United States: The Foreign Corrupt Practices Act And The New Trump Administration: Your Top Ten Questions Answered

I. INTRODUCTION

Since mid-2000s investigation of Siemens, and the resulting $800 million penalty for violations of the Foreign Corrupt Practices Act (FCPA), the FCPA has been an enforcement priority of the U.S. Government. Although a dip in announced penalties in 2015 led some to wonder whether FCPA enforcement had peaked, questions regarding lagging enforcement attention were answered by a record level of enforcement actions and penalties in 2016.

Yet while enforcement activity has been strong under the Obama administration, criticisms of the FCPA by President Trump have led some to question whether FCPA enforcement will be a key priority of the new administration. To help companies determine the level of resources and attention that should be allocated to anticorruption compliance, this client alert presents the "top ten" questions that every company operating outside the United States should be thinking about, particularly companies dealing in high-risk environments such as China, India, Africa, Latin America, and other countries or regions that rank high on indices of perceived corruption.

This client alert is part of a series of "top ten" articles on the future of key international trade and regulatory issues expected to change under the Trump administration. Previously issued client alerts discuss international trade issues (the future of NAFTA,1 Customs and Border Protection,2 and international trade litigation (including antidumping and countervailing duty actions)),3international investment (the future of the CFIUS review process4and concerns of PE firms), and international regulation (cybersecurity,5white collar enforcement,6 and here, the FCPA). Future client alerts will deal comprehensively with all international trade and regulatory areas where significant change could occur under the new administration.

II. THE TOP TEN FCPA QUESTIONS ANSWERED (OR, WILL ANTI-BRIBERY AND CORRUPTION REALLY BE AS EASY AS "ABC" UNDER THE NEW ADMINISTRATION?)

1. What has President Trump promised?

During the election, President Trump did not discuss the FCPA specifically (although he did introduce a promise at the end of the election that he would "drain the swamp," if elected, a reference to supposed corruption in Washington politics). Prior to the campaign, Mr. Trump expressed skepticism regarding the FCPA in a 2012 interview with CNBC, where Mr. Trump stated that "this country is absolutely crazy" to vigorously prosecute alleged FCPA violations because it puts U.S. businesses at a "huge disadvantage." Mr. Trump concluded that the FCPA is a "horrible law and it should be changed."7

It is not likely that the skepticism of businessman Trump will translate to President Trump pushing for a wholesale overhaul of the law or its revocation. With regard to Mr. Trump's view that the FCPA imposes a disproportionate impact on U.S. companies, the reality is that seven of the ten largest penalties have been imposed on non-U.S. companies. Strong leadership by the United States on corruption has led to a more consistent level of anticorruption laws around the world. With the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions increasingly becoming the benchmark for anti-bribery standards (it has been signed by more than 40 countries), the result has been other countries enacting FCPA-style legislation or enhancing their measures to meet OECD standards. Both OECD and other countries (often at the urging of the United States) are implementing new anticorruption laws and stepping up their enforcement of their laws. For example, the second half of 2016, alone, saw France modernize its anti-corruption enforcement by adopting the Fight Against Corruption and Modernization of Economic Life law (known as Sapin II) in an effort to expand French jurisdiction over worldwide activity for companies that conduct business in France (among other enforcement strengthening). South Korea has also recently implemented a strengthened anticorruption law that prohibits its officials from accepting meals over 30,000 won (around $25) or gifts over 50,000 (around $45), while Brazil has announced a major series of investigations connected with Petrobas.

While it is true that the FCPA formerly put U.S. companies at a disadvantage, with other countries now putting in place their own restrictions on corrupt payments, the bribery-related advantages once enjoyed by companies from other countries have disappeared. This reality, as well as the political imperative that a President elected by promising to "drain the swamp," will not want to be seen as weakening the principal anticorruption law maintained by the United States. With this in mind, it is unlikely that the FCPA or FCPA enforcement will be weakened under the Trump administration.

2. What are recent trends in FCPA enforcement? Will these trends continue?

In determining the likely enforcement priorities of the U.S. government, it is important to consider the nominees for the key positions that oversee FCPA enforcement: the Attorney General (criminal FCPA enforcement) and the head of the Securities & Exchange Commission (SEC) (oversight of the accounting provisions of the FCPA for publicly traded companies).

With regard to the former, Attorney General Sessions has shown general support for the value of anti-bribery laws, having co-sponsored the Public Corruption Prosecution Improvements Act, which would have revised U.S. law to expand prohibitions against bribery, theft of public money, and other government-related public corruption. As analyzed in the Foley Client Alert regarding white collar enforcement, Mr. Sessions is generally viewed as a law-and-order prosecutor who is unlikely to let violations of white collar laws in general, and the FCPA specifically, slide.8

With regard to the SEC, Mr. Trump has nominated Jay Clayton, a partner at Sullivan & Cromwell LLP, to chair the Commission. While Mr. Clayton chaired a committee of the New York City Bar Association that put out a 2011 white paper that concluded that rigorous FCPA enforcement was pushing foreign companies to avoid registering as U.S. issuers and stating that the U.S. government should "dial back the scope of FCPA enforcement with respect to companies," the personal views of Mr. Clayton regarding FCPA enforcement are not known.

The SEC in general, however, has in recent years become a strong co-player with the Department of Justice (DOJ) in enforcing the accounting provisions of the FCPA. Institutional forces related to this increased SEC enforcement will push Mr. Clayton towards continuing the strong enforcement of the FCPA. Enforcement of the FCPA has been strong every year since 2008. Although FCPA settlements in 2015 were down (falling to $133 million), this appears to have been a statistical lull based upon the timing of settlements, what with 2014 featuring the announcement of $1.5 billion in penalties and 2016 announcements soaring to $2.48 billion. The new administration will not want to be seen as significantly falling off this pace.

