My last article was overflowing with so many strategies to mitigate the risks associated with corporate meetings and events that I had to split it in two. The last article focused on:
- Duty of Care Lapses
- Fiduciary Breaches
- Signature Authority Breaches
- Cancellation & Attrition Penalties
- Reporting Inaccuracies
- Regulatory Violations
As I noted last time, and it does bear repeating:
The stakes of not managing meeting risks are high, as corporations leave themselves open to significant brand damage, financial penalties and losses, law suits, loss of competitive information, duty of care failures, employee safety and security, embezzlement, and bribery. Employees are at risk, damages can be in the millions, and the harm to a company’s brand can be priceless.
There are four main areas of regulation that impact meetings, and they are the: (1) Foreign Corrupt Practices Act (2) UK Bribery Act (3) Physician Payment Sunshine Act (applies only to the pharmaceutical industry), and (4) Financial Industry Regulatory Authority / National Association of Securities Dealers Rules (applies only to the financial services industry). This article reviews general principles for addressing compliance regulations, as well as meetings-specific strategies for each of the four regulations.
Paul McNulty and Stephen Martin wrote a piece on the guiding principles of regulatory compliance management called Five Essential Elements of a Corporate Compliance Program, which they based upon the best practices of a number of compliance programs from around the world. The five essential elements are:
1. Leadership – senior leadership must demonstrate an “unambiguous, visible, and active commitment to compliance.” Companies must also demonstrate their commitment to compliance by ensuring that compliance officers have the means and ability to drive the necessary changes required to comply with the regulations. The Board of Directors also plays a critical role by making sure policies, procedures and tracking mechanisms are in place, and by overseeing the implementation and efficacy of the program.
2. Risk Assessment – risk assessments identify areas of risk so organizations can prioritize which areas to address, and in which order. Risk should be evaluated at the following levels: (1) country level, using the Corruption Perceptions Index as a starting point to identify at-risk markets (2) business sector level, if your industry is already under scrutiny, or if it is known for corruption (3) project level, if the project involves many third-parties and subcontractors (4) relationship level, if contact with foreign government representatives is required, and (5) transaction level, where third-parties might be needed to obtain licenses that require facilitation payments or other contributions.
3. Standards and Controls – while companies typically have codes of conduct, and policies and procedures, these regulations require extended controls on third-party companies representing an organization, such as criminal background and financial stability checks, and checks on their associations with government agencies and representatives.
4. Training and Communication – as part of a strong compliance program, company officers, employees, and third party companies must be trained on the laws, corporate policies and the conduct proscribed by the regulation. Enforcement officials will want to ascertain that training was efficacious, and will do so by evaluating who was trained, how they were trained, and how frequently they were trained. The key elements in a training program are (1) the prioritization of training by high risk roles and countries (2) training the high risk people and countries (use the Corruption Perceptions Index and your corporate internal audit team to prioritize the countries for training), and (3) customizing the training per region, country, industry, areas of compliance and types of employee.
5. Oversight – monitoring, auditing and responding quickly to allegations of misconduct are critical elements that enforcement officials will look for in determining if a company has made efforts to address compliance. Monitoring is a continuous process undertaken by operations or compliance staff under the oversight of management, which ensures that procedures are operating as planned. Companies should create monitoring mechanisms that utilize a consistent set of protocols, checks, and controls to identify issues and resolve them quickly. Auditing is a more formal and disciplined approach to evaluating and improving the efficacy of processes and related controls. Auditing should be undertaken by personnel that are independent of the processes being audited. Remediation is the act of responding to and fixing identified problems. Each company should have established procedures for conducting internal investigations and initiating disciplinary action.
Now that we have reviewed the five general principles of compliance, we will review the solutions for each of the four regulations described above.
Foreign Corrupt Practices Act:
The anti-bribery provisions of the FCPA are similar to UK Bribery Act, in that both are meant to address corruption associated with obtaining or retaining business.
