Risk and compliance

for todays global

oil and gas companies
risks related to the ever-increasing complexity of regulatory
compliance. How are successful companies managing that risk?
Ernst & Young hosted a series of panel discussions featuring energy
industry leaders discussing how companies can best focus their
compliance risk mitigation efforts.
accounLinq and lnancial pracLices presenL siqnilcanL risk. 1he complexiLy and reach ol
requlaLions conLinue Lo qrow as qovernmenLs seek new Lools Lo conLrol bribery and lraud, while
increased enlorcemenL and improved inLernaLional cooperaLion amonq requlaLory aqencies has
inLensiled Lhe risk ol noncompliance.
1he risinq number ol hiqhprolle cases involvinq Lhe Foreiqn CorrupL PracLices AcL, Lhe UK
AnLiBribery AcL and various anLiLrusL and lnancial sLaLemenL laws is evidence LhaL enerqy
companies need welldesiqned and wellmanaqed compliance proqrams LhaL have Lhe supporL
and oversiqhL ol boLh senior manaqemenL and boards ol direcLors.
1o provide realworld insiqhL inLo how enerqy companies are respondinq Lo Lhese risks,
LrnsL & Younq inviLed accounLinq, risk, lnance and leqal prolessionals Lo a hallday seminar on
June 1^, 2012, LiLled "Risk and Compliance lor 1oday's Clobal Oil and Cas Companies." More
Lhan 100 aLLendees heard lrom a disLinquished lineup ol panelisLs alonq wiLh prolessionals
lrom LrnsL & Younq. 1his reporL provides a briel overview ol each panel discussion.
AnLiLrusL, FCPA and Lhe reLurn ol
lnancial sLaLemenL lraud
Amy HawkesmoderaLor
Ernst & Young LLP
Scott Duff
Vice PresidenL, lnLernal AudiL
National Oilwell Varco, Inc.
John Freeman
Ceneral Counsel
Technip USA, Inc.
Jeff Johnston
Vinson & Elkins LLP
Many enerqy companies Loday are makinq
siqnilcanL invesLmenLs in compliance. 1he
addiLion ol chiel compliance ollcers and
Lhe hirinq ol compliance prolessionals
many ol Lhem aLLorneys Lo work in key
implemenL lormalized risk assessmenLs and
audiLs on a reqular basis. CommunicaLion
leqal luncLions occurs on a daily basis, and
Lo idenLily, rank and miLiqaLe emerqinq risks.
Reqardless ol size and scope, however, all
compliance proqrams need Lhe supporL ol
senior manaqers and Lhe board ol direcLors,
panelisLs said.
"Compliance musL be Laken seriously, and
expecLaLions," said Jell JohnsLon, ParLner,
Vinson & Llkins LLP. "Companies musL be
willinq Lo walk away lrom business il Lhere
is someLhinq uneLhical abouL Lhe pro|ecL.
You cannoL send employees inLo hiqhrisk
counLries wiLhouL siqnilcanL amounLs ol
Lraininq and a sLrucLured plan lor how Lhey
are Lo operaLe."
"1he Lone aL Lhe Lop is Lhe mosL imporLanL
elemenL," said John Freeman, Ceneral
Counsel, 1echnip USA, lnc. "1here has Lo be
more Lhan a lormal code ol conducL; senior
manaqemenL musL Lalk abouL compliance in
a way LhaL shows commiLmenL Lo lollowinq
Lhe law."
ln recenL years, Lhe FCPA has become a
local poinL lor inLernaLional enerqy
companies. MosL companies have some
level ol compliance proqram in place Lo
Lrain employees on FCPA as well as audiLinq
behavior in Lhe leld.
ol inlormaLion and cooperaLion amonq
compeLiLors. "1he qovernmenL cerLainly
has noL reduced iLs anLiLrusL ellorLs," said
JohnsLon. "LasL year Lhere were a record
number ol anLiLrusL cases and a record
number ol lnes. RequlaLors are very locused
on Lhe enerqy indusLry. 1hey are on Lhe
lookouL lor collusion, and Lhey aren'L alraid
Lo move in il Lhey suspecL anyLhinq."
AnLiLrusL issues can also arise durinq Lhe
acquisiLion process. "We are very concerned
abouL 'qun |umpinq,'" says Freeman. "1here
are sLill a loL ol people who don'L undersLand
LhaL you can'L acL as one company prior
Lo Lhe closure ol an acquisiLion. While you
can do inLeqraLion planninq, you can'L share
compeLiLive inlormaLion."
