FCPA Compliance and Ethics Blog

June 26, 2015


Filed under: Brazil,Clean Companies Act,Raphael Gomes — tfoxlaw @ 12:01 am

IMG_3310Ed. Note-it is always gratifying and a little flattering when someone else uses your mantra. So when today’s Guest Post author sent me a blog with ‘Document Document Document’ in the title, I was sold. Today Raphael Gomes, from the law firm of Chediak Advogados, discusses the need for documentation under the Brazilian Clean Company Act. 

It was only 14 months after Law No. 12.846/2013, Act, entered into force that Brazil finally issued regulations regarding its corporate anti-bribery statute, the so-called Clean Company Act. President Dilma Rousseff issued Decree No. 8.420/2015 on March 18th, which provides for further regulations around the Clean Company Act, with focus on 5 areas: (i) procedural rules for the administrative enforcement of the Act against organizations; (ii) calculation of the penalties; (iii) leniency agreements; (iv) integrity (compliance) programs; and (v) sanctioned, banned, or restricted companies lists (CEIS and CNEP).

As to anti-bribery compliance programs, referred to as integrity programs under the Clean Company Act, the Decree defines the 16 elements of a complete program that will be taken into account in its evaluation by the enforcement authorities, which we have outlined in our post “Compliance Programs under the Brazilian Clean Company Act.

About a month after the Decree was issued, the Federal Comptroller’s Office (Controladoria-Geral da União – CGU), the administrative body responsible for enforcing the Clean Company Act at the federal administration level, issued additional regulations regarding (i) the process for evaluation of the investigated company’s compliance program (Reg. 909 – Portaria CGU nº 909); (ii) procedural rules for the administrative enforcement proceeding or “PAR” (Reg. 910 – Portaria CGU nº 910); the rules for determining the company’s annual gross revenues for calculation of the monetary fines (CGU IN 01/2015); and (iv) the rules around the government’s restricted parties lists CEIS and CNEP (CGU IN 01/2015).

Pursuant to Article 18 of Decree 8420, a company that demonstrates to have a robust, effective compliance program in place shall receive a reduction in the monetary fines of up to 4% of the company’s gross annual revenues for the year preceding the opening of the PAR. This is the major mitigation factor under the Brazilian anti-bribery statute, twice as valuable as voluntary disclosure, and potentially three times as valuable as cooperation. In practice, in some cases the credit for a company’s compliance program may represent a discount of more than 99% of the monetary fine, lowering it to 0.1% of the gross annual revenues, the minimum fine allowed under the Clean Company Act.


Reg. 909 is of particular interest to the Compliance professional, for it provides guidance as to how the investigated company’s compliance program is to be evaluated by the Brazilian Federal authorities, for determining the percentage of credit the company is entitled to. It is a real eye-opener and makes us realize how global compliance and anti-bribery laws and best practices are becoming more and more aligned. Tom Fox constantly reminds us of his mantra: Document, document and document. Well, it looks as though Brazilian enforcers, particularly the CGU, have been reading Tom’s blog and have taken this mantra of his to heart.

In Reg. 909 the CGU sets forth that programs will be evaluated having two basic documents prepared by the company (the Profile Report and the Program Conformity Report) as the basis and starting point for their review. It further provides for that the company shall produce evidence that the program works and is a part of the company’s routine, and demonstrate how the program has worked to help the company prevent, detect, and remediate the very misconduct that is the object of the enforcement action.

The Profile Report should describe:

  • the industry sectors and geographies in which the company operates;
  • organizational structure, including internal hierarchy, decision-making process, boards, departments, and divisions;
  • the number of direct and indirect employees;
  • touch points with the government (national or foreign), highlighting:
  • the importance of licenses, permits, or authorizations to its activities,
  • the quantity and value of contracts with the government, and
  • the frequency and relevance of the use of third party intermediaries in its interactions with the government;
  • equity interests relating to subsidiaries, controlled, parent, and affiliated companies, as well as to JVs or consortia. 

Regarding the Conformity Report, Article 4 of Reg. 909 provides for that the legal entity shall provide information on the structure of the program, describing what elements of the program (listed on Article 42 of Decree 8420) where implemented, how they were implemented, and explaining the importance of the implementation of each element vis-à-vis the company’s peculiarities, as per the Profile Report .

