I serve as the general counsel & head of compliance of MAXpower Group, Asia’s leading gas to power specialist and a key developer, owner and operator of small-to-medium gas-fired power plants. I also sit on the Board of the MAXpower-Mitsui & Co., a joint venture which operates a separate group of power assets in Myanmar. In addition to providing strategic business governance counsel to the Board, my work involves advising on power projects, turnaround management, FCPA enforcement and special situations M&A. Prior to joining MAXpower, I was the regional corporate counsel for Jacobs Engineering Group’s Asia operations, based in Singapore and Mumbai. I have also worked for Norton Rose Fulbright, at the firm’s London and Abu Dhabi offices with a practice focus on energy projects.

For MAXpower, white-collar crime exposure means unfavourable exposure to laws on bribery, sanctions, export control, anti-money laundering, internal controls, audit standards violations, etc. The potential breach of certain anti-bribery legislation like the US Foreign Corrupt Practices Act 1977 (FCPA) or the UK Bribery Act 2010 (UKBA) may pose a greater risk than others. The FCPA is the single biggest legislation affecting anti-bribery compliance programmes globally. The complexity of the application of the FCPA (or the UKBA) is that it is not dependent upon the existence of any contractual arrangements that a company may have in place. We have to engage in an extensive dialogue across all ranks of employees to socialise our exposure.

The biggest FCPA concern in emerging markets is pressure to pay. We try to tackle both the supply and demand side (more so under kleptocracies) of the bribery problem through a concentrated effort of top-level leadership, tone in the middle, a robust code of conduct, a tactical internal conduct code training process, ground-level determination, and ingenuity. We also try to convey the message to employees that penalties for non-compliance are severe, including imprisonment, unlimited fines (typically fixed at tens or hundreds of millions of US dollars), debarment from public procurement contracts, company director disqualification, asset confiscation, disgorgement of profits, adverse reputational consequences and substantial legal costs. To have greater impact, our training materials focus on figures (i.e. potential economic disruption) and flesh and blood references from past individual prosecutions.

The four broad components of a successful compliance programme consist of an analytical enterprise-wide risk management framework taking operating environments into consideration, broad institutional assent from participants, control structures within which the leadership can act to stem breaches, and monitoring by independent specialised actors. As general counsel, I play the independent monitoring role. We train our senior leadership to comprehend (with the understanding that the message will flow down) that in the case of foreign laws and regulations like the FCPA, a subject company has no means to contract out of potential liability.

Extra-territorial laws (like the FCPA) lack public assent in most emerging markets, which adds to compliance challenges. Pre-conceived notions of what actually constitutes ‘misconduct’ can also impact compliance efforts. Through our bespoke training and targeted employee engagement processes, and try to challenge such countervailing social norms. We also try our best to secure workforce assent to the compliance programme and aim for an institutionalised acceptance of the bribery and graft problem. As general counsel, I know that what may work for the developed world will not always work for emerging markets, and hence we deploy a risk-based approach. We, as a company, also realise that an eco-system of zero corruption is an illusion.

It is often the case with general counsel (no different in my case) that their formal authority falls far short of their responsibility, and their success is dependent on others outside their own chain of command. Therefore, general counsel (who also have responsibility for compliance) need to be a jack of all trades and be savvy enough to drive through crucial compliance controls. The right relationships inside a company (including by having the CFO and the Head of Procurement on speed dial) are very important.

As part of our corporate messaging, we also highlight that business conduct training is simply not moral rhetoric, but that breaches of applicable law can cause major economic disruption leading to loss of jobs, amongst other real-world consequences. The company leadership has also committed to encouraging reporting mechanisms of potential violations by offering a sense of assurance to employees that no retaliation will occur, subtle or overt, to ensure that employees feel safe to report concerns. We also realise that inconsistent moral messaging can be confusing for employees if legally enshrined moral principles (or organisational value systems) conflict with their own socio-cultural beliefs, as shaped by local standards and ways of doing business. We are conscious that a sound code of conduct crafted with the right ethical considerations will boost the company’s long-term competitiveness.

It is also important to realise that strategic legal or compliance personnel are not hired to be ‘liked’. Companies should remember that such personnel need to be respected as a voice of authority by employees of all ranks. In most listed companies, the chief compliance officer acts as an assurance for the public that the company is a good corporate citizen. Good compliance credentials will help in building public trust for the company.

Year on year, the world grows more tech-savvy. Most large in-house departments already use AI or automation tools in some form, and it does result in cost savings. From a white-collar crime angle, it is important to mention that the Criminal Division of the US Justice Department (DOJ) updated its memo on evaluation of compliance programmes in June 2020; this is a good reference document from a prosecuting agency setting out expectations on what a robust compliance programme should look like. The new subsection on access to data stresses the DOJ’s recognition that data access and monitoring is critical to the proper functioning of a compliance programme. Data analytics can help determine whether compliance failures are systemic or more aberrational. Such data can also help a company monitor investigations and discipline to ensure consistency, which the memo suggests is part of a compliance programme’s effectiveness. The focus on data analytics is thus a good indication that AI, machine learning and automation tools will play a more significant role in legal and compliance functions in the years to come.

At a time of increasing regulatory scrutiny in virtually all corners of business, and with the stakes having never been higher, now is the time for companies to get their house in order in terms of their compliance and investigatory response regimes. Our survey of top in-house counsel from across the globe revealed great disparities between organisations, not just in terms of how they plan for a potential investigation or prosecution, but also in terms of how high a priority such an endeavour is, and who within the business is best placed to take ownership of it.

But while most businesses – and certainly nearly every lawyer – would recognise the risk of inadequate preparation in this area, whether this recognition had translated into action is another story. Just 57% of respondents in our White Collar Investigations Survey reported that their organisation had implemented a response plan for regulatory investigations or white collar prosecutions. 39% reported that their organisation has no such plan.

