Building Effective Internal Communication Channels and Adapting Employee Compliance Training

This is an Insight article, written by a selected partner as part of Latin Lawyer's co-published content. Read more on Insight

Managing multinational workforces in an age of anti-corruption ‘accretion’

Managing risk within multinational, matrixed organisations is no simple feat. Entities that face particular challenges include, for example, those that employ nearly 100,000 employees worldwide, which generate significant revenue through production or sales in high-risk jurisdictions that are divided into several business segments. Often, large organisations such as these are supported by global or regional compliance professionals tasked with navigating multiple jurisdictional demands in diverse areas of risk including anti-bribery programming, employee onboarding and training, and third-party due diligence.

Advancing global initiatives to workforces across the globe and building effective communication channels to do so requires balancing both compliance and commercial priorities. To manage this balance effectively, a compliance programme must deploy a variety of techniques to support multinational workforces while ensuring the compliance programme is oriented to actual business risk and to the enforcement landscape.

Despite early concern that the pandemic would de-emphasise anti-­corruption enforcement as a priority, in June 2021, the Biden administration issued a memorandum highlighting the cost of corruption and declaring corruption a core national security interest.[2] In October 2021, Lisa Monaco, Deputy Attorney General at the US Department of Justice (DOJ), made plain that companies must actively review their compliance programmes to ensure they adequately monitor for and remediate misconduct – or else there will be costs down the line.[3] Monaco also underscored the importance of rooting out misconduct and avoiding the ‘edge case’. In November 2021, Chair Gary Gensler’s prepared remarks at the Securities Enforcement Forum echoed and amplified Monaco’s message when he stated, ‘So if you’re asking a lawyer, accountant, or adviser if something is over the line, maybe it’s time to step back from the line.’[4] And, in December 2021, the Biden administration’s position on anti-corruption was crystallised in the United States Strategy on Countering Corruption (the Strategy).[5]

The Strategy is highly attuned to the cadence of corruption in the United States and abroad and commits to devoting considerable cross-agency resources to its efforts to combat bribery. It describes corrupt actors broadly to include those like the ‘small-town hospital administrator’ who demands bribes in exchange for life-saving services and the ‘globe-trotting kleptocrat’ who offshores an embezzled fortune. The Strategy unequivocally recognises that the ‘increasing interconnectedness of the global economy underscores the need for a new approach’ and commits to pursuing enforcement against corrupt actors who bribe across borders, those who stash illicit wealth abroad or use the US financial system to launder ill-gotten gains. The Strategy even contains plans for DOJ and its investigative partners to expand subpoena power for certain financial records maintained abroad. The Strategy’s approach is expansive and demonstrates the United States’ commitment to preserve and strengthen multilateral anti-corruption collaboration with other jurisdictions.

Without a doubt, the Strategy will have import in Latin America insofar as it will impact how the United States and Latin American countries use and even augment international cooperation frameworks, particularly with respect to the US enforcement context. Though frameworks for international cooperation existed before the Strategy and we have witnessed their efficacy in multijurisdictional investigations[6] the increased emphasis that international cooperation is not only expected but required, may spark renewed efforts to utilise these existing structures, buttressing the anti-corruption architecture in Latin America in the process. For example, with respect to its international cooperation efforts in corruption and other investigations, Latin American countries such as Argentina, Brazil, Mexico, Peru and Uruguay are parties to mutual legal assistance treaties (MLATs) with the United States.[7] These treaties address various criminal procedural issues, such as extradition, the taking of testimony, the exchange of evidence and the legal execution of requests for searches and seizures.[8] In money-laundering cases, they can be extremely useful as a means of obtaining financial records from treaty partners.[9]

The Strategy may even reinvigorate domestic anti-corruption laws and initiatives in Latin America. For example, we may see inroads in Mexico where President López Obrador’s administration has not delivered on a campaign platform to bring about widespread corruption reform, including allocation of additional resources to state institutions in Mexico dedicated to combating graft.[10]

