A few years ago, Brazilian businessman Marcelo Odebrecht, the CEO and president of a multinational construction group, rubbed shoulders with the world’s elites at the Swiss resort of Davos as a “young global leader” of the World Economic Forum. Now he occupies a tiny prison cell at the provincial city of Curitiba, in Brazil, after being condemned to 19 years in jail for corruption, money laundering, and organized crime. 

Odebrecht’s fall from grace provides the most powerful illustration of a trend that points to a paradigm shift in the business culture of Latin America’s largest economy. In the past two years, authorities have deployed an anti-bribery crusade never seen before in the country, taking dozens of politicians, public officials, and business leaders to jail. It has also pressed on company’s boards the need to implement effective compliance programs in order to mitigate the risk of punishments that range from prison terms and large fines to the outright extinction of the firm. 

“The compliance sector is booming in Brazil,” said Wagner Giovannini, a consultant who was previously a compliance officer at Siemens in the country. There are two main drivers behind this trend. The first is the implementation, back in 2013, of the Clean Companies Act, an FCPA-like regulation that requires companies do everything in their power to keep employees and other stakeholders from engaging in corruption. The second is the so-called Car Wash Operation, a wide-ranging police investigation on the payment of bribes to political parties by companies that work with state-owned giant Petrobras. The investigation, led by a group of U.S.- and European-trained magistrates, has uncovered a giant network of irregularities that involved many of Brazil’s largest private and public corporations.  

Odebrecht is Car Wash’s highest-profile business casualty, but not the only one. By early August, 108 people, including dozens of company officials, had been declared guilty by the courts, amassing an aggregate jail term of 1,148 years. But the courts are also keen on reforming business practices as they punish the culprits of misbehavior. As part of plea bargaining deals with courts, companies implicated in irregularities have been ordered by judges to invest in resilient compliance structures.  

Public prosecutors and judges have been inspired by the public approval to Car Wash and have pushed ahead a number of other investigations on bribery, tax fraud, and competition issues that have been eagerly reported by the media. American companies should be aware of such developments, not the least because Brazilian public prosecutors have developed channels of communications with their peers in the United States. The latter are already negotiating their own plea bargain deals, under the FCPA, with Car Wash defendants, and the channels could remain open for future investigations. 

“Compliance is a matter of culture, and, in Brazil, it is a new concept, but I believe that the recent spate of events has been much conducive to infuse its need among Brazilian companies.” 

Rogéria Gieremeck, Senior Compliance Officer, LATAM

Multinational groups should therefore check on compliance efforts made by their subsidiaries, partners, and suppliers in Brazil, said Silvia Urquiza, a São Paulo-based lawyer and the president of Institution Compliance, a think tank. The risks of getting involved in a scandal are significant. The bribery payment has a long tradition in Brazil, especially among companies that deal with government bodies, which play a large role in the economy. Urquiza pointed out, for instance, that it is common practice in Brazil for companies to delegate negotiations with government entities to well-connected third parties, locally known as representantes comerciais. Often, they are no more than shell companies employed by intermediaries to pay bribes to officials. “Careful due diligence of partners has become a must,” Urquiza says. “There have been cases where a Google Earth search revealed that the HQ of a potential third partner was located in the middle of the jungle.” 

To make matters more serious, according to Brazilian law, companies can be liable to criminal acts committed by third parties, suppliers, and customers alike. A good screening of business is of the essence, and that includes even the local units of multinationals that have robust compliance programs abroad. “We have seen companies that have failed to “tropicalize” their compliance structures and have provided inadequate training to employees,” Urquiza says. A case in point is the use of facilitation payments, about which Brazilian law takes a much dimmer view than the FCPA. 

A thorough examination of compliance structures at business partners in Brazil could prove frustrating, though, as good practices face serious hurdles to advance in the country. “To be honest, many companies still have not grasped the real extent of the problem,” Giovannini says. A KPMG survey with 200 large and medium Brazilian companies showed that almost half of them had very incipient or no compliance structures in place. Another piece of research, just released by ICTS Protiviti, found that half of 642 companies surveyed are “extremely exposed” to corruption risks due to the low levels of maturity of their compliance structures. 


