Management input Partnered with internal and external counsel Challenges How do you ensure sufficient knowledge and expertise How do you transition ownership of the procedures to Management How do you ensure sufficient Management oversight AGCO’s Background and Risk Profile

  20. Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program 1 Current Regulatory Risk Environment AGCO’s Background and Risk Profile 2 Anti-Corruption Program Design & Development 3 Auditing and Monitoring 4 Building out the Ethics & Compliance Program 5 Challenges & Lessons Learned 6

  21. Anti-Corruption Program Design and Development • Risk Assessment • Nature and volume of sensitive transactions • Business model specifics (dealers, distributors, agents) • Country/location specific risks • Policy Development • Enhanced Code of Conduct & Business Ethics • International Anti-Corruption Policy • Anti-Corruption Compliance Manual • Training Design and Deployment • General awareness training and education • Local, function specific training • CBT and classroom Control Environment Corporate Level Corporate Policies Training, Acceptance and Awareness • Evaluate awareness • Walkthrough of procedures and controls • Supplemental classroom training and workshops • Design of controls • Pilot location review and gap analysis • Localized, specific policies and procedures • Local Procedural Addendums to A-C Manual • Operating effectiveness of controls • Detailed testing of controls and transactions • Compliance with policies and procedures • Identify potential FCPA risks • Use of technology and data mining • Analysis of customer and vendor master data • Expenditure review; sales reporting FCPA specific procedures and controls Locational Level Transactional processes, data and reporting Compliance Monitoring and Auditing Slide 20

  22. Anti-Corruption Program Design and Development AGCO’s Anti-Corruption Compliance Program Global Code of Conduct International Anti-Corruption Policy Anti-Corruption Compliance Program Audits and Compliance Monitoring Training and Awareness Anti-Corruption Compliance Manual Local Procedural Addendums

  23. Anti-Corruption Program Design and Development AGCO International Anti-Corruption Policy • Provides formal guidelines, procedures and controls to help employees comply with anti-corruption regulations; • Available in seven languages: English, German, French, Chinese, Portuguese, Finnish, and Russian; • Broadly distributed and accessible via AGCO’s intranet; • Designates regional contacts to clarify questions related to Anti-Corruption; and, • Requires annual certification of knowledge and familiarity with Anti-Corruption policies.

  24. Anti-Corruption Program Design and Development Anti-Corruption Compliance Manual • Designed to aid employees in ensuring FCPA compliance; • Outlines more detailed procedures to be used in conjunction with applicable local laws and regulations; • Available in seven languages: English German, French, Chinese Simplified, Portuguese, Finnish, and Russian; • Accessible via AGCO’s intranet; • Initially developed based on gaps identified in the initial “Pilot” review and internal investigations; • Periodically reviewed and updated based on internal audit compliance reviews and changes in the business.

  25. Anti-Corruption Program Design and Development Compliance Manual – Local Procedural Addendums Internal Audit visited key sites to facilitate localized Anti-Corruption/FCPA compliance. Teams worked with management to assess location or brand business practices and construct procedural addendums that outline specific controls and processes. The addendums are designed to better enable that location/brand to comply with AGCO’s Anti-Corruption Compliance Program. Key areas addressed include: • New Customer Approval and Setup • New Vendor Approval and Set Up • Relationships with Intermediaries • Bids and Tenders • Reporting of Direct Sales • Commission Payments • Employee Expenses for T&E of Government Officials • Reporting of Government Related Expenditures • Facilitating Payments • Promotional and Marketing Expenses, Gifts • Political Contributions • Employee Cash Advances • Vendor and Customer Master Changes & Maintenance

  26. Anti-Corruption Program Design and Development Training & Awareness – Code of Conduct AGCO developed computer based training on the Code of Conduct for employees globally: • Currently available in seven languages (including supplementary policy documents*); • Required and tracked for the majority of administrative and back office employees; • Includes certification and a test; and • Loaded on Learning Management System with ability to track certification and test scores. *Supplementary policy documents that were also translated include: • Code of Conduct • Insider Trading Policy • US Antitrust Guidelines • EU Competition Law Guidelines • Related Party Transaction Policy • Export Controls Policy • IT Security Program • Equal Employment Opportunity Policy

  27. Anti-Corruption Program Design and Development Training & Awareness – Anti-Corruption AGCO also developed computer based training around Anti-Corruption and compliance with AGCO’s Anti-Corruption Compliance Program: • Available in seven languages in total; • Covers key components of the FCPA and the AGCO Anti-Corruption Policy; • Includes examples and scenarios to highlight risks and emphasize key elements of the program; • Includes a certification and a test; • Includes specific sections with more detailed training for Sales & Marketing, Purchasing and Finance employees; and • Loaded on Learning Management System with ability to track certification and test scores

  28. Anti-Corruption Program Design and Development Transactional Review and Data Analysis • Historical Data Analysis: • Analyzed all customer / vendor master data to screen and identify higher risk third parties: • Entities and related individuals in high corruption index or sanctioned countries • Focus on FCPA and OFAC regulation exposures • Identification of government entities and politically exposed persons • The project covered 20 key AGCO locations and nearly 200,000 customer/vendor master records. • Prospective Control Procedures: • Utilizing a third party web-based tool in the screening/due diligence of new customers and vendors • Expanding to screening procedures for other risk exposures such as export controls

  29. Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program 1 Current Regulatory Risk Environment AGCO’s Background and Risk Profile 2 Anti-Corruption Program Design & Development 3 Auditing and Monitoring 4 Building out the Ethics & Compliance Program 5 Challenges & Lessons Learned 6

