I serve as the general counsel & head of compliance of MAXpower Group, Asia’s leading gas to power specialist and a key developer, owner and operator of small-to-medium gas-fired power plants. I also sit on the Board of the MAXpower-Mitsui & Co., a joint venture which operates a separate group of power assets in Myanmar. In addition to providing strategic business governance counsel to the Board, my work involves advising on power projects, turnaround management, FCPA enforcement and special situations M&A. Prior to joining MAXpower, I was the regional corporate counsel for Jacobs Engineering Group’s Asia operations, based in Singapore and Mumbai. I have also worked for Norton Rose Fulbright, at the firm’s London and Abu Dhabi offices with a practice focus on energy projects.
For MAXpower, white-collar crime exposure means unfavourable exposure to laws on bribery, sanctions, export control, anti-money laundering, internal controls, audit standards violations, etc. The potential breach of certain anti-bribery legislation like the US Foreign Corrupt Practices Act 1977 (FCPA) or the UK Bribery Act 2010 (UKBA) may pose a greater risk than others. The FCPA is the single biggest legislation affecting anti-bribery compliance programmes globally. The complexity of the application of the FCPA (or the UKBA) is that it is not dependent upon the existence of any contractual arrangements that a company may have in place. We have to engage in an extensive dialogue across all ranks of employees to socialise our exposure.
The biggest FCPA concern in emerging markets is pressure to pay. We try to tackle both the supply and demand side (more so under kleptocracies) of the bribery problem through a concentrated effort of top-level leadership, tone in the middle, a robust code of conduct, a tactical internal conduct code training process, ground-level determination, and ingenuity. We also try to convey the message to employees that penalties for non-compliance are severe, including imprisonment, unlimited fines (typically fixed at tens or hundreds of millions of US dollars), debarment from public procurement contracts, company director disqualification, asset confiscation, disgorgement of profits, adverse reputational consequences and substantial legal costs. To have greater impact, our training materials focus on figures (i.e. potential economic disruption) and flesh and blood references from past individual prosecutions.
The four broad components of a successful compliance programme consist of an analytical enterprise-wide risk management framework taking operating environments into consideration, broad institutional assent from participants, control structures within which the leadership can act to stem breaches, and monitoring by independent specialised actors. As general counsel, I play the independent monitoring role. We train our senior leadership to comprehend (with the understanding that the message will flow down) that in the case of foreign laws and regulations like the FCPA, a subject company has no means to contract out of potential liability.
Extra-territorial laws (like the FCPA) lack public assent in most emerging markets, which adds to compliance challenges. Pre-conceived notions of what actually constitutes ‘misconduct’ can also impact compliance efforts. Through our bespoke training and targeted employee engagement processes, and try to challenge such countervailing social norms. We also try our best to secure workforce assent to the compliance programme and aim for an institutionalised acceptance of the bribery and graft problem. As general counsel, I know that what may work for the developed world will not always work for emerging markets, and hence we deploy a risk-based approach. We, as a company, also realise that an eco-system of zero corruption is an illusion.
It is often the case with general counsel (no different in my case) that their formal authority falls far short of their responsibility, and their success is dependent on others outside their own chain of command. Therefore, general counsel (who also have responsibility for compliance) need to be a jack of all trades and be savvy enough to drive through crucial compliance controls. The right relationships inside a company (including by having the CFO and the Head of Procurement on speed dial) are very important.
As part of our corporate messaging, we also highlight that business conduct training is simply not moral rhetoric, but that breaches of applicable law can cause major economic disruption leading to loss of jobs, amongst other real-world consequences. The company leadership has also committed to encouraging reporting mechanisms of potential violations by offering a sense of assurance to employees that no retaliation will occur, subtle or overt, to ensure that employees feel safe to report concerns. We also realise that inconsistent moral messaging can be confusing for employees if legally enshrined moral principles (or organisational value systems) conflict with their own socio-cultural beliefs, as shaped by local standards and ways of doing business. We are conscious that a sound code of conduct crafted with the right ethical considerations will boost the company’s long-term competitiveness.
It is also important to realise that strategic legal or compliance personnel are not hired to be ‘liked’. Companies should remember that such personnel need to be respected as a voice of authority by employees of all ranks. In most listed companies, the chief compliance officer acts as an assurance for the public that the company is a good corporate citizen. Good compliance credentials will help in building public trust for the company.
Year on year, the world grows more tech-savvy. Most large in-house departments already use AI or automation tools in some form, and it does result in cost savings. From a white-collar crime angle, it is important to mention that the Criminal Division of the US Justice Department (DOJ) updated its memo on evaluation of compliance programmes in June 2020; this is a good reference document from a prosecuting agency setting out expectations on what a robust compliance programme should look like. The new subsection on access to data stresses the DOJ’s recognition that data access and monitoring is critical to the proper functioning of a compliance programme. Data analytics can help determine whether compliance failures are systemic or more aberrational. Such data can also help a company monitor investigations and discipline to ensure consistency, which the memo suggests is part of a compliance programme’s effectiveness. The focus on data analytics is thus a good indication that AI, machine learning and automation tools will play a more significant role in legal and compliance functions in the years to come.