At both the DOJ and the SEC, there is an institutional inertia that transcends changes at the political level. Both agencies have bulked up through the hiring of attorneys and the dedication of investigation resources - specifically for anticorruption/FCPA investigations. These new and existing attorneys work with special squads of FBI agents devoted to FCPA investigations and work closely with enforcement counterparts in other countries. The hiring of the first DOJ compliance expert, Ms. Hui Chen, also shows a commitment to FCPA enforcement and the evaluation of compliance measures in enforcement actions. By all reports, there is a strong pipeline of cases under current investigation, including the massive investigation of Wal-Mart's potential use of bribes as a business-development tool. Further, with the SEC becoming more aggressive in its penalty assessment, and mining its successful whistleblower program for reports of violations, the table is set for continuing strong FCPA enforcement activity.

Based on all of these reasons, the chances favor continuing strong enforcement of the FCPA at both the DOJ and the SEC.

3. Is Congress likely to change the operation or scope of the FCPA?

There have been calls for Congress to change the operation or scope of the FCPA in recent years. For the most part, these proposals have not been attempts to directly ease the reach of the Act, such as by curtailing the controversial (yet effective) assertion of U.S. jurisdiction over tangential contacts with the United States or the U.S. financial system. The proposals, however, could indirectly cause some weakening of the FCPA (in some cases, by design).

The most commonly advocated changes involve two areas: (1) greater clarity regarding the scope and coverage of the law; and (2) institutionalizing credit to be given to companies that maintain well-functioning compliance programs. These efforts are encapsulated by the FCPA reform agenda advocated by the U.S. Chamber of Commerce. The key elements of that reform proposal are as follows:

  • Allowing for an affirmative defense that would allow the company to rebut the imposition of criminal liability upon a showing that the company maintained a compliance program reasonably designed to prevent FCPA violations.
  • Greater clarity regarding the definition of a "foreign official," to make clear that a government official is one who acts in a governmental capacity, not one who acts in a commercial capacity for a company that happens to be owned by a foreign government.
  • Greater clarity regarding the definition of what an "instrumentality" is, to allow companies to determine whether they are in fact dealing with a government official in their dealings.
  • Greater clarity regarding parent-subsidiary and successor liability.
  • Greater clarity regarding the state of mind (mens rea standard) needed to support a finding of a violation.

Although prospects for significant FCPA weakening are low, some elements of this agenda could find a receptive ground before a pro-business Republican Congress and Republican president. The most likely change would be the introduction of an affirmative defense for effective anticorruption compliance measures. Such a provision would mirror the UK Bribery Act and other anticorruption laws that contain a similar provision to encourage effective compliance.

Less certain is whether Congress will enact "clarifying" changes, given that these clarifications generally would curtail the reach of the Act, such as stating that the law does not apply to employees of state-owned entities. There is a bipartisan interest in not appearing to be soft on corruption, especially with regard to bribes by not-particularly-popular U.S. and foreign multinational corporations. The U.S. Government also has an institutional interest in keeping the key terms of the law vague, as the DOJ has used the ambiguity to push an aggressive view of the breadth of the law. Thus, while judicial review of enforcement actions might provide additional clarity regarding these provisions, it is not likely that Congress will take steps to significantly curtail the reach of the law.

At the same time, it is possible that any efforts to open up the FCPA to amendment could actually lead to a tightening of the FCPA standards in two areas: coverage of commercial bribery and the elimination of the facilitating payments exception. Many non-U.S. laws, such as the UK Bribery Act, cover both types of bribes, making the FCPA's approach somewhat dated.

Regardless of whether these changes occur, companies should be thinking more broadly about corruption compliance best practices, even if they are not explicitly required to comply with the FCPA. Even if the FCPA allows for commercial bribery and for facilitating payments, such actions often violate local law and make for bad compliance decisions. And the U.S. government has other tools, such as the Travel Act and various wire fraud statutes, to reach commercial bribery. As a result, companies should consider broadening their approach from compliance with the FCPA minimums to maintaining broader anticorruption policies, so as to cover all forms of corruption of any size, whether it involves government officials, private persons, facilitating payments, or even the receipt of bribes (kickbacks).

4. The regulatory agencies have a lot of regulations and initiatives in the anticorruption arena. Are these likely to change?

The DOJ and the SEC have undertaken several initiatives in recent years, including the issuance of a joint DOJ/SEC set of guidelines, the implementation of an SEC whistleblower program, SEC regulatory efforts, and the FCPA Pilot Program. In the main, these initiatives were intended to increase enforcement attention and to encourage enhanced FCPA compliance. The main recent regulatory initiatives in the anticorruption space, and prospects for change for each, are as follows:

SEC Whistleblower Program. Although there is pressure to amend the Dodd-Frank program that established this whistleblower regime (as discussed in the Foley Private Equity "Top Ten Questions" alert), the success of the SEC whistleblower program presents institutional pressure to keep it going, regardless of what happens to Dodd-Frank. Since the SEC established a whistleblower program in July of 2010, the SEC program has paid out well in excess of $100 million to whistleblowers, based on the collection of penalties approaching one billion dollars, with much of this activity being in the FCPA realm. The number of tips received annually has grown from 334 in 2011 to 4,218 in 2016.9

The SEC would hate to give up such a successful source of enforcement leads. The SEC placed a vote of confidence in the whistleblower program in several enforcement actions, against such companies as BlueLinx Holdings, Inc. and Health Net, Inc., which imposed severance agreement requirements stating that outgoing employees must waive their rights to any monetary award from the SEC's whistleblower program. Underscoring the importance of the program, the SEC imposed significant penalties for the implementation of these provisions even though there was no finding that the provisions had prevented anyone from reporting a potential violation to the SEC.

