In conversation with: Kevin Harnisch and Paul Sumilas
In this article, we profile two of our US colleagues who have extensive experience conducting investigations and dealing with compliance issues, particularly those involving the Foreign Corrupt Practices Act (FCPA). Kevin Harnisch previously worked in the Enforcement Division of the US Securities and Exchange Commission (SEC) and was Branch Chief in Washington DC. Paul Sumilas who was based in Washington DC, and is relocating to Singapore, has assisted corporate and individual clients appearing before regulators and enforcement agencies like the US Department of Justice (DOJ), the US Federal Reserve, the UK Serious Fraud Office, the UK Financial Conduct Authority, the Indonesia Corruption Eradication Commission (KPK) and the Hong Kong Independent Commission Against Corruption (ICAC).
Tell us about your experiences of working on matters arising in Asia?
Kevin Harnisch: I have had the opportunity to work on a variety of matters involving operations in Asia, many of them related to China. In addition to FCPA investigations and due diligence projects, I have represented clients in SEC investigations regarding financial reporting, SEC and DOJ investigations regarding insider trading, and multi-agency investigations regarding potential manipulation of securities and futures contracts.
Paul Sumilas: Luckily, my work has taken me all around Asia, including investigations involving China, Hong Kong, Singapore, Japan, Thailand, Indonesia, and South Korea. These matters have included internal investigations, government investigations in front of the DOJ and SEC as well as local Asian regulators like the ICAC, and compliance advice for multinationals attempting to mitigate risk.
For US-based businesses, what are the attractions and challenges of doing business in Asia-Pacific?
Kevin Harnisch: For many types of US-based businesses, the Asia-Pacific area continues to be a growth area. While many countries in the region have some challenging regulatory regimes, US businesses have become increasingly knowledgeable about how to assess risk in emerging markets. As a result, companies are more willing to consider an even wider array of potential business opportunities in new markets.
Paul Sumilas: Our clients see many opportunities in Asia, whether it be a new customer base, cheaper natural resources, or as a cost-cutting measure. US companies sometimes struggle with making that initial foray into certain markets and finding the right local partners. Our clients have found that in certain Asia-Pacific markets, knowing the right people is often a key factor in being successful. US companies have to get comfortable that they are working with the right local partners who are not creating additional risk for the company.
From a US regulatory perspective what are the key risks for businesses operating in Asia-Pacific?
Kevin Harnisch: The use of third parties, whether as consultants, service providers or joint venture partners, is a continuing theme in FCPA investigations. The SEC, in particular, is using hospitality as a means for pursuing publicly traded companies on books and records and internal controls grounds, even in the absence of definitive proof of bribery. Appropriate risk-based due diligence continues to be a must. Anti-money laundering, market manipulation, and how financial institutions detect and prevent those activities are other current hot topics with US regulators.
Paul Sumilas: We have seen companies struggle with the gift-giving culture in certain Asia-Pacific countries. In a number of recent settlements involving Asia, the alleged bribes were often extravagant and luxurious gifts, travel, and/or entertainment. While the DOJ and SEC do not intend to restrict all business courtesies, companies must clearly draw the line of what types gifts and entertainment are acceptable and what creates the appearance of impropriety that can lead to government scrutiny.
Do you have a sense of the sectors which are under particular scrutiny by US regulators?
Kevin Harnisch: Companies operating in the mining and extractive sectors, construction and pharmaceuticals and life sciences face continuing challenges in this area.
Paul Sumilas: Financial services companies should also be aware of increased US scrutiny in a variety of areas, including anti-corruption, money laundering, and antitrust/cartel-like activities, as seen in the recent LIBOR cases.
Are the US regulators working closely with their counterparts across Asia-Pacific?
Kevin Harnisch: International regulatory cooperation is real and commonplace. While the cooperation framework may be more developed in other parts of the world, it is improving significantly in Asia-Pacific. As a practical matter, when assessing how to proceed with an anti-corruption matter, businesses should have a plan for dealing with regulators in each of the relevant countries. It is rarely safe to assume that the DOJ or SEC will not contact their foreign counterparts (or vice-versa).