While the Strategy does not mention how employee compliance training should be carried out, it signals expectations for compliance training and programmes in providing a blueprint for high engagement and accountability in America, across Latin America, and elsewhere. Indeed, the Strategy is packed with words such as ‘increase’, ‘support’, ‘reform’, ‘boost’, ‘bolster’, ‘amplify’, ‘promote’, ‘magnify’, and ‘augment’ to suggest that compliance programmes, particularly for those managing a multinational workforce, communicate the importance of compliance as an essential component to their work and business model. It stands to reason that if the US government is strengthening the international anti-corruption architecture, compliance professionals should similarly expand a company’s existing compliance architecture while simultaneously ensuring focus on core risk areas and priorities and rectifying persistent gaps in their programmes. Similarly, the US government is reinforcing its already robust system of accountability; multinational compliance programmes must expect that they will be held to account for doing the same with their workforces. The Strategy signals a reinvigoration of the US government’s commitment to collaborating with other governments to combat corruption, including counterparts in Latin America. Consequently, compliance professionals will need to answer the presumed call to action this represents and work even more effectively at managing, communicating, and amplifying anti-corruption efforts. This is particularly true when the threat of enforcement looms. The DOJ has previewed that it is devoting additional resources to pursue and prosecute those organisations who fail to adequately mitigate wrongdoing. However, those who build effective internal communication channels will be well positioned.

Building effective internal communication channels

One key element of corporate governance is a well-designed and well-implemented compliance programme. However, even the best programme will falter absent effective channels to diffuse the principles of an organisation’s ‘culture of compliance’ – the norms that encourage ethical conduct and a commitment to compliance with the law.

Here is where internal communication is critical. Effective internal communication facilities smooth information flow and shapes the way employees engage with an organisation, including how employees perceive its mission and values and how they relate to its culture. Corporate culture is the sum of its parts, and good internal communication takes this into account. In many ways, the most important aim of effective internal communication is to increase visibility of the company’s culture and pave the road for an effective compliance programme where dialogue about risk is multi-layered and open.

Effective internal communication efforts can generally be measured by the following criteria:

  • setting the tone beyond just the top to include the entire organisation;
  • delegating compliance oversight and enforcement to a dedicated function;
  • implementing and publicising compliance policies, procedures and practices;
  • operating a well-functioning confidential reporting mechanism;
  • collecting and analysing compliance metrics;
  • establishing training initiatives that are tailored and adapted to the local laws and customs; and
  • no one size fits all when it comes to the channels used to communicate corporate compliance. This chapter discusses general best practices across industries, but they should be individually tailored to each company’s operational realities.

Tone throughout: communicating a commitment to compliant culture

Effective internal communication does not flow only directionally from the top. It is multi-directional: top-down, bottom-up. Each level bears responsibility for contributing to the organisation’s overall messaging. Buy-in from all sides is therefore one of the most critical factors in determining the success of internal communications strategies.

In communicating a culture of compliance, senior leadership sets the tone for the rest of the entity. Senior management’s commitment to compliance is manifest by the extent to which it articulates the company’s ethical standards, conveys and disseminates them in clear and unambiguous terms, and demonstrates rigorous adherence by example.[11]

Tone at the top is critical, but it must be bolstered by the tone at the middle and indeed throughout the organisation. US government regulators have repeatedly recognised as much.[12] Effective programmes require key members of the compliance constituency among the company’s middle ranks (including local managers, direct managers, and supervisors), which drive the compliance programme on a daily basis. Middle management takes its cues from the top, reinforcing its standards and investing subordinates with a sense of ethical responsibility.[13] Most employees, especially at larger organisations, have little direct contact with senior leadership. They are therefore most influenced by the managers supervising and interacting with them regularly.

Equally important is giving a voice to personnel at all levels and to third-party business partners. Managers should provide a space for these employees to send feedback up the chain and make use of the confidential reporting mechanism.[14] Empowering employees to ‘speak up’ as part of their ethical duties will further promote a healthy information flow within the organisation.

Current communication challenges: covid-19

The global covid-19 pandemic has magnified the importance of digital transformation in the workplace as compliance programmes needed to rely heavily on technology to effectuate the vital function of preserving ethical business practices and ensuring continued connectivity with a dispersed workforce. Going forward, embracing new messaging channels and improving existing ones will be key for maintaining good internal communication. Remote communication strategies in particular have become integral in disseminating relevant information in real-time, engaging and educating employees, and much more.[15]

Remote communication invites its own challenges, including increasing risk through distanced working models that compromise preserving an organisation’s culture of compliance with on-site reminders of the importance of ethical behaviour.[16] Another difficulty is the risk of informational overexposure. Reduced in-person contact has driven employers to consider alternative channels for conveying their messages. Leveraging virtual channels risks desensitising employees from the valuable interactive models that facilitate greater engagement with core compliance concepts.

While in-person training and engagement afford organisations greater opportunities for optimising the quality and effectiveness of compliance training, remote communication tools can also be leveraged effectively. For example, compliance personnel can incorporate video into their communications strategy and make communications substantive and informative, conveniently scheduled for remote-based personnel, and sufficiently frequent without being overly burdensome or repetitive. Equally important is keeping internal communications interesting and engaging.[17] Programming that rewards participation and includes live polls, chat, Q&A and other tools for an interactive experience can increase efficacy.

