CFPOA (Bribery) Enforcement Action on the Rise

Risk Management will be a particular challenge based on the “ground level” exposures and the difficulty identifying and controlling risk that is created by a vast number of activities conducted by a large number of people with significant geographic and supervisory separation.

Therefore, based on single aggregate limits, and considerable number of parties and matters insured under a typical D&O insurance policy, a full understanding of how and where limits are sharing should be a top priority for D&O buyers.

In past blog posts I have been critical of Canadian regulation and enforcement of Bribery. But, I can now suggest there has been an extraordinary increase in Canadian corporate bribery enforcement. I am not suggesting the alarm bells should be raised, as the number of cases has gone from one to two (two to three if you include individuals), and I am sure that 99.something % of Canadians (and nearing that number of politicians) could not tell you what CFPOA stands for. This is not as easily said of FCPA. The Foreign Corrupt Practices Act, here, in the US has seen significant press over the last year. This should be no surprise, the US government provides a website listing enforcement actions in chronological order (there are 14 actions under ‘A’ alone), a dedicated email address for reporting violations, and transparency on settlements/judgments (which have been in the hundreds of millions of dollars.)

I wouldn’t be worried about wiretaps and agents posing as foreign government officials……, if your organization does absolutely no business (purchasing or selling, travel or expenses) outside of Canada. We are not known for aggressively fighting white collar (I prefer the term “financial”) crime. However, if you do any business outside of Canada, perhaps some risk identification and loss control is a good idea.

CFPOA stands for The Corruption of Foreign Public Officials Act. It can be found on a Canadian government site, here, but there is no “enforcement” section, or any obvious “report bribery or corruption” contact information. I don’t even recommend a search of Canadian government information regarding corruption or bribery, as it is a time wasting and frustrating exercise in ineffective links and extraordinarily outdated reports. Prior to this very recent case, I could find reference to only two criminal prosecutions in Canada since the 1999 inception the act and the only one with a dollar figure was for $25,000.

In June, enforcement of bribery in Canada actually made publication. I would like to say that it made headlines, but the only page-one google hits for “bribery enforcement in Canada” were law firm briefs and low profile blogs.

The recent case is Niko Resources Ltd., here, which is based on bribery of a junior energy minister in Bangladesh. As per the Reuters report by Scott Haggett, “the charges stemmed from providing a car worth $191,000 and a $5,000 trip”, but the fine is $8,260,000 plus a victim surcharge of 15% for a total $9.5 million fine. This does not include legal costs and it does not contemplate the reputational damage to Niko, or their 3.2% fall in market cap of their shares (which equates to more than $120 million.) Class action securities claims have been started for less.

A CFPOA settlement in this range is material to even the biggest Canadian corporations and it obvious that the intent is to send a warning signal to all Canadian companies, directors and senior management (and to try to get the Government out of the news for being complete ineffective on bribery and corruption.)

Here is the corporate governance, risk management and insurance spin. For this we will have to look outside of Canada because, in the article here at Canadian Lawyer Magazine by Andi Balla, it has been expressed by the head of the RCMP unit in charge of investigation corruption of foreign officials that “Canadian legislation is very short and hard to interpret.”

Based on the US experience with FCPA, and the very recent UK Bribery Act, the issue of Bribery will receive increased focus as a material Corporate Governance, Risk Management and Compliance responsibility. Risk Management will be a particular challenge based on the “ground level” exposures and the difficulty identifying and controlling risk that is created by a vast number of activities conducted by a large number of people with significant geographic and supervisory separation.

Like most other corporate risks, good loss control will come from establishing, communicating, enforcing and monitoring policies and procedures. But identifying, qualifying and quantifying risk in order develop specific risk based policies and procedures is much easier (not to mention quicker) to say than do.

The U.K. Ministry of Justice, regarding the new U.K. Bribery Act (took effect July 1, 2011), here, has provided some Guidance, here, to their legislation. But enacting policies and procedures is further complicated by the vague language of the official guidance which uses phrases like “extremely unlikely to engage Section 1” (the section prohibiting Active and Passive bribery), and introduces the “reasonable person” test and “common sense approach”. One area that makes it difficult to define or identify risk is the “associated persons” language which is not easily defined and includes any person or entity who “performs services” for the company. Therefore, direct and even indirect contractors could create a risk of liability for the corporation.

