Lawyer Monthly Magazine - March 2020 Edition

52 WWW.LAWYER-MONTHLY.COM | MAR 2020 An Interview With There seem to be many factors at play. Given this, how can companies ensure that they are not violating the rules? The key resides in an effective compliance management system. Legal entities should use all efforts and adopt adequate measures to prevent, or at least minimise the risk(s) of a crime being committed. Companies which are managed appropriately will not suffer from criminal liability. I would like to point out that solely the adoption of certain measures is absolutely insufficient. In the event of a crisis situation, the authorities take into account the effectiveness of the measures and whether there exists a real compliance culture within a company. Therefore, such measures must address the specific situation of the legal entity and form an effective compliance management system. What would you classify as an ‘effective compliance management system’? A proper compliance management system should be based on proper risk analysis and reflect the size of the entity, complexity of regulatory requirements, international nature of the company, the scope of business, the risk profile of the entity and the market environment in which it operates. Moreover, a compliance management systemmust not only be put in place and forgotten about, as it is in need of a continuous update in light of new circumstances and risks. Of course, even if the system is set up correctly, acrimecanstill becommitted due to a breach of obligation by an individual. The human factor cannot be eliminated completely. However, the crime should not be attributed to the company in such an event. How does a corporate investigation proceed if a company is under suspicion of violating the FCPA? The standard corporate investigation usually consists of three phases. The first one comprises the review of initial information, background searches and sometimes initial fact-finding interviews with relevant custodians. Background searches reveal red flags and identify individuals who we should focus on during the data review or who should be interviewed in the next stages to understand their involvement in the matter. The following investigation phase resides in the technology-assisted electronic data review based on appropriate keywords. Data protection and privacy issues are extremely important at this stage and the use of proper technology and the right definition of keywords reduce the risk of breaching data protection and privacy rules. The red flags either prove or disprove to be real, sometimes new facts emerge and the scope of the corporate investigation adapts to reflect these. After the data review, the interviews with individuals involved follow in order to fill in the missing pieces of information, to confront them with findings and give them the opportunity to explain what happened. We then proceed with an analysis of all the findings and propose recommendations to the client. Concerning the final stage, the company decides - or it might be effectively “The influence of the FCPA is tremendous. To give you some perspective, most of the corporate investigations that we are currently running in the CEE/SEE region are somehow FCPA- triggered.”