The effectiveness of the company’s program may be evidenced by means of official documents, e-mails, written correspondence, statements, internal memos, minutes of meetings, reports, manuals, computer screen shots, video and audio recordings, photographs, purchase orders, invoices, accounting records, or any other documents, preferably in digital format.

Apparently, the Brazilian enforcers expect the companies to heavily invest in documenting all they can about their compliance programs, and intend to rely on document review for most of the process of evaluation of a company’s program. Not only does Reg. 909 require for the two reports mentioned above to be submitted along with the company’s administrative defense, but it also makes it crystal clear that being able to provide complete, clear, and organized documentation to demonstrate the effectiveness of the program will be key for companies to secure credits that may add up to four percent of a company’s annual revenues.

In paragraph 2 of article 4 of Reg. 909, the CGU expressly lists documents that should be created, copied, archived, retrieved, and submitted to the authorities in an organized fashion, in digital format, in case of an investigation.


The Brazilian Clean Company Act lists many conducts that are regarded as harmful to the public administration, which conducts include, inter alia, fraud and related misconduct involving government procurement, obstruction of government inspections or investigations, and, of course, bribery. The Act provides for strict liability for companies that benefit from violations, which renders it more likely than it was before the law passed for any company to be faced with investigations of potential violations, be it for conduct of its own employees or that of its third party intermediaries.

In such an environment, it is natural for companies not only be willing to put a robust compliance program in place, to prevent, detect, deter, and remediate instances of wrongdoing, but also to wish to secure the maximum credit of 4% when facing an enforcement action, in case all else fails.

Upon being notified by the enforcement authorities of the investigation, with the opening of the PAR, the company shall have a window of 30 days to submit the defense (article 16 of Reg. 910), including the defense arguments and evidence relating to the concrete facts and merits of the case. The defense shall also include the Profile Report, the Program Conformity Report and all the supporting documentation.

What one should look to avoid is that, in the middle of a perfect storm, in which the company’s compliance and legal professionals will have to deal with managing the crisis, interacting with the company’s PR and Investor Relations teams, informing all stakeholders, on a daily or weekly basis, of the issues at hand, the defense strategy, action plan and progress, with a very limited window of time to gather all information they can about the specifics of the case and prepare a defense, is to have to dedicate time, resources, and efforts to tasks that could have been dealt with in advance, under no time pressure.

We would therefore deem it advisable for companies operating in Brazil to prepare and have in their files, ready for submission at any time, both the Profile Report and the Program Conformity Report, along with all the evidence they can gather in advance, in an organized manner and in digital format, evidencing the effectiveness of its program. It is the Compliance Officer’s responsibility to work with the IT department to ensure that the company has a document archive and retrieval process in place to guarantee that documentation pertaining to the compliance program is safely stored in one centralized repository.

Your compliance program, documented and presented in a complete, clear, and organized manner, along with evidence of its effectiveness, may be worth up to 4% of your company’s annual revenues. Make sure you are ready to earn it.

And remember:

What does Thomas Fox say? Document, Document, and Document.


Rafael Mendes Gomes is the partner in charge of compliance and anti-bribery at Chediak Advogados, with offices in São Paulo and Rio de Janeiro, Brazil. The firm offers legal assistance to both Brazilian and international clients across different industries and business sectors.


You can access Chediak Advogados Compliance and Anti-bribery web page here.

April 10, 2015

International Anti-Corruption Enforcement Efforts

ARound the GlobeWhile the US Foreign Corrupt Practices Act (FCPA) is still the most widely recognized and enforcement anti-bribery and anti-corruption law across the globe, there have been a number of initiatives which will lead directly to greater anti-bribery and anti-corruption enforcement. This increased enforcement will lead to increased risks for companies that do not have anti-bribery and anti-corruption compliance programs in place. This post discusses the efforts of other countries to enact and enforce legislation to curb bribery and corrupt across the globe.


Over the past 18 months, GlaxoSmithKline PLC (GSK) was embroiled in a very public, very nasty bribery and corruption investigation. It culminated in the conviction of GSK and the assessment of a $491 million fine, criminal conviction of four senior GSK China subsidiary managers and the criminal convictions of two ancillary GSK-hired investigators. The entry of the Chinese government into the international fight against corruption and bribery is truly a game-changer. While there may be many reasons for this very public move by the Chinese government, it is clear that foreign companies are now on notice. Doing business the old fashioned way will no longer be tolerated. This means that international (read: western) companies operating in China have a fresh and important risk to consider; that being that they could well be subject to prosecution under domestic Chinese law.