49% of respondents felt that their company had robust and effective investigative protocols in the event of an external investigation; 29% said that they did not believe that they had such protocols and 22% were unsure.

While it might first seem reasonable to assume larger companies are more well-resourced and thus more likely to be in a position to create an investigatory response plan, this does not appear to be the case. In looking at whether respondents’ organisations had implemented a response plan, those from larger companies (with over 100 employees) were less likely to report their organisations as having implemented a response plan, at a rate of just 57%, compared to almost 80% of those from smaller (less than 100 employees) companies.

‘There can often be too many distinct business units that would be involved in an organisation-wide plan. What you end up finding is in those cases, it’s much harder to get a far-reaching plan together as in-house counsel,’ says one legal director in the Australian telecommunications sector.

‘It is very important in our view to avoid a culture where the operating commercial organisation believe that no written guidelines from the top of the organisation means “green light”,’ says Kjell Clement Ludvigsen, general counsel at Norway’s Nortura.

‘It should be very clear to all that they are responsible themselves for what they do, but they should ask for assistance from legal or compliance if they are in doubt.’

Preparedness

Another problem with trying to get a clear view of where businesses are in their white collar investigations risk is that areas of concern will differ from company to company, and sector to sector. Our survey asked respondents to rate their level of preparedness in a variety of key areas on a scale of 1 to 5, with one meaning ‘not prepared at all’ and five ‘very prepared’. On average, respondents reported that their business was most prepared in terms of their financial compliance policies, scoring an average of 3.9. Companies were least prepared in terms of their modern slavery policies, which came in at an average of 3.0.

Those who said that their organisation had implemented a response plan for regulatory investigations or white collar prosecutions reported being more prepared almost across the board than those who did not. In particular, respondents whose organisations had such a plan rated their preparedness, on average, up to a full point higher than those who did not. In particular, both bribery/corruption policy and modern slavery policy preparedness increased by almost a point (0.97 and 0.92, respectively) from companies without a plan compared to those with one.

‘Aramco has zero tolerance in relation to any anti-bribery and corruption activities,’ says Ahmad Ismail, general legal counsel at Saudi Aramco Shell Refinery Company.

‘Therefore, I align my plan backwards from there. At each board meeting, I will align this with my president – I will check if there are changes, or any fine tuning for the plan. We need to be agile yet able to optimise.

‘Particularly now, as we have seen Saudi Aramco has been listed on the stock exchange, that represents a higher level of responsibility, citizenship and corporate compliance for the organisation, including at the subsidiary level.’

Whose problem?

One reason why organisations appear to be behind the curve on investigatory planning is that it isn’t an area that uniquely lends itself to the legal team. Efforts in this area are likely to require active input from all corners of the business, as well as an ambient level of support from the leadership team.

Indeed, when asked who within their organisation was responsible for designing and maintaining the response plan, answers were split. While the legal team was the most commonly cited department, it ultimately accounted for just 35% of the responses – and just as many reported not having a response plan at all. 13% – the second most common response – said it was currently a multi-departmental effort, and 10% said it was the domain of a dedicated crisis management team.

‘Day by day, the executive team is more conscious of the importance and necessity of the identification, mitigation and follow-up of risks,’ explains Diana Daza, legal director at SGS in Colombia.

‘As a legal team, we are highly involved in daily risk management operations in order to prevent these sort of risks.’

Despite a current lack of ubiquity around which departments are given investigation planning responsibilities, there is a sentiment that this is changing. From interviews with participants in this survey, it seemed a common view that over time, the pre-investigatory planning job is landing more and more with the in-house team.

‘Based on conversations that I have had with peers, it has become quite common that legal teams, in particular the leadership team, are involved in assessing the risk of investigations and prosecutions,’ shares Oliver Jarberg, deputy chief legal and compliance officer and director of integrity & anti-doping at FIFA.

‘I personally believe that it is one of the key aspects – in particular at management level – for the legal and compliance function to be involved with. In particular, in-house legal teams should already be involved at an early stage by the business so as to flag critical operations, transactions, and provide advice and support on measures to be implemented to mitigate legal and compliance risks – including the risk of investigation and prosecution.’

Annual reviews

Another reason that uptake and confidence in organisations’ planning for white collar investigations is subdued might be because there needs to be an ongoing commitment to reviewing and modifying the plan in order for it to stay effective: external risks are changing constantly, while the risk profile of a business will likely change as it expands or contracts into or away from new business units.

When it comes to reviewing their planning and preparation processes in the context of investigation and white collar prosecution risks, 38% said that they review their process annually, while another 38% reported only conducting such a review on an as-needed basis – another 19% said that they never review their plans in this area.

‘We undertake an annual review and it is critical to understand both the changes in the legal landscape as well as regulators’ approach,’ explains Kwong Wen Wan, group chief corporate officer and group general counsel for Mapletree in Singapore.

Ahmad Ismail is both a proactive participant in his organisation’s investigation preparation, and an avid proponent of conducting regular reviews of any plans or policies.

‘The way I align my plan – especially in relation to anti-bribery and corruption and also in relation to legal and compliance – is that I first understand the company legal risk appetite and then align that to the business cycle of the organisation,’ he says.

‘Clearly, all organisations have their own business planning cycles, and within that business plan cycle you decide on the capital expenditure of the organisation, in other words, what type of investments they are making for the year.’

‘That is normally also mapped against the company’s risk map. So based on that, I will determine what the plan would be for the year in relation to legal compliance. I would analyse that risk map, and get clarification from the auditor and the Chief Financial Officer and the controller. I’d then identify what would be the risk appetite for the organisation, and then I’d map the plan for legal compliance for the year.’

For Jaberg, ‘at FIFA, we have a working group composed of representatives of different professional functions within the organisation, including internal audits, finance, legal and compliance, and different business units.

‘They meet on a regular basis to map FIFA’s main risks and devise strategies and plans so as to mitigate the risks identified within this working group.’