Whether live or virtual, companies should create space for employee feedback and discussion of ideas and concerns. Encouraging employees to provide perspective on their day-to-day experience is even more critical in remote working conditions, where managers cannot communicate as easily with employees in real-time or observe non-verbal communication.[18]

For new employees, remote communications also inhibit in-person onboarding and integration. Virtual onboarding can minimise direct exposure to the organisation’s culture of ethics at the outset of employment and reduce connectivity with compliance personnel, policies and practices.[19] In addition, companies should provide the benefits of an in-person experience when onboarding new personnel. Organisations should also ensure new employees are afforded real-time opportunities to ask questions and receive answers, provide feedback to presenters, and interact with other participants as appropriate. This will pay dividends in acquainting new employees to the organisation’s values and culture.

The global pandemic has bred much uncertainty. One can safely assume, however, that many of the communication challenges within the workplace will persist. As the world of work continues to evolve, adroit use of fluid communication channels will be key in aligning the workforce with organisational values and linking a disconnected and dispersed workforce to a common community.

Who owns this? Assigning compliance oversight

Another hallmark of commitment to ethical practices is designating a dedicated function with the mandate to implement and enforce compliance initiatives. The delegation of this core mandate can, and should, account for an organisation’s size and structure and need not be a compliance officer or in-house personnel. Some entities may outsource these functions or delegate authority to personnel within Legal or aligned within the business sectors themselves. Whichever option aligns best with the size and structure of the organisation, compliance-related work should be performed independent from management and be resourced adequately within the organisation or through external resources in terms of budget, human capital, and information technology.[20] The function should not be merely a ‘paper programme’ but rather one that is well designed and equipped to handle the organisation’s operational demands.[21]

Good-faith enforcement of compliance policies and expectations further reinforces an organisation’s culture of corporate compliance and ethics. Indeed, in analysing the effectiveness of a compliance programme, government enforcement authorities ask whether corporate management is enforcing the programme or tacitly encouraging employees to engage in impropriety.[22] A company can demonstrate good-faith enforcement by sanctioning misconduct and rewarding good behaviour.[23]

Before doling out disciplinary action, a company must first communicate clearly what constitutes a breach of internal policies, procedures and values, and how the company will respond to such a breach. If a breach is corroborated and repercussions are warranted, the company should issue disciplinary action promptly and consistently.[24] Uniform application of investigative processes and discipline communicates that misconduct will not be tolerated while also reinforcing fidelity to ethics and accountability.[25] Some companies have even found that publicising disciplinary actions internally, where appropriate under local law, can have an important deterrent effect, warning that unethical actions have swift and sure consequences.[26]

Just as disciplinary action can communicate commitment to compliance, so too can positive incentives.[27] Incentives can take various forms including recognition, promotions, notations in performance evaluations, rewards for improving a company’s compliance programme, and bonuses for ethics and compliance leadership.[28]

Compliance policies, procedures and practices

A company’s policies and procedures form the foundation upon which an effective compliance programme is built. These policies set forth ethical expectations, outline disciplinary procedures, and, more broadly, incorporate the culture of compliance into the organisation’s day-to-day operations.[29] The best policies are clear, concise, and accessible to all employees and those conducting business on the company’s behalf.[30]

But policies are meaningful only if personnel know about them. A company can ensure employees know about its policies by requiring periodic certification of compliance and introducing new employees to its ethical values during onboarding.[31] Relatedly, a company should inform business partners that it expects all activities carried out on its behalf to comport with internal ethics protocols and lawful business practices.[32] Where appropriate, a company may seek assurances from third parties, through certifications or contractual representations, of reciprocal commitments.[33] These measures ensure that the compliance programme is visible, understood and followed appropriately by all relevant stakeholders.

Particularly in light of the current landscape, measures and renewed strategies must be used as a teaching moment to convey the importance of complying with all laws and company policies, including anti-corruption, anti-money laundering, and trade compliance laws and policies. Multinational workforces must be made aware of escalating enforcement trends, increased focus on individuals, and the shift from reactive compliance measures to preventative, prophylactic and proactive measures. This re-education could take the form of refreshers on kickbacks, improper payments and quid pro quo. This could mean improving coordination among varied support functions within the organisation that ensures prompt escalation of relevant matters to Legal and that the workforce is privy to that dynamic.

