Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in - - PowerPoint PPT Presentation

corporate compliance a global perspective
SMART_READER_LITE
LIVE PREVIEW

Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in - - PowerPoint PPT Presentation

May 25, 2023 217 likes •566 views

Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming more complex Global issue

slide-1
SLIDE 1

37 Offices in 18 Countries

Corporate Compliance: A Global Perspective

6/27/2012

slide-2
SLIDE 2

2

Current Compliance Environment

  • Ever-intensifying regulatory burden
  • new areas of regulation
  • existing regulations becoming more complex
  • Global issue – more countries jumping on board
  • Consequences of infringement: unforgiving
  • Step back – look at compliance obligations and compare

against benchmarking

slide-3
SLIDE 3

3

Choices

  • Corporate Counsel and boards need to make a number of

important choices, e.g.:

  • program scope and how intrusive?
  • balance investment cost –v- level of risk tolerance

(80:20 rule)

  • effective communication of senior management buy-in
  • No two firms are identical – no single blueprint for achieving

corporate compliance

  • importance of benchmarking
slide-4
SLIDE 4

4

Compliance solutions

  • Compliance tool-kit – building blocks to a culture of

compliance

  • corporate compliance policies and programs
  • training for boards, executives and staff
  • protocols – record-keeping
  • audits and assessments
  • More innovative solutions? e.g. compliance can be revenue

generating: antitrust; trade; market access

slide-5
SLIDE 5

5

Global Compliance Survey Background

  • Together, Squire Sanders and Datacert™ decided to

undertake a Global Compliance Survey

  • Purpose
  • Respond to requests from clients and Generals of the

Revolution™ participants

  • To make available benchmark data about compliance

programs, challenges, and tools

  • To solicit input and ideas within the compliance community

about how to build, measure and improve the effectiveness

  • f global compliance programs
slide-6
SLIDE 6

6

Who are the participants?

  • 88 Participants
  • Average Annual Revenue = $11.75 Billion
slide-7
SLIDE 7

7

Where do they do business?

.

slide-8
SLIDE 8

8

Does your organization have a dedicated compliance officer or resource?

slide-9
SLIDE 9

9

What percentage of your compliance needs emanate from outside your primary HQ country?

slide-10
SLIDE 10

10

2012 Expectations

slide-11
SLIDE 11

11

Many Challenges on Many Fronts

  • Compliance professionals must remain vigilant on many

fronts, and many turn to outside providers for certain aspects of their compliance programs

slide-12
SLIDE 12

12

Measuring Success

  • Centrally tracking all information related to compliance is

critical to success and satisfaction

  • The next two graphs show us:
  • There is much room for improvement
  • In a cross-reference, we find that those who do have

strong tracking are significantly more satisfied with their compliance programs overall

slide-13
SLIDE 13

13

Tracking Compliance

slide-14
SLIDE 14

14

Are you happy with your current compliance program?

slide-15
SLIDE 15

15

Survey – Key Findings Recap

  • Participants expect both their domestic and global

compliance challenges to rise.

  • No one area of compliance stands out as the greatest

challenge, suggesting that compliance professionals must spread their attention across many fronts

  • Having a process and technology platform for centrally

tracking all compliance-related information emerges as both a critical success factor and an area needing improvement

slide-16
SLIDE 16

16

Conclusions and Insight

  • Global compliance: a journey not a destination
  • The combination of good compliance programs and

technology leads to the highest level of satisfaction

  • Benchmarking and cross-fertiliz(s)ation of compliance

strategies – to stay ahead of the game

  • We hope this survey and the dialogue it generates will be a

spur to further discussion

slide-17
SLIDE 17

17

Questions?

