As previously reported, on November 26, 2021, the Organisation for Economic Co-operation and Development (OECD) Council issued a Recommendation for Further Combating Bribery of Foreign Public Officials in International Business Transactions (the “2021 Recommendation”).[1] Our blog post earlier this week reviewed key aspects of the 2021 Recommendation that are directed towards government action. This alert focuses on those aspects of the 2021 Recommendation relating to corporate compliance programs, in particular the updated Good Practice Guidance on Internal Controls, Ethics and Compliance found in Annex II to the 2021 Recommendation. Historically, the OECD’s guidance regarding corporate compliance has been highly influential with OECD member countries. Given that history, and the ever-increasing convergence of compliance standards around the globe, the 2021 Recommendation similarly could have a significant impact and influence, particularly on countries other than the US.
Important Compliance-Related Aspects of the 2021 Recommendation
The 2021 Recommendation contains several provisions that are of importance to corporate compliance efforts, as our earlier alert noted.
- First, it calls for member countries to incentivize the development of compliance programs, both in the enforcement context, and when companies seek to participate in government procurement or receive other public advantages.
- Second, it calls for leveling the playing field between state-owned enterprises and private firms, by making the former subject to the same compliance expectations and standards as the latter.
- Third, it calls for countries to remove obstacles to effective due diligence and other compliance practices presented by data protection regimes.
- Fourth, it emphasizes accounting standards and internal audit.
- Fifth, it seeks to encourage whistleblower protection and reporting.
- Sixth and finally, it enhances and updates the OECD’s guidance on internal controls, ethics and compliance, guidance that influences the standards imposed by the United States and other enforcement authorities in countries that participate in the OECD, and are party to the Anti-Bribery Convention.
Below we review Annex II, containing the updated guidance,[2] in detail, comparing it to the compliance requirements typically imposed by the US Department of Justice (DOJ) on companies in the context of negotiated resolutions. Annex II is not legally binding; rather, it is a guidance document. Nonetheless, the earlier guidance was highly influential and has contributed to the increasing global convergence of anti-corruption compliance standards.
Annex II: Good Practice Guidance on Internal Controls, Ethics, and Compliance
Annex II, Good Practice Guidance on Internal Controls, Ethics and Compliance, is directed both to companies (Section A) and their business organizations and professional associations (Section B), which the 2021 Recommendation notes “play an essential role” in compliance efforts.
Updates in Annex II include completely new elements as well as progressive developments. Elements of an anti-bribery compliance program set forth in Annex II, as updated, share more similarities than differences with the FCPA enforcement authorities’ requirements for an effective anti-corruption compliance program, e.g., those set forth in the DOJ’s standard compliance annex in DPAs. The chart, below, summarizes the notable developments in Annex II to the 2021 Recommendation, along with a comparison to the DOJ’s standard compliance annex in DPAs.
| Elements | Notable Developments in Annex II | Comparison with DOJ’s Standard Compliance Annex |
| Commitment to Compliance | A.1: clarifies that there should be support and commitment from the board of directors or equivalent governing body (in addition to senior management), with a view to implementing a culture of ethics and compliance.
A.16: creates a new expectation of “external communication” of the company’s commitment to compliance (separate from communication to business partners). |
The DOJ’s standard compliance annex also requires commitment by middle management, to ensure that “middle management reinforce those [compliance] standards and encourage employees to abide by them.”
The DOJ’s standard compliance annex does not have the external communication requirement separate from communication to business partners. |
| Policies and Procedures | A.2: clarifies that companies’ anti-bribery policies should be “easily accessible” to all employees, relevant third parties, foreign subsidiaries, and should be “translated” if necessary.
A.5: expands the list of areas that compliance policies and procedures need to address to also include: conflicts of interest; hiring processes; risks associated with the use of intermediaries; and, where relevant, processes for response to public calls for tender. |
The DOJ’s standard compliance annex requires policies and procedures to be visible. The DOJ’s guidance on the Evaluation of Corporate Compliance Programs, updated in June 2020 (the “2020 Guidance), makes it clear that accessibility is one of the factors that prosecutors consider when evaluating policies and procedures.