‘I think it is important to establish a formalised risk management process to identify the different risks – including that of investigations and prosecutions – as well as ensuring the processes and measures designed to mitigate such risks are defined, evaluated and implemented. As risks evolve over time, I think it is important that they are reassessed and the processes to address such risks are then amended as required, based on the learnings related to each risk identified. So, in fact, this is a very dynamic task which also requires the legal and compliance function to thoroughly understand the business, the processes and operations of the company.’

‘It’s important to be agile and on top of things, and adapt to the changing circumstances as required to protect the interests at stake.’

Renewed interest from regulators

Give the importance of preparedness for regulatory investigations and white collar prosecutions, why do companies of all sizes and sectors report such vastly different levels of planning in this area?

While the subject may have been on in-house counsel’s radar for many years, many counsel interviewed for this report mentioned a ‘sea change’ in the wake of the global financial crisis, which saw a redoubling of efforts on the part of regulators to rein in inappropriate and illegal conduct, particularly in the financial sector. While a decade is a long time in some respects, in terms of cultural shifts within massive organisations it isn’t very at all, and businesses are still coming to terms with heightened sensitivity on the part of regulators and similar investigatory bodies.

‘It takes time – lots of time – to see real cultural change take hold in a company, or industry,’ says one long-time banking general counsel based in the United Kingdom.

‘There is an increased level of consciousness around white-collar crime which I would say began post-GFC and has continued since then. But unless an organisation has already been stung, it can be difficult to enact change quickly – something I suspect every in-house lawyer will be familiar with. It is on the in-house lawyer to keep their foot on the gas and make sure the company keeps momentum towards compliance.’

Generally speaking, there is a trend with political and public pressure continuing to drive significant changes in white-collar law enforcement throughout the world. In my opinion, it is important for in-house counsel to be on top of things in this area and particularly when it comes to advising our internal clients with the view to mitigate risk. In particular, recent developments in relation to the COVID-19 pandemic have put a lot of pressure on colleagues at the forefront. We deem that it is our duty as in-house counsel to provide practicable legal advice to the business, and at the same time adequately addressing the legal and compliance risks.

Our first aim has always been to help our internal clients and members make decisions that are in line with the applicable regulatory framework. This includes policies relating to ethical conduct such as – in our case – the FIFA Code of Ethics and the FIFA Code of Conduct. We aim to provide them with the knowledge and tools needed to identify legal risks in advance and make decisions that adequately address these risks.

In sports, when it comes to integrity and compliance, I always tell our clients – which include players, referee officials and other stakeholders – that it is usually too late when we need to open investigations into alleged violations of rules safeguarding the integrity of sports. When we have to investigate misconduct, the damage is already done. So, with efficient, proactive and preventative measures, such as training, online awareness campaigns and so on, we can ensure that all those concerned know what the rules are, and are able to avoid – as much as possible – things going wrong. However, when things go wrong, it is also key that we ensure that issues are addressed in a timely and thorough manner and that we bring to justice those who don’t play by the rules and who are responsible for bringing our sport into disrepute.

Football, similar to many other aspects of business life, is not exempt from the risks of bribery and corruption. We have seen that different individuals and companies who have been involved in football have been found guilty, amongst other things, of bribery and corruption. In that respect, it is very important to have the right tools in place, including the right regulations and processes to address risks. Equally, it is important to learn from mistakes that have been made in the past and to avoid making the same mistakes again.

FIFA has undergone a very thorough and comprehensive governance reform process over the past years with the aim of addressing certain deficiencies that were discovered. As an example, we have strengthened and formalised our compliance function. We have further strengthened the system of checks and balances, including the implementation of terms of office, and segregation of powers of the different bodies of the organisation. Also, we have strengthened the function of our audit and compliance committee, which consists mainly of independent members. We have established a confidential reporting system or whistle-blower hotline in order to encourage a culture of speaking up and flagging wrongdoing, as it is discovered. We have established eligibility checks including integrity and background checks for all of FIFA’s committee members. We have further strengthened the processes in the context of the funds we invest to develop the game of football. We have enhanced our processes when we check on the service providers and third party vendors with whom we do business. We have also massively revamped our bidding processes for FIFA competitions, including the FIFA World Cup and the FIFA Women’s World Cup. We have also amended our policies to make them more user-friendly and relevant in everyday business transactions. These are only a few examples, but all this was, amongst other reasons, also done to strengthen our position in terms of anti-corruption and anti-bribery.

When focusing on the game of football, we see that match-fixing and doping are highly complex problems that require very stringent processes. Of course, the actions committed by the perpetrators concerned are also corrupt conduct, and here specifically in the context of sports, such corrupt and illegal actions go against the very essence of the game; the integrity of the sporting competition is destroyed, as is with the case with the use of doping. But what is more, if the unpredictability of the sporting result is jeopardised, the sport is basically deprived of its very essence, which is not to know in advance of a competition who the winner will be. If this element is lost, no one will watch football matches in the stadiums or in front of the TV, and the commercial partners that are helping generate revenue, which is reinvested in the sport, will no longer be interested. It is a vicious circle and we have a paramount responsibility to do whatever we can to best protect the integrity of our game.

This is also why we work with many different stakeholders to address the challenges of doping and match manipulation and why we are also dedicating a lot of resources and also expertise and effort to address these challenges.

When it comes to compliance and due diligence, we as an organisation have enacted many different initiatives, processes and tools. For example, our code of conduct serves as a one-stop shop; it provides direct access to the code in all different languages, and it provides for different and direct links to relevant directives, training materials and templates, including contract templates. We also have in person training, for example, we organised a compliance summit specifically tailored to the needs and challenges of our 211 members associations, the football confederations and other stakeholders. In fact, we are currently planning our next compliance summit which will be held online in Autumn.

