Incoterms_® and Commercial Contracts

Annette Kraus
Senior Legal Counsel, Corporate Legal and Compliance, Siemens

Julia Sommer
Legal Counsel, Corporate Legal and Compliance, Siemens

A frequently heard comment is that the drafters of international conventions and national legislation have conceived anti-corruption and antitrust standards with large multinationals in mind. A similar bias would prevail in the guidance developed by business associations and non-governmental organizations. Special attention should be paid, however, to the specific circumstances of small- and medium-sized enterprises, which make up the largest part of the world’s economic output. In this Chapter, we analyze what smaller companies should do to comply with anti-corruption and antitrust provisions and what type of compliance model is most adequate to their needs.

-

COMPLIANCE, AN EVEN BIGGER CHALLENGE FOR SMALLER COMPANIES

Fighting corrupt and restrictive practices represents an immense challenge for any type of business. For companies that do not have the size and the resources of a large multinational, the challenge will be even bigger, as they have to comply with the same legal provisions as their larger counterparts and are often more exposed to corruption and competition risks, while having less human and financial resources to do so.

There is no differential treatment for smaller companies

It is often believed that, when it comes to anti-corruption or antitrust, small companies receive a special and more lenient treatment than larger ones. According to this reasoning, the legal provisions on the criminalization of corruption and the prohibition of restrictive practices would be adapted to the particular circumstances of smaller companies. This is a misperception: the legal standards on anti-corruption and antitrust are the same for everybody, large, medium, and small companies alike.

Even if you try, you will not find any differential treatment between small and large companies in the wording of the key international legal instruments against corruption described in Chapter 2 (‘The International Anti-Corruption Conventions’). It is not because a company is smaller in
[Page91:]
size that it is allowed to indulge in malpractice: the size of a company is no defense.

Which companies are we talking about?

But first, let us make sure we understand which companies we are talking about. This Chapter focuses on those companies which have reached a certain size on their national market and which are starting or have already started exporting to other markets. In some cases, they may even have begun creating subsidiaries or affiliates in neighbouring countries. They are not multinationals in the ordinary meaning of the word but are coming in contact with them and often act as their subcontractors.

Not every company has abundant resources

Small companies face a stark challenge when doing business in international markets: they often are an easy prey for solicitation attempts, being newcomers on these markets. With no or little experience in legitimately obtaining contracts overseas, they lack the economic and human weight to counter such pressures. It is clear also that smaller companies do not have the same resources as multinational companies such as Siemens to establish robust compliance systems.

Proportionality in preventive action

The prohibition of corruption and restrictive practices applies to all companies alike. However, in many jurisdictions, legislators, and regulators acknowledge that the preventive measures put in place by companies may be proportionate to their size and risks. Depending on the evaluation of the risks each company is facing, and on its size and resources, a preventive system will have to be established. This system does not have to be slavishly copied on what bigger companies are doing. It should cater for the specific needs of the company at stake.

THE RATIONALE FOR ADEQUATE COMPLIANCE STRUCTURES

Adequate compliance structures will not only help your company to prevent infringements from taking place. Often, they also will serve to mitigate detrimental legal consequences when infringements happen despite the establishment of preventive structures. Increasingly, legislators and regulators give credit to the existence of effective compliance structures when assessing the penalty to be levied on the company where such infringements occurred. The United States Federal Sentencing Guidelines¹⁵ for instance are at the forefront of this approach. For the possible mitigating effect of competition compliance programmes in the European Union, see the last paragraph (‘Do Competition Compliance Programmes have a mitigating effect?’) of Chapter 3 (‘The Global Antitrust Landscape’).

Furthermore, the national law of certain countries may allow your company to reverse its debarment from public procurement tenders, if it can show that it has established effective compliance structures and remedied the damage caused. The European Union is currently planning to enshrine a cleansing process in an upcoming new directive on public
[Page92:]
procurement. The benefits of – and requirements for – adequate compliance structures are independent of the size of the company.

Under these legal requirements, your company should, broadly speaking, ensure that infringements are prevented, detected, and remedied. Article 10 of the ICC Rules on Combating Corruption (2011) gives an extensive list of good practices (see Chapter 8, ‘The Ethics and Compliance Function and its Interface with Management, Control, and Audit’) which companies may consider adopting to ensure a proper prevention of corruption. None of these practices is mandatory, but you must bear in mind that without adequate compliance structures, your company will have an inbuilt compliance risk.

Elements of an adequate compliance structure

The linchpin of any compliance structure is adequacy. Structures and processes have to be adequate in relation to the vulnerability of a particular business to corruption and to its susceptibility to act in an anticompetitive or other illegal behaviour. As explained in Chapter 5 (‘Risk Assessment’), each company should conduct a risk assessment to understand which type of risk may arise, in which segment of its business, and in which geographical area(s).