" 1he compliance luncLion has
idenLilyinq emerqinq risks."
Scott Duff
Vice President, Internal Audit
National Oilwell Varco
" 1here is a risk ol companies
locusinq on Lhe Foreiqn CorrupL
PracLices AcL (FCPA) Lo Lhe
exclusion ol oLher areas ol
compliance. For us, FCPA is sLill
our locus on anLiLrusL issues and
oLher key risks."
John Freeman
Emerging risk areas
1o increase awareness ol anLiLrusL
mandaLory Lraininq lor all employees who
have any conLacL wiLh compeLiLors/parLners.
Because many anLiLrusL violaLions occur
inlormally, lollowup moniLorinq and audiLinq
is dillculL and Lhe bulk ol a company's
ellorLs musL be uplronL. "MosL violaLions
ol Lhis naLure don'L have a paper Lrail,"
says Freeman. "1hey happen when people
are Lalkinq Lo one anoLher aL dinner or
alLer a meeLinq, and inlormaLion is shared
inadverLenLly. 1haL's why Lhe locus has Lo be
on Lraininq. lL musL be Lailored lor specilc
pro|ecLs and specilc markeLs, and iL musL use
reallile, pracLical examples Lo be relevanL."
FaciliLaLinq paymenLs Lo loreiqn ollcials
while noL illeqal under Lhe FCPA can olLen
blur Lhe line beLween riqhL and wronq lor
employees in Lhe leld. "1his is an issue LhaL
is worLh waLchinq," said Freeman. "Movinq Lo
a policy ol noL makinq laciliLaLinq paymenLs
is qood business sense and we've seen
sLill do business in hiqhrisk counLries. 1he
MosL companies do noL wanL people in Lhe
leld havinq Lo make |udqmenL calls on
laciliLaLinq paymenLs."
New DoddFrank AcL requlaLions provide
lnancial rewards Lo Lhose who uncover
and reporL wronqdoinq. While panelisLs
reporL LhaL Lhey haven'L seen an upLick in
caused some chanqes.
"We conLrol vendor and LhirdparLy audiLs
much more carelully Lhan we used Lo,"
says Dull. "Now we provide an audiLor Lo
siL wiLh Lhe ouLside parLies so LhaL we know
immediaLely il Lhey lnd someLhinq LhaL
could be a problem."
1he SecuriLies and Lxchanqe Commission
(SLC) reporLs LhaL iL is qeLLinq "hiqher
qualiLy" complainLs as a resulL ol Dodd
Frank, says JohnsLon. "WhisLleblowers
Loday are more likely Lo show up wiLh leqal
represenLaLion and a lull seL ol documenLs
and daLa Lo presenL," he said. "Hopelully
publiciLy lrom Lhe whisLleblower law
likely Lo see Lhe number ol indusLrywide
vendors and Lhird parLies reveal more."
" A loL ol companies are sLill
askinq Lhemselves, 'Can we
commiL LhaL we are noL makinq
laciliLaLinq paymenLs anywhere
in Lhe world?'"
John Freeman
" DoddFrank should qive people
linds you doinq someLhinq
wronq has plenLy ol incenLive Lo
Lurn you in."
Scott Duff
National Oilwell Varco
How Lo redelne your due diliqence proqram on
1he DeparLmenL ol JusLice (DOJ) expecLs
LhaL companies will perlorm due diliqence
on vendors, parLners and M&A LarqeLs, buL
Lhere are no hard and lasL rules lor whaL
is expecLed. 1he DOJ Lypically decides il
due diliqence was appropriaLe alLer Lhe
lacL. "1here is no law LhaL compels you
Lo perlorm due diliqence," said Cooper ol
Baker & BoLLs. "BuL whaL are you qoinq Lo
Lell Lhe DOJ il you lnd yoursell siLLinq
across Lhe Lable delendinq LransacLions
wiLh a parLicular aqenL?"
Due diliqence provides Lwo ma|or benelLs
lor inLernaLional enerqy companies. One, iL
requires employees Lo explain Lhe business
raLionale lor usinq Lhird parLies and |usLily
Lhe amounLs spenL. JusL as imporLanL,
however, is LhaL a wellplanned, Lhorouqh due
diliqence proqram can show Lhe DOJ LhaL Lhe
LhaL Lhe proper sLeps were Laken Lo ensure
LhaL Lhird parLies conducL business properly.