The international component of this investigation may well increase anti-corruption enforcement across the globe. First of all, when other countries notorious for their endemic corruptions, for example India, see that they can attack their domestic corruption by blaming it on international businesses operating in their country, what lesson do you think they will draw? Most probably that all politics are local and when the localities can blame the outsiders for their own problems they will do so. But when that blame is coupled with violations of local law, whether that is anti-bribery or anti-price fixing, there is a potent opportunity for prosecutions.

One of the audit failures of GSK was around well known compliance risks in China, including (1) event abuse planning; (2) mixture of legitimate and illegitimate travel; (3) other collusion with travel agencies; and (4) parallel itineraries. So those risks are well known and have been documented. While the cost of monitoring is high and would involve the tedious work of verifying millions of receipts by calling hotels, airlines and office supply stores and scrutinizing countless transactions for signs of fraud; if your compliance risks are known for a certain profile, then you should devote the necessary resources to making sure you are in compliance in that area.


While GSK was a harbinger of international anti-corruption investigations and enforcement actions based on domestic anti-bribery laws; Brazil and its state-owned energy company Petrobras may become the world’s largest corruption investigation. In a New York Times (NYT) article, entitled “Scandal Over Brazilian Oil Company Adds Turmoil to the Presidential Race”, the scandal was detailed by a former Petrobras official, Paulo Roberto Costa. Mr. Costa was the person who oversaw the company’s refining operations. He has admitted to having engaged in the receipt of bribes for at least a 10 year period “equivalent to 3 percent of the value of the deals from the Brazilian construction companies that obtained the contracts” to build refineries. This amounted to literally millions being “stashed in bank accounts in Switzerland and the Cayman Islands.” He “inflated budgets for new projects” by 3% and then had that amount kicked back to him as bribes. The allegations were verified “through an associate, Alberto Youssef, a black-market money dealer who testified that he helped launder funds in the scheme. Mr. Youssef, who has also accepted a plea deal, testified that more than a dozen of Brazil’s largest construction companies had paid hefty bribes to obtain lucrative Petrobras contracts.” Interestingly, Brazilian President Rousseff “has also effectively acknowledged the prevalence of corruption inside the executive suites of Petrobras, while denying that she had known about the kickbacks when they were taking place.”

The scandal has not only engulfed suppliers to Petrobras in Brazil. It has now moved to the international stage. From shipyards in Singapore, which have been alleged to have paid bribes to Petrobras, to Rolls Royce in Great Britain which has been alleged to have paid bribes for the sale of turbine engines; this scandal truly is international in scope and may engulf more companies going forward. In addition to violations of Brazilian law, the US government has reportedly opened an investigation, as Petrobras USA is a US stock-exchange issuing entity and subject to the FCPA. Indeed, in the US there are already multiple shareholder derivative lawsuits against the US entity for mis-representing its true value because of the corruption allegations against the company in Brazil.

The Petrobras scandal continues to make news almost daily and its repercussions continue to reverberate across the globe. The FCPA Blog, in an article entitled “Swiss AG freezes $400 million in Petrobras bribe probe”, stated that in Switzerland alone there are nine open investigations into alleged money laundering tied to Petrobras. In mid-March the Office of the Attorney General of Switzerland (OAG) announced that they had issued an order to freeze $400 million of assets allegedly tied to a Petrobras corruption scheme. The FCPA Blog further stated the OAG announced “The release of over $120 million reflects Switzerland’s clear intention to take a stand against the misuse of its financial center for criminal purposes and to return funds of criminal origin to their rightful owners.”

The domestic Brazilian Anti-Bribery Law, the Clean Company Act, enacted into law in 2014, is uniquely designed for oversight by internal audit. Compliance programs will be evaluated on three prongs: the structure of the program; specifics about the legal entity; and an evaluation of the program’s efficiency. The first prong will include consideration of the existence of mechanisms for reporting suspected or actual misconduct, training, code of conduct, policies and procedures, periodic risk assessments, and application of disciplinary measures against employees (including senior management too) involved in wrongdoing. Under the second prong, the compliance risks associated will be considered. Compliance programs should be tailored to the company’s risks; “one-size-fits-all” programs will not be accepted. The third prong will consist of a case-by-case verification, that it is not simply a paper program.

