FRA Director Tytti Saarinen attended C5’s leading Anti-Corruption Conference in the Nordics last week. The 5th Annual Conference focused on implementing an effective compliance strategy in line with international and local legislations to control corruption risks in overseas operations.
In her opening remarks before the panel, co-chair Bapsy Dastur asked the question, what is compliance and why do we need it? Is there a spirit that we want to develop compliance or are we fixing problems with rules? A third point of view according to Bapsy is that we don’t need compliance at all. These were the viewpoints reflected in the government panel with representatives from Norway, Sweden and Finland.
The government panel discussed, amongst other items, anti-corruption enforcement priorities and priorities for compliance in the Nordics. Norway and Sweden, unlike Finland, have put in place specific units to fight corruption, ØKOKRIM and Swedish National Anti-Corruption Unit respectively. Despite the lack of a specific unit in place, studies show Finland is characterized by larger-scale structural corruption that is difficult to detect. Such corruption often occurs in the interface between the public and the private sectors and takes the form of giving and accepting undue advantages, conflicts of interest and favouritism. Panellist Juuso Oilinki, Special Adviser in the Department of Criminal Policy pointed out that “you don’t find corruption unless you look for corruption”. He added that the third place in the recently published Corruption Perceptions Index gives the wrong picture to the Finnish politicians about the real state of matters.
The panellists also gave an update about current significant corruption cases in their countries. In Norway there is an ongoing Oslo municipality case as well as CAS Global and Tine. In Sweden there will be another verdict in the Telia corruption case on 15 February. According to Oilinki, Finland has about 20-30 cases per year with a conviction rate less than 50%. When struggling with scarce resources in the Nordic countries, all panellists agreed that the researching journalists have an important role, while many of the corruption cases under investigation come from the media. All panellists agreed that bad publicity punishes the companies but that alone is not enough – we need to get more predictable company liability regulation in place to raise the bar in fighting corruption in the Nordics.
Panellist Anna Møe, Deputy Director at ØKOKRIM talked about the challenges in implementing code of conducts and compliance programmes. She underlined the importance of risk assessment and refers to Tine case as an example of risk assessment gone wrong. She challenged the audience to think whether we always really recognize if we don’t get an answer? Also, sometimes we simply don’t ask questions because we might be afraid of the answers. Møe seems to be right on spot, as according to other panellists, also both DOJ and SEC are continuously pushing for better compliance risk assessment.
Compliance Programme 2.0 in the Nordics
Harri Spolander, Head of Internal Controls at Fortum Oyj and Camilla Nyhus-Møller, Chief Legal and Compliance Officer at Höegh LNG AS discussed the ongoing upgrades to global anti-corruption policies, procedures and internal controls. As Fortum is operating on the highly-regulated energy sector, compliance simply gives the company the license to operate and it needs to be the backbone in all the operations. Fortum has a rolling 18 months compliance program built on the COSO model and it is regularly updated and reviewed. Prior to the upgrades, there were manuals and policies in place but these were not known by employees. Spolander underlines that the problem might not be the rules or lack of the rules but simply the fact that people are not familiar with these. According to the panellists, compliance risk is regarded as the single largest reputational risk for companies.
Internal Investigation Protocols
The credibility of investigation comes from the process. At the same time, one of the hardest things is to trust the process. These were the opening remarks from Tom Best, Partner at Steptoe & Johnson on the panel discussing internal investigation protocols. The current state of investigation and whistle blowing cultures in the Nordics were also discussed. The panellists, Ryan D. Junck, Partner at Skadden, Arps, Slate, Meagher & Flom LLP and Affiliates and Richard Fleetwood, Senior Compliance Advisor at Consilio International AB, shared the view that companies in the Nordics are lagging behind. Compliance officers have an important role in the process and development of these areas. The first question is, is there a process in place for investigation? According to Junck, investigation protocols are rather rare, while whistle blowing protocols more common. Also, if the compliance team is small, documented protocols in general are rarer.
What comes to managing internal investigations, Junck warned that without investigation protocols in place, things can go sideways very quickly as everyone tries to be involved. A good investigation, from a process point of view, is 1) documented findings, 2) documented remediation, 3) testing and 4) training.
Bapsy Dastur summarized the discussions of the conference by calling for a robust risk assessment and commitment to compliance from top management. The quote she made from Warren Buffet crystallized the importance of integrity: “Somebody once said that in looking for people to hire, you look for three qualities: integrity, intelligence, and energy. And if you don’t have the first, the other two will kill you. You think about it; it’s true. If you hire somebody without [integrity], you really want them to be dumb and lazy”.