Brazil’s Clean Companies Act took effect on January 29. It subjects domestic and multinational companies operating in Brazil to severe civil and administrative sanctions for bribing domestic or foreign government officials. Violations can result in fines of up to 20 percent of company revenue.
I posed two questions about the challenges of complying with the law to Dennis Haist, Chief Counsel and Compliance Advisor for STEELE Compliance and Investigation Services (CIS), a global business advisory and compliance intelligence firm.
JD: Several companies, like Siemens, have voiced apprehension at the time of its rollout by noting the decentralized approach Brazil is taking regarding the investigative and enforcement actions permitted by the law. The law puts such powers into the hands of local and state governments, upon which many companies depend in Brazil for financing, which critics contend opens up avenues of abuse.
Do you agree with the apprehension expressed here?
DH: I would tend to agree this decentralized approach is problematic.
As we have seen from the DOJ’s/SEC’s FCPA Resource Guide, it has taken years for the U.S. enforcement authorities to provide basic guidance for businesses on FCPA compliance, and uncertainties still exists about terms such as the “instrumentality” of a foreign government.
If interpretation and enforcement are left to local authorities, there will likely be significant variations in interpretation and enforcement discretion. Such variations and ambiguities are fertile ground for corruption, particularly in a high-risk country.
Add to that the intense deadline pressures for multinationals involved with the World Cup and 2016 Olympics, and you have a recipe for potential corruption. A specialized and centralized group of prosecution and enforcement authorities assembled to address complex compliance-related laws would result in fairer and more uniform enforcement.
JD: Brazil’s law imposes strict liability for violations of its provisions, prohibits facilitation payments, and exposes companies doing business in Brazil to harsh penalties and fines. In light of Brazil’s law, what do multinationals need to do to ensure the entities in their supply chains are taking into account its requirements?
DH: The first step is to identify the types and categories of third parties that will be used and the relative risks they pose, factoring them into a risk model. Examples of third parties are vendors or suppliers, distributors, franchisees, agents, consultants and even lawyers and consultants who have contact with foreign officials.
Next, this risk model should be used to assign an appropriate risk rating to each individual third party.
Finally, that risk rating should be used to determine the level of due diligence needed. If enhanced due diligence is required, this would involve field research that includes site visits to the business address of record or other operating location, authentication and validation of public records, identification of major business partners (especially state-owned enterprises), interviews of associates in political, business and social circles to determine reputation, reviews of legally obtainable corporate, civil and criminal documents, and the review of financial records, if available.
It is important that the company’s enhanced due diligence is conducted in full compliance with local privacy regulations. Local expertise is becoming more critical than ever.
For third parties presenting a moderate risk, an open-source investigation that includes in-depth, online research may be the most appropriate. This is often done by a multi-lingual researcher who analyzes data from online media, including business journals, websites, industry publications, mainstream and local media and other publicly available sources in English and local languages.
For those posing the lowest risk, a global database check that includes a comprehensive search of available sanctions, embargo and watch lists, and databases of politically exposed persons is likely sufficient.
Julie DiMauro is the executive editor of FCPA Blog and can be reached here.