As Jane Norberg, Chief of the SEC's Office of the Whistleblower, summarized the SEC's view that the whistleblower program has had a "transformative effect" on SEC enforcement activity.10 The whistleblower program accordingly is likely to survive any changes to the Dodd-Frank Act that initially authorized it. Further, even if the Dodd-Frank authorization were to disappear, the SEC nonetheless might use its inherent regulatory powers to continue a variation of it. It is unlikely Congress would take steps to bar this, given the blowback that such a softening of a well-known anticorruption initiative would create.

FCPA Pilot Program. The FCPA Pilot Program was announced as part of a three-part approach to FCPA enforcement in a memorandum from Andrew Weissmann, the Chief of the DOJ's Fraud Unit. The three initiatives were that: (1) the DOJ would be "intensifying its investigative and prosecutorial efforts by substantially increasing its FCPA law enforcement resources," including a fifty percent increase in the number of FCPA-specialist prosecutors; (2) there would be a "strengthening" of DOJ "coordination with foreign counterparts in the effort to hold corrupt individuals and companies accountable"; and (3) there would be an FCPA "pilot program," which would be a one-year program designed "to promote greater accountability for individuals and companies that engage in corporate crime by motivating companies to voluntarily self-disclose FCPA-related misconduct, fully cooperate with the Fraud Section, and, where appropriate, remediate flaws in their internal control and compliance programs." Consistent with the dictates of the Yates Memorandum, the FCPA Pilot Program is intended in part to hold individuals responsible for FCPA violations. The FCPA Pilot Program also included circumstances where the DOJ could use its discretion to decline prosecution. These declinations can be used only if certain conditions are satisfied, including complete cooperation and disgorgement of profits gained as a result of the bribes paid.

There are several more months during which the FCPA Pilot Program will run. It appears, however, that the Pilot Program has been successful and that it will be renewed or perhaps made permanent.

Yates Memorandum. The Yates Memorandum, among other things, is designed to increase the focus on individual actors in DOJ enforcement actions. With Attorney General Sessions a law-and-order former prosecutor, who, in the past, has expressed support for prosecuting individuals where they are involved in corporate crime, it is unlikely that the DOJ will seek to weaken the provisions of the Yates Memorandum. The Yates Memorandum is discussed more extensively in Foley's White Collar Enforcement client alert.11

Extractive Regulations. In contrast to the initiatives listed above, which are expected to continue in force, the draft extractive regulation rule will not become permanent law. A draft reporting rule issued by the SEC required that oil, natural gas, and mining companies reveal details about payments made to secure the right to extract resources. The extractive reporting rule (Rule 13q-1) required that, for fiscal years ending on or after September 30, 2018, companies in the impacted industries make detailed reports regarding payments made to foreign and domestic governments for the commercial development of oil, natural gas, or minerals.

This rule met fierce political opposition, illustrating the difference between weakening an existing law like the FCPA and creating a new anticorruption requirement that targets a specific group of well-connected companies. Following a Joint Congressional resolution disapproving of the rule pursuant to the Congressional Review Act (which permits Congress, by simple majority, to disprove rules shortly following their adoption), President Trump endorsed the invalidation of the rule. Under the terms of the Congressional Review Act, the SEC is precluded from re-adopting the rule, even though the Dodd-Frank Act required the issuance of a resource extraction disclosure rule.

5. "In addition to these regulatory developments, what areas do you see as being likely new areas of focus under the new administration?"

The U.S. Government is taking an increasingly broad look at potential violations, seeking to punish all related conduct. This is manifested in combined AML and economic sanctions enforcement actions, export controls and economic sanctions actions, and so forth. It is likely the U.S. government will emphasize these types of combined enforcement actions in coming years, including with regard to the FCPA. In the FCPA context, this implies a focus on whether the object of the bribes was itself illegal under other laws.

Companies in bribery investigations should also be aware of the fact that enhanced sharing of information between the U.S. government and foreign governments may not be one way. As foreign governments become increasingly active in their own anti-corruption efforts, the chances that companies will face enforcement actions in multiple countries increase. The previous assumption, which was that only the U.S. government would prosecute bribe-related activity over which it has jurisdiction, has become increasingly tenuous.

6. What can we do to ensure integrity in our business partners or to reassure our own partners that we have vigorous compliance? What about this new ISO 37001 program?

The last decade has seen a number of sources of "best practices" in the realm of anticorruption compliance, including: (1) the FCPA Guidance issued by the DOJ and the SEC, which contains a section titled "Hallmarks of Effective Compliance Programs"; (2) the DOJ's Principles of Prosecution of Business Organizations, which contains a section titled 'Corporate Compliance Programs"; (3) U.S. Sentencing Guidelines, which contain a section titled "Effective Compliance and Ethics Programs"; (4) Attachment C in many recent DOJ FCPA settlement agreements; (5) The UK Bribery Act Guidance issued by the U.K. Ministry of Justice; and (6) the OECD's "Good Practice Guidance on Internal Controls, Ethics, and Compliance." These sources of anticorruption compliance best practices coalesce around sound principles of regulatory risk management, including the necessity for a clear, easy-to-understand compliance program, tailored and repeated training, and regularly audited internal controls.