Given the continued keen focus by US and international regulators on multi-jurisdictional enforcement on working with foreign partners to prevent the establishment of financial safe havens for corrupt actors, employee compliance training should also mirror the continued multi-jurisdictional approach.[34] Employee compliance training moving forward should implement policies related to ‘safe havens’ and be highly attuned, for example, to third parties who may request payments to shell companies in potential safe havens for more favourable regulations or exchange rates. A compliance programme must also educate personnel at these multinational companies on the importance of fortifying due diligence on key players instrumental to business functions considering these safe havens.

Anonymous reporting mechanism

Among the truest measures of a company’s commitment to compliance is how it responds to potential misconduct. A company should have in place a well-functioning reporting mechanism for the anonymous reporting of suspected or actual breaches of internal policy.[35] An effective mechanism will further account for the timely and thorough investigation of those reports, which includes routing complaints to proper personnel and tracking timing metrics of open and closed investigations.[36] Upon completion of a thorough probe, an organisation should document outcomes, monitor implementation of any remedial measures and share investigative findings to relevant stakeholders.[37] Should reported allegations be substantiated, best practices dictate that the company examine what happened, why it happened (i.e., the root cause), and how to avert similar incidents moving forward (i.e., the lessons learned).

It is not enough to have such a reporting system in place, however, without ensuring employees and third parties know it exists.[38] Publicise the reporting system broadly, perhaps through periodic trainings or email reminders that boost its profile.[39] Hotline usage can be a good barometer of how well a company is advertising its reporting channels. Infrequent or non-use of a reporting hotline implies that employees or third parties are unaware of its existence, or are aware but either lack the know-how to escalate concerns or are uncomfortable with or distrust the process.[40] In contrast, healthy hotline usage evinces a well-functioning system and constructive environment wherein individuals feel unafraid to ‘speak up’.

Moreover, actively encouraging personnel to submit reports without fear of reprisal reinforces a corporate culture that promotes honest behaviour and incorporates reporting as part of an employee’s ethical duties. To further signal transparency and foster trust in the process, provide detailed information on the procedural next steps after submitting a report.[41] Finally, the organisation must thoroughly investigate the allegations and remediate any wrongdoing.

Collecting and analysing compliance metrics

Internal communication efforts are strengthened through continuous evolution of compliance programmes, aided in large part by data analytics. In short, the data helps organisations identify, mitigate and respond to compliance risks in real time and diagnose behavioural compliance trends.

A staple of dynamic compliance programmes are mechanisms for collecting metrics to help detect and prevent misconduct. Indeed, government enforcement authorities have signalled that companies need to be collecting and analysing metrics about their compliance programmes, emphasising the growing importance of data analytics in assessing effectiveness of a compliance system.[42]

At the keynote address of the American Bar Association’s 36th National Institute on White Collar Crime, Deputy Attorney General Lisa O Monaco stated, ‘Data analytics plays a larger and larger role in corporate criminal investigations, whether that be in healthcare fraud or insider trading or market manipulation.’ The message is clear – now is the time to embrace proactive approaches to compliance. Either internally or with external assistance, companies can optimise the utility of data analytics by tracking metrics in their compliance functions by utilising tools such as due diligence reviews, hotline usage, investigations opened and closed, training completion rates, policies drafted or revised, disciplinary action and remediation status.[43] Capturing these metrics helps companies measure progress, analyse trends or patterns of misconduct, and identify compliance vulnerabilities. It also enables substantive assessment of high points and growth opportunities while offering benchmarks in which to anchor compliance targets and goals moving forward. This, in turn, breeds transparency and accountability by facilitating the reporting of actionable data to relevant stakeholders. In sum, a company’s data collection mechanisms and response to the corresponding data are key indicia of compliance function effectiveness and communicate commitment to a compliance culture.

It is also important that companies have a process for implementing new policies and for revising outdated ones that reflect the spectrum of risks posed by an evolving legal, regulatory and business landscape.[44] For example, limitations on in-person gatherings and remote work environments due to the covid-19 pandemic have substantially increased the use of app-based messaging (e.g., WhatsApp, WeChat) for business communications.[45] Because of this, companies – particularly those in regulated industries – should ensure that their employees’ business-related communications comport with relevant regulatory obligations and can be monitored and retained, as necessary. This is particularly true for companies that operate in Latin America where Whatsapp ‘dominates’.[46] Indeed, according to Global Web Index’s 2020 Social Media User Trends Report, 93 per cent of those aged 16–64 in Argentina use WhatsApp, as well as 92 per cent of Colombians in the same age group, and 91 per cent of people in Brazil.[47] Companies operating in Latin America would thus benefit enormously from implementing centralised guidance on the use of ephemeral messaging applications as a means to strengthen their compliance programmes.