Paul Sumilas: Absolutely. During a recent matter in Indonesia, we were explicitly told by the DOJ that it had been working with the KPK and training its overseas colleagues on common investigatory methods in the United States, including the use of undercover operations. We have seen cross-border cooperation in other Asia jurisdictions as well. Companies should know that a disclosure in one jurisdiction will likely lead to information being shared with other relevant regulators.
When corruption and other issues arise, what are the key “crisis management” tips which will facilitate the most effective initial risk management response?
Kevin Harnisch: Clear, rational thinking is at a premium. Address how to scope the issue, preserve and gather relevant information, assess whether the issue is on-going and if so, how to stop it. A “crisis response” protocol provides a valuable checklist of priority items to address and who to contact. Trying to do those things ‘on the fly’ is difficult and risks things being overlooked.
Paul Sumilas: Having a protocol in place to handle crisis situations and training the appropriate personnel about that protocol is critical. For example, when a company receives a subpoena or request for information from a regulator, key personnel should know who to contact and how to undertake those initial steps noted above such as preserving evidence and creating an internal communication plan.
What are the critical elements of a successful investigation?
Kevin Harnisch: Critical aspects of a successful investigation include properly scoping the matter, while considering whether changes need to be made as new information is learned; keeping potentially conflicted individuals out of the decision-making and oversight functions; remediating any damage; assessing how any improper conduct occurred and enhancing the company’s control structure to prevent such issues from recurring; and carefully assessing disclosure issues. It is in the company’s best interest to use experienced counsel when conducting such investigations.
Paul Sumilas: Strategies for an effective investigation include continuous assessment of the scope and end goals of an investigation and constant communication between the internal team and any external third parties assisting with the investigation. Making sure that everyone is on the same page is critical in an investigation
How do organisations develop and embed effective compliance programmes which reflect US and global expectations as well as local differences and customs across Asia-Pacific?
KH: Each company is different and there is no one-size-fits-all approach. Each compliance program should be tailored to the risks of the business, including geographic and industry risks, and resources should be deployed accordingly. It is important to demonstrate commitment from the top levels of the organization.
Paul Sumilas: Getting buy-in from local managers, including having them conduct compliance training, can often help bridge the gap between the US/global expectations and local cultural issues. We have worked with clients who have effectively used local managers to drive the compliance program, rather than only having compliance lawyers from the US or headquarters parachute into locations once a year for a day of training. While such training may still be necessary, effective compliance programs should also have managers who demonstrate the importance of compliance on a daily basis.
You both joined Norton Rose Fulbright from other organizations: what attracted you to the firm?
Kevin Harnisch: I was attracted to Norton Rose Fulbright because of its reputation around the world for providing sophisticated and connected services to its clients globally. That type of global reach has become increasingly important for clients.
Paul Sumilas: I was struck by, and continue to be struck by, the cross-office integration. I have had the pleasure of working with colleagues in nearly every US office and in a number of our non-US offices, including Singapore, Hong Kong, Tokyo, Shanghai, Beijing, Jakarta, Bangkok, and Sydney. And this global approach has led to the opportunity for me to move from the Washington, DC office to the Singapore office this year to expand on those relationships.
You have had different but complementary professional careers – tell us about your backgrounds and how that fits at Norton Rose Fulbright
Kevin Harnisch: I began my career in the Enforcement Division of the SEC in Washington, DC where I became a Branch Chief. I conducted numerous types of investigations involving issues such as the FCPA, accounting fraud, municipal bond issues, market manipulation, and insider trading. For the past 17 years I have been in private practice doing many of the same types of cases but representing clients on the other side of the table from the government.
Paul Sumilas: I have been in private practice since graduating from law school. Because of this, I have an understanding of the type of work that lawyers at all levels within the firm perform on a compliance matter or in an investigation.
How will latest changes to Volcker Rule affect non-US banks?
Kathleen A. Scott discusses the final Volcker Rule, focusing on some of the issues raised by non-US banks in their comments.