Yet what these many sources of compliance best practices have not offered is a certifiable standard of anticorruption program benchmarking. This gap was filled on October 15, 2016, when the International Organization for Standardization (ISO) adopted ISO 37001 as a certifiable international "anti-bribery management system."12 While ISO standards are voluntary, in certain areas, such as quality management, its standards have become de facto international benchmarks. The possibility of benchmarking to the standard by third-party certifying parties potentially could make the standard influential – not only with regard to companies seeking ethical partners, but potentially in DOJ and SEC investigations under the new administration as well.13

At this time, it is not certain how impactful the new ISO 37001 standards will be. Initial indications are that the ISO standard may prove most useful in countries that are marked by a high degree of perceived corruption, as they could provide an objective guidepost and assurance of the presence of an audited anticorruption compliance system. Companies operating in such environments may seek certification as a means of gaining a competitive advantage from business partners who want to minimize bribe-related risk.

For many U.S. companies, the receptivity to submitting to an outside ISO audit process will likely turn on how the program is treated in future DOJ and SEC enforcement actions. If it appears that the regulatory agencies are giving extra compliance credit to companies with a certified anticorruption process in place, the program may become coveted by companies at heightened risk of violations. There is precedent for such a result: the DOJ's "Principles of Federal Prosecution of Business Organizations" states that prosecutors should evaluate "the existence and effectiveness of the corporation's pre-existing compliance program" when determining whether to charge a corporation with a crime,"14 while the U.S. Sentencing Guidelines state that prosecutors should consider whether the defendant had an "effective compliance and ethics program" in place.15 The presence of a certified program could help with such requirements.

An additional reason to have ISO 37001 certification applies to companies that are subject to the UK Bribery Act of 2010. For these companies, the certification could prove useful because that Act (unlike the FCPA) provides for an "adequate procedures" defense. Because this defense can only be used if the company can "prove [it] had adequate procedures in place to prevent bribery,"16 the ISO 37001 would enhance the company's ability to argue that it met this standard.

7. Sounds Intriguing. What is required to become ISO 37001 compliant?

The ISO 307001 standards are ones that undergird effective anti-bribery compliance in general. To be certified as ISO 37001-compliant, an organization must develop systems designed to prevent, detect, and deter bribery while also "comply[ing] with anti-bribery laws and voluntary commitments applicable to its activities."17 Any ISO 37001 system must address: (1) bribery of government officials; (2) commercial bribery; (3) bribery in the non-profit sector; (4) both active bribery (outgoing payments) and passive bribery (incoming bribes); and (5) incoming and outgoing indirect bribes through third persons.18

The ISO 37001 standards recognize that effective anticorruption compliance requires the adoption of a risk-based approach – described as a "reasonable and proportionate" approach – which should be based upon periodic risk assessments. Risk assessments should be used to make decisions about the "allocation of anti-bribery compliance personnel, resources and activities."19 Factors companies should consider when determining the breadth of their risk-based compliance response include:

  • The size and structure of the company;
  • The locations and sectors where the company operates or anticipates operating;
  • The nature, scale, and complexity of the company's activities and operations;
  • Entities over which the company has control;
  • The business associates of the company;
  • The ways in which the company interacts with public officials; and
  • Any applicable statutory, regulatory, contractual, or professional obligations or duties, such as arise from medical codes of conduct and so forth.20

In addition to conducting risk assessments, ISO 37001 requires that companies take the following steps:

  • Develop and Maintain Compliance Policies and Internal Controls. "Well-managed organization[s]" are "expected to have compliance polic[ies] supported by appropriate management systems," including "procedures that are designed to prevent the offering, provision or acceptance of gifts, hospitality, donations and similar benefits where the offering, provision or acceptance is, or could reasonably be perceived as, bribery."21 The ISO 37001 Requirements also state that compliance policies and internal controls must be "communicated in appropriate languages" to both employees and relevant third parties.22
  • Training. Companies must provide employees with "adequate and appropriate anti-bribery awareness and training" while also "retaining documented information on the training procedures, the content of the training, and when and to whom it was provided."23
  • Tone at the Top. The "group of people who direct[] and control[] [the] organization at the highest level" should demonstrate commitment to anti-corruption compliance, including by "communicating internally the importance of effective anti-bribery management and of conforming to the anti-bribery management system requirements" and "promoting an appropriate anti-bribery culture within the organization."24 Required support from the top includes such tasks as "approving the organization's anti-bribery policy," "requiring that adequate and appropriate resources ... are allocated and assigned," and "exercising reasonable oversight over the implementation of the organization's anti-bribery management system by top management."25***
  • Risk-Based Due Diligence. Companies should conduct due diligence on "specific transactions, projects, activities, business associates," and company personnel with more than a "low bribery risk."26
  • Contractual and Certification Protections. The ISO 37001 Requirements state that companies should require third parties that "pose more than a low bribery risk" to certify they will "commit to preventing bribery ... in connection with the relevant transaction, project, activity, or relationship."27 These should be backed with termination provisions.28
  • Compliance Commitments from Employees. Companies must "require [their] personnel to comply with the anti-bribery policy and anti-bribery management system, and give the organization the right to discipline personnel in the event of non-compliance."29
  • Implement Internal Controls. Companies must implement both "financial controls" and "non-financial controls" (i.e., "procurement, operational, sales, [and] commercial" measures).30
  • Reporting Channels and Whistleblower Protections. Companies need to establish systems to allow personnel and third parties to "report in good faith or on the basis of a reasonable belief attempted, suspected and actual bribery, or any violation of or weakness in the anti-bribery management system," including through "anonymous reporting" and the maintenance of measures that "prohibit retaliation, and protect those making reports from retaliation."31
  • Documentation. Companies need to document their ISO 37001 activities, with the degree of documentation being based on the size and complexity of the organization and the nature of its activities.32
  • Improvement of Anti-Corruption Controls through Constant Assessment. Companies need to assess and review their anti-bribery compliance systems on an ongoing basis to ensure their "suitability, adequacy and effectiveness."33