Finally, and no doubt spurred by the Petrobras corruption scandal, the FCPA Blog also reported, in another article entitled “After protests, Brazil president issues anti-graft regulations”, that Brazilian President Dilma Roussef issued a presidential decree with regulations under the Clean Company Act. The new regulations issued address some of the crucial questions concerning the administrative procedure for imposing corporate liability and assessing fines. It also set out the criteria for determining fines, evaluating compliance programs, and entering into leniency agreements. Finally, the decree also provides that books and records accuracy and completeness will be a key criterion for evaluating compliance programs, no doubt inspired by the FCPA accounting provisions. As the FCPA Blog said, “The regulations under the Clean Company Act are a critical milestone in the effort to restore credibility to Brazil’s federal government, in light of its past commitments to fighting corruption in the corporate world.”


What does all of the above mean for a global company? It means that some law that prohibits bribery and corruption will cover your business. It will not and does not matter if you are a US, UK or Brazilian company doing business outside of your home country, somewhere a law prohibiting bribery and corruption will cover your actions. Even if you are not covered by the FCPA, the UK Bribery Act or the Clean Company Act, if you are doing business in a local country you can still be subject to prosecution under its domestic anti-bribery laws. This means that there will be greater enforcement going forward and greater cooperation between enforcement agencies.

For businesses the only response to this plethora of new laws is to implement and enhance a best practices anti-bribery/anti-corruption compliance program and there are several examples that companies can follow to do so. In the US, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) provided their suggestions with their Ten Hallmarks of an Effective Compliance Program; the UK Ministry of Justice (MOJ) has provided commentary on the Six Principles of an Adequate Procedures compliance program and the Organization of Economic Cooperation and Development (OECD) has put forth its Good Practice Guidance on Internal Controls, Ethics, and Compliance.

All of these anti-bribery/anti-corruption regimes set forth easily digested concepts that a company could implement. However, there must be more than simply a paper program in place. A company must actually do compliance for it to be effective. By making compliance a part of normal business practices, it will be possible to prevent, detect and then remediate any bribery or corruption issues that may arise.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 27, 2015

Compliance Programs under the Brazilian Clean Companies Act

BrazilEd. Note-I recent asked Rafael Mendes Gomes if he could give my readers some information about the recent regulations issued by the Brazilian government around the Clean Companies Act. Both he and Vitor Lopes da Costa Cruz responded with today’s guest post. 

According to the World Bank, Brazil is the world’s seventh wealthiest economy, with a Gross Domestic Product (GDP) of US$ 2.253 trillion in 2012. On the other hand, Brazil is ranked 69th out of 175 countries in Transparency International’s 2014 Corruption Perception Index, and was recently shaken by investigations into a multi-billion dollar scandal involving the state controlled oil giant Petrobras, threatening to engulf the country’s most senior politicians—including its president. Brazil is also a signatory of the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions – the “OECD Convention”.

The OECD Convention entered into force in 1999, and the OECD’s Working Group conducts peer reviews to evaluate the implementation of the Convention and effective enforcement of measures to prevent, detect, investigate and prosecute bribery, but Brazil was one of the last signatories to pass a law focused on the supply side of the bribes: business organizations. Law 12.846/2013, often referred to as the Clean Companies Act, took effect on January 29th, 2014, and makes business organizations liable for illegal acts against national or foreign public administration, including bribery. An English translation of Law 12.846/2013 is available here.

The Clean Companies Act applies to any Brazilian business organization, company, foundation, association of persons or entities, formally organized or not, regardless of how they are organized or the corporate model they adopt, as well as foreign companies having office, branch, or representation in the Brazilian territory, even if informally and/or temporarily. The Act subjects companies to severe civil and administrative penalties and sanctions for bribing domestic or foreign government officials, and the fines can be of up to 20 percent of the company’s annual gross revenues.

In Article 7, VIII, the statute provides for that, in defining the penalties to be applied to an organization for violations of the statute, the enforcer will take into account the “existence of internal mechanisms and procedures of integrity, audit and incentive for the reporting of irregularities, as well as the effective enforcement of codes of ethics and codes of conduct within the organization” (free translation). The problem was that the statute did not provide guidance on what said mechanisms and procedures consisted of, or how much discount or credit would be granted to companies that have effective compliance programs in place. In the Sole Paragraph or Article 7, the statute sets forth that the criteria of evaluation of the compliance mechanisms and procedures were to be defined by Regulation to be issued by the Federal Executive Branch.