Below is an excerpt from an e-Book by Steele.
Conducting third-party due diligence involves gathering data regarding the entity and its principals. In Brazil, as part of their due diligence efforts, companies may analyze data regarding a third party’s shareholders, key management, business partnerships or affiliations, as long as that information is not private or secret and is publicly available.
As a general guide, companies may use the following types of data as long as it is publicly available:

Civil litigation and criminal complaints.

Legal judgments and other filings.

Corporate registration data.

The entity’s legal structure.

Credit, banking, and financial information.

Official records of regulatory citations or fines.

A principal’s professional reputation.

Information reported on local blogs, social media, and online forums.
Those involved in requesting and conducting third-party due diligence must understand their rights andobligations regarding the handling of PII. While Brazil’s patchwork of data privacy laws does not include a set of remedies that apply to all companies and industry sectors, in the event that a multinational violates data privacy law the courts and the Ministry of Justice may assess penalties based on the specific fact relating to the violation.
Source: Steele

The reasons for the slow progress are manifold. One of them is that many business leaders in the country cut their teeth in a wild business environment where connections and favors were much more relevant than sound practices, and punishment for corruption acts was very unlikely. It is a view that remains entrenched in some sectors of the economy, such as construction and energy. “Unfortunately, compliance is still not taken seriously by many companies, which only do what it takes to please regulatory bodies,” says Marcos Assi, a São Paulo-based consultant.  

The old saying that compliance begins from the top is another problem, as shown by the Car Wash Operation. According to the investigators, systems to pay bribery by the participants of the Petrobras cartel were managed personally by top officials. Prosecutors have learned that the managers of the Odebrecht Group even created a dedicated bribery department and purchased an Antigua-based bank to deal exclusively with their payment. “Compliance is a matter of culture, and, in Brazil, it is a new concept,” says Rogéria Gieremeck, a senior compliance officer at LATAM airline. “But I believe that the recent spate of events has been much conducive to infuse its need among Brazilian companies.” 

Other hurdles to the development of compliance look more mundane, but not less important. With Brazil going through a prolonged recession, companies are short on cash, and many are trying to implement compliance structures on tight budgets in a quest to keep regulators off their backs. “Compliance programs are not cheap, but today it is clear that it can much costlier for companies if they do not have one,” said Jefferson Kiyohara, a practice leader of Governance, Risk, and Compliance at ICTS, which represents Protiviti in Brazil. 

There is also a lack of qualified professionals in the country, which sometimes results in compliance departments being trusted to unexperienced, poorly paid graduates who command no respect from other departments of the company. Legal aspects play a role as well. Brazil is notorious for its extensive business regulation, and sometimes companies need to take into account the demands of several regulatory bodies to avoid running afoul of rules. As an example, Urquiza notes the case of a client that, years ago, uncovered irregularities by employees and decided to report them to the authorities. “We had to negotiate the plea bargaining deal with no less than 16 different government entities,” she recalls. 

Despite the difficulties, however, there are signs that companies are taking compliance more seriously and are acting on it. Ana Paula Carracedo, the head of governance, risk, and compliance at Votorantim, who is an advocate of compliance in entities such as the American Chamber in São Paulo, said that a higher number of mid-size companies is participating in seminars about the subject than they did a year ago. She also said that interest is on the rise within her company, as well. “The volume of questions made to our internal information channel about compliance has also grown significantly, as well as the sophistication of the doubts raised, which shows a higher maturity from the part of managers,” she pointed out. 

For his part, Giovannini stressed that insurers and lenders are beginning to make compliance-related demands to their clients. That includes BNDES, Brazil’s development bank, which is the country’s main source of funding for businesses. This should come as a surprise: The recent spate of scandals has highlighted the fact that companies with loose standards are more at risk of defaulting their debts, as several of the implicated went into bankruptcy or are near to going bust. In Carracedo’s view, the most urgent item on the agenda right now is the rewriting of the relationship between companies and the government. Votorantim, which has had a compliance program since 2011, enforces a policy of avoiding direct deals with government bodies, she says. But that is not an option for a large number of companies in many sectors of the economy. “In some sectors,” she says, “the weight of government relations is quite big, and departments of government relations need to restructure themselves to redefine this relationship.” 

Rodrigo Amaral is a freelance writer based in Madrid, Spain.