One notable difference between the ISO 37001 standards and U.S. law is that the FCPA allows "facilitation payments" while the ISO 37001 standards do not, on the basis that "they are illegal in most locations" (i.e., under local law). Since it is a best practice to make such payments contrary to company policy, this deviation from the strict requirements of the FCPA is not meaningful for most companies.

8. "I am worried about whistleblowers. What can I do to minimize problems in this area?"

As discussed above, the SEC whistleblower program has resulted in numerous FCPA penalties and announced settlements. In addition, with studies showing that most whistleblowers are motivated by reasons other than money (i.e., whistleblowing often occurs because employees are disgruntled or terminated, or because an employee believes internal reporting was not taken seriously), even companies that are not publicly traded should be concerned about whistleblower activity.

Minimizing whistleblower risk, to a large degree, starts with an effective compliance program. An effective compliance program, supported by a culture of compliance where employees are encouraged to speak up and internally report potential violations of law, is the best weapon to prevent external whistleblower activity. The more effective internal handling of compliance lapses is, the less likely external whistleblowing will occur.

Specific compliance measures firms should consider to minimize the risks of external whistleblower activity include:

  • Maintaining a Culture of Compliance

    • Ensuring that there is senior management support for compliance efforts.
    • Hiring and adequately supporting well-trained staff empowered to independently identify misconduct and thoroughly investigate complaints, hire external counsel, and to report findings directly to senior management and relevant board committees/personnel.
    • Ensuring that compliance efforts are adequately funded, based upon a clear and objective evaluation of the regulatory risks facing the organization.
  • Maintaining Effective Policies

    • Maintaining effective anticorruption policies that cover all forms of bribery-related regulatory risk (both for government officials and commercial bribery).
    • Maintaining anti-retaliation compliance policies to ensure that there is no retaliation for whistleblower activity, and that whistleblowers continue to be evaluated solely based on quality of work and not concerns related to whistleblower activities.
  • Maintaining Effective Procedures

    • Implementing procedures to evaluate the significance of claims quickly, determine the priority of investigation, and appropriate follow up based on the potential seriousness of the issue.
    • Creating procedures to ensure that any compliance lapses are remedied, such that issues identified as a result of whistleblower activity (or that are otherwise discovered) are not repeated.
    • Maintaining procedures to document all claims received, how they were handled, and their resolution, tracking all complaints from initial report to ultimate resolution.
    • Maintaining procedures to report back to whistleblowers regarding how their claims were handled while sanitizing the report of any confidential data.
    • Maintaining procedures for determining when outside investigative resources, including law firms and forensic specialists, need to be brought onto investigations.
    • Implementing special procedures related to the handling of complaints related to senior management, board of directors, audit committee members, and compliance committee members.
    • Drafting procedures to ensure confidential treatment of materials related to internal investigations, including procedures designed to preserve attorney-client communication and attorney work product privileges
  • Encouraging Effective Reporting

    • Creating multiple ways to report potential misconduct, including independent 24-hour telephone hotlines with multiple language capability, web-based reporting, and email.
    • Creating ways for external compliance stakeholders to report misconduct.
    • Creating pre-existing procedures regarding how to properly engage whistleblowers, investigate allegations of misconduct, and otherwise manage whistleblowers.
  • Encouraging Effective Follow up

    • Properly documenting the results of investigations, including the persons involved, the allegations, how they were investigated, and any remedial measures adopted in response.

9. "My firm acquires a lot of companies. What can I do to prevent purchasing potential FCPA violations?"

Liability for FCPA issues can effectively be purchased, as changes in corporate structures or control do not eliminate FCPA liability. The FCPA Resource Guide provides for the following tips to minimize risks (which are equally applicable to any high-risk legal regime):

  • Conduct thorough risk-based due diligence.
  • Ensure the acquiring company applies its code of conduct and compliance policies to the target as quickly as possible, or otherwise ensures that strong compliance is in place soon after the acquisition is complete.
  • Train the directors, officers, and employees of newly acquired businesses or merged entities regarding high-risk regulations and risks of its business model (which hopefully were identified as part of a searching due diligence inquiry prior to acquisition); consider training agents and business partners where the risk is high.
  • Conduct a compliance audit of all newly acquired or merged businesses as quickly as practicable.
  • Consider disclosing any issues discovered as part of the due diligence or post-acquisition compliance implementation to relevant regulatory authorities.34

As can be seen, the recommendations center on the conduct of effective due diligence and the implementation of learnings found in that due diligence after the acquisition. The role of due diligence in this process cannot be overstated, as effective due diligence actually has seven rationales: (1) to determine the risk of the acquisition; (2) to ensure proper valuation of the acquired company; (3) to determine the potential liability for violations; (4) to minimize unexpected surprises; (5) to minimize liability for past conduct; (6) to identify future compliance issues; and (7) to assist in post-acquisition planning.

