Be sure to read Part One and Part Two of the author's series on the Brazil Clean Companies Act.

Follow ACCinhouse on Twitter TheBlogIcon

Brazil’s Clean Companies Act — Executing


By Gabriela Roitburd

Since the Clean Companies Act (the Act) has yet to take effect, third parties may be unaware or unprepared to comply. For a third party to state that they will not violate the Act may mean little since they may not understand what constitutes a violation. An effective third-party compliance program evaluates the targets of acquisition and their affiliates, joint venture partners, vendors, suppliers, distributors, agents and consultants that provide marketing, sales, licensing, import/export or other services.

A new frontier in the fight against bribery and corruption

Given the lack of enforcement to date, coupled with high levels of bureaucracy, Brazil presents a high level of compliance risk for most companies. Brazilian private investigators do not need a license in order to practice. However, they should always follow applicable laws with respect to how data is gathered and used. Third-party investigators should also pay close attention to cultural norms, and the nuances inherent in complex professional relationships.

Brazil does not have specific data privacy laws in place. However, this may change, as there is a project that addresses data privacy under development by the Civil House, which will ultimately end up before Brazil’s House of Representatives. Notwithstanding the lack of specific data privacy laws, gathering relevant data to conduct third-party due diligence still presents challenges.

According to Brazilian law, publicly traded companies must annually disclose their accounting information through the newspapers. However, companies not subject to this law, such as the limited liability companies (LLC), do not have the obligation to openly disclose such information. Consequently, it is difficult to gather financial information relating to an LLC, which may result in companies relying on the third parties themselves to provide information. In these cases, the company may receive altered or incomplete information from their third parties. Whenever possible, information provided by a third party during the due diligence process should be independently verified for accuracy and completeness.

The third-party vetting process

Each third party presents a unique risk, and approaches to due diligence may vary accordingly. The vetting process can include an on-site visit to validate the legitimacy of the company’s business operations, an examination of corporate records, including the investigation of previous corporate misconduct, and litigation. It may also include an in-depth analysis of the network of business partnerships, including the reputation of the company and its principals.

Analysis of the company’s financial performance is often appropriate, including an understanding of the current sources of funding and a list of significant clients. A review of English language and local press may also help uncover the third parties’ business reputation, major business activities, and other social and business relationships of interest.

When a US company enters into a business relationship, compliance managers should ensure that the parties involved understand the anti-corruption laws of the United States, as well as the newly signed Clean Companies Act. A written declaration of the third party’s intent to uphold anti-corruption and anti-bribery policies and codes of conduct is a fundamental component for due diligence. Some companies find it helpful to automate this process so that due diligence queries, warranties and representations are systematic and easy to track.

Learning from others

In Brazil, the country’s financial institutions were the first to implement programs to comply with international anti-money laundering laws. The companies that firstly implemented compliance programs have since benefitted from having the tools to detect potential issues prior to the authorities, and in most cases, they have avoided regulatory scrutiny. The Brazilian companies that have not implemented anti-bribery and corruption compliance programs yet should consider conducting benchmarking exercises with local banks and companies that are subject to foreign anti-bribery and anti-corruption laws, such as the FCPA.

Ongoing compliance

The depth and scope of a third-party due diligence effort depends on a number of factors. Obviously, a field investigation is more costly and time consuming than a review of databases and news media. In order to determine the appropriate level of due diligence to employ, companies must assess their overall risk tolerance, and their ability to defend inaction if a problem arises.

An important component of a company’s compliance efforts includes written documentation that clearly details the methodology applied during each investigation. The contents of each investigation file should provide direct evidence of the company’s approach, including all documents relied upon during the process, the existence of “red flags,” how they came to light, and how they were resolved.

Using a customized software tool can help reduce the complexity associated with certain aspects of due diligence. Such a tool can help multinationals, as well as Brazilian-based companies, establish and aggregate their third-party network data globally. Regardless of the tools and tactics that companies apply, complying with the Clean Companies Act requires the creation of an effective third-party due diligence program. And with the Act scheduled to take effect in January 2014, it would be prudent to create that program sooner, rather than later.

Author:
Lawyer Gabriela Roitburd is a member of the São Paulo Chapter of the Brazilian Bar Association and a compliance consultant for STEELE CIS clients operating in Brazil. She has over 10 years of in-house experience in large multinational companies in the consumer, medical-device and pharmaceutical segments. This year, she completes two, two-year terms as a member of the Ethics Committee of the Brazilian Association of High-Technology Industry of Medical Equipment, Products and Devices – ABIMED. groitburd@wwsteele.com

Download PDF