Niko Resources Ltd., an international oil and natural gas exploration and production company headquartered in Calgary, recently pleaded guilty to violations of Canada's Corruption of Foreign Public Officials Act (CFPOA) and agreed to implement compliance procedures and periodically report on that implementation to the Court and to the Royal Canadian Mounted Police. Canada's second prosecution under the CFPOA represents one more example of a growing global consensus on the standards for effective anti-corruption compliance policies, as reflected in the Organisation for Economic Co-operation and Development's (OECD's) best practices guidance. By spelling out these requirements in the plea agreement, Canada has joined the US and the UK in following the OECD guidance. This proceeding reflects a further step in the global convergence on the benchmarks of anti-corruption compliance.

Canada Prosecutes Niko Resources Ltd.

On June 24, 2011, Niko pleaded guilty to violations of Section 3(1)(b) of the CFPOA. In doing so, it admitted that, in 2005, Niko Resources Bangladesh, a wholly owned subsidiary of Niko Resources Canada, purchased a car for $190,984.00 CAD initially intended for use pursuant to the terms of a joint venture agreement but instead given to the Bangladeshi State Minister for Energy and Mineral Resources ("Minister"). Subsequently, Niko paid for the Minister's travel to Canada for a Gas & Oil Exposition - which included a significant private detour to visit family. These gifts were intended to persuade the Bangladeshi Minister to secure gas purchase and sales agreements acceptable to Niko and potentially to influence assessments for compensation related to blowout incidents at Niko's gas fields in Bangladesh.

Niko agreed to a fine of $8,260,000.00 and a 15% Victim Fine Surcharge totaling $9,499,000.00, and agreed to design and implement a compliance program to detect and deter violations of the CFPOA. The plea agreement also requires Niko to periodically report to the Court and to the RCMP. These reports must be prepared by an independent auditor at Niko's expense.

Growing Consensus on OECD Compliance Standards

Starting in 1997, Canada and 31 other countries negotiated and signed the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. Since then, as part of the ongoing peer review process intended to spur effective enforcement by the parties to the Convention, the OECD member governments developed and adopted guidelines for multinational enterprises that incorporated and expanded the anti-corruption compliance standards set out in existing Foreign Corrupt Practices Act (FCPA) settlements in the United States. These standards, incorporated in plea agreements and negotiated settlements with both US and non-US corporations, provide a definition of "effective" compliance programs which the US Department of Justice (DOJ) uses to assess and enforce FCPA compliance policies. The OECD used that definition as a model and developed, through consensus of the member governments, recommendations for hallmark policies of effective anti-corruption compliance programs, which member states could make operative through enforcement.

Compliance programs are not "one size fits all." Instead, the OECD recommends a risk-based approach addressing the individual circumstances of the organization. In particular, the organization should assess the bribery risks of operating in certain countries, as defined by reference to internationally recognized standards, and the financial value of the business conducted in those countries. Risk assessments should also be sensitive to the industry in which the company operates, how the company conducts business, e.g., whether it sells directly or through intermediaries and agents, and whether the company or others operating in similar markets have faced corruption issues in the past. The risk assessment helps the company craft compliance policies that specifically address the corruption risks that face the organization.

Generally speaking, however, compliance programs should adhere to certain standards or hallmarks of effectiveness. These hallmarks include a system of financial and accounting procedures and internal controls reasonably designed to ensure the maintenance of fair and accurate books, records and accounts. These policies should be visible and clearly articulated and applicable to all directors, officers, employees, subsidiaries and, in certain cases, outside parties that may act on behalf of the company, such as agents, distributors and joint venture partners. The policies should also address certain substantive areas: (1) due diligence on third parties (agents, consultants, supply chain, etc.); (2) due diligence in mergers, acquisitions and joint ventures; (2) gifts, hospitality, entertainment and expenses; (3) customer travel; (4) political contributions; (5) charitable donations and sponsorships; (6) facilitating payments; and (7) solicitation and extortion.