Overall, when looking into the future, I personally am convinced that legal tech and artificial intelligence will be highly relevant and beneficial for in-house counsel. We have already evolved quite significantly, compared to where we stood five years ago. But, I believe that we are still in the early stages and that the technological revolution for in-house counsel is just beginning. What I am convinced of is that we as lawyers and in-house counsel need to be open to innovation and technology, amongst many other things to enhance our risk management.

The use of external counsel, once an investigation or prosecution has been made official, received across-the-board support from participants in this survey. 77% of respondents considered it at least moderately important for external counsel to be involved at that point, with almost half of those considering it highly important. 14% reported feeling that external counsel would not be involved.

‘Especially in smaller departments I have been a part of, having a good lawyer outside your business who knows your business is critical,’ explains one senior legal director in the European aviation industry.

‘Departments are strapped for resources as it is; the overhead of responding to a regulator – or worse, a formal prosecution – is beyond the capabilities of most departments.’

Those counsel who were a part of smaller departments were more likely to expect external counsel to be involved. Respondents in teams of 50 or larger were less likely than any other group to involve external counsel, with 31% reporting no involvement of external counsel at that stage.

When it comes to involving external counsel in anticipation of an investigation (as opposed to when one has formally been announced), approaches differ. Just 8% or respondents reported always involving external counsel at this stage; 33% reported occasionally involved external counsel and 38% reported involving counsel ‘often’. Almost 20% rarely involve external counsel at any point before the formal launching of an investigation or prosecution.

‘We are in almost constant contact with at least one outside lawyer to consult with on any real or potential investigations,’ says one veteran in-house counsel in the North American energy sector.

‘We can’t afford not to. If the first time you are meeting with a lawyer is when the regulator is at your door, a lot of (avoidable) damage has been done.’

While the in-house community has been vocal in pushing for diversity in their partner law firms, a company instructing external counsel on an investigatory or other white collar matter is typically more likely to involve a single practitioner for representation than other types of legal work. Therefore, survey participants were asked how important of a factor diversity and inclusion is when selecting counsel in these situations. The overwhelming majority felt it important, with 40% considering it a ‘highly important’ factor and another 40% considering it ‘moderately important’. Just 5% felt it unimportant.

In choosing external counsel, respondents reported choosing from a variety of sources. On average, in-house counsel were most likely to have found their chosen counsel by direct outreach to single firms – 20% of counsel reported choosing their representation this way. The next most popular source was the use of a company-curated preferred provider panel at 15%.

On the 30th of November 2017, The Australian Government announced a Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Royal Commission). Appointed to preside over the public inquiry was High Court Justice, Kenneth Hayne. He was tasked with identifying the underlying causes of financial sector misconduct, and to uncover evidence of systemic issues within corporate practices.

The Commission was precipitated by a series of high profile exposés implicating Australia’s biggest banks in scandals covering fraud, predatory sales practices, FOREX trading impropriety, interest rate rigging and more. The Commission conducted seven rounds of public hearings over 68 days, called more than 130 witnesses, and reviewed over 10,000 public submissions. The findings made front page headlines across the country. Concluding the public inquiry, Commissioner Hayne put forward 76 recommendations directed at government institutions, regulators and industry leaders.

The Commission’s findings heralded sweeping changes within current operational frameworks in the financial advice, life insurance and superannuation sectors. Leading general counsel working across these industries in Australia candidly share their experiences in rebuilding consumer trust, as they work towards transforming regulatory practices across the country.

Cashing in

To understand the damning findings of the Royal Commission it is crucial to reflect back upon the historical development of banks in Australia. Jeff Morris was a financial adviser for Australia’s Commonwealth Bank and more importantly, was a key whistleblower spurring the public enquiry.

‘What I noticed was the mentality of banks; they lost their way, and they lost sight of their history,’ explains Morris.

‘The history of Australian banks is a good and honourable one, and an important contributor to national economic growth. It was in the 90s when things began to change. American sales cultures came in and banks got infected with the remuneration US banks had always paid.’

This shift away from customer-focused services towards bonus schemes led to deceptive conduct. Claims that arose included: charges for services that were not provided; continuing conflicts of interest affecting financial advisors; and an insufficient focus on risk management. In more severe cases, some financial institutions had inadvertently facilitated money laundering, turned a blind eye to terrorism financing, and promoted a culture of greed.

Refusing to stay silent, Morris filed several complaints to ASIC (The Australian Securities Investment Commission) Australia’s financial regulator, outlining acts of misconduct he had witnessed. For years ASIC did little to investigate the claims and in 2013 Morris decided go public. Several media outlets began to report upon allegations of fraud, forgery and management coverups. This ultimately resulted in a parliamentary inquiry and Royal Commission.

Since the Royal Commission was televised, Australians saw the direct impact financial misconduct had on individual’s livelihoods, prosperity, and dignity. The erosion of consumer confidence and trust in the sector was – and to some extent still is – extensive.

‘The thing that was so distinguishing about the Banking Royal Commission, was how it captured the public’s attention because of how it connected through case studies into such deep feelings and experiences within Australian consumers,’ says Grant Jones, General Counsel & Executive Lead, Regulatory Affairs at MLC Life Insurance.

‘It showed how customers felt so vulnerable to large institutions, and it gave voice to this feeling and experience.’

This sentiment was shared by David Cullen, general counsel of AMP, one of Australia’s leading wealth management companies.

‘I think it certainly is a pretty challenged environment after the Royal Commission. There is lots of activity and focus on remediating and rectifying legacy issues, making compliance improvements, and leaning into a much greater regulatory change environment than we have seen in recent years.’

The findings of the Royal Commission and the suggested reform package put forward by Commissionaire Hayne represents the largest and most comprehensive corporate and financial law reform process since the 1900s. The reform package addressed issues of weak regulation, corrupt reward structures and an overall disregard for client interests. From the 76 recommendations made, 54 were directed to Government, 12 to regulators and 10 to industry leaders.

‘Together, these reforms have and will continue to ensure that Australia’s financial systems deliver fairer outcomes for consumers and remains resilient to enormous stresses caused by events like the global financial crisis and now the coronavirus,’ said a spokesman from the Australian Treasury.