The FCPA specifically speaks to making payments to foreign officials by US individuals, foreign companies that issue securities, and more recently, foreign companies or persons who undertake to make corrupt payments while located in the US.
The concept of foreign official is a broad one, and can even include doctors in countries with socialized medicine, where the doctors are employees of the state.
The Act forbids the corrupt “offer, payment, promise to pay, or authorization of the payment of any money, or offer, gift, promise to give, or authorization of the giving of anything of value to” any foreign official. Ultimately the US government is most concerned with the intent of bribery rather than the amount or value.
There are implications for meetings and events in a number of areas:
T&E – legitimate and reasonable travel & entertainment expenses are allowed as long as they are valid expenditures made in connection with “the promotion, demonstration, or explanation” of an organization’s products or services. Any expenses perceived as a junket will certainly catch the attention of the Department of Justice or the Securities and Exchange Commission
Cash Payments – are sometimes seen in the meetings and events world when meeting attendees are given cash allowances to cover meals or activities. Generally they are ill-advised, as they are fungible and are directed to the benefit of an individual
Gifts – gifts are allowed, but must be (1) allowed under local law (2) given in a transparent manner (3) given to reflect esteem or gratitude, and (4) tracked in the giver’s systems
Mitigation strategies specific to meetings and events include:
6. Developing clear and easily accessible guidelines and processes for gift-giving by the company’s directors, officers, employees, and agents
7. Evaluating existing Meetings policy language for explanations and limitations on the provision of cash and non-cash gifts, such as travel and entertainment expenses, and gifts to foreign officials
8. Evaluating meeting planner standard operating procedures on (a) interacting with foreign officials, specifically with respect to facilitation payments and limits on gift giving, and the tracking of cash disbursements/honoraria, as well as (b) working with third parties
9. Evaluating current educational materials for completeness with respect to the provision of cash and non-cash gifts to foreign officials
10. Developing procedures to train employees and third parties on what constitutes bribery, the organization’s attitude toward bribery, and the acceptable ways in which to interact with foreign government officials
11. Conducting an audit of the highest profile events for violations, and remediating immediately if found
UK Bribery Act:
An organization is open to prosecution when an employee or agent pays a bribe to get business, keep business, or gain a business advantage. This offense has extra-territorial application and applies to UK corporate entities, and to overseas companies that conduct business in the UK. Offenses committed anywhere in the world are covered by the Act if the organization has a UK office, operates in the UK, or employs a UK resident. Simply having a UK presence creates jurisdiction.
According to the Guidance issued by the UK Ministry of Justice, there are six principles intended to help organizations of all sizes and sectors understand what sort of procedures they can put in place to prevent bribery. These are similar to the principles developed by McNulty and Martin listed above. The Guidance states that “The application of bribery prevention procedures by commercial organisations is of significant interest to those investigating bribery… [and will] be taken into account in any decision as to whether it is appropriate to commence criminal proceedings.” (Section 12 of the Guidance). The six principles are:
12. Proportionate Procedures – create anti-bribery procedures that are proportionate to the bribery risks faced by the organization, in nature, scale and complexity
13. Top-Level Commitment – demonstrate to your staff and the key people who do business with you that you do not tolerate bribery
14. Risk Assessment – conduct a risk assessment of the bribery risks you face
15. Due Diligence – conduct a due diligence of suppliers and those engaged to represent your organization in business dealings with government officials
16. Communication – train on, and communicate policies and procedures to, staff and others who will perform services
17. Monitoring and Review – periodically monitor and review the risks faced and the effectiveness of existing procedures
Mitigation strategies specific to meetings and events include:
18. Evaluating existing Meetings policy language for explanations and limitations on the provision of cash and non-cash gifts, such as travel and entertainment expenses, and gifts to foreign officials