To avoid unpleasant surprises, the following are the general topics the due diligence inquiry should address:

  • Evaluating the risk profile of the target including, with regard to its industry, countries of sales and operation, the use of third parties/consultants/joint ventures, and so forth.
  • Evaluating the structure of the target's operations, including its customer base, its non-U.S. operations and the countries in which it operates, sells, and to which it exports.
  • Determining how the target conducts business with third parties, what due diligence has been performed on them, and to what extent the target's business relies on agents or distributors.
  • Determining the rigor of the target's recordkeeping and accounting procedures.
  • Determining whether the target has appropriate compliance and training procedures.
  • Determining whether the target conducts periodic reviews and certifications of its third-party intermediaries and whether the target has contractual provisions which allow termination based upon suspected legal violations.
  • Determining whether the target has procedures to help identify red flags for high-risk areas (FCPA, export controls, sanctions, AML, and antitrust/fair competition, among others) with appropriate follow up.
  • Determining whether the target has been the subject of any investigation by any government that potentially could lead to significant risk and penalty exposure under legal regimes of concern.
  • Determining whether the target's compliance structure is appropriate, including with regard to compliance resources located outside of headquarters, and whether it is run, in an independent fashion, by a senior management-level employee who is backed with appropriate resources.
  • Determining whether the target conducts periodic internal compliance assessments and compliance audits and follows up on identified compliance gaps with compliance improvements to identify known compliance issues.

A basic understanding of the operations of the target is required, which is determined by requesting:

Basic Background Information

  • A list of countries where the target conducts business.
  • A list of countries where the target has sold directly or indirectly to foreign governments.
  • A list of companies that the target does business with that is owned by a foreign government.
  • Estimates of what percentage of the target's business depends upon dealings with foreign governments and state-owned entities.
  • Copies of all contracts for purchases by, or sales to, state-owned entities and details regarding how these contracts were negotiated.
  • A list of any joint ventures or other arrangements with state-owned entities.
  • A list of any business relationships with government officials.

Compliance and Training

Information regarding the target's training and compliance measures provides a window into the culture of the target. Discovering this type of information is accomplished by requesting the following information:

  • A description of the target's anti-bribery compliance program and all its elements including training.
  • A copy of any materials provided to employees as part of their anti-bribery training.
  • A description and contents of any third-party FCPA compliance training.
  • A list of all red flags uncovered through the operation of the target's anti-bribery compliance program.

Agents and Third Parties

Third parties cause many FCPA problems. To minimize this risk, the acquirer should seek information regarding:

  • Whether the target has hired any foreign officials as agents or in any other role, and whether any of these relationships are ongoing.
  • The due diligence procedures relating to the hiring of agents, the results of any due diligence performed, and a description of how any red flags discovered during the hiring of agents were addressed.
  • Any contracts with agents or other third parties including certifications of FCPA compliance.
  • Any past or present relationships between foreign officials and any agents hired by, or acting on behalf of, the target.
  • The services provided by any agents, the total compensation paid in relation to those services and the basis for establishing the compensation.
  • Any payments made to foreign officials for any reason including visits to conferences, trips and entertainment.
  • The procedures used to reimburse agents for entertainment of foreign officials.
  • Any hiring by the target of government officials as agents, consultants or in any other business capacity.
  • Any documents relating to the suspension of payments to agents or other third-party representatives, including information pertaining to the red flags that led to the suspension.

Dealing With Potential FCPA Issues

Where it appears that the target has paid bribes, there are a number of tough questions for the acquiring company to ask itself before proceeding. These include:

  • Is the conduct over? Are there likely other bribery situations that have not yet been discovered?
  • Will continuing bribes be required to maintain the acquired company's business? Will ending the bribes significantly impact the target's business?
  • If it appears that the acquirer will need to terminate personnel who were involved in the bribery, how important are these personnel to the operation of the target's business? If they are demoted or dismissed, what is the impact on the business of the target?
  • Where it appears that third-party agents, consultants, representatives, distributors, joint venture partners and other business partners are involved, what will be the impact of reforming or ending relationships with those parties?
  • Where past bribes have been paid, does it appear that disbarment risks are raised such as the potential loss of government contracts or export licenses?
  • How will accounting and disclosure issues be dealt with after the closing?
  • Does the price for the target need to be adjusted in light of not only the known corrupt activities, but also those whose discovery might not occur until after closing? Is the possibility of future discoveries taken care of in the sale agreement, including the potential expense of investigations, voided contracts, lost business or other potential problems?
  • Is there the potential for shareholder class action or derivative suits?

Because due diligence is never perfect, acquirers need to consider protections in the event that potential violations are not discovered through the conduct of the due diligence. Contractual safeguards help reduce exposure to FCPA risks.

The scope of the representations and warranties should be negotiated to protect the acquirer against any wrongdoing committed not only by the target company, but also by its agents, its subsidiaries and affiliates, and perhaps even its existing shareholders. To the extent specific risks are identified during the due diligence phase, representations and warranties can be tailored to target identified risks.

In addition, indemnification mechanisms also can provide important protections if there are losses following completion of the transaction. Material adverse changes and conditions precedent clauses also can enable acquirers to abandon transactions where corrupt activities are identified before the transaction has been completed. If corrupt activities occur or are suspected during the transaction or before the closing, the acquirer should have the ability to pull out from the transaction or to carve out the affected portion of the business.

Ultimately, the steps taken to mitigate compliance risks need to be tailored to address the specific risks of the transaction, which is why effective due diligence is important. Conducting comprehensive due diligence before committing to a deal, particularly for targets operating in high-risk jurisdictions, is an important protection from the high-risk FCPA enforcement environment.