Additionally, organisations are increasingly implementing policies that govern use of electronic devices for personal and business purposes. This is illustrated by the rising popularity of Bring Your Own Device (BYOD) policies, which permit employees to use personal devices rather than company-issued devices to access company applications and information, with the BYOD market expected to be valued at almost US$367 billion by 2022, up from just US$30 billion in 2014.[48] Companies may not be able to prevent every employee from using unauthorised text or messaging apps for business communications; however, they can take steps to demonstrate reasonable controls, including by maintaining a clear policy, ensuring retention capabilities, auditing employee use, and incorporating information security best practices. In addition, companies should consider technological solutions to restrict employees’ ability to install unapproved apps on company-issued devices and provide employee training to establish further awareness of and compliance with information security practices.

Adapting to local laws and customs

As if implementing a dynamic compliance programme were not already a delicate balancing act on its own, adapting programmes to address a spectrum of anti-corruption laws and other legislation adds to the challenge but is one compliance programmes must address.

Complying with sweeping legislation across jurisdictions with varying enforcement landscapes

Distilling the vast expanse of bribery laws into manageable content for employees to understand and follow is not easy, especially with the cascade of countries that have enacted or amended a host of strong anti-corruption laws and enforcement regimes in the past decade. The FCPA, enforced by the DOJ and the Securities and Exchange Commission (SEC), is broadly applicable to US companies, as well as foreign companies or persons with a nexus to the United States, and their affiliates. This legislation prohibits foreign bribery of government officials but applies to the bribe payer only whereas the UK Bribery Act (UKBA), passed in 2010, applies to the bribe payer and recipient. Moreover, the UKBA prohibits bribery of foreign public officials and private parties alike. These statutory regimes and the regulators who enforce them are usually well known to compliance professionals.

But various countries in Latin America, including Brazil, Colombia and Mexico, have enacted corporate compliance requirements of their own in recent years and companies engaged in those markets must be cognisant of those varying enforcement landscapes. Relatedly, the anticorruption terrain in Latin America imposes jurisdiction-specific requirements that organisations must navigate. For example, the Argentine Criminal Code (ACC) 274 has provisions related to corporate criminal liability for bribery and other acts of corruption.[49] The Brazilian Anti-Corruption Law or Clean Companies Act (Law No. 12,846/2013) establishes judicial and administrative liability for legal entities that commit corrupt acts and even prohibits fraud in public tender processes.[50] In Colombia, the Anti-corruption Act, Law 1474, of 2011 criminalises active and passive bribery, foreign bribery, political corruption and money laundering, among other crimes and establishes administrative, criminal and fiscal sanctions.[51] And in Mexico, the General Law of the National Anti-Corruption System (SNA) coordinates the prevention, detection and prosecution of anti-corruption cases across municipal, state and local jurisdictions.[52]

In addition to varying legislation, countries in Latin America can and do have differing levels of sophistication and resourcing with respect to their anti-corruption regimes. For example, the US State Department expressed concerns in its 2020 Country Report for Argentina, a report focused on human rights practices within the country, and noted ‘multiple reports’ that ‘executive, legislative, and judicial officials engaged in corrupt practices with impunity, suggesting a failure to implement [Law 27.401] effectively’ and that ‘[w]eak institutions and an often ineffective and politicized judicial system undermined systematic attempts to curb corruption.’[53] Brazil, comparatively speaking, is considered to have one of the ‘toughest’ anti-corruption laws in the world, with skilled investigators and prosecutors, and solid democratic institutions, though some consider its enforcement ‘inconsistent.’[54] Other Latin American countries like Colombia and Peru are developing their enforcement regimes, largely tasked with harnessing the political will and technical capacity to do so.[55] For example, in the past two decades, Peru has introduced various initiatives with the goal of remedying the pattern and practice of corruption that accompanied the Fujimori presidency.[56] Additionally, Colombia officially became an OECD Member after having completed its domestic procedures for ratification of the OECD Convention and the deposit of its instrument of accession.[57] This process began in 2013, signalling the profound political change Colombia has undergone in the past 10 years in its efforts to strengthen its institutions and implement good governance.[58]

There is undoubtedly a growing commitment to anti-bribery that transcends borders. Indeed, 38 OECD countries and six non-OECD countries – Argentina, Brazil, Bulgaria, Peru, Russia and South Africa – have adopted the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.[59] Moreover, in 2021, Parties to the Anti-Bribery Convention agree to new measures to reinforce their efforts to prevent, detect and investigate foreign bribery.