Some companies lnd LhaL sLarLinq a
overwhelminq. Many inLernaLional companies
have hundreds ol Lhousands ol vendors, wiLh
hundreds more beinq added every monLh.
"SLep one is developinq Lhe processes,"
said Cooper. "SLep Lwo is idenLilyinq hiqh
risk areas and Lhe vendors or aqenLs used
in Lhose counLries. SLarL wiLh Lhe Lop 10 in
Lerms ol dollars spenL and qo lrom Lhere."
Jay MarLin, Vice PresidenL, Chiel Compliance
Ollcer and Senior DepuLy Counsel ol Baker
Huqhes lnc., suqqesLs LhaL companies
beqinninq a LhirdparLy due diliqence
proqram locus on Lhe vendors mosL likely
Lo be Lhe source ol problems, such as sale
aqenLs, disLribuLors and resellers.
"Lach caLeqory should have a dillerenL
level ol risk aLLached Lo iL, based upon Lhe
acLiviLies ol Lhe vendors in LhaL caLeqory
and Lhe probabiliLies ol uneLhical behavior
associaLed wiLh Lhose acLiviLies," he said.
Once Lhe hiqhesL risk counLries and Lhird
casL wider. MarLin says hiqhesL risk enLiLies
years. Prolessional lrms such as law lrms
Lhree years.
ln recenL years Lhe DOJ has realized LhaL
vendors and aqenLs are dillerenL in every
dillerences can be Laken inLo accounL when
perlorminq due diliqence.
Perlorminq proper due diliqence ahead ol a
assessmenL ol possible risk in order Lo
narrow Lhe parameLers lor review. Where
use LhirdparLy aqenLs? Do Lhey have |usL one
or Lwo ma|or cusLomers who may be aL risk?
1he answers Lo Lhese quesLions can help
locus Lhe invesLiqaLion.
Doug TymkiwmoderaLor
Ernst & Young LLP
Larry Abston
Vice PresidenL, CorporaLe AudiL
Anadarko Petroleum
Sam Cooper
Baker Botts L.L.P.
Jay Martin
Vice PresidenL, Chiel Compliance
Ollcer and Senior DepuLy Counsel
Baker Hughes Inc.
" AcLual quidelines lor due
diliqence are lew and lar
beLween. 1he deLails lor whaL
are wide open. BuL il you don'L
have policies and procedures lor
have a biq problem."
Sam Cooper
Partner, Baker Botts L.L.P.
The new due diligence
By Lhe Lime due diliqence Lypically beqins,
Lhe parameLers ol Lhe deal are already in
Lo compleLe Lhe LransacLion. 1o eliminaLe
conlusion and disaqreemenLs when Lhe clock
is Lickinq, iL is imporLanL Lo have a deLailed,
specilc approach Lo due diliqence in Lhe
oriqinal sales aqreemenL.
"Many aqreemenLs use words such as
'reasonable requesLs' wiLh no delniLion
as Lo whaL 'reasonable' means," Cooper
said. "WhaL is reasonable lor Lhe buyer
may noL be so lor Lhe seller, and vice versa.
So Lhe aqreemenL needs Lo spell ouL in
deLail exacLly how Lhe due diliqence will be
conducLed and who will be involved."
AnLicorrupLion audiLs ol inLernaLional L&P
a key area ol locus, alLhouqh a delicaLe
sub|ecL lor some operaLors. NonoperaLors
are realizinq Lhe need Lo proacLively proLecL
venLure business.
specilc lanquaqe allowinq an anLicorrupLion
scope ol audiL riqhLs by nonoperaLors.
While amendinq exisLinq aqreemenLs may
be dillculL, companies should make every
ellorL Lo conducL such audiLs Lo evidence
perlormance ol adequaLe procedures and
Lo manaqe Lhe risk.
ln some respecLs Lhe quidance relaLed Lo
Lhe UK AnLiBribery AcL ol 2010 raised Lhe
bar Lo esLablish an ellecLive allrmaLive
delense. "Lveryone in Lhe indusLry needs Lo
conLinue Lo up Lheir qame wiLh reqard Lo anLi
corrupLion compliance and due diliqence,"
said AbsLon. "ll your company's anLi
corrupLion compliance ellorL hasn'L evolved
Lo be more risk locused and robusL in recenL
years, iL probably hasn'L kepL pace wiLh Lhe
increasinq expecLaLions ol requlaLors."