Minimum standards

However, regardless of the specific risks to which a company is exposed, there are certain minimum elements required for a compliance system to be effective. These can be adopted by all companies and are not necessarily resource-intensive:

• First of all, the top management of the company should articulate clearly that corrupt, anticompetitive, and other illegal behaviour will not be tolerated in the company. In other words, the ‘Tone from the top’ should be clearly pro-compliance.
• In line with the ‘Tone from the top’, management should set forth explicit corporate compliance rules in writing in order to avoid misunderstandings, as well as to prevent anybody from using the excuse of not having been aware of the rules. The basic set of corporate rules should be applicable to the whole organization.
  These rules can be formulated in a generic way so that they can be applicable anywhere the company does business, despite possible differences in legal systems. Such generic rules include, for example: “Do not bribe”, “Act in accordance with applicable local law”, “Abide by the rules of fair competition”, “Make business decisions in the best interests of the company, not on the basis of your personal interest.” This will contribute to a common understanding of the compliance culture of the company and will prevent any misperception and the wrong assumption that the rules do not apply to the entity concerned.
  The Siemens AG Business Conduct Guidelines¹⁶ can serve as an example of a generic set of rules applicable to all Siemens entities worldwide. In some circumstances, you may allow local entities to go for ‘localized rules’. This means that you can have a general rule for the whole organization but may authorize local entities to add
  [Page93:]
  something specific to this rule. Such approach can be used when defining rules on gifts and hospitality or when setting requirements for business partners and suppliers. In doing so, you will allow the rule to be better attuned to local requirements and needs.
• To build an effective compliance organization, management should appoint one or several compliance officers. The explicit job responsibility of a compliance officer is to enforce compliance with legal and corporate rules. Management can thus delegate part of its responsibility for compliance issues, provided that it adequately enables compliance officers to fulfil their job requirements by vesting them with the necessary authority, reporting lines and resources. In smaller companies, the compliance officer may very well exercise this function on a half or part-time basis. He or she may be in charge solely of compliance, or perform other duties as well.
• Employees must be enabled and urged to respect corporate rules by way of communication and training. Each employee should become familiar with the rules and should be reminded of them on a regular basis. Otherwise, your company runs the risk that respect for the rules will progressively vanish. Such training does not need to be expensive. It can be combined with networking and social events within the company to boost morale and encourage employees to embrace the corporate culture.
• Management should pay attention to and investigate reports of non-compliant behaviour. Otherwise, they can hardly expect to be exonerated from liability for incidents, which are simply ‘put aside’. If you are in a smaller company, a heavy whistleblowing system may perhaps not be suitable, as communication lines will naturally be much shorter, easier, and more flexible than in a large organization. Based on the informal, trustworthy, and close relations prevailing in your company, you should therefore encourage employees to report their concerns to their direct superiors, assuring them that there will be no risk of retaliation, and providing them as much as possible with a protection of their confidentiality. Be careful though not to guarantee too much confidentiality, since this will be more difficult to achieve in a small scale business. At the end of the investigation of an allegation, a proven infringement should be appropriately sanctioned so that the rules are taken seriously.
• Finally, compliance structures have to be regularly reviewed in order to maintain their effectiveness and adequacy in view of the risks your business is facing.

The steps outlined above will contribute to the establishment of a corporate culture in your organization that prevents corruption and other illegal behaviour from taking root. Implement any further methods and means that you consider suitable for building a genuine culture of integrity. None of the elements mentioned above should be left out entirely if you want your compliance structure to be effective.

Your company’s compliance organization

There is no ‘one size fits all’ solution when it comes to designing an adequate compliance organization in a small- or medium-sized enterprise.

[Page94:]

The Board of Directors has to decide what kind of compliance organization it needs to establish and ensure an effective compliance structure.

The structure of an adequate compliance organization has to fulfil basic compliance requirements, which means that it should be capable of preventing, detecting, and remediating infringements. The following two models might be considered.

The first model establishes a separate compliance organization:

Source: Klaus Moosmayer, Compliance, Praxisleitfaden für Unternehmen, C.H. Beck Verlag, 2. edition 2012, p. 32

Here, the structure is divided into central compliance units and operational compliance functions with responsibility for the business in the home country or abroad. The Chief Compliance Officer heads both units and is therefore responsible for the whole compliance organization. The Chief Compliance Officer reports directly to the top management of the company. This may seem an ideal model, but you may find that it requires considerable personnel and financial resources. Indeed, such a model is probably more suitable for large rather than small companies. Keep in mind, however, that the division between a central functional part and a decentralized operational part may prove effective for any type of organization.

[Page95:]

The second model could be more appropriate for small- and medium-sized enterprises:

See Klaus Moosmayer, Compliance, Praxisleitfaden für Unternehmen, C.H. Beck Verlag, 2. 2012 edition, p. 33

In that model, the compliance department is responsible for preventive measures only. Responsibility for detecting and responding to non-compliant conduct lies with separate, already-existing departments such as legal, audit, finance, or human resources. A new body, called the Compliance Committee, is responsible for coordinating the compliance function. This committee consists of the Chief Compliance Officer and the heads of the other departments involved. They are responsible for the effectiveness of the compliance structure as a whole and report directly to the top management of the company.

