Joining forces against corruption | Asian Legal Business

A global manufacturing conglomerate with more than 350 entities across 70 jurisdictions seeks the help of an LPO to implement an anti-corruption compliance programme. On its part, the LPO locates and revises thousands of third-party contracts to address ongoing FCPA obligations. It collects, reviews and amends existing documents related to nearly 15,000 third parties. In the absence of a valid agreement, it evens drafts the necessary agreements according to local regulations.

Over four years, the LPO helps support the drafting, negotiation and execution of more than 10,000 agreements across its client’s Americas, EMEA and Asia-Pacific hubs and also provides language support in English, French, German, Italian, Spanish and Portuguese on legal documents.

The LPO goes a step further by maintaining a repository of contracts, documents and approvals that were given for audit purposes in addition to analysing and generating reports on an ongoing basis.

Over time, the manufacturing conglomerate realises that its partnership with the LPO has been instrumental in introducing a change management system within the company – a system which has improved its functional efficiency and responsiveness to business, while mitigating the risk of non-compliance.

Partnering to fight crime

The above case study clearly defines the factors which prompt corporates and law firms to partner with LPOs for anti-corruption investigations and compliance programmes – reputation and experience. Ram Vasudevan, CEO of LPO outfit QuisLex explains: “LPOs which have had substantial experience in helping companies implement and oversee compliance programmes worldwide are much sought after. The idea is to collaborate with an LPO which has an experience bank to fall back upon, something that spells reliability and familiarity for the corporation or law firm.”

Reputation is key

According to Vasudevan, when corporations and law firms look at partnering with an LPO for anti-corruption investigations/ compliance programmes, they usually check for the experience level of the LPO in that particular field, speak to references that have used the services of the LPO, and understand the level of customisation the LPO can bring about in its services. For example, even though there is a common framework of compliance, what an LPO does for its company may not be suitable for a financial services company client and vice versa. Finally, they check if the LPO has the required skilled personnel to implement such customised solutions.

As far as security is concerned, Vasudevan says most of the top-tier LPOs have the basic framework in place. Almost all are ISO-certified; several are SaaS-enabled. Basic certifications, like the ISO-27001 or 9001, are processes that are helpful to have because they are audited once or twice a year. They showcase the fact that a LPO has its controls in order, and that the LPO is following guidelines.

The review process

International Monetary Fund Research has shown that investment in corrupt countries is almost 5 percent less than in countries that are relatively corruption free, while the World Economic Forum estimates that corruption increases the cost of doing business by up to 10 percent on an average.

Ensuring anti-corruption compliance has to be a priority for companies in the present scenario. In this context, Vasudevan says that compliance has several aspects to it.

The question is whether it is a one-time investigation, or a compliance programme that’s being implemented, or is it an ongoing compliance initiative. And asking this question is essential because the experience that is required to handle each of these three is very different from one another.

Assuming it’s an investigation, an LPO first understands from the client what the investigation is about – i.e., what does the client want the LPO to investigate. Based on that, an LPO looks for key documents that may help support the allegation or counteract it, as the case may be.

On the other hand, if a compliance programme is being implemented, LPOs take various local requirements into consideration – what the local laws are, what the contractual requirements of a particular country are, and so on.

Elaborating on this, Vasudevan says: “Implementing a compliance programme is much more comprehensive. It takes more time than a one-off investigation because not only does the LPO need to look at what the objective is, what are the laws in place to do so and the compliance factor, but in some cases, it’s also about negotiating contracts with third parties on behalf of clients.”

As far as an ongoing compliance initiative is concerned, once the framework has been set up, the client’s interest lies in ensuring that there is an adequately secure process in place so that what has been implemented is adhered to on a continuous basis.

Securing data

AN LPO looks at keeping client data secure and confidential from three angles - electronic, physical and personal. The electronic angle includes firewalling, ensuring the use of secure communication platforms, and so on. At times, third party documents also need to be protected. In essence, there are different levels of safeguarding confidentiality depending upon the nature of the data involved.

These days, there are no physical exchanges of information. Every kind of data exchange is electronic in nature, and that more or less takes care of the physical loss and/or compromisation of data. And the presence of all sorts of controls (biometric recognition, not allowing electronic devices like mobile phones, USBs etc) to prevent the physical theft of data at worldwide offices of reputed LPOs is but mandatory.

Employees, on their part, share a sense of pride and ownership about being responsible for confidential client data, says Vasudevan.

Conflict resolution

According to Vasudevan, there are no conflicts, only collaborative discussions, which happen between an LPO and its client during a review process. “It’s more of discussing the best recourse to solve a particular problem. Normally, LPOs have very helpful feedback from clients- for instance, an LPO may start out looking for issue X, but as work progresses, it may realise that sub-issue Y or Z is more complicated than X. Hence, there are regular review discussions between clients, law firms and LPOs since everyone’s interests are aligned,” he says.

Non-compliance risk management

In terms of long-term process improvements, Vasudevan says that a lot of knowledge gets built within the team which is handling a client account on a long-term basis. In such cases, the best LPOs have centralised repositories with their clients where updates are uploaded on a regular basis, and review meetings and discussions forums are arranged for between LPOs and clients periodically. The client provides critical feedback which extends the learning curve for LPO team members working for them. And in the process of being able to provide constructive feedback, the client team’s awareness about various non-compliance risks increases, thus improving business performance and fostering a strong ethical culture within the organisation.