Pat Cornelius

E pat.cornelius@squiresanders.com T +1 614 365 2781 M +1 614 209 9855

Don Hughes

E don.hughes@squiresanders.com T +1 614 365 2734 M +1 614 563 7488

Colin Jennings

E colin.jennings@squiresanders.com T +1 216 479 8420 M +1 440 668 5032

slide-18
SLIDE 18

18

Corporate Compliance: A Global Perspective

Pat Cornelius, Squire Sanders LLP

  • General Practices in Compliance and Enterprise Risk

Management

  • General Principles Behind A Compliance Program
  • Legal Compliance
  • Risk Management

–Reduce Risk of Noncompliance –Reduce Operational/Business Risks of Noncompliance –Reduce Legal Risks of Noncompliance

  • Reputational Impacts
slide-19
SLIDE 19

19

Corporate Compliance: A Global Perspective

  • What is the Approach
  • What is the Current “State of Play”
  • Discuss What is Needed (Create, Overhaul, Update,

Supplement)

  • Identify Highest Risk Areas (Based on Operations and

Enforcement Activities)

  • Focus Resources on Areas of Greatest Risk or Greatest

Opportunity

  • Put Together a Coordinated Team
slide-20
SLIDE 20

20

Corporate Compliance: A Global Perspective

  • Cross Border/Extraterritoriality Issues
  • One compliance program for Entire Organization?

Separate Plans For Different Jurisdictions? Combination?

  • Global (common) rules and local rules/interpretations –

seek to achieve consistency where possible and if not possible, identify and manage instances of divergence (lowest common denominator)

slide-21
SLIDE 21

21

Corporate Compliance: A Global Perspective

Dan Roules, Squire Sanders LLP

  • What are the key components of an effective anti-bribery

compliance program for China and how should such programs be different in China from elsewhere in the world?

  • How does one go about training and monitoring the

performance of one’s own employees in China?

slide-22
SLIDE 22

22

Corporate Compliance: A Global Perspective

  • Given the recent surges in M&A and commercial sales in

China, what resources and procedures are recommended for due diligence on Chinese counterparts, whether acquisition targets, JV partners, or agents or distributors?

  • How to deal with the "State secrets" issue, where there are

no clear definitions and Chinese authorities interpret the law broadly.

slide-23
SLIDE 23

23

Corporate Compliance: A Global Perspective

Rob Elvin, Squire Sanders LLP

  • Anti-bribery Compliance, a New Concept for the UK?
  • The Bones of the Bribery Act.
  • What is it that Makes the Act Troublesome for Global

Companies.

  • What Compliance Solutions are Global Companies

Using.

slide-24
SLIDE 24

24

Ann LaFrance, Squire Sanders LLP International Data Protection & Privacy

  • EU Data Protection Regime
  • EU Data Protection and e-Privacy Principles
  • Comparison to US approach
  • Applicability to Cloud Computing services
  • The Cloud in Europe
  • E-Privacy Directive – Cookies
  • Proposed Overhaul of EU Data Protection Regime
  • Questions?

Corporate Compliance: A Global Perspective

slide-25
SLIDE 25

25

Article 8 of the Charter of Fundamental Rights of the EU expressly recognises that all citizens of the EU have a fundamental right to privacy. Data Protection Directive 1995

  • Establishes the baseline rules on how data is processed

(including how it is obtained, recorded, used, disclosed, erased).

  • Each EU Member State has implemented the directive with a

national flavor, and there are some significant substantive and procedural differences among Member States within the EU. Privacy and Electronic Communications Directive 2002 (e-Privacy Directive)

  • Data breach notification (comms providers)
  • Enforcement mechanisms/audits (comms providers)
  • Cookies (all)

EU Data Protection Regime

slide-26
SLIDE 26

26

Core data protection principles that must be respected by “data importers” (i.e. individuals/legal entities outside the EEA):

1. Justification for processing and purpose limitation – data must only be used for specified and permitted purposes 2. Data quality and proportionality - data must be accurate, up-to-date, adequate and relevant 3. Transparency – data subjects must be provided with information necessary to ensure fair processing 4. Security and confidentiality – measures appropriate to risk must be taken and written commitments obtained from third party processors 5. Rights of access, rectification, deletion and objection – generally data subjects must have such rights in relation to their personal information held by an organisation 6. Sensitive data – additional measures should be taken to protect such data 7. Data used for marketing purposes – effective ‘opt-out’ procedures should be in place 8. Automated decisions about individuals – can only be made in limited circumstances and individual rights must be protected

EU Data Protection and e-Privacy Principles

slide-27
SLIDE 27

27

Comparison to US approach

  • In contrast to US practice, protection of personal data is the rule

and not the exception in the EU.

