QUESTION ONE – When representing a client with significant business activities in foreign jurisdictions, what are some key risk-related concerns that arise in a cross-border context and how can a parent company minimise such risk?
When advising companies dealing with significant business activities in a foreign jurisdiction, we find it helpful to assess risk in terms of the following four broad categories:
- First, the risks related to doing business in the particular foreign jurisdiction – i.e. not just local or international political or business risk, but also industry-specific or jurisdiction-specific risks. For example, attitudes to the regulation of certain industries such as alcobev, may vary from country to country. Similarly, when doing business in a foreign jurisdiction it is important to understand the regime for dispute settlement not just in the realm of private party disputes, but also in terms of approaches to and implications of disputes with local regulatory or revenue authorities.
- Second, risks related to compliance with local laws – particularly on issues related to foreign investment regulation, privacy and data protection, employment, labour and social security laws, environment health and safety, exchange control regulations, and general corporate and business compliance requirements.
- Third, risks related to compliance with the laws in the parent company’s own jurisdiction, including cross-border tax regulations on issues related to transfer pricing, and anti-avoidance measures, laws regulating foreign corrupt practices and laws on privacy and data protection.
- Fourth, risks related to compliance with the parent company’s own business conduct and ethics policies.
While the first step towards minimising risk is identifying the nature of the risk, it is not the only step. Putting in place a system for obtaining regular updates on developments from local business partners and engaging local counsel to help anticipate and address risks before they arise are important too. Finally, despite technological advances, the importance of visiting the foreign jurisdiction to understand the realities on the ground first-hand cannot be overemphasised.
QUESTION TWO – What degree of control should a parent company have over its overseas subsidiaries? How does the degree of control impact the risk exposure level, and how can control issues be managed to minimise liability?
While one often hears requests from foreign investors that they require complete control of the international subsidiary, such an approach can be counterproductive. In our experience, no matter where one operates, nobody understands local business better than the locals. However, this does not mean that local partners should be given an uncontrolled hand when it comes to managing risk. For instance, the foreign parent company’s own regulatory and business conduct requirements might trigger liability if the parent cannot demonstrate that it has exercised due care in relation to the subsidiary’s operations.
As a result, a risk-based approach to control could help balance the needs between necessary parent company oversight and leveraging local experience. Under such an approach, parent company control should be maximised when dealing with risks related to compliance with laws in the parent company’s own jurisdiction and business conduct and ethics policies. On the other hand, deference to local expertise would be beneficial in dealing with risks related to doing business in particular foreign jurisdiction and with risks related to compliance with local laws.
However, just relying on an allocation of risk-based controls is often not enough. Parent companies also need to invest in training and continuous dialogue to build a culture of compliance and develop an awareness of local and international risk among the subsidiary company’s employees and contractors.
QUESTION THREE – What constitutes the right balance between risk and liability for a company and its overseas subsidiary? What examples can you give?
Initially, most jurisdictions recognised parent companies and their subsidiaries as distinct entities, including for purposes of determining liability. However, that situation has changed over the past 40 years, and it would be most unwise to manage risk on the assumption that a parent entity cannot be made liable for actions involving its subsidiary.
The liability imposed on the US parent entity for the Bhopal Gas leak tragedy in the 1980s was perhaps one of the earliest instances where a parent company (and its officers) were sought to be made liable for a devastating industrial tragedy involving a subsidiary company. Subsequently, parent company liability has also been recognised in cases involving foreign corrupt practices laws and laws targeted to address money laundering, terrorist financing and the enforcement of international sanctions regimes. Most recently, liability in relation to the handling of data privacy appears to be another area where the potential of parent company liability could arise in relation to the actions of a subsidiary.
Key considerations for multinationals operating in highrisk industries and jurisdictions:
- Exercise supervision over the local subsidiary, but leverage local expertise to address and manage local business and political risk and ensure compliance with local laws.
- Use regular calls and reports, supplemented with sector-specific internal audits, to ensure effective oversight of issues that could affect compliance with laws in the parent company’s own jurisdiction or policies on business conduct and ethics
- Invest in training to build a culture of compliance and develop an awareness of local and international risk among the subsidiary company’s employees and contractors
- Only showcase local business success if it was achieved without sacrificing compliance.
If you would like to read the full publication, please click here.