Leaning into legal

Since the Royal Commission, the role of in-house counsel has been cast into the spotlight. Professor Michael Adams, head of law at Australia’s University of New England explains the delicate position of corporate counsel.

‘The Royal Commission has really highlighted the role of lawyers within financial services, and in particular the role of various in-house counsel within these entities. I think there has been a lot of soul searching and discussions about whether more could have been done, or if they should have been more vocal in management discussions.’

‘First and foremost, if you are a practicing lawyer, solicitor or barrister – you are an officer of the court and you have duties which are predominately to the court, above and beyond that to your client, even as in-house counsel. So, in theory the delineation is very clear,’ says Professor Adams.

‘In practice in-house counsel roles are subjected to a range of pressures. The more senior of a lawyer you are, the more likely you are part of the management decision-making process. If you are a general counsel at a financial entity, you are part of the c-suite.

‘You are there to facilitate your organisation to develop new products and get around legal barriers and regulatory hurdles. That is part of your job. However, you do have an obligation to speak out against ethical violations to explain when something is misleading or unreasonable.’

Getting ethical

Navigating commercial obligations, whilst acting as a trusted advisor may sometimes present ethical grey areas for corporate counsel.

‘The Royal Commission constituted a profound point of inflection in the industry where firms were forced to publicly look into a dark mirror and make a decision to fundamentally change,’ says Jones.

‘What the Commission particularly highlighted through its case studies, is how easily unfair decisions which have real adverse impacts on people can become normalised within a large commercial operations.’

‘This was a very confronting realisation for industry because the vast majority of people across financial services get up each morning and go to work, wanting to do help and do some good and to make a contribution to their customers and community. They are horrified at any prospect of hurting customers.’

‘So when industry people saw the impact of particular conduct through the lens of impacted customers – it was a very confronting moment – people felt deep shame and were challenged at a level of personal values. It was a real moment.’

Similarly, Elizabeth Weston, former head of investment legal and governance at Cbus Super Fund reflects on the on the Royal Commission and its importance on ethical conduct.

‘For me, it was about primacy of community expectations vs the black letter of the law. As a lawyer, obviously people can sail close to the wind, but just because you can do something does not mean you should do something. So, this was a stark reminder of the importance of community expectations and the obligations to always act in the best interests of members.’

Since the Royal Commission, there has been a renewed focus on ethical conduct within the financial sector.

‘I really think those in the sector occupy a unique position of trust, because they are looking after the financial wellbeing of Australians, which is a responsibility and a pretty heavy one. But it is also a privilege,’ explains Cullen.

Culture corrupted

One of the major criticisms coming out of the Royal Commission was the toxic culture prevalent within financial service industries. In fact, Commissionaire Hayne in his final report outlined harmful cultural practices directly linked with risky, immoral and even illegal activities from financial providers. He wrote:

‘Rewarding misconduct is wrong. Yet incentive bonus and commission schemes through the financial services industry have measured sales and profit, but not compliance with the law and proper standards.’

Therefore, cultural practices play a pivotal role in driving or discouraging misconduct.

‘Quite often, an in-house counsel’s job is going to be telling people unpleasant truths, things they do not want to hear. In a culture where everything is being covered up, in a toxic culture, in-house counsel will frequently be pressured to suppress news and not present senior executives with bad news that they know they do not want to hear,’ says Morris.

Weston agrees: ‘As in-house counsel – especially in financial services – there is always a risk that you will fall captive to business and rubber stamp initiatives. One of the key challenges is the fact that you are sometimes delivering deeply unpopular messages.’

‘As you become more senior, you become resigned to the reality of your function as not merely a trusted counsel but also as an officer of the court. I think at times nobody really wants to hear the squeaky wheel, but it is better they do so, before all the wheels fall off the wagon.’

‘I think for me it is about how to deliver that message in a way that stakeholders are able to identify an alignment of interests. How do we counter that risk and deter it in such a way that they will see where you are coming from and act accordingly?’

Looking to the future post-Royal Commission, the role of in-house counsel is fundamental in influencing healthy cultural practices within the workplace.

‘The role of in-house counsel is more important than ever; certainly in this sector they are busier than ever,’ says Cullen.

‘I am a bit wary of the view that in-house lawyers are the conscience of an organisation because really I think everyone should shoulder that conscience. But we do have a key role in setting and being part of the moral compass of an organisation.

‘I think the other key thing in the Royal Commission was about misconduct. It was asked to look into conduct that may fall below community expectations – even where not strictly contrary to law. Now, that is quite a challenging environment for lawyers to operate in because generally lawyers are most comfortable when dealing with black letter legal obligations. The concept of what is and is not contrary to community expectations will be something lawyers have to consider as part of their advice. It raises the issue of ‘where is the line drawn?’ but increasingly this is another challenge that in-house lawyers will have to grapple with.’

Fairness is another concept that does not necessarily follow the black letter of the law, yet according to Grant Jones, general counsel at MLC Life insurance, it has become a key topic for consideration post-Royal Commission.

‘There are two clear learnings that I took from the Royal Commission that influence how I perform my new role today.

‘Number one is fairness. I believe fairness will be the defining regulatory principle of our time. The second learning is that fairness needs the most protection in every 100 small decisions that are made across a company every day, relative to the fewer and bigger decisions a board will make that have the benefit of lots of perspective and debate.

‘Why is the first important? It is important because it prompts the question, how do you embed fairness in your business processes? Fairness is an idea, it does not have a fixed perimeter and is entirely subjective. With that being the case, how can it be a principle of law that you can design processes and products off the back of? This is the challenge for industry participants and regulators, but it’s a critical issue to solve.’

Governance glow up

As a result of the increased regulatory environment following the royal commission, companies across the financial sector are reassessing their internal corporate governance processes. In particular, one of the most obvious shifts for in-house counsel post-Royal Commission has been the push towards strengthening internal corporate governance framework.