Other concerns with the U.K. guidance is that many terms are not defined. One such term is “close connection”, because this close connection to the U.K. could apply to the person committing the offence, or to place of incorporation, or to the location of the consenting senior officers. Another important term “carry on business”, because the parent company or even a subsidiary entity does not have to be incorporated in the U.K. in order to be responsible under the Act.

Directors of affected companies will to have look at the “relative ‘value’of the spend” in every foreign business dealing and determine its ‘proximity’ to a pending business deal in order to identify activities that generate risk. They will then have to prioritize which activities could become the subject of scrutiny under the Act and direct resources accordingly.

The insurance response has yet to be determined. Some ideas are presented by Anjali Das, a partner in the Chicago office of the Wilson Elser law firm, are published in The D&O Diary Blog, here.

Insurance underwriters will eventually be requesting copies of Anti-Bribery policies and procedures, but that has not started (in Canada) and we hope to provide warning of any such change.

Directors, if not already, will soon be asking their General Counsel, CFO, Corporate Secretary, or whoever else is their go-to-person on personal liability and directors’ and officers’ liability insurance (D&O), about the potential response of their D&O policy to a CFPOA investigation. Since there are many dozens of different D&O policy wording and hundreds of endorsements in current use in Canada, there is no one-size-fits-all answer to this question. Your current in force policy wording needs to be reviewed. I suggest asking for an electronic searchable version from your insurance broker and searching for the term “fine”. If you are attempting to find the answer in paper form I recommend starting from the last endorsement and working backward. It is common for large publicly-traded companies to have more than 20 endorsements on their D&O policy, changing a good portion of the base policy wording. You will likely see a “fines and penalties” exclusion (unfortunately not in the exclusion section,) hidden in the definition of Loss. However, there may be a ‘carve-back’ (and exception to the exclusion) for defence costs.

Before you do anything regarding affirmative insurance coverage for an CFPOA action, an examination of priorities is warranted. Meaning, what do all of the Insureds, or at least Classes of Insureds, want the policy to do? I have not seen a CFPOA exclusion used in Canada, and Canadian underwriters are not likely to take a knee-jerk reaction to the Niko CFPOA enforcement action. I have also not seen any specific CFPOA endorsements in the Canadian marketplace, but I am sure they are in the works. But, the “broadening” of coverage to include Loss based on CFPOA actions may not be in the best interest of all Insureds. There is usually only one limit of liability available and it is shared by every director, officer, employee and the corporate entity (including every subsidiary) for every individual allegation, investigation and lawsuit. Also, it is common that in the middle of a potentially large group of claims (or circumstances which could lead to a claim) policy limits are not renewed (refreshed) at the expiry of the policy and therefore the one limit of liability may be the only limit available for all of these parties and matters for many years.

Therefore, based on single aggregate limits, and considerable number of parties and matters insured under a typical D&O insurance policy, a full understanding of how and where limits are sharing should be a top priority for D&O buyers.

I try not to subject my readers to 2,000 words in a post, but this does not give the corporate governance, risk management and insurance spin the detail it deserves. Therefore, if you would like more details in these areas, or if you would like help understanding your D&O policy and its potential triggers (positive and negative) regarding CFPOA enforcement, notice obligations or risk of limit exhaustion, please don’t hesitate to call me directly.

Greg Shields is a D&O, Professional Liability and Crime insurance specialist and a Partner at the University and Dundas (Toronto) branch of Mitchell Sandham Insurance Services. He can be reached at gshields@mitchellsandham.com,  416 862-5626, or Skype at risk.first. And more details of risk and loss control can be found on the Mitchell Sandham blog at https://mitchellsandham.wordpress.com/

CAUTION: This article does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult a registered and truly independent insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making any insurance or legal decisions. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this document from any external website must receive the consent of Mitchell Sandham Inc. by sending an e-mail to gshields@mitchellsandham.com.