Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries
Current Compliance Environment • Ever-intensifying regulatory burden new areas of regulation existing regulations becoming more complex Global issue – more countries jumping on board • Consequences of infringement: unforgiving • Step back – look at compliance obligations and compare against benchmarking 2
Choices • Corporate Counsel and boards need to make a number of important choices, e.g.: program scope and how intrusive? balance investment cost –v- level of risk tolerance (80:20 rule) effective communication of senior management buy-in • No two firms are identical – no single blueprint for achieving corporate compliance importance of benchmarking 3
Compliance solutions • Compliance tool-kit – building blocks to a culture of compliance corporate compliance policies and programs training for boards, executives and staff protocols – record-keeping audits and assessments • More innovative solutions? e.g. compliance can be revenue generating: antitrust; trade; market access 4
Global Compliance Survey Background • Together, Squire Sanders and Datacert ™ decided to undertake a Global Compliance Survey • Purpose Respond to requests from clients and Generals of the Revolution ™ participants To make available benchmark data about compliance programs, challenges, and tools To solicit input and ideas within the compliance community about how to build, measure and improve the effectiveness of global compliance programs 5
Who are the participants? • 88 Participants • Average Annual Revenue = $11.75 Billion 6
Where do they do business? . 7
Does your organization have a dedicated compliance officer or resource? 8
What percentage of your compliance needs emanate from outside your primary HQ country? 9
2012 Expectations 10
Many Challenges on Many Fronts • Compliance professionals must remain vigilant on many fronts, and many turn to outside providers for certain aspects of their compliance programs 11
Measuring Success • Centrally tracking all information related to compliance is critical to success and satisfaction • The next two graphs show us: There is much room for improvement In a cross-reference, we find that those who do have strong tracking are significantly more satisfied with their compliance programs overall 12
Tracking Compliance 13
Are you happy with your current compliance program? 14
Survey – Key Findings Recap • Participants expect both their domestic and global compliance challenges to rise. • No one area of compliance stands out as the greatest challenge, suggesting that compliance professionals must spread their attention across many fronts • Having a process and technology platform for centrally tracking all compliance-related information emerges as both a critical success factor and an area needing improvement 15
Conclusions and Insight • Global compliance: a journey not a destination • The combination of good compliance programs and technology leads to the highest level of satisfaction • Benchmarking and cross-fertiliz(s)ation of compliance strategies – to stay ahead of the game • We hope this survey and the dialogue it generates will be a spur to further discussion 16
Questions? Pat Cornelius E pat.cornelius@squiresanders.com T +1 614 365 2781 M +1 614 209 9855 Don Hughes E don.hughes@squiresanders.com T +1 614 365 2734 M +1 614 563 7488 Colin Jennings E colin.jennings@squiresanders.com T +1 216 479 8420 M +1 440 668 5032 17
Corporate Compliance: A Global Perspective Pat Cornelius, Squire Sanders LLP • General Practices in Compliance and Enterprise Risk Management • General Principles Behind A Compliance Program Legal Compliance Risk Management – Reduce Risk of Noncompliance – Reduce Operational/Business Risks of Noncompliance – Reduce Legal Risks of Noncompliance Reputational Impacts 18
Corporate Compliance: A Global Perspective • What is the Approach What is the Current “State of Play” Discuss What is Needed (Create, Overhaul, Update, Supplement) Identify Highest Risk Areas (Based on Operations and Enforcement Activities) Focus Resources on Areas of Greatest Risk or Greatest Opportunity Put Together a Coordinated Team 19
Corporate Compliance: A Global Perspective • Cross Border/Extraterritoriality Issues One compliance program for Entire Organization? Separate Plans For Different Jurisdictions? Combination? Global (common) rules and local rules/interpretations – seek to achieve consistency where possible and if not possible, identify and manage instances of divergence (lowest common denominator) 20
Corporate Compliance: A Global Perspective Dan Roules, Squire Sanders LLP What are the key components of an effective anti-bribery • compliance program for China and how should such programs be different in China from elsewhere in the world? How does one go about training and monitoring the • performance of one’s own employees in China? 21
Corporate Compliance: A Global Perspective • Given the recent surges in M&A and commercial sales in China, what resources and procedures are recommended for due diligence on Chinese counterparts, whether acquisition targets, JV partners, or agents or distributors? • How to deal with the "State secrets" issue, where there are no clear definitions and Chinese authorities interpret the law broadly. 22
Corporate Compliance: A Global Perspective Rob Elvin, Squire Sanders LLP • Anti-bribery Compliance, a New Concept for the UK? • The Bones of the Bribery Act. • What is it that Makes the Act Troublesome for Global Companies. • What Compliance Solutions are Global Companies Using. 23
Corporate Compliance: A Global Perspective Ann LaFrance, Squire Sanders LLP International Data Protection & Privacy • EU Data Protection Regime • EU Data Protection and e-Privacy Principles • Comparison to US approach • Applicability to Cloud Computing services • The Cloud in Europe • E-Privacy Directive – Cookies • Proposed Overhaul of EU Data Protection Regime • Questions? 24
EU Data Protection Regime Article 8 of the Charter of Fundamental Rights of the EU expressly recognises that all citizens of the EU have a fundamental right to privacy. Data Protection Directive 1995 • Establishes the baseline rules on how data is processed (including how it is obtained, recorded, used, disclosed, erased). • Each EU Member State has implemented the directive with a national flavor, and there are some significant substantive and procedural differences among Member States within the EU. Privacy and Electronic Communications Directive 2002 (e-Privacy Directive) • Data breach notification (comms providers) • Enforcement mechanisms/audits (comms providers) • Cookies (all) 25
EU Data Protection and e-Privacy Principles Core data protection principles that must be respected by “data importers” (i.e. individuals/legal entities outside the EEA): 1. Justification for processing and purpose limitation – data must only be used for specified and permitted purposes Data quality and proportionality - data must be accurate, up-to-date, adequate and 2. relevant 3. Transparency – data subjects must be provided with information necessary to ensure fair processing Security and confidentiality – measures appropriate to risk must be taken and 4. written commitments obtained from third party processors 5. Rights of access, rectification, deletion and objection – generally data subjects must have such rights in relation to their personal information held by an organisation 6. Sensitive data – additional measures should be taken to protect such data Data used for marketing purposes – effective ‘opt-out’ procedures should be in 7. place 8. Automated decisions about individuals – can only be made in limited circumstances and individual rights must be protected 26
Comparison to US approach • In contrast to US practice, protection of personal data is the rule and not the exception in the EU. • Horizontal versus vertical approach to regulation. • In the EU, individuals are generally viewed as having the right to be informed of whether and how data about them is collected, processed and transferred, including in the workplace. In some cases, their explicit consent is required. • The EU prohibits the exportation of EU personal data to points outside the EU (and this includes remote access to EU personal data from points outside the EU), unless specified conditions are met. • Exportation of personal data within a corporate group or partnership is caught by the prohibition/required conditions. • EU Member States interpret/enforce the EU Directives differently. 27
Recommend
More recommend