In some scenarios, and especially in smaller organizations, it might be better not to create a separate compliance department at all, but rather to assign the various responsibilities for the compliance function to existing departments or even to designated employees with specific compliance expertise.

MITIGATING THIRD-PARTY RELATIONSHIP RISKS

As a small- or medium-sized company, you will likely need to call upon external forces to help you expand your business. Based on the experience of Siemens in this area, let’s explore some general considerations which can also apply in the context of a smaller business.

Siemens, as a multinational company, has implemented a highly differentiated compliance system consisting of tools and methods to fight non-compliant behaviour and to promote compliance worldwide. One of the tenets of this system is the creation of sustainable partnerships with ‘clean’ commercial partners. For this reason, the company holds itself, its business partners and its suppliers to the highest standard of behaviour. It does so by diligently checking the background of commercial partners and suppliers, by providing them with specific guidelines and information, and by training them.

[Page96:]

Working with business partners

When selecting third-party intermediaries, all companies should conduct a thorough, documented due diligence process designed to establish a collaborative, long-term business relationship. One adequate approach is to perform a compliance due diligence prior to the engagement of a business partner following the steps described in the Siemens brochure ‘Information for Business Partners’¹⁷. You will find in this document a wealth of information on how to select your business partners.

In addition, turn to Chapter 14 (‘Agents, Intermediaries and Other Third Parties’) to learn more about how to design your own due diligence activities not only for low-risk business relationships but also in potentially high-risk and medium-risk circumstances.

Working with suppliers

To ensure sustainability in the supply chain, suppliers should be committed to compliance standards equivalent to those required of your company. Smaller companies also benefit from having their suppliers sign compliance agreements, since companies nowadays are increasingly held responsible for the (non-compliant) behaviour of their suppliers, both legally and from a reputational point of view.

Such compliance standards could take the form of a Supplier Code of Conduct and incorporate the following compliance requirements (see for example the ‘Code of Conduct for Siemens Suppliers’¹⁸):

• Compliance with all applicable laws;
• Prohibition of corruption and bribery;
• Respect for human rights of employees;
• Prohibition of child labour;
• Health and safety of employees;
• Implementation of a management system in order to protect the environment; and
• Active steps to promote adherence among their own suppliers with the requirements of the Supplier Code of Conduct.

To secure the implementation of such requirements, agreements with suppliers should contain the following contractual clauses:

• Commitment to comply with the requirements of the Code of Conduct;
• Performance of a supplier self-assessment;
• Right of termination in the event of a serious violation of the Code of Conduct; and
• If feasible, and taking into account the size and resources of the supplier, specific sustainability audits conducted by external providers.

[Page97:]

The above measures are targeted at evaluating whether the compliance requirements are acknowledged and implemented by the supplier in order to identify and manage potential compliance risks at an early stage. Such measures also contribute to building up suppliers’ long-term skills and thus fostering long-lasting, mutually beneficial business relationships. To achieve this target, a company can also offer training courses aimed at informing the participants of the supply chain about the letter and the spirit of the compliance requirements. Siemens, for example, offers web-based training that provides guidance to smaller enterprises.

BEST PRACTICES IN THE FIELD OF COMPLIANCE

Affiliating with business federations and chambers of commerce is another way for smaller enterprises to receive information on best-practice standards in the field of compliance. There are several networks that provide guidelines and counselling with the ultimate objective of creating a level playing field.

Additional information is available via the following helpful links:

• The ICC Commission on Corporate Responsibility and Anti-corruption provides companies with a wide range of pragmatic tools to help business drive integrity in business transactions¹⁹.
• Companies determined to counter the problem of extortion and solicitation of bribes can train employees to respond appropriately to a variety of solicitations via the training toolkit Resisting Extortion and Solicitation in International Transactions (RESIST)²⁰.
• Transparency International has developed a special edition of its “Business Principles for Countering Bribery” tailored to smaller companies²¹.
• For German speakers, examples of guidelines on providing and accepting gifts and hospitality²², as well as of Codes of Conduct²³ can be found online.

Whatever the size of an enterprise, it ultimately pays to invest time and effort in preventing, detecting and responding to compliance risks and incidents.

-

[Page98:]

About the authors

Annette Kraus and Julia Sommer are lawyers in the department Compliance Legal of Siemens, which is part of the Governance function of Siemens Compliance Organization. Compliance Legal is the centre of competence within Siemens for regulatory compliance, criminal law, administrative offenses, and related proceedings (‘white-collar crime’). The department aims to prevent infringements by setting worldwide applicable policies, and to detect and investigate alleged infringements.

Mrs. Kraus is Senior Legal Counsel with particular expertise in antitrust compliance. Prior to this activity, she managed projects at Steria Mummert Consulting mainly in the field of capital market compliance in the banking area. She began her legal career at the law firm, Rotter Rechtsanwälte, where she advised and litigated in the area of securities law.

Julia Sommer, LL.M., is Legal Counsel with particular expertise in anti-corruption and anti-fraud compliance. Prior to this activity, she was counsel with the international law firm Freshfields Bruckhaus Deringer with a focus on regulatory and compliance matters.

---

---