Taken together, it is clear that multinational organisations will need to ensure their compliance programme and global personnel adhere to the mandates that regulators impose. And whether it is the FCPA, the UKBA or local anti-corruption laws, the basic proscription is the same: nothing of value can be given, directly or indirectly, to improperly influence government officials or commercial counterparties.

Tailoring a global compliance policy

A global enterprise faces a wide array of compliance concerns including bribery, corruption, embezzlement, money laundering, employee kickbacks, accounting irregularities and conflicts of interest. Tailoring compliance programmes to the localities in which multinational companies operate while addressing these concerns poses yet another uphill challenge.

A multinational company may, for instance, choose to implement uniform global compliance policies that include requirements that are either more restrictive or less restrictive than local regulations, like those discussed above. Other multinational companies may mix and match – applying consistent standards globally while also supplementing with country-specific guidance. Given the sheer number of individuals within a multinational organisation, it is also advisable that companies create roles for compliance professionals to be available to personnel globally for ‘on the ground’ guidance and feedback. Moreover, tailoring training to an audience’s size, industry, risk profile, geographical footprint, language, sophistication and subject matter expertise is crucial.

Above all else, when developing training programmes, multinational companies should tailor presentations and materials to the roles of its workforce, and policies and training should be presented in local languages and in person, to the extent possible.[60] This is especially important given that the revised DOJ Guidance[61] from June 2020 makes clear that the DOJ is more focused than in past years on determining whether companies have effective feedback loops to ensure that efforts to train employees and deploy reporting mechanisms are both useful and practical. Since prosecutors will now ask whether employees have been given the opportunity to ask questions in response to trainings, it is incumbent on multinational companies to ensure not only that trainings are in the local language and sensitive to local differences but also that employees can ask questions in their local language.

Training programmes should also be brimming with real-world examples, tailored to any specific localities. And real-world examples that span the globe while also implicating Latin America are not difficult to find, especially given recent SEC enforcement actions. In September 2021, WPP plc, the world’s largest advertising group, agreed to pay more than US$19 million to settle charges that it violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA in connection with violations at its subsidiaries in India, Brazil, China and Peru.[62] According to the order, WPP failed to promptly or adequately respond to repeated warning signs of corruption or control failures at certain subsidiaries.[63]

The SEC enforcement action against WPP related to conduct in multiple jurisdictions and, in particular, provided a window into how bribery and books and records violations can play out in Latin America. For example, in Brazil, WPP’s subsidiary made improper payments in 2016 to vendors to secure government contracts, despite policies that prohibited the activity.[64] Moreover, WPP Brazil falsified its books and records to reflect that the vendors performed real services, such as marketing or IT. In Peru, WPP’s subsidiary disguised a bribe from a construction company to the mayor of Lima’s political campaigns in exchange for work by ‘funneling the construction company’s payments to Peru Subsidiary through WPP subsidiaries in Colombia and Chile’.[65] The enforcement action against WPP demonstrates how subsidiaries in Latin America can act as ‘conduits’ for bribery, particularly in the context of political campaigns, and can thus serve as a real-world example for companies who do business in the region. This is important because the FCPA remains an enforcement priority at the SEC under Gary Gensler, particularly with respect to the oversight and prosecution of corporations and large financial institutions, and largely in the books and records and internal accounting controls provisions.[66]

Also in 2021, the SEC charged Amec Foster Wheeler Limited with violations related to anti-bribery, books and records, and internal accounting controls provisions of the FCPA in connection with a Brazilian bribery scheme.[67] According to the order, Foster Wheeler’s UK subsidiary, Foster Wheeler Energy Limited (FWEL), made improper payments to Brazilian officials to establish a business presence in Brazil and win an oil and gas engineering and design contract from the Brazilian state-owned oil company Petroleo Brasileiro SA (Petrobras), known as the UFN-IV project. The bribes were paid through third-party agents, including one agent who failed Foster Wheeler’s due diligence process, but was allowed to continue working ‘unofficially’ on the UFN-IV project. The company agreed to pay more than US$43 million related to this scheme. The enforcement action against Amec Foster Wheeler Limited emerges as a study in the importance of due diligence and the role third-party agents can play in bribery schemes, particularly in an ‘extractive’ industry in Latin America, an industry that Transparency International has identified as the highest-risk sector for corruption and bribery.[68]