‘In Australia, we have come out of a Royal Commission into Financial Services which has really emphasised the need for robust corporate governance and seen an increased focus by our regulators to take action against white-collar crime. That trend is unlikely to change,’ explains Seshani Bala, group general counsel & corporate assurance at Chartered Accountants ANZ.

‘One of the things I noticed following the Royal Commission was the broadened remit of the General Counsel. I previously led the legal function and my remit was extended to risk and governance. There is definitely a trend towards integrating those functions so you can really drive process synchronisation. Risk can be identified and managed and governance around that risk solidified.’

This shift has also been observed by Cullen: ‘Supporting boards and their increased governance needs has undoubtedly heightened post the Royal Commission. I also think the approach to interacting with regulators is of fundamental importance.’

In-house legal teams across the finance industry are tasked with improving corporate governance frameworks in order to avoid public scrutiny or corporate watchdog fines. Raising the accountability and governance standards across the financial sector is crucial.

‘I was hoping that the Royal Commission would lead to a renaissance for legal function within financial services. Perhaps it did within the retail banking sector, but I am not sure if it did so much in the industry funds sector,’ says Weston.

Focusing on the future

Overall, the Royal Commission and its findings sent shock waves through the financial sector of Australia. Revelations of systemic misconduct and corporate coverups brought to light shameful practices and toxic work cultures.

‘Sometimes it takes a disaster or a near disaster for people to recognise – really truly appreciate – cognitive diversity. As a legal professional you bring a different perspective to bear because of your discipline and because of your training as an officer of the court,’ outlines Weston.

‘I think as lawyers I have always felt that we know about worst case scenarios, we seem to be the people who envision it, we seem to be the people who consider what it would look like on the front page of the paper, rather than waiting until it is on the front page of the paper.’

Although the financial sector in Australia has gone through significant regulatory transformation, acknowledging past mistakes and implementing new frameworks aimed at improving industry practices are the first steps towards rebuilding consumer trust.

My role in Moscow is heading up the legal and compliance team. I am responsible for this whole area, which includes things such as: risk management, internal investigations, preparation and execution of compliance and legal plans, litigation, contractual work and really everything you can think of.

I am not aware of any multinational organisations nowadays which does not have a compliance policy and framework. Almost all of them have a compliance specialist or in-house legal person in place. In order to move forward, the biggest challenge nowadays is to foster a proper compliance mindset. This is so that people will not perceive compliance as merely a ‘tick the box’ exercise. That is the challenge that I believe remains in place in many parts of the world. Even many senior colleagues in large companies still view compliance as a ‘tick the box’ exercise. They view it as only being the responsibility of legal and compliance departments.

Obviously, corporate ethics is not only about compliance with applicable laws and regulations, it is also about sustaining the long-term business success of an organisation. It is up to us lawyers to understand technicalities. But when it comes to business clients, they have to understand the principles behind why specific rules were introduced. Also, the more our internal clients believe and understand corporate ethics, the fewer number of white-collar crimes will be committed, and in-house counsel will be able to dedicate their time to other important matters. Promoting ethical culture means not only constant training efforts in this direction, but also fostering the right mindset. It is important for us to ensure our clients will understand not only the letter of the law, but also its spirit, and the rationale behind a certain legislative provision, therefore enabling them to make the right choice in a dilemma.

When looking at my own team, further improvements can be made to promote ethical business culture. For instance: making legal and compliance functions independent from the business (solid reporting lines should flow into that function and not into business. Legal and compliance should have their own independent budget); making sure that legal and compliance directors are part of the management teams for respective business units; and when deciding where to hire a legal and compliance professional it is necessary to take into account not only business considerations (size of the business, its growth and profitability) but also a risk profile of a given jurisdiction.

When it comes to bribery and corruption and due diligence, the pharmaceutical industry is highly regulated. It inherently requires us to deal a lot with governmental officials (while registering products, running clinical trials, selling medicines to the government etc). Moreover, due to the state-owned nature of many healthcare systems, administrators in clinics and doctors can be classified as governmental officials from both the FCPA (Foreign Corrupt Practices Act) and UKBA (UK Bribery Act) angles. Thus, bribery risks are at the top of the agenda of international pharma companies. Due diligence risks primarily relate to the difficulties in identification of real ultimate beneficiaries in high risk jurisdictions (Latin America, CIS, Southeast Asia) due to the sophisticated techniques used by those who try and conceal real ownership.

For instance, we had a case where the real ownership of one of our distributers was concealed. According to the official registers the shareholder of the company was person X, but it transpired that the real beneficiary behind was a completely different person. In fact, that person was a governmental official. This created a lot of legal risks. We hired a private investigator to run an in-depth compliance check mandated by our compliance policy and procedure. When we received the report from the investigator, we took a risk-tailored approach and discussed each and every red flag related to the situation. As a team we tried to find a meaningful solution. We then took it to the senior levels of our company so that management would be aware and endorse our actions, and offer their advice based on their knowledge and experience. We of course took independent legal advice as well. In the end we decided to run more enhanced due diligence checks over our critical high-risk partners.

Also, when it comes to crisis management, we have a very solid risk management framework in place which enables us to address crises in a speedy and coherent way. For example, we ran a whole risk assessment when things started to go off recently due to the coronavirus outbreak. We immediately decided to make all our sales calls virtual, even in regions where the government had not yet mandated it. Legally, it was permissible to do face to face meetings in some countries at the start of the pandemic. However, we considered the safety of our customers and our own personnel, and we decided to take everything virtual. We also created some new platforms, and as a result tweaked our compliance rules and procedures to the virtual working environment.

I think when we look to the future, white-collar crime is going to become more sophisticated. If we look back five or ten years ago, if a person wanted to defraud a company, he or she would simply use his or her credit card improperly. Now, corporate fraud is more sophisticated. People are becoming more underhanded when it comes to white-collar crime; it is getting harder to detect and prevent. In addition, the regulatory framework for the pharma industry is not getting easier.