Companies should conduct risk-based due diligence when hiring and overseeing relationships with third-party intermediaries, agents, consultants, representatives, distributors, contractors, suppliers, consortia and joint venture partners. The company should inform these business partners about its commitment to the anti-corruption laws and to its compliance measures used to detect and prevent bribery. Further, the company should seek reciprocal commitments from its business partners.

To ensure that the company promotes the policies and a culture of compliance, "tone at the top" is a critical part of an effective compliance program. Upper management should provide strong, explicit and visible support of the company's compliance program. Likewise, the company should assign one or more senior officials with autonomy and authority to credibly implement and oversee the compliance program. Additionally, the company should periodically review and modify the compliance policies to sustain effectiveness over time and circumstance. To communicate the duty of all individuals at all levels to implement and support the anti-corruption measures, the company should periodically and clearly communicate the compliance policies and provide documented training for all levels of the company. Guidance and advice should also be available to directors, officers, employees and, where appropriate, outside business partners, to address normal-course and urgent requests regarding situations in foreign jurisdictions.

Moreover, the company should provide internal and confidential reporting mechanisms and protection of the directors, officers and employees who will not violate the compliance policies or are willing to report breaches of the anti-corruption laws or compliance policies. When the policies or laws are violated, the company should provide disciplinary procedures to address such violations at all levels.

The OECD recommendations seek to provide a compliance framework that sets the benchmark standards of effective compliance policies which are then scalable to the particular circumstances of an organization and the bribery risks it faces.

US Model: Negotiated Settlements and Compliance Programs

The DOJ resolves a substantial number of FCPA cases through deferred prosecution agreements (DPA) and non-prosecution agreements (NPA). In the past three years, nearly 45% of US criminal enforcement actions against companies ended with a DPA or NPA. As the OECD has noted, these agreements promote quick and efficient FCPA prosecutions by providing incentives for voluntary disclosure and cooperation, which has allowed the Department of Justice to create an impressive enforcement record under the FCPA.

DPAs and NPAs have also allowed the Department of Justice to negotiate company commitments to implement "effective" compliance programs and report on the progress of that implementation. In accordance with the OECD recommendations, the DOJ and the Securities & Exchange Commission ("SEC") define an "effective compliance and ethics program" as one tailored to the risks of corruption faced by the company and capable of preventing and detecting violations of the FCPA.

Similar to the OECD requirements, the DOJ and the SEC require companies to implement a program providing clearly articulated standards and policies against anti-corruption that apply to directors, officers, employees and certain outside third parties. These policies should be clearly communicated by senior management and include periodic training and procedures to report suspected criminal conduct or violations of the compliance policies. The organization should also establish disciplinary procedures to address those violations and should periodically monitor and modify the compliance program to ensure that its effectiveness does not wane over time.

Although not prescribed in all cases, DPAs can require that a company periodically report to the DOJ on the implementation of compliance measures and, more substantially, in some cases engage an independent corporate monitor. If required, the DOJ would approve the company's selection of a monitor, who would then evaluate the effectiveness of the company's compliance and internal control policies.

DPAs have always set out the basic elements of an effective compliance program, but in recent negotiated settlements the US has explicitly reoriented the compliance requirements to more closely reflect the recommendations and nomenclature of the OECD standards. The assimilation of the OECD recommendations in US enforcement actions reflects a global convergence with the OECD standards as the benchmark of anti-corruption compliance.

UK and US Sing Same Tune

The UK's 2009 prosecution of Mabey & Johnson and the Ministry of Justice's recent guidance under the Bribery Act 2010 provide other examples of the enforcement of anti-corruption law through negotiated settlements and OECD compliance requirements. Even before promulgation of the Bribery Act of 2010, the Serious Fraud Office (SFO) encouraged self-reporting of bribery offenses by offering to try to resolve matters through settlement that included implementing compliance policies and, sometimes, monitoring by an independent individual acceptable to the SFO. Further, the Ministry of Justice's guidance now identifies the principles that typically underpin compliance procedures which are considered to be "adequate" to prevent and detect bribery. Unsurprisingly, those principles largely track the procedures set out in US FCPA settlements and later incorporated into the OECD guidance.

