The Focus on Compliance and Ethical Conduct

Bribery Is Illegal Everywhere Corruption is Not an Acceptable Business Model Cultural Norms are NOT an Excuse

Intergovernmental Compliance Initiatives 3

A Sharpened Focus on Anti-Corruption "As President Obama has said, 'The struggle against corruption is one of the great struggles of our time'... Corruption is, simply put, a scourge on civil society. We must vigorously enforce our own laws that prohibit bribery... And we must work together to support our partners in anti-corruption enforcement." - Eric Holder, U.S. Attorney General (2009)

FCPA As An Example The FCPA is composed of two parts: The Anti-Bribery Provision prohibits the offer, authorization, promise or payment of anything of value to a foreign official, international organization official, political party, party official, or candidate for public office in order to obtain or retain business. It applies to issuers, domestic concerns, or persons acting within the U.S. The Accounting Provision only applies to companies issuing securities registered on U.S. stock exchanges and includes the following two provisions: The Books and Records Provision requires issuers to accurately record transactions in reasonable detail. The Internal Controls Provision requires public companies to maintain a system of internal policies and procedures sufficient to provide reasonable assurances that transactions are executed and recorded according to appropriate standards and under management’s specific or general authorization.

Anti-Corruption Enforcement Penalties, Sanctions and Remedies Available Self-Reporting and Cooperation with the SEC and DOJ FCPA Compliance Monitoring Programs Strong compliance emphasis through Corporate Governance

Current Enforcement Efforts In 2016, 27 companies paid about $2.48 billion to resolve FCPA cases (FCPA Blog) SEC and DOJ continued focus on prosecution of individuals; 10 pleaded guilty in 2016 Two "Declinations with Disgorgement" in 2016 (HMT LLC and NCH Corp.) China, Canada, Germany, Spain and other EU countries are increasing enforcement 81 companies have public disclosures regarding ongoing or unresolved FCPA investigations (FCPA Blog) FCPA "Books and Records" prosecutions becoming more prevalent

Government Proceedings Source: Stanford Law School

Business And Compliance Programs

Good Ethics and Compliance Hallmarks of an effective program: Management commitment and a clearly articulated policy against corruption Code of conduct Compliance policies and procedures Oversight, autonomy and resources Risk-based assessment (not “one-size-fits-all”) Training and continuing advice Incentives and disciplinary measures Third party due diligence Confidential reporting and internal investigation Continuous improvement through periodic testing and review

Policies & Procedures Understandable Use of scenarios & examples Well defined terms Consistently applied Communicated broadly Updated 11

Corporate Messaging Around Corruption Strong "Tone-at-the-Top" Strong "Tone-in-the-Middle" Supportive Management Communicate Values Cultural Norm of Compliance Reinforced Enforced Equally 12

Training & Awareness Use Multiple Methods of Delivery Conduct Annually Use Case Studies Use of Games and Other Interactive Tools Focus Training on Level of Risk Stress Compliance as an Integral Part of How the Company does Business Third-party Training Record Attendance 13

Reporting & Response Mechanisms for reporting policy violations or other misconduct Reinforce "doing the right thing" Whistle-blowing protection, confidential reporting Guidelines for prompt resolution — have a plan in place Independent/objective response to concerns Investigation by trained/competent personnel 14

Communication LA Communication Educating employees and senior management on policy violations Updates on policy revisions Reinforce importance of doing the right thing and consequences for violating company policy Revised training materials Report success of program 15

Importance of Attorney-Client Privilege and Work Product Provides company with the ability to fully assess whether allegation or issue is supported by facts before reporting to Government and/or external auditors: Not an attempt to hide information If not privileged or if privilege is waived, company loses control over information: Misleading or false information could enter public domain and irrevocably harm the company and the individuals involved. 16

Key Considerations To Protect Privilege In An Audit Context Applicability of the privilege to an audit may turn on whether the audit's principal purpose is to assist counsel in providing legal advice. Work product protection may turn on whether materials associated with the audit were prepared with an eye toward litigation. Be careful about the role of accountants: Use of auditors can result in waiver. 17

Lessons Learned Get the Lawyers and Internal Auditors talking early Clearly define the role and expectations of all team members Clearly define the purpose of the audit and how it differs from a traditional financial audit Explore all technology options to assist the audit Fully understand the facility operations before going on-site Build enough time into schedule for report writing and remediation Carefully track and document remediation Be prepared to find (and not find) issues Communication with management and facilities is critical to success 18