Doug Tymkiw, Allison Plaisance, andWarren Breaux,Ernst & Young LLP, New Orleans
In response to the financial crisis, governments across much of the world are adopting measures designed to enhance corporate governance, including the management of risk and compliance. With changes looming, the oil and gas industry should re-examine its risks, looking at current operations, future projects, and corporate social responsibility practices. Effectively managing risks is vital, not only to short-term profitability but also to long-term sustainability.
One key area of focus for policy reforms of oil and gas companies is enhancing compliance and risk management. This includes how management and the boards of public companies could and should work better in the interests of their customers, employees, shareholders, and other key stakeholders. Policymakers are taking proactive steps to advise companies on what needs to change as well as increasing their emphasis on enforcement.
Below is a listing of new and pending requirements for oil and gas companies.
United Kingdom Bribery Act 2010
Passed in April 2010, the United Kingdom Bribery Act gives the UK the power to penalize companies based on the actions of individuals or company representatives, if those individuals or company representatives are found guilty of bribing either government officials or government-run organizations. Oil and gas companies operating in the UK should be aware that the act allows companies to defend themselves against unauthorized actions if the company can prove that it had adequate procedures in place to prevent such conduct. The Bribery Act also allows for additional guidance to be added by the Secretary of State based on what constitutes adequate procedures.
Recent US legislative actions
The US Congress is reviewing several actions that would result in more compliance and oversight of US corporations.
- The Dodd-Frank Wall Street Reform and Consumer Protection Act imposes new compliance requirements on oil and gas companies concerning the reporting of payments to foreign governments. Section 1504 — Disclosure of Payments by Resources Extraction Issuers requires disclosures for payments relating to commercial development of oil, natural gas or minerals, and includes activities of extraction, processing, exporting, and even obtaining a license for these activities.
- In other developments, the Minerals Management Service, which was renamed as the Bureau of Ocean Energy Management, Regulation, and Enforcement within the Department of the Interior, is now comprised of two major programs, the Offshore Energy and Minerals Management and the Minerals Revenue Management. Additional legislation that would affect oil and gas companies operating domestically is under consideration, including measures that would increase safety and environmental compliance requirements as well as the civil penalties and fines levied for violations of various environmental laws. Companies will have to continue to monitor legislation to follow these and other proposed changes as they develop.
United States Sentencing Guidelines (USSG)
Chapter 8 of the USSG is aimed at strengthening the compliance programs of companies operating under US laws. The US government amended the USSG in April 2010. The proposed changes, effective Nov. 1, 2010, give guidance to companies on the reporting structure of a company's compliance program, self-reporting and cooperating with authorities as well as remediation and communication efforts to employees.
Regulatory penalties
US government and regulatory agencies are also using fines, disgorgement, and other penalties to entice companies to focus on governance and compliance. In recent months, agencies such as the Federal Energy Regulatory Commission (FERC), the Department of Justice (DOJ), the Environmental Protection Agency (EPA), and the Occupational Safety and Health Administration (OSHA) have been imposing fines for various violations including falsifying information, Foreign Corrupt Practices Act (FCPA) violations, pollution, inspection violations, etc.
So, what are companies doing?
Setting a company's compliance program in the context of strategy
Boards and management need to set their company's tolerance for risk and ensure they structure an effective compliance program so that it is reflected in the company's operations, including appropriate controls documentation and monitoring procedures to manage risks. More companies are establishing compliance departments with senior-level executives responsible for designing the overall program and business units implementing the compliance responsibilities.
- Compliance risk assessment. A foundational element of an effective compliance and ethics program, and a core piece of enterprise risk management, is a dedicated assessment of compliance risks based on established criteria. A compliance risk assessment can be performed on either a stand-alone basis or in coordination with an enterprise-wide risk management process.
- Information access and flow. Board members should be provided, on an on-going and timely basis, detailed information on the full spectrum of risks faced by the companies they oversee. They should receive regular reports concerning identified risks, compliance and performance issues, and should also have the ability to obtain information from external sources, as necessary.
- Monitoring of key compliance areas. Based on their risk profile and key strategic operations, companies are performing internal audits of individual compliance programs as a subset of their overall compliance management structure. These audits can help management and the board assess how they carry out their responsibilities and interact with management, external stakeholders, and manage their most significant risks. Companies can use compliance personnel or external consultants to help them measure their effectiveness and alternate between internal resources and external consultants to provide a level of objectivity.
- Increased focus on due diligence. In today's economic environment, oil and gas companies seeking to grow internationally through acquisitions can no longer limit their due diligence procedures to the areas of accounting, human resources, operational, or information technology. The US Department of Justice has been vigilant in assessing these acquisitions for potential FCPA violations by the acquired company. Failure to identify and report potential violations can result in fines or sanctions for actions taken by the acquired company prior to the acquisition. Effective FCPA due diligence through analyzing the acquired company's books and records can reduce the risk inherent in acquiring a company with international operations. It is the responsibility of the board and management to conduct due diligence procedures with respect to several key areas of operations including, but not limited to, contact with foreign government officials/representatives, contact with agents/sponsors, vendor contracts and background checks, disbursements, expense reporting, petty cash and general ledger activity.
Board responsibilities
An effective board develops the policies, processes, and procedures necessary to carry out its responsibilities, including oversight of strategic planning, crisis management, and shareholder communication. This sets the foundation for good corporate governance and sound risk management. Well-governed companies are better positioned to identify and manage significant risks. They are therefore more likely to operate effectively, driving long-term value.
Board members cannot do it all themselves. They are increasingly providing guidance to executives and forming committees to oversee the important aspects of their governance responsibilities as has traditionally been the case with audit and compensation committees. Boards are also forming risk and compliance committees because of the increasing focus of regulatory agencies and market risks affecting their companies.
In conclusion, boards can stay ahead of the regulatory enforcement curve by having compliance personnel implement or improve their organization's internal compliance, anti-bribery, and corruption policies. Board members should also approve policies and guidelines that are proactive and call for self-monitoring and reporting rather than reactive policies.
The views expressed herein are those of the authors and do not necessarily reflect the views of Ernst & Young LLP.
About the authors
Douglas Tymkiw is a partner with Ernst & Young LLP in the firm's Fraud Investigation and Dispute Services group; Allison Plaisance is a manager in the Fraud Investigation and Dispute Service group; and Warren Breaux also is a manager in the Fraud Investigation and Dispute Services group. All three are based in New Orleans. Tymkiw has more than 19 years' experience in advisory services focused on energy companies. He has advised on compliance programs, monitoring of compliance activities, FERC investigations, regulatory investigations, risk assessments, and contractual disputes. Plaisance has 10 years' experience performing and managing an array of projects in public accounting, federal income tax issues for businesses, compliance and regulatory matters, and litigation advisory services. Breaux has more than 10 years of energy industry experience. He has spent the last six years at the firm helping clients with conflict resolution, including compliance, regulatory matters, investigations, financial statement analysis, and damages analysis.
More Oil & Gas Financial Journal Current Issue Articles
More Oil & Gas Financial Journal Archives Issue Articles
View Oil and Gas Articles on PennEnergy.com