Cyber-crime is also a growing risk area going forward. The main thing here is to make people aware of the core techniques that criminals can use. It is important to be on high alert and to no longer perceive the virtual world as not real; it is very much real. Also, people should not look at cyber-crime as purely the responsibility of IT. It is the responsibility of every employee and people should be trained to detect phishing emails and be aware of their VPN when sending corporate sensitive data.

When overcoming these future and current challenges, it helps when compliance and legal teams come together in a co-ordinated effort. They may be two separate functions, but a collaborative approach is best when preventing white-collar crime.

My past in-house roles were in fast moving consumer goods (FMCG) companies where I had international remit and exposure to the benefits of legal operations and using digital solutions in European and US markets. Having a cross-border perspective has really shaped my legal career and how I view in-house lawyering, particularly with respect to ensuring in-house legal teams join the data world so they can make data-driven decisions in this digital economy.

In terms of how I got to my current role, I have always loved problem solving and driving outcomes. When I was in high school I really focused on science and maths subjects, but decided I wanted a complete change when I entered law school at university. I ended up doing a combined Law and Arts degree at The University of Auckland and then did the usual ‘kiwi’ thing of working in large corporate law firms before heading off overseas for the traditional ‘OE’ (overseas experience).

I really enjoyed the fast-paced M&A and private equity deal work in private practice, but I never got the opportunity to view business transactions across their life cycle, because I always had to move onto the next deal so quickly. I did a brief in-house secondment and loved it – everyone told me that once you go in-house, you will never go back! My first in-house role was as international general counsel for an FMCG company where I had remit for all legal matters across 43 markets globally. I gained wonderful experience about customer needs and how to provide business-ready advice. In my current role at Chartered Accountants ANZ, a professional membership body with over 125,000 members globally, I lead the legal, governance, risk, compliance and operational excellence teams which provide integrated assurance and enable the organisation to grow, react and adapt to a changing environment across Australia, New Zealand, Asia and the United Kingdom.

The privacy and cyber landscape is constantly evolving across the globe – we are seeing an increase in disruptive technologies, a move to digital delivery, the rise of the ‘no touch’ economy, the commercialisation of consumer data and consumer demand for delivery at pace. But in parallel, we are also faced with an increase in privacy regulation and the risk of cyber threats. In fact, in 2020, we’re experiencing a year like no other, as we all navigate through a global pandemic! Privacy and cyber security are front of mind as our business balances rapid digital transformation with ensuring our post-COVID operating model is relevant in this new world.

For example, the rapid change from an on-premise technology operating model to a ‘cloud model’ has resulted in a proliferating of data across platforms and increased external cyber exposure to corporate systems. This will surely increase to the point where data will no longer reside in a traditional on-premise location, changing how we manage and protect both cyber and data privacy forever.

Digital solutions are also key in managing areas like whistleblowing. Recent legislative changes support the trend towards whistleblowers being seen as a corporate asset and key to maintaining a culture of good corporate governance.

Businesses can have a good whistleblowing policy which contains anti-victimisation provisions and provide for anonymous disclosure but this needs to be operationalised – using a secure digital platform is the best way of mitigating risks in this space.

External counsel certainly do play a role when it comes to the investigations process, but that depends on the type of investigation. Some investigations need to be conducted under legal professional privilege and using an external firm assists with maintaining privilege. It also provides a level of independence, and external law firms are also able to offer practical guidance on how to manage an issue based on their experience with other clients and regulators. There are definitely benefits with using external counsel, but not with every investigation. A lot of things can be done in-house, so it really depends on the risk profile of an organisation and the cost/benefit analysis.

Looking towards the future, I think in-house legal teams need to be much more tech savvy. Innovation intelligence and being a quick adopter of technology is one of our legal team’s KPIs. Technology was previously a job for IT teams, now it is a whole of business function focused on protecting data. I think in-house counsel are well placed to show leadership in this space due to the privacy, governance and risk management responsibilities they have. In-house legal teams need to get a deeper understanding of technology and need to partner very closely with IT teams. There are huge opportunities for in-house legal teams to step up in this space – it’s an exciting time to be an in-house lawyer!

For companies and their general counsel – as with the rest of the world, generally – 2020 presented unique challenges. As we move through 2021, organisations of all sizes and across all industries face unprecedented forms of scrutiny, liability, and potential “bet-the-company” penalties for misconduct by US and other international regulators.

In response to the COVID-19 pandemic, governments worldwide have distributed significant amounts of emergency relief funds to help manage the pandemic and mitigate its impact on individuals and businesses. Over the course of the last year, the United States, for example, has passed the largest spending measures ever enacted, providing more than five trillion dollars in aid through multiple stimulus bills and more is being proposed. Those relief funds include oversight mechanisms based upon TARP that seek to combat potential fraud, waste, and abuse on behalf of fund recipients, paving new avenues for regulatory scrutiny.

In June 2020, the US Department of Justice (DOJ) issued updates to its Evaluation of Corporate Compliance Programs as part of its overall framework that prosecutors should consider in conducting corporate investigations. That framework will apply to COVID-related investigations. It also provides insight for GCs of corporations seeking to develop and implement a best-in-class compliance program. Among its recommendations, the guidance encourages companies to leverage technology and engage with compliance data real-time – a clear signal to businesses of the importance of data management and security in building a robust compliance program.

Additionally, although robust white collar enforcement has continued in a number of areas over the past four years, the 2020 US Presidential election will usher in a new administration that will likely adjust its regulatory and enforcement priorities on several fronts. With new leadership, financial regulators – including the DOJ and US Securities and Exchange Commission – are poised to take more aggressive stances to combat alleged corporate wrongdoing.

