The New Anti-Corruption Law in Brazil: Enforcement and Implications

The new anti-corruption law in Brazil (Law No. 12.846/2013), also known as the Clean Companies Act, went into effect on Jan. 29, 2014. In theory, the law would impose relatively harsh penalties on companies for direct and indirect acts of attempted bribery of Brazilian public officials or foreign public officials, as well as for bid rigging and fraud in the procurement process.

In reality, as with any other law in Brazil, the success of its implementation and enforcement remains questionable because the country’s states adopt and interpret federal laws on an individual basis. The context in which each state will adopt the law will shape the effectiveness of its implementation. Another factor that varies is the time that each state will take to issue regulations around the implementation of a particular federal law.

Most multinationals with operations in Brazil are not waiting to see what the effects of the implementation would be and have already started to make adjustments to enhance their compliance policies to ensure they are prepared for the provisions of the new law. One of their key activities has been documenting their compliance efforts because the law provides an incentive of reduced fines for companies that have implemented effective anti-corruption programs.

Corporate compliance programs are a relatively new concept within local Brazilian companies. So far, they are prospering mainly within large Brazilian companies and those Brazilian companies with operations extending outside the country’s borders. The new anti-corruption law has many of these companies reevaluating their current procedures and seeking assistance and advice on how to improve their existing programs.

The new anti-corruption law does not differentiate companies by origin or size, however—it covers all companies with operations in Brazil. The need for an effective compliance program applies to all.

And so increasingly, Brazilian medium-size companies have also been expressing interest in either performing risk assessments or providing training to their senior employees to ensure that appropriate measures are implemented to avoid potential violations of the law.

Risk Assessment

One of the first steps that most companies would want to consider is to conduct a risk assessment to analyze current exposure. This is especially useful for Brazilian companies with either limited compliance resources or a limited track record of compliance efforts. Effective risk assessments should be done by an independent third party and include a review of:

• All third party relationships (including historical)
• The company’s procedures for receiving payments and making payments
• The company’s existing internal controls and processes for documenting these controls and compliance efforts.

If any potential violations or material shortcomings are identified, consultation with legal counsel is recommended (and, potentially, voluntary disclosure).

Effective Compliance Program

An effective compliance program not only focuses on ensuring compliance with one particular law or aligning one particular department within the business, but also encompasses the organization as a whole.

Certain areas, such as procurement departments, are traditionally more prone to fraudulent activities than others. The creation and implementation of effective internal policies and internal controls usually prioritizes these higher risk units of the business.

Relationships with third parties pose another significant risk, so building an effective compliance program that deters or raises red flags for potential acts of bribery or other fraud is essential. This can be challenging, especially for large companies that often have hundreds or thousands of third parties they work with on a regular basis. Employing a risk model that categorizes third parties by level of risk has proved to be very effective in helping a company determine which third parties represent the greatest potential threat and to prioritize its due diligence efforts accordingly. Third parties that provide general services or consultative services, logistics facilitators, and tax consultants are often high-risk providers and should be considered for prioritized review over other relationships. The scale of the business conducted with the third party will also impact the level of attention the third party would receive. Potential kickbacks would usually increase with the size of the transactions.

An effective compliance program for a company operating in Brazil will generally have the following elements:

• A dedicated team monitoring and documenting all compliance efforts of the company
• Internal controls, a robust internal audit function, and frequent unannounced internal audits
• Clear communication of policies to employees and third parties
• Background checks of employees and third parties

Third Party Liability

Relationships with third parties pose significant risk to companies. However, companies in Brazil often think of these third parties as “outside parties” and would contend that third parties bear the liability for their own actions. One of the objectives of an effective compliance program should be to change this perception. Companies should institute an effective third party screening program that identifies potential problems in the background of these companies, such as a close relationship with government entities and officials, a history of problematical conduct, or a questionable track record. The screening should be done when on-boarding a new third party and on an annual basis for existing third parties.

The screening process can be challenging for large companies that often work with hundreds or thousands of third parties on a regular basis. Employing a risk model that categorizes third parties by level of risk has proved to be very effective in helping a company determine which third parties represent the greatest potential threat and to prioritize its due diligence efforts accordingly. Third parties that provide general services or consultative services, logistics facilitators, and tax consultants are often high-risk providers and should be considered for prioritized review over other relationships. The scale of the business conducted with the third party will also impact the level of attention the third party would receive. Potential kickbacks would usually increase with the size of the transactions. The higher the amount of the uncovered bribe the higher the penalties imposed by the law.