"lL is criLically imporLanL Lo esLablish and
consisLenLly lollow a proqram Lo risk assess,
conducL and documenL anLicorrupLion due
diliqence perlormed on Lhird parLies," said
Larry AbsLon, Vice PresidenL, CorporaLe
AudiL, Anadarko PeLroleum. "Due diliqence
needs Lo be conducLed belore a vendor
perlorms work, noL alLerward," he said. 1his
paymenL processes.
" ln Loday's environmenL, parLners
ol Lheir L&P |oinL venLures are
anLicorrupLion laws. LiabiliLy lor
a |oinL venLure's wronq doinq may
noL be limiLed Lo Lhe operaLor."
Larry Abston
Anadarko Petroleum
" M&A due diliqence is hindered
access Lo daLa. Companies
need Lo make cerLain Lhey are
locused on inlormaLion wiLh
maLerial impacL."
Jay Martin
Baker Hughes
Corporate boards
PerspecLives on risk and compliance issues
Tim GriffymoderaLor
Ernst & Young LLP
Kenneth M. Burke
Board DirecLor
EQT Corporation
Jeffrey Curtiss
Board DirecLor
Mary Ricciardello
Board DirecLor
Devon Energy and
Noble Corporation
Senior manaqemenL musL Lake Lhe Lime Lo
discuss Lhe lull deLails ol iLs risk proqram.
How was iL conducLed? WhaL was Lhe Lime
lrame? How comprehensive was Lhe risk
idenLilcaLion ellorL? How did manaqemenL
weiqh various risks and make decisions as
UndersLandinq Lhis backqround can help
direcLors beLLer undersLand risk miLiqaLion
ellorLs and risk manaqemenL plans.
PanelisLs said LhaL company leadership
inlormaLion appropriaLely and Lo acL in Lhe
besL inLeresLs ol Lhe company. "ll Lhere is
someLhinq you Lhink you may wanL Lo Lalk
abouL Lo someone on Lhe board, Lhen Lalk,"
said Ricciardello. "Don'L waiL. ll iL Lurns ouL
Lo be unimporLanL, LhaL's okay. And il you
hear inlormaLion LhaL isn'L compleLe or LhaL is
rounded oll somehow, iL's your responsibiliLy
Lo brinq LhaL Lo your board's aLLenLion."
beLLer quidance, said KenneLh Burke,
DirecLor, LO1 CorporaLion. "Board members
don'L ever wanL Lo have Lo say Lo requlaLors,
'Well, l |usL meL wiLh Lhe board quarLerly
and l didn'L have Lhe Lime Lo qeL more
involved.' Cood qovernance involves askinq
quesLions, sharinq inlormaLion and Lakinq
responsibiliLy lor risks."
1hese discussions can also help embed
Lhe idea ol enLerpriselevel risk inLo
every decision.
"ll you wanL Lo see how compliance is beinq
employees." KenneLh Burke
Lnsurinq LhaL Lhe company's messaqe is
elemenL in creaLinq Lhe proper culLure ol
compliance, board members say. YeL iL can
be dillculL lor direcLors Lo lully undersLand
laroll leld locaLions. One soluLion is
Lo siL Lhrouqh Lraininq wiLh rankandlle
employees. "You'll be able Lo Lell lairly
quickly how serious people are and wheLher
or noL manaqemenL's messaqe has Laken
hold," Burke said. "ll you see employees
Reqular siLe visiLs can also be helplul Lo see
lrsLhand how compliance measures are
carried ouL across Lhe company. 1he enLire
board should consider makinq aL leasL one
siLe visiL a year Lo Lour operaLions and Lalk
ol imporLance.
"Risk manaqemenL should be second
naLure," said Burke. "lL should be a parL
ol Lhe dayLoday operaLion ol Lhe business,
a sLandalone issue LhaL is only discussed
now and Lhen. 1hink abouL includinq risk
and board commiLLees. Show Lhe board LhaL
you are considerinq enLerprise risk every
day. Don'L make Lhe board ask quesLions
Lo idenLily risks."
undersLandinq ol Lhe company's
risk assessmenL process.
1haL's Lhe basis lor a dynamic,
LhouqhLlul discussion."
Jeffrey Curtis
Board Director
" Boards Loday musL be lully
inlormed on maLLers ol risk
and compliance. 1hey need all
relevanL inlormaLion. Board
members have zero Lolerance
lor people who won'L brinq lorLh
issues ol imporLance."
Mary Ricciardello
Board Director
Devon Energy and Noble Corporation