10. "Compliance sounds complicated! Has anyone ever thought of putting together a twelve-step program to provide guideposts for an effective risk mitigation?"

The author of this client alert has an international compliance guide that includes just such a twelve-step program; a copy is available by request.35 The headlines of this twelve-step program are as follows:

  • Step 1: Secure Buy-In at the Top. This includes not only taking steps to secure the appropriate "tone at the top" and support for compliance efforts, but also securing adequate resources to support compliance efforts.
  • Step 2: Perform a Risk Assessment. The second step for most organization is to perform a risk assessment (a survey of the company's operations to determine the exposure of the organization to various forms of regulatory risk, considering both the likelihood and severity of possible violations and the current enforcement priorities of the relevant authority). Once the risk assessment is complete, the results should be carefully evaluated to determine where the areas of greatest compliance concern lie through the preparation of a company-wide risk profile, which can guide the allocation of compliance resources.
  • Step 3: Survey Current Controls Step 3 involves surveying current compliance procedures and internal controls to determine whether the compliance measures in place properly cover the circumstances that may put the organization at risk of violations.
  • Step 4: Identify Available Resources. After an inventory of compliance procedures in place has occurred, a key next step is to ensure the organization has not fallen into the classic compliance trap of over-promising and under-delivering by imposing compliance requirements and then failing to implement them. To avoid these and other promise-resource mismatches, the company should, with a clear and open mind, compare its identified risk profile with the inventory of current policies and internal controls to determine whether there are any gaps between the two. Funding adequate to cover all necessary compliance efforts should be in place and, if not, should become a funding priority.
  • Step 5: Assess Local Oversight. The state of compliance as envisioned at corporate headquarters, and the actual state of compliance, as implemented in the field, diverges far too often. It is often necessary, at least in larger companies, to set up a compliance infrastructure that includes compliance liaisons and various local resources that can ensure effective implementation of compliance dictates. These resources also can be invaluable in identifying compliance lapses before they grow and become a large problem.
  • Step 6: Create a Written Compliance Policy. It is an unfortunate fact that Step 6—the drafting of the compliance manual—is often Step 1 for many companies. But there is considerable groundwork to cover before the organization should begin the actual drafting of the compliance manual, including the performance of a risk assessment and establishment of the culture of compliance. The written manual should accurately summarize the regulations, using plain language that employees without legal training can readily follow. The focus should be on readability and tailoring the policy to the risk and business profile of the company, not trying to cover every nuance of the legal regime at issue.
  • Step 7: Establish Internal Controls. Although internal controls (called standard operating procedures at some companies) are one of the three pillars of compliance (along with the written policy and training), they often are the most neglected. But internal controls provide procedures that are essential to implement the dictates of the compliance program. Systematizing compliance through internal controls also gives the company the ability to audit compliance and determine how effective the procedures actually are.
  • Step 8: Training, Training, Training. The basic task of training is to ensure, in conjunction with a well-written compliance program and appropriate internal controls, that employees and agents have sufficient knowledge to recognize red flags and other problematic situations, and understand what they need to do to comply with regulations and company policy. The goal is not to create legal experts all across the company; rather, it is to sensitize people to the law so they know when to seek counsel from the appropriate compliance or legal personnel. No compliance regime will be successful unless the appropriate individuals are identified and trained regarding the company's compliance efforts and the operation of its compliance program.
  • Step 9: Integrate Outsiders. Outsiders—third parties who act (or could be construed as acting) for the organization—are often a key source of risk. Companies accordingly should take steps to ensure that outsiders acting on their behalf are trained in the key compliance requirements, whether through the imposition of an obligation of the outside actor to receive training or through direct integration of the outsider into the company's compliance program.
  • Step 10: Auditing and Checkups. It is difficult to have a strong compliance program unless it is regularly tested and probed, with the results analyzed to come up with compliance improvement action items. As companies realize the dangers of letting their compliance program run on auto-pilot, it has become common for companies to use risk-based auditing principles to determine the countries, divisions, subsidiaries, and third parties who should be monitored through audits and compliance check-ups. Companies that do so reap considerable compliance dividends.
  • Step 11: Monitor Red Flags. The identification of red flags and ensuring appropriate follow-up are the keystones to a well-functioning compliance system. One of the most important tasks when implementing international compliance, accordingly, is to train relevant stakeholders regarding the transactions and conduct that are suspicious given the regulatory requirements.
  • Step 12: Communicate with Board & Senior Management. In corporations that set the proper compliance tone, board-level involvement is regular and institutionalized. The key areas for board-level involvement include thorough oversight of compliance initiatives, quarterly reports of compliance activities, and special communications for potentially serious matters. Compliance conversations with senior management should be routine and compliance counsel consistently heeded.

III. CONCLUSION

The international climate for U.S.-based multinational companies and non-U.S. based companies that sell into the United States has never been more uncertain. This client alert is the seventh of a series of Articles that is being prepared to help companies navigate the uncertain international trade and regulatory environment. Future "Ten Question" articles related to the transition to a new Administration already cover international trade issues (NAFTA, International Trade (antidumping and countervailing duty) actions, and Customs); international investment (changes in how the Committee of Foreign Investment in the United States (CFIUS) evaluates investment in the United States, concerns of PE firms); and international regulatory issues (cybersecurity, white collar enforcement and, here, the FCPA). Future client alerts will cover the Office of Foreign Asset Controls (OFAC economic sanctions) and Export Controls and anti-money laundering.