  30. Auditing and Monitoring Program Assessment Model Operating Effectiveness & Detailed Transactions Level of Procedures Locations 4 3 Control Design & Awareness Program Design Effectiveness & Awareness 2 Corporate Applicability & Risk Assessment 1 Not documented/Informal Program Maturity Formalized Program/Procedural Details Slide29

  31. Multi-Year Audit Approach After implementing the program, Management asked IA to provide annual assessments of the effectiveness of what had been implemented. This consisted of the following audit programs by program year: Year 1 – Determine degree of procedural compliance at location level Year 2 – Evaluate degree of procedural compliance at location level and degree of Management oversight at the regional level Year 3 – Expand audit to include year 2 scope, plus evaluate substance of decisions reached for FCPA related transactions Auditing and Monitoring

  32. Year One Findings Large degree of procedural non-compliance Lack of management oversight and coordination Root Cause Some procedures were too general (check for compliance, approve transactions, etc.) Lack of clarity of who is responsible for what Did not include all key business owners in development and training Auditing and Monitoring Management Response • Creation of centralized “Compliance Center” and organization for Region 1 • Better business participation in design phase • Design focusing on desktop procedures • Clear assignment of responsibility • Creation of enhanced Management oversight, training and communication processes

  33. Auditing and Monitoring EAME, EEA and ANZ FCPA – Renewed Focus

  34. Auditing and Monitoring Compliance Center Organization EAME FCPA EAME FCPA Documentation Miscellaneous payments New Customers New Vendors Bids, Tenders & Direct Sales New Agents/ Consultants

  35. Auditing and Monitoring SharePoint Compliance Center Site

  36. Year Two Findings Improved procedural compliance Effective oversight in region one Ineffective oversight program in region two – improvement, but still procedural non-compliance Root Cause – Region One Effective Management oversight Effective education, training and accountability efforts Root Cause – Region Two Failure to effectively provide Management oversight Auditing and Monitoring Management Response • Region one – recognition from the Chief E&C Officer and CFO • Region two – adoption of the “Compliance Center” and organization

  37. Year Three Findings Region one continues to perform well Region two – procedural compliance continued to decline During a process/system change in one area, FCPA controls were not carried forward into the new process Root Cause Region two failed to provide oversight personnel The Compliance Center for Region Two did not have substance No oversight capacity added Manager’s didn’t self-monitor Communication and awareness was lacking Auditing and Monitoring Management Response • Global Management now overseeing Region Two development • Punitive actions taken • Resources and substance to be provided to ensure complete adoption

  38. Internal Audit Process

  39. Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program 1 Current Regulatory Risk Environment AGCO’s Background and Risk Profile 2 Anti-Corruption Program Design & Development 3 Auditing and Monitoring 4 Building out the Ethics & Compliance Program 5 Challenges & Lessons Learned 6

  40. E&C program was assessed against a framework incorporating elements of recognized compliance frameworks and guidelines Federal Sentencing Guidelines COSO Open Compliance & Ethics Group (OCEG) Identified and prioritized gaps and enhancement opportunities Developed 2 year road map to further develop the program Strategy, Mission and Vision Governance and Organization Risk Assessment Policies and Procedures Delegation of Authority and Due Diligence Existing and Emerging Laws and Regulations Training and Communication Monitoring, Auditing and Self Evaluation Internal Communication and Reporting Issue Escalation and Resolution Discipline and Incentives Immature/ Non-Existent Industry Average Leading Practice - + Level of Maturity Building out the Ethics & Compliance Program Initial Maturity Assessment

  41. Compliance Risk Assessment & Policy Inventory Identified and evaluated other compliance requirements beyond Anti-Corruption Inventory of applicable regulatory requirements by geographic region Assessed risk of non-compliance Assessed potential economic and reputational exposure Performed high level assessment of key program elements Existence, quality and relevance of policies and procedures Level of ownership and accountability Existence and availability of training programs Set priorities for further development of compliance programs Multi-year, risk-based road map for Chief Compliance Officer Leverage the framework developed for Anti-Corruption Compliance Program Internal Audit involvement in various subject matter areas Advice on development of programs Evaluating and testing existing programs Ongoing monitoring activities Building out the Ethics & Compliance Program

  42. Building out the Ethics & Compliance Program

  43. Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program 1 Current Regulatory Risk Environment AGCO’s Background and Risk Profile 2 Anti-Corruption Program Design & Development 3 Auditing and Monitoring 4 Building out the Ethics & Compliance Program 5 Challenges & Lessons Learned 6

  44. Ensure you have the proper sponsor – stature and authority Have a clear scope and plan Account for cultural differences Do not underestimate the difficulty in moving from concept (policy) to reality (desk top procedures) Ensure you have a robust and aggressive Management oversight function built into the program to ease transition Be flexible – compliance is important, not adherence to one standard Do not make it overly complex – keep it simple to ease initial adoption, change management and introduction into new locations Determine your resource needs and the skill sets of your team – put the right person in the right role Challenges and Lessons Learned

  45. Practical Lessons in Building and Sustaininga Global Ethics & Compliance Program Presenters Jonathan Corley AGCO Corporation Global Internal Audit Director 770-232-8407 jonathan.corley@agcocorp.com Jeff Kammerer PwC Partner, Risk Assurance 678-419-2386 jeff.kammerer@us.pwc.com

More Related