19. Evaluating meeting planner standard operating procedures on (a) interacting with foreign officials, specifically with respect to facilitation payments and limits on gift giving, and the tracking of cash disbursements/honoraria, as well as (b) working with third parties
20. Evaluating current educational materials for completeness with respect to the provision of cash and non-cash gifts to foreign officials
21. Developing procedures to train employees and third parties on what constitutes bribery, the organization’s attitude toward bribery, and the acceptable ways in which to interact with foreign government officials
22. Conducting an audit of the highest profile events for violations, and remediating immediately if found
Physician Payment Sunshine Act:
The Sunshine Act, as it is known colloquially, requires pharmaceutical, medical supply, medical device, and biological manufacturers to track and report to Health and Human Services “payments or other transfers of value” over $10.00 to physicians. The reporting must include information on the (1) covered recipient’s identifying information (name, business address, and, if a physician, specialty, National Provider Identifier, and state professional license number) (2) amount of payment (3) date (4) form of payment (cash, in-kind items, stock or dividends), and (5) nature of payment (e.g., consulting fees, compensation for other services, honoraria, gifts, entertainment, food and beverage, travel and lodging, education, research, charitable contributions, royalties, speaking fees, grants, or space rental fee). Data tracking begins August 1, 2013, and the first reports will be due March 31, 2014 for the calendar year 2013 reporting period.
Mitigation strategies specific to meetings and events include:
23. Evaluate existing tracking and reporting procedures to ensure they are providing (1) the covered recipient’s identifying information (name, business address, and, if a physician, specialty, National Provider Identifier, and state professional license number) (2) amount of payment (3) date (4) form of payment, and (5) nature of payment
24. Conducting an audit of the highest profile events for violations, and remediating immediately if found
Financial Industry Regulatory Authority / National Association of Securities Dealers Rules:
Unlike the Sunshine Act, not much has been written about the FINRA rules, which provide guidance for the financial sector, and lay out what a financial advisor can accept from an offeror (investment company, an adviser to an investment company, a fund administrator, or underwriter). The rules are listed below and include data tracking responsibilities as well:
Rules Governing Cash and Non-Cash Compensation in the Financial Services Sector, 2830. Investment Company Securities, section (l):
(3) Except for items described in subparagraphs (l)(5)(A) and (B), a member shall maintain records of all compensation received by the member or its associated persons from offerors. The records shall include the names of the offerors, the names of the associated persons, the amount of cash, the nature and, if known, the value of non-cash compensation received.
(5) No member or person associated with a member shall directly or indirectly accept or make payments or offers of payments of any non-cash compensation, except as provided in this provision. Notwithstanding the provisions of subparagraph (l)(1), the following non-cash compensation arrangements are permitted:
(A) Gifts that do not exceed an annual amount per person fixed periodically by the Association [currently $100.00] and are not preconditioned on achievement of a sales target.
(B) An occasional meal, a ticket to a sporting event or the theater, or comparable entertainment which is neither so frequent nor so extensive as to raise any question of propriety and is not preconditioned on achievement of a sales target.
To comply with these rules organizations should:
25. Evaluate existing tracking and reporting procedures to determine if they collect and can report on (1) names of offerors (2) associated persons (3) amount of cash (4) nature and (5) value of the non-cash compensation
26. Conduct manual audits to determine if they are consistent with the regulation
In summary, as we have seen in my recent articles on risk in meetings, all risk types associated with meetings can be mitigated – some with minimal effort, and some with concerted effort – but the consequences can be very high if the risks are ignored.
Join me in the comments area and share your thoughts on this important topic, especially if you know of any risk types or mitigation strategies I may have missed.
Also, submit the registration form in the right hand column at the top to receive future articles by email.
Thanks for joining me!
See the other posts in this series:
The information in this article should not be construed as legal advice or legal opinion on specific facts. This article is not intended as a definitive statement on the subject addressed. Rather, it is intended to serve as a tool providing practical advice and references for readers.