Footnotes

1. See Gregory Husisian and Robert Huey, "NAFTA and the Trump Administration: Your Top Ten Questions Answered," https://www.foley.com/nafta-and-the-new-trump-administration-12-01-2016/

2. See Gregory Husisian and Robert Huey, "U.S. Customs and the Trump Administration: Your Top Ten Questions Answered," https://www.foley.com/us-customs-and-the-new-trump-administration-your-top-ten-questions-answered-02-07-2017/

3. See Gregory Husisian and Robert Huey, "International Trade Litigation and the Trump Administration: Your Top Ten Questions Answered," https://www.foley.com/international-trade-litigation-and-the-new-trump-administration-your-top-ten-questions-answered-01-06-2017/.

4. See Gregory Husisian, "CFIUS and the New Trump Administration: Your Top Ten Questions Answered," https://www.foley.com/cfius-and-the-new-trump-administration-your-top-ten-questions-answered-01-25-2017/.

5. See Gregory Husisian, Chanley Howell, and Jacob Heller, "Cybersecurity and the new Trump Administration: Your Top Ten Questions Answered," https://www.foley.com/cybersecurity-and-the-new-trump-administration-your-top-ten-questions-answered-04-27-2017/.

6. See Scott Fredericksen and Gregory Husisian, "White Collar Enforcement and the New Trump Administration: Your Top Ten Questions Answered," https://www.foley.com/white-collar-enforcement-and-the-new-trump-administration-your-top-ten-questions-answered-02-09-2017/.

7. See FCPA Professor, "The FCPA is a Horrible Law and It Should be Changed," available at http://fcpaprofessor.com/donald-trump-the-fcpa-is-a-horrible-law-and-it-should-be-changed/.

8. See Scott Fredericksen and Gregory Husisian, "White Collar Enforcement and the New Trump Administration: Your Top Ten Questions Answered," https://www.foley.com/white-collar-enforcement-and-the-new-trump-administration-your-top-ten-questions-answered-02-09-2017/.

9. See 2016 Annual Report to Congress on the Dodd-Frank Whistleblower Program.

10. See 2016 Annual Report to Congress on the Dodd-Frank Whistleblower Program.

11. See Scott Fredericksen and Gregory Husisian, "White Collar Enforcement and the New Trump Administration: Your Top Ten Questions Answered," https://www.foley.com/white-collar-enforcement-and-the-new-trump-administration-your-top-ten-questions-answered-02-09-2017/.

12. See "ISO 37001:2016, Anti-bribery management systems – Requirements with guidance for use," http://www.iso.org/iso/catalogue_detail?csnumber=65034 ("ISO 37001 Requirements").

13. Although the ISO had previously issued anticorruption compliance in ISO 19600, that Type B standard provided only guidance for companies to consider in their anticorruption efforts. The ISO 37001 Requirements are a Type A standard, which means that contain objective criteria designed to allow independent auditors to render determinations regarding the fealty of a company to the new ISO standards.

14. US Dep't of Justice, §§ 9-28.300, 9-28.800, https://www.justice.gov/usam/usam-9-28000-principles-federal-prosecution-business-organizations.

15. U.S. Sentencing Guidelines, § 8B2.1

16. UK Ministry of Justice, The Bribery Act 2010: Guidance 6 (Mar. 2011), https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/181762/bribery-act-2010-guidance.pdf.

17. ISO 37001 Requirements at Introduction.

18. ISO 37001 Requirements § 1.

19. ISO 37001 Requirements, Annex, § A.4.1.

20. ISO 37001 Requirements, § 4.4.

21. ISO 37001 Requirements, Introduction and § 8.7.

22. ISO 37001 Requirements § 5.2.

23. ISO 37001 Requirements § 7.3.

24. ISO 37001 Requirements § 5.1.2.

25. ISO 37001 Requirements § 5.1.1.

26. ISO 37001 Requirements, Annex, § A.10.3.

27. ISO 37001 Requirements § 8.6.

28. ISO 37001 Requirements § 8.6.

29. ISO 37001 Requirements § 7.2.2.1.

30. ISO 37001 Requirements § 8.4.

31. ISO 37001 Requirements § 8.9.

32. ISO 37001 Requirements § 7.5.1.

33. ISO 37001 Requirements § 10.2.

34. FCPA Resource Guide at 29.

35. Please contact Gregory Husisian at +1 202.945.6149 or ghusisian@foley.com to receive a copy.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Registration
Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:
  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.
  • Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.
    If you do not want us to provide your name and email address you may opt out by clicking here
    If you do not wish to receive any future announcements of products and services offered by Mondaq you may opt out by clicking here

    Terms & Conditions and Privacy Statement

    Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

    Use of www.mondaq.com

    You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

    Disclaimer

    Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

    The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

    Registration

    Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

    • To allow you to personalize the Mondaq websites you are visiting.
    • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
    • To produce demographic feedback for our information providers who provide information free for your use.

    Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

    Information Collection and Use

    We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

    We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

    Mondaq News Alerts

    In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

    Cookies

    A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

    Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

    Log Files

    We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

    Links

    This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

    Surveys & Contests

    From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

    Mail-A-Friend

    If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

    Emails

    From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

    *** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .

    Security

    This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

    Correcting/Updating Personal Information

    If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

    Notification of Changes

    If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

    How to contact Mondaq

    You can contact us with comments or queries at enquiries@mondaq.com.

    If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.

    By clicking Register you state you have read and agree to our Terms and Conditions