The DOJ’s standard compliance annex contains a similar but shorter list of areas to address, without those added in A.5 of Annex II, but it requires policies and procedures to be risk-based to address the individual circumstances facing a company. |
| Proper Oversight and Autonomy | A.4: clarifies that compliance officers responsible for the oversight of compliance programs need to have an adequate level of experience and qualification, as well as “access to relevant sources of data.” | The DOJ’s standard compliance annex contains a similar requirement that compliance and control personnel have “sufficient direct or indirect access to relevant sources of data,” and the 2020 Guidance makes it clear that compliance personnel’s experience and qualifications are among the factors that prosecutors consider when evaluating compliance personnel’s autonomy and resources. |
| Third-Party Relationships | A.6: (1) emphasizes “continued” oversight of business partners throughout the business relationship; (2) adds a new element regarding mechanisms to ensure that the contract terms, where appropriate, specifically describe the services to be performed, that the payment terms are appropriate, that the described contractual work is performed, and that compensation is commensurate with the services performed; (3) adds a new element regarding, where appropriate, ensuring the company’s audit rights and exercising those rights; and (4) adds a new element regarding providing for adequate mechanisms to address incidents of foreign bribery by business partners (e.g., contractual termination rights). | None of these are new to the DOJ’s standard compliance annex. Regarding mechanisms to address incidents of foreign bribery by business partners, the DOJ’s standard compliance annex also specifies that agreements with third parties should include, where necessary and appropriate, anti-corruption representations and undertakings relating to compliance with anti-corruption laws. |
| Internal Reporting, Investigation, and Remediation | A.13: clarifies that internal reporting mechanisms should be confidential, and where appropriate, anonymous, and provide “visible, accessible, and diversified channels” for reporting.
A.8: adds a new element regarding using internal controls to “identify patterns indicative of foreign bribery,” including, as appropriate, by “applying innovative technologies.”
A.11: clarifies that measures to address cases of suspected foreign bribery should also include: (1) processes for identifying, investigating, and reporting misconduct and “genuinely and proactively” engaging with law enforcement, and (2) remediation (root cause analysis and addressing identified weaknesses). |
Similar points exist in the DOJ’s standard compliance annex and/or the 2020 Guidance. |
| Training and Guidance | A.9: adds a new element regarding, where appropriate, measures to ensure effective periodic and documented training for business partners on the company’s anti-bribery compliance program.
A.12, 13: adds expectation of measures against retaliation. |
Similar points exist in the DOJ’s standard compliance annex and/or the 2020 Guidance. |
| Incentives and Discipline | A.10: encourages appropriate incentives for compliance, including by integrating ethics and compliance in human resources processes.
A.11: clarifies that disciplinary measures should be consistent as well as appropriate, and appropriately communicated to ensure awareness of those disciplinary measures and consistent application of disciplinary procedures across the company. |
Similar points exist in the DOJ’s standard compliance annex and/or the 2020 Guidance. |
| Periodic Reviews, Monitoring, and Testing | A.14: clarifies that periodic reviews and testing should be conducted “both on regular basis and upon specific developments,” which also include (in addition to relevant developments in the field, and evolving international and industry standards): operational and structural changes; results of monitoring and auditing; and “lessons learned” from the company’s own possible misconduct as well as from “other companies facing similar risks.” | The DOJ’s standard compliance annex requires periodic review to be conducted “no less than annually” and policies and procedures updated “as appropriate.” The 2020 Guidance directs prosecutors to consider a compliance program’s capacity to improve and evolve as a hallmark of an effective compliance program, and to ask questions such as what steps the company has taken to ensure its compliance program makes sense for particular business segments and subsidiaries, and whether the company reviews and updates its compliance program based on “lessons learned from its own misconduct and/or that of other companies facing similar risks.” |
| Mergers and Acquisitions | A.15: adds a new element regarding mergers and acquisitions, expecting comprehensive risk-based due diligence of acquisition targets, “prompt” incorporation of the acquired business into its internal controls and compliance program, training of new employees, and post-acquisition audits. | Similar points exist in the DOJ’s standard compliance annex. |
Conclusion
All of the measures in this 2021 Recommendation will be part of the monitoring program conducted by the OECD Working Group on Bribery.
For companies, the 2021 Recommendation will have both direct and indirect effects. The indirect effects come from the continued evolution of the enforcement environment and international cooperation, including the reality of today’s multijurisdictional world. The direct effects come principally from the provisions focused on whistleblowing and compliance programs. While the updated OECD Guidance is unlikely to have a material impact on the compliance expectations of US enforcement authorities, they may well have an impact on foreign enforcers.
[1] OECD Council, Recommendation for Further Combating Bribery of Foreign Public Officials in International Business Transactions (Nov. 26, 2021), https://legalinstruments.oecd.org/en/instruments/OECD_LEGAL-0378.
[2] The previous guidance was adopted and included in the 2009 Recommendation on February 18, 2010.