The increase in individual prosecutions involving Latin America also signals continued focus on the region. In October 2021, five individuals, including a politician from Venezuela’s ruling party and an associate of a businessman close to President Nicolas Maduro, were charged with money laundering in connection with an alleged Venezuela bribery scheme.[69] The indictment alleged that meetings in furtherance of bribe payments occurred in Miami and that these individuals wired money related to the scheme to bank accounts in the Southern District of Florida.[70] As a result of the scheme, those charged transferred approximately US$350 million out of Venezuela, through the United States, to overseas accounts they owned or controlled.[71] And in March 2021, DOJ announced criminal charges against Jorge Cherrez Mino, a citizen of Ecuador who was located in Mexico, and John Robert Luzuriaga Aguinaga in connection with a bribery scheme in Ecuador.[72] Lastly, individual corruption charges for those suspected of corruption and antidemocratic conduct in Guatemala, El Salvador and Honduras might also be on the horizon, considering Secretary of State Antony Blinken’s report listing 55 individuals suspected of such conduct in the Northern Triangle.[73]

Tailoring global compliance policies in such a way that grapples with these real-world realities, whether they draw from corporate resolutions or individual prosecutions, will only provide multinational companies with competitive advantages and bolster their ability to attract and retain better talent. It will ensure that business is done the ‘right’ way and help employees, wherever they are in the world, take stock in a company that acts with integrity.


Architects who design compliance programmes in this age of anti-corruption ‘accretion’ must look to the past, present and future in managing multinational workforces and building effective internal communication channels. Training should include lessons learned from past enforcement actions as well as lessons from within a company while making innovative use of measures such as data analytics in diagnosing, mitigating and responding to compliance risks. Training should take a multidirectional approach to educating the workforce on the current state of anti-corruption accretion and its evolving nature, tailored to the employee’s locality when applicable. And trainings should provide employees a glimpse into what the future could hold if compliance is not prioritised, providing adequate resources, anonymous reporting mechanisms, guidance and even mega-fine figures to ensure that the future is not, in fact, realised.


[1] María González Calvet is a partner, and Krystal Vazquez and Baldemar Gonzalez are associates at Ropes & Gray.

[2] Memorandum on Establishing the Fight Against Corruption as a Core United States National Security Interest (3 June 2021)

[3] Dep’t of Justice, ‘Deputy Attorney General Lisa O. Monaco Gives Keynote Address at ABA’s 36th National Institute on White Collar Crime’ (28 October 2021),

[4] US Securities and Exchange Commission, ‘Prepared Remarks At the Securities Enforcement Forum’ (4 November 2021),

[6] For example, in 2017, the US DOJ, alongside the Brazilian Operation Car Wash taskforce (housed within Brazil’s Federal Public Prosecutor’s Office) coordinated resolutions in four cases under the FCPA against Embraer, Rolls-Royce, Braskem and Odebrecht. See

[7] See, e.g., Treaty Between the United States of America and Mexico, signed at Mexico City on 9 December 1987,; Tratados de Asistencia Judicial en Materia Penal Suscritos por el Perú [Treaties of Judicial Assistance in Criminal Matters Signed by Peru], República del Perú Poder Judicial, See also treaties.html#:~:text=The%20United%20States%20has%20nineteen,)%2C%20United%20Kingdom%2C%20Uruguay.

[10] See AMLO 2021: Is the Mexican Administration’s Fight Against Corruption All Rhetoric? (30 June 2021); see also ‘López Obrador has little to show for his fight against corruption’ (22 November 2021),

[11] See US Dep’t of Just., Crim. Div., Evaluation of Corporate Compliance Programs 10 (June 2020), [US DOJ Evaluation]; World Bank Group, Integrity Compliance Guidelines 5 (2017), [World Bank Guidelines].

[12] See US DOJ Evaluation, at 1, 10 (providing guidance ‘to assist prosecutors in making informed decisions as to whether, and to what extent, the corporation’s compliance program was effective at the time of the offense’).

[13] See FCPA: A Resource Guide to the U.S. Foreign Corrupt Practices Act, Crim. Div. US Dep’t of Just. & Enforcement Div. US Sec. & Exch. Comm’n 58 (2d ed. 2020) [FCPA Resource Guide].

[14] See Dep’t of the Treasury’s Office of Foreign Assets Control, A Framework for OFAC Compliance Commitments 3 (May 2019), [OFAC Framework].

[15] See Digital Workplace, ‘What Is Internal Communication? – The Ultimate 2022 Guide’, BizPortals 365, (last visited 2 February 2022).

[16] ‘Identifying and Addressing Impacts of Remote Working on Compliance’, Westlaw Practical Law Practice Note w-030-5012 (last visited 6 February 2022).

[17] See Alysha Parker, ‘How to Build an Effective Internal Communications Strategy’, Vimeo (23 April 2021), (‘When employees are participating, they are listening.’).

[18] See ‘Managing Internal Communication During a Crisis!’, Letsbuzz (10 April 2020), (‘The key to this step is an open and healthy discussion that encourages dialogue between teams and individuals.’).