  • Horizontal versus vertical approach to regulation.
  • In the EU, individuals are generally viewed as having the right to

be informed of whether and how data about them is collected, processed and transferred, including in the workplace. In some cases, their explicit consent is required.

  • The EU prohibits the exportation of EU personal data to points
  • utside the EU (and this includes remote access to EU personal

data from points outside the EU), unless specified conditions are met.

  • Exportation of personal data within a corporate group or

partnership is caught by the prohibition/required conditions.

  • EU Member States interpret/enforce the EU Directives

differently.

slide-28
SLIDE 28

28

Applicability to Cloud Computing Services

  • Significant EU data protection issues raised by Cloud

Computing (storage  SaaS)

  • Who has jurisdiction over the Cloud?
  • Where the provider is headquartered/operates?
  • Where the servers are located?
  • Where the customer is located?
  • Where the customer’s customers are located?
  • All of the above?
  • How to comply with rules relating to export of data outside

EU/EEA in a commercially sensible way?

  • How to deal with data breach incidents and swift protection of

individual rights in a global server farm set-up?

slide-29
SLIDE 29

29

Germany

Resolution and Guidance Paper (29 September 2011) sets out minimum requirements for cloud providers including:

  • Transparency – technical, organisational and legal framework of cloud provider
  • Unambiguous contract terms relating to processing
  • Certificates from independent auditors concerning the information security

Italy

Guidance from Garante on 24 May 2012:

  • Prioritise services promoting data portability
  • Consult on where data will reside
  • Ensure availability of data
  • Awareness of contractual clauses – check times and storages of data

France

France is also looking into the issues and has circulated a consultation.

The Cloud in Europe

slide-30
SLIDE 30

30

e-Privacy Directive - Cookies

  • The e-Privacy Directive was amended in 2009 to tighten up the prior “opt
  • ut” rule for cookies.
  • The 2009 amendment gave Member States until 25 May 2011 to

implement the changes (although the Information Commissioner’s Office gave UK businesses an extra year)

  • Member States are in various stages of implementation of the Directive.
slide-31
SLIDE 31

31

Article 5(3) of the e-Privacy Directive states that:

Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensible information … inter alia about the purposes of the processing.

  • ICO Guidance (May 2012) was amended at the last minute to include

“implied consent” as a valid form of consent – out-of step with Europe?

  • The e-Privacy Directive suggests browser settings may be one means
  • f obtaining consent. ICO has said this is not sufficient in the UK but

consent can be given by use of appropriate browser settings in some Eastern European countries (e.g. Hungary, Romania)

Cookies cont’d

slide-32
SLIDE 32

32

Cookies cont’d

  • The Article 29 Working Party adopted an Opinion on 7 June

2012 clarifying which cookies can be exempt from the requirement of informed consent. They include:

  • “User-input” cookies (session-id) e.g. those used as a shopping cart
  • Authentication cookies used to identify a user once they have logged

in

  • User interface customisation cookies e.g. language preference

cookies

  • The Working Party also set out non exempted cookies, including:
  • First party analytics
  • Third party cookies used for behavioural advertising
slide-33
SLIDE 33

33

On 25 January 2012, the European Commission published a proposal for a Data Protection Regulation that is intended to replace the current regulatory framework in Europe. Implementation is not expected before mid-2014 (with a two year implementation period). Highlights include:

  • Right to be forgotten
  • Data portability
  • Privacy by design
  • Explicit consent
  • Binding corporate processor option
  • Data breach notification
  • Data Protection Officer
  • Industry Codes of Practice
  • Sanctions

Proposed Overhaul of EU Data Protection Regime