The prosecution of Mabey & Johnson shows the SFO's preference for self-reporting and negotiated settlement in practice. Mabey & Johnson voluntarily disclosed corruption offenses to the SFO and, after an SFO investigation, the company agreed to pay financial penalties and reparations, introduced further anti-corruption training, and agreed to subject its internal compliance program to review by an SFO-approved independent monitor. Despite the absence of an enforcement record under the newly effective Bribery Act so far, the Mabey prosecution and guidance provided by both the Ministry of Justice and the SFO suggest that the UK will enforce the Act and the implementation of compliance programs consistent with the OECD recommendations.

With Niko Plea, Canada Joins the Club

Reflecting the prescriptions of the OECD benchmarks for anti-corruption compliance, and similar compliance requirements used by the US and UK, the recent Canadian plea agreement in the Niko Resources matter requires the company to implement a compliance program to prevent and detect violations of the CFPOA that is tailored to the company's bribery risk.

The Canadian government's compliance program requirements closely track the benchmark standards recommended by the OECD and often mandated by negotiated settlements in both the US and UK. Niko must adopt and modify policies and procedures based on a risk assessment of the individual foreign bribery risks it faces. These policies will be designed to ensure the company keeps fair and accurate books, records and accounts, and will clearly articulate a corporate policy against violations of the CFPOA, visibly supported by senior management, that applies to all directors, officers, employees and business partners.

The compliance policies will provide guidance recommended by the OECD addressing the same substantive areas (e.g., the provision of gifts, hospitality and customer travel) and will institute risk-based due diligence pertaining to the retention and oversight of agents and business partners. Likewise, the company must appoint a senior official to implement and oversee the compliance program, communicate the policies internally and externally, provide documented periodic trainings for directors, officers, employees and business partners, and provide mechanisms to allow reporting and discipline of violations.

The periodic reporting to the Court and RCMP differs from those mechanisms typically seen in US negotiated settlements. In the US and the UK, the agreements requiring the companies to retain independent monitors have ensured that the monitor is acceptable to the government, that he or she would be answerable to the government, and that his or her report would be provided directly to the government. In other agreements, the US authorities have permitted the company to "self-monitor" and to file periodic reports on its compliance efforts, with no requirement of an external compliance expert. In contrast, the Canadian model appears to be a hybrid of these two approaches, with the reporting obligation placed on the company. Under this hybrid approach, the company must file the report prepared by an independent auditor, but there is no mechanism for the government to approve (or disapprove) the appointment of the auditor or his or her report, and the company need not accept the recommendations of the auditor. Otherwise, the Niko Resources plea agreement mimics a US-style enforcement of the CFPOA through a negotiated settlement requiring the development of an effective compliance program.

Through inclusion of a compliance program reflecting elements seen in US DPAs and those identified by the OECD, the Niko Resources enforcement signals Canada's membership in a global convergence to implement anti-corruption compliance in accordance with the OECD benchmarks. Canada represents one more example of the OECD consensus in practice—recent developments in anti-corruption enforcement in the US, UK, and Canada demonstrate an in-fact global convergence around the compliance benchmarks set forth by the OECD.

Conclusion

Niko Resources represents yet another example of a growing consensus on the standards of anti-corruption compliance programs. The consensus forged by the OECD is no longer just on paper. Anti-corruption enforcement in the US, UK and Canada signify an in-fact consensus in anti-corruption practices. In terms of compliance policies, these recent prosecutions indicate a convergence upon a global gold standard of anticorruption compliance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.