[19] id.

[20] See OFAC Framework, at 2.

[21] See US DOJ Evaluation, at 9.

[22] See US DOJ Evaluation, at 2.

[23] See US Sent’g Comm’n, Guidelines Manual § 8B2.1(b)(6) (2021) (noting that an organisation’s compliance programme should entail ‘(A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct’).

[24] See US DOJ Evaluation, at 13 (adding that disciplinary action should be commensurate with the violations).

[25] See US DOJ Evaluation, at 13.

[26] See US DOJ Evaluation, at 13.

[27] See Stephen M Cutler, Director, Div. of Enforcement, US Sec. & Exch. Comm’n, ‘Tone at the Top: Getting It Right, Second Annual General Counsel Roundtable’ (3 December 2004), (‘[M]ake integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that “doing the right thing” is a priority, is to reward it.’).

[28] See World Bank Guidelines, at 12.

[29] See US DOJ Evaluation, at 4.

[30] See OECD, ‘Corporate Anti-Corruption Compliance Drivers, Mechanisms, and Ideas for Change’ 38 (2020), [OECD Compliance Drivers].

[31] See OECD Compliance Drivers, at 39.

[32] See World Bank Guidelines, at 10.

[33] See FCPA Resource Guide, at 62.

[34] See United States Strategy, at 13.

[35] See US DOJ Evaluation, at 6.

[36] See US DOJ Evaluation, at 6.

[37] See FCPA Resource Guide, at 66.

[38] See World Bank Guidelines, at 13.

[39] See Helen Kim, ‘Taking a Fresh Look at Hotlines: Fostering a Speak-Up Culture and Leveraging Data’, Anti-Corruption Report (16 September 2020),

[40] See Vincent Pitaro, ‘Revisiting Compliance Programs in Light of the DOJ’s Updated ECCP, Anti-Corruption Report’ (30 September 2020),

[41] See Kim, ‘Taking a Fresh Look at Hotlines’ (‘Companies should provide regular training to employees on the reporting process, not just the existence of the hotline, to set expectations and encourage continued engagement.’).

[42] See, e.g., Rebecca Hughes Parker, Data to Enhance Compliance Programs, Anti-Corruption Report (5 January 2022), (‘The DOJ, SEC and other enforcement authorities have made clear that companies need to be gathering and analyzing data about their compliance programs, and the agencies themselves have become more sophisticated in their knowledge of data analytics.’); Dep’t of Just., Deputy Attorney General Lisa O. Monaco Gives Keynote Address at ABA’s 36th National Institute on White Collar Crime (28 October 2021), (‘Data analytics plays a larger and larger role in corporate criminal investigations, whether that be in healthcare fraud or insider trading or market manipulation.’)

[43] See Andy Miller, ‘How Visual Analytics Can Fuel a Compliance Program’, Anti-Corruption Report (2 December 2020),

[44] See FCPA Resource Guide, at 59.

[45] In one study, roughly eight in 10 people aged 25 to 34 stated that they use messaging platforms, such as WhatsApp, to communicate with their colleagues at least once per week. See Simon Kemp, Digital 2020: October Global Statshot (20 October 2020), This trend existed even pre-pandemic. WeChat reported over 1.2 billion monthly active users in 2020, more than double the 550 million monthly active users it reported in 2015. See Lai Lin Thomala, Number of active WeChat messenger accounts Q2 2011-Q4 2020, Statista (25 March 2021), WhatsApp reported in 2020 that roughly 100 billion messages were exchanged each day on the platform, up from 30 billion messages in 2015. See H Tankovska, ‘Number of monthly active WhatsApp users as of 2013-2020’, Statista (7 July 2021),

[46] See Ewan Palmer, ‘Facebook Outage Left Latin America Dark, Where WhatsApp Dominates’, Newsweek, (5 October 2021),

[47] id.

[48] See Lilach Bullock, ‘The Future Of BYOD: Statistics, Predictions And Best Practices To Prep For The Future’, Forbes (21 January 2019).

[53] See; see also Codigo Penal [Cod. Pen.] [Criminal Code] arts. 256-59, Restored 27 August 1984 (Arg.), available at

[56] id.

[59] OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (last visited 6 February 2022).

[60] ‘Globalizing Your Compliance Program’ (29 January 2018),

[61] See US DOJ Evaluation.

[62] US Securities and Exchange Commission, ‘SEC Charges World’s Largest Advertising Group with FCPA Violations’ (24 September 2021),

[63] id.

[71] id.

Unlock unlimited access to all Latin Lawyer content