Legal Environment and Business Decision Making - Compliance Management

Introduction

  • The session is divided into two parts: a dialogue with practitioners on compliance management at the international level and a Q&A regarding the final assignment and exam.
  • Kjell Farman is introduced as the Director of Compliance at McDonald's, overseeing compliance strategy and operations across Europe.
  • Jean Julien LeMonier is introduced as a partner at Stefansson Ahoud, specializing in antitrust law and leading the Ethics, Investigation, Defence (EID) department.
  • Professor Bjorn Wasserling is introduced as a specialist in compliance who will contribute to the discussion.

Key Concepts of Compliance

  • Compliance is defined as a management function, not just a legal one. Professionals from various backgrounds can work in compliance.
  • Companies engage in compliance management due to factors like the Organizational Sentencing Guidelines (OSG) in the US and the French adoption of Lois Sapin II.
  • The US Department of Justice (DOJ) and the French Anti-bribery Agency (AFA) are key influences in shaping compliance programs.
  • Compliance effectiveness is linked to ethics and corporate culture. A sound corporate culture is vital for effective compliance management.

McDonald's Compliance Function

  • McDonald's is legally obliged to have a compliance function under US law, which they have had for 15 years.
  • Key activities include:
    • Creating policies, procedures, and standards of business conduct (e.g., anti-corruption, conflict of interest).
    • Conducting internal investigations (over 2,000 calls annually to the business integrity line).
    • Managing conflicts of interest.
    • Serving as a resource for ethical questions.
    • Providing reports to the board.
  • The compliance function operates globally, with dedicated compliance personnel in various markets (34 globally).
  • McDonald's also engages outside providers like law firms and forensic companies for support.

Stefansson Ahoud's Approach to Compliance

  • Jean Julien established a cross-functional task force (Ethics, Investigations, and Defence - EID) in 2023 to assist clients with all aspects of compliance.
  • This task force covers various compliance aspects: antitrust, anti-corruption, money laundering, and GDPR.
  • The approach aims for consistent service quality and a single point of contact within the firm.
  • Internal investigations can start with corruption or money laundering and uncover antitrust issues.

Key Compliance Risks for McDonald's

  • McDonald's compliance strategy is connected to the company's overall strategy, which currently focuses on opening new restaurants.
  • The biggest risks are related to development, construction, and real estate, including:
    • Valuations going wrong.
    • Kickbacks in real estate purchases.
    • Construction issues in various countries.
  • McDonald's is a major real estate owner, making land acquisition a significant area of risk.

Engaging External Investigators

  • The decision to engage an external investigator depends on several factors:
    • US investigations or FCPA-related issues, where legal privilege is important.
    • Bribery of government officials.
    • Budget limitations.
    • Lack of language expertise or local knowledge.
    • Involvement of top management, necessitating independence.
    • Need for secrecy in certain cases.

Formal Compliance vs. Effective Measures

  • Formal compliance measures include ethics codes and training. These are manageable but not always effective on their own.
  • More effective measures involve establishing a culture of ethics and legitimacy, influencing employee perceptions.
  • Wrongdoings fall into two categories: deliberate acts (e.g., theft) and unintentional acts driven by a desire to help the company.
  • The latter type requires "soft measures" like culture, training, and conversations to address.
  • Example: employee bribing a government official to get a permit to open a resturant.
  • Walmart's experience demonstrates the high cost of non-compliance, including financial, strategic, and institutional value destruction.
  • Management must be deeply involved in compliance to make the engagement seem sincere to employees.

Compliance Strategy Connected to Company Goals

  • Compliance strategy must be connected to the company's overall strategy.
  • Financial value destruction refers to money paid, while strategic value destruction relates to the company's market position.
  • Institutional value destruction concerns the relationship between the company and its environment (public authorities, NGOs).

Reckoning Situations and Ethical Considerations

  • Employees may have good intentions when committing violations, requiring careful handling.
  • Compliance managers should avoid generalizations about corruption in specific regions.
  • Companies must consider whether compliance with a law aligns with its values, especially regarding human rights.

Compliance Analytics

  • Compliance analytics and AI (e.g., ChatGPT) are increasingly used for tasks like data verification and generating Q&A from policies.
  • The DOJ expects companies to use compliance analytics extensively.
  • The EU fined Apple and Meta for non-compliance with regulations intended to curb big tech power, highlighting the importance of ex-ante intervention.

Tech Issues and Risk Management

  • Tech issues, privacy, and data breaches are important compliance concerns for McDonald's.
  • Fines for privacy violations may be low compared to antitrust fines.
  • Companies take a risk management approach, prioritizing areas with heavier fines and focusing on brand protection.
  • A risk-based approach to compliance involves prioritization, not a cost-benefit calculation of whether to break the law.

FCPA and Impact of Political Decisions in the US

  • The Foreign Corrupt Practices Act (FCPA) is crucial for US corporations like McDonald's.
  • An executive order issued by Donald Trump imposing a pause in the enforcement of the FCPA does not change things for US companies.
  • French authorities previously argued that US authorities were overreaching with the extraterritorial application of laws but are now equipped to handle such cases themselves.
  • The Trump administration may have been trying to create a certain type of balance, as US companies have been discriminated against with regards to FCPA.
  • The Trump administration is trying to prevent US companies from complying with the EU's CSRD directive, adding to the conflicting obligation for companies.

Conflicting Obligations and Ethical Choices

  • Companies face conflicting obligations (e.g., sanctions, privacy) and must make risk-based decisions considering potential fines and brand protection.
  • Companies should consider their values when deciding which laws to comply with, prioritizing those that respect human rights.

Compliance and Innovation

  • Compliance can support innovation by guiding the business on how to achieve its goals within legal boundaries.
  • It requires creativity and understanding of the business.

Future Trends in Compliance

  • Future of compliance sees increasing regulatory requirements, prompting a focus on technology, efficiency, and a helicopter perspective.
  • The legal requirements are higher and higher.
  • The legislature expects from compliance officers more and more, certain things that were nice to have, are now seen as must have measures.
  • Due dilligence on third parties and constant monitoring.
  • Compliance will have a greater impact on governance and business decisions.
  • The erosion of the rule of law poses a challenge to compliance, potentially turning it into an interface between companies and authoritarian regimes.