In late July, authorities in China accused U.K.-based drug maker GlaxoSmithKline of paying $500 million in bribes to government officials, hospitals, and others through a maze of 700 travel agencies. Closer to home, media reported that Wal-Mart Stores Inc.’s investigation into its Mexico bribery scandal cost the company $240 million in the 12 months since the initial allegations of $24 million in bribes. In-house legal and compliance teams in multinational corporations know all too well that bribery is not only ethically wrong—it’s bad for business.

And yet, reducing business risks of corruption, antitrust violations, data privacy breaches, and other perils seems to be easier said than done. A recent study* of top corporate counsel at major multinationals in the United States and Europe finds that policies and procedures to address these issues may be in place, but approaches tend to be generic—and far too few companies take the step to see if their measures actually work.

Only 41 percent of corporate counsel respondents rank their company’s particular bribery and corruption risks for each business in each location. Ranking is an evaluation of exposure to various risks that helps focus an effective compliance program. Less than half of counsel surveyed monitor the effectiveness of their antibribery compliance policies and training. Justin McClelland, a London partner of Winston & Strawn (the law firm that conducted the survey), says that too many multinationals are implementing generic compliance measures without clarifying the organization’s risk profile locally. “It is critical to start with a real understanding of the risks that the organization faces and then tailor the procedures accordingly,” McClelland said.

Only 13 percent of those surveyed said that merger control regulations posed the greatest antitrust and competition threat to their companies. The responses might differ today following this month’s U.S. Department of Justice opposition to the American-US Airways merger.

The study also finds weaknesses in antitrust and competition compliance: only 37 percent of respondents rank their antitrust/competition risks, and only 50 percent conduct compliance audits. Without ranking exposure to individual areas of risk, it’s more likely that compliance procedures and training will miss the key areas of importance in various businesses and locations. This increases the chances that breaches may occur.

The survey finds some marked differences in how Europe- and U.S.-based senior counsel perceive risks. According to Jeffrey Kessler, a Winston & Strawn partner in New York, Europe-based companies focus on the risk of cartel enforcement more, given the recent aggressive actions of the European Union competition authorities (as well as the criminal prosecution of foreign companies by the Justice Department). He believes strong antitrust enforcement is more familiar to large U.S. companies, and they may have more confidence in their compliance programs. Kessler adds, “The survey indicates that companies in both Europe and the U.S. should be more focused on measures such as antitrust audits to be certain their compliance programs are effective before a problem occurs.”

Compliance experts say that the audit step is important in antitrust compliance, given the early discovery and disclosure leniency programs offered by regulators around the globe, which give substantial benefits to those who catch potential problems early. Audit steps may include periodic e-document review, discussions with key exposed personnel, and more elaborate investigations.

GSK, Wal-Mart, and many of the companies fighting corruption inquiries have allegedly paid bribes through a labyrinth of third parties. Forty-seven percent of the senior counsel respondents rate at 6 or below (on a scale of 1-10) their comfort level that policies, controls, and oversight of the company’s third party relationships are adequate. (If one considers 60 percent a “D” grade, that’s not reassuring; it should be a wake-up call to chief legal officers and board directors.) And only 26 percent of respondents ranked their level of comfort as 8 or higher.

“Many law departments are working with flat budgets, and the widespread expansion into emerging markets makes it more challenging for in-house counsel to monitor these risks effectively,” said Jerry Temko, SVP, general counsel and regional compliance officer of Astellas Pharma in Europe. According to Temko, joint ventures, strategic alliances, and agency and distribution arrangements with third parties are common business practice in emerging markets today—and they often carry higher legal and compliance risks.

Given the difficulty of covering so many jurisdictions, corporate counsel and compliance officers must establish a trusted group of internal and external advisers in their companies’ key markets. This enables them rapid access to necessary information and insights to help guide legal oversight and compliance programs. Since few companies have budgets to afford a compliance “Cadillac” to cover every third party relationship worldwide, more and more expect this information to come as part of ongoing business and legal advice. In emerging markets, corporate counsel want their advisers to connect the nuances of local market practices and regulatory context to their work. Strict legal advice without those insights has far less value to the business.

But when operating in foreign countries with vastly different legal systems, how can corporate counsel know if they are getting the right advice? The most internationally experienced general counsel say that they look for internal sources and external advisers that can:

  • Provide guidance on how to get information to effectively evaluate compliance given business and cultural traditions in the local market.
  • Give examples of legal issues that multinationals (preferably in their industry) have frequently faced in the particular jurisdiction.
  • Suggest what questions the in-house counsel and business manager should be asking that they may not have considered.

Stay tuned for part two, which will focus on the survey’s findings on risks in cross-border joint ventures and strategic alliances, and data privacy and protection.