It is no surprise, therefore, that global general counsel are expressing heightened concern over these new and emerging challenges. To gain more direct insight into these issues, Latham & Watkins is delighted to partner with GC Magazine and The Legal 500 in their inaugural “Under Investigation: A GC Guide to White Collar and Sanctions Trends in 2021” to ask GCs about their top regulatory challenges. The following responses offer a snapshot into the concerns and risks GCs around the world have identified as top-of-mind in this evolving regulatory climate.

Douglas Greenburg
Benjamin Naftalis
Nathan Seltzer

Global Chairs, White Collar Defense & Investigations, Latham & Watkins LLP

Since November 2020, white-collar defense lawyers have faced one question: will the Biden administration change US priorities when it comes to pursuing a range of economic crimes?

Generally, it takes a relatively long time for a new administration to have an impact on white-collar crime enforcement. White-collar matters often take a long time to process: cases that are not already being investigated can take months to appear on the radar, and the decentralised nature of the US system means that changes at the national level are often less consequential than appointments of US Attorneys at key offices throughout the country. In addition, the previous administration did not roll back on its enforcement pursuits to the extent many had anticipated. For example, aggressive FCPA enforcement continued through the last four years, in contrast to many expectations.  All that said, we expect the next four years will bring rigorous white collar crime enforcement across a spectrum of white-collar cases.

Early indications of the new administration’s approach can already be seen in the appointments made by various regulatory agencies, with Obama-era alumni returning to senior positions. Given the likelihood of similar appointments at the DOJ, the SEC, and other relevant regulatory bodies, the next four years could be marked by a return to the priorities set in the Obama era, which alone would mean an increase in the volume of white-collar work.

While it is still too early to judge exactly how the legislative and regulatory priorities of the new administration will impact business, existing features of the enforcement landscape will continue to have a big impact on international business.

First, we expect to continue to see a sustained emphasis on anti-money laundering enforcement, and the FCPA will remain one of the most important US federal laws for multinational companies. Second, sanctions and trade controls will similarly continue to exert a substantial influence on enforcement in the US and beyond, largely because – in the United States – there is rare bipartisan consensus on the value of sanctions as an instrument of national policy. One area we expect an uptick in enforcement is securities fraud investigations against both corporations and Wall Street institutions, both civil and criminal, as we expect the new Administration will be highly motivated in this area.  Lastly, the aftermath of COVID-19 will likely result in heavy scrutiny of potential fraud related to various COVID relief programs and in their related significant federal investment.

General counsel will need to mitigate these and other emerging risks in the coming months.

Compliance from home

Almost without exception, all major policies and procedures related to compliance presuppose that employees are physically present in an office; that employers know where data and other records are stored; and that compliance teams have the ability to directly monitor staff activity.

For many companies, the global pandemic has introduced new remote working environments where the physical presence of a company’s employees is largely uncertain, data may be stored across a wide range of depositories, and training is limited to formal interactions over webcam. For the past year, corporate compliance has taken on an entirely new identity.

Finding ways to ensure proper oversight of employees in a remote environment is a work in progress, and it remains to be seen how regulators will evaluate the measures taken by employers. Even without worrying about the stance regulators are likely to take, businesses must work out how to build and maintain a strong culture of compliance in a remote working environment. Establishing the right tone and culture is, of course, much more difficult without physical interaction; nevertheless, it is a challenge businesses and GCs must reconcile for the future.

Regulatory cooperation and conflict

For multinational companies, the list of potentially relevant prosecutorial authorities grows with every year. We continue to see increasingly aggressive white-collar enforcement in many countries around the world, accompanied by closer international cooperation among governmental authorities.

At the same time, conflict of laws between jurisdictions is becoming more common, meaning multinationals must navigate a world where they face competing laws in different markets. For example, US authorities have come to recognise that companies are limited in what they can lawfully do to cooperate when an enquiry requires the production of European data. Governmental authorities will be pushed to cooperate ever more closely because US authorities often will only be able to obtain necessary data only from their foreign counterparts.  As a result, multijurisdictional investigations will increasingly be coordinated between the different national bodies involved in investigating and prosecuting a case.

The more white-collar crime is viewed as a matter for collaboration among national regulators, the more likely a jurisdiction will expect its laws to play some part in mitigating the alleged misconduct. As any multinational legal or compliance team knows, misconduct often occurs in countries that do not have a well-established judicial system or, in some cases, effective rule of law. This situation makes the resolution of any potential compliance issues in such countries challenging at best.

Additional complexity can result by “blocking statutes” increasingly prevalent in certain jurisdictions, effectively prohibiting compliance with US sanctions. This creates a challenge for GCs of multinationals, who must navigate an increasingly interconnected world while also adhering to sometimes completely incompatible sets of laws and regulations.

General counsel will need to be sophisticated at navigating the relevant laws to avoid trouble. The world is becoming more complicated and risks to businesses are growing. This means their advisers will have to find unique solutions to a host of difficult challenges. The days of rolling out the same playbook for every problem are over.

Above all, GCs should remember the first law of compliance: when problems arise, one cannot ignore them in the hopes that they will disappear. At minimum, GCs will need to identify and act on potential problems as soon as possible. Waiting to see how something evolves is no longer an option in a world where every country has the ability to bring sanctions, and coordination among international regulators is the norm. Pick up the phone and call someone who can help you avoid compliance problems that will prove far more expensive than taking the necessary actions to prevent them.  And, when an investigation arises, GC’s will need experienced counsel who can ensure the company cooperates when appropriate, but who can also advocate aggressively, when necessary.

Authors:

Douglas Greenburg, Global Chair of the White Collar Defense & Investigations Practice, is a partner in the Washington, DC office of Latham & Watkins LLP

Benjamin Naftalis, Global Vice Chair of the White Collar Defense & Investigations Practice, is a partner in the New York office of Latham & Watkins LLP

Nathan Seltzer, Global Vice Chair of the White Collar Defense & Investigations Practice, is a partner in the London office of Latham & Watkins LLP