Finally, after over a year of the Clean Companies Act having entered into force, on March 18th, President Dilma Rousseff issued a Federal Decree (8.420/2015) regulating the statute, as a part of a series of anti-corruption measures to counter the increasing public opinion pressure against her administration. The Decree covers some of the crucial aspects of the Act, concerning the evaluation of compliance or corporate integrity programs, the administrative procedure for imposing corporate liability and assessing fines, and the rules regarding leniency agreements.

Of particular interest to companies doing business in Brazil is what the Decree sets forth that regulators and enforcers shall regard as the hallmarks of an effective compliance program, which guidelines are in our view closely aligned with international standards, mainly those provided by the FCPA Resource Guide and OECD’s Good Practice Guidance on Internal Controls, Ethics, and Compliance.

In this post we will focus on the available legal guidance in Brazil, regarding compliance programs, as provided for in the recently enacted Decree, outlining the hallmarks of a compliance program under Brazilian law:

  1. Tone at the Top, translated as the commitment from the top executives of the company, including members of the board, evidenced by the visible and unequivocal support to the compliance program.
  2. Ethics Code and written policies and procedures, enforced to all members in the organization, extended to third parties when applicable.
  3. Periodic Training regarding the organizations Compliance Program.
  4. Periodic Risk Assessment, aimed at making the necessary adjustments to the company’s compliance program.

As regards risk assessment, the Decree sets forth that the Brazilian Authorities shall consider the following when assessing the effectiveness of a Compliance Program, during an investigation:

  • The number of employees;
  • The complexity of the company’s internal hierarchy and the number of departments, governance bodies or sectors;
  • The use of third parties intermediaries as consultants or sales agents;
  • The industry or sector in which the company operates;
  • The countries in which it operates, directly or indirectly;
  • The level of interaction with the public sector and the importance of permits, licenses, and governmental approvals for its operations;
  • The amount and location of legal entities that form the economic group; and
  • Whether the company is regarded by law as a micro or small business.
  1. Accounting Records that comprehensively and accurately reflect the company’s transactions.
  2. Political Contributions. Transparency as regards donations and contributions to political campaigns, candidates and political parties
  3. Relationship with the Public Administration. Specific Proceedings around prevention of fraud or irregularities in public tenders, in the performance of public contracts, and in the interaction with the public sector (including tax collections and inspections, governmental authorizations, licenses, and permits).
  4. Compliance Officer: Independence, structure, and authority of the internal body responsible for implementing and enforcing the compliance program.
  5. Confidential Reporting Channels (hotline), widely advertised to the company’s employees and third parties, and mechanisms for the protection of whistleblowers acting in good faith.
  6. Disciplinary Action in case of violations and procedures to ensure the prompt interruption of the wrongful conduct or violation, and timely remediation of damages caused.
  7. Third Party Due Diligence for the hiring of third party intermediaries, such as consultants, vendors, contractors, suppliers, and service providers, and, if applicable, the monitoring of the intermediaries’ activities.
  8. M&A Due Diligence: M&A anti-corruption due diligence and risk assessment.
  9. Monitoring and Continuous Improvement. Constant monitoring of the compliance program, in order to ensure its continuous improvement.

Having the Federal Executive Branch provided guidelines and clarifications on critical aspects of the Clean Companies Act, by means of the Decree in review, defining parameters and criteria for application of the statute, companies now have a clearer picture of what is expected from them, how investigations are supposed to be conducted, and how cooperation will take place. It is also true that enforcers are now better equipped, at least from the legislation standpoint, to fight corporate bribery.

Now Brazil has the challenge to demonstrate effective enforcement of such laws.


Rafael Mendes Gomes is the partner in charge of compliance and anti-bribery at Chediak Advogados, with offices in São Paulo and Rio de Janeiro, Brazil. The firm offers legal assistance to both Brazilian and international clients across different industries and business sectors.


Vitor Lopes da Costa Cruz is a senior associate in the compliance and anti-bribery team at Chediak Advogados. He assists companies in the assessment, design, and implementation of compliance programs.


You can access Chediak Advogados Compliance and Anti-bribery web page here.

Blog at WordPress.com.