On Wednesday October 21 2020, Kylie Porter, Executive Director of the United Nations Global Compact Network Australia (GCNA), said “We know that corruption is a significant obstacle to economic and social development globally, and disproportionately affects poor communities.” Her comments were made when announcing the launch of a new Bribery Prevention Network in Australia.
She also said that the Bribery Prevention Network will help businesses “reduce the risk of facing high ethical and operational risks and associated costs, whilst protecting their own business, the interests of their stakeholders and society as a whole.”
While these are accurate statements, it’s also worthwhile noting another significant benefit; and that is, the efficiency gains that will be realized when businesses start to look at risks across their organization in a more detailed manner. As the U.S. Department of Justice (DOJ) states on page 15, paragraph two, of their Evaluation of Corporate Compliance Programs, “One hallmark of an effective compliance program is its capacity to improve and evolve”.
One hallmark of an effective compliance program is its capacity to improve and evolve
The DOJ also says “The actual implementation of controls in practice will necessarily reveal areas of risk and potential adjustment.”
Therefore, all businesses should view the learnings from their compliance effort as an opportunity to improve their risk identification processes and internal controls, in every aspect and corporate function. Most large businesses do this on a regular basis, or should, as part of their Enterprise Risk Assessment exercise. They learn from their successes and failures.
So, how did BHP “improve and evolve” after the corporation was accused of not adopting sufficient internal controls in early 2015?
How did BHP Apply Learnings from its FCPA Charges to Samarco?
On May 20, 2015, and just over five months before the Samarco Mine disaster in Brazil, the U.S. Securities and Exchange Commission (SEC) charged BHP with violations of the Foreign Corrupt Practices Act, associated with invitations that the company gave to 176 government officials and employees of state-owned enterprises to attend the 2008 Beijing Olympics in China.
In its press release, the SEC claimed that “BHP Billiton recognized that inviting government officials to the Olympics created a heightened risk of violating anti-corruption laws, yet the company failed to implement sufficient internal controls to address that heightened risk.”
One would expect, given the significance of the SEC charges and the size of the penalty, that BHP would have taken the learnings from this event and immediately looked at how to improve its overall risk assessment process within the corporation and its Joint Ventures (JV). In fact, Sir Andrew Mackenzie, CEO of BHP Billiton at the time, said “Our company has learned from this experience and is better and stronger as a result”.
Sir Mackenzie’s admission was not unlike that of Charles Goodyear, former BHP CEO, who said in November of 2006, on the heels of an investigation into BHP’s alleged involvement in the Iraq oil-for-food scandal, that “the company would strengthen its rules for dealing with what he described as ‘risky’ and ‘difficult’ countries.”
We must assume that BHP was aware of the SEC’s concerns regarding the lack of internal controls back on August 16, 2013, when the company reported that “As a part of the U.S. process, the SEC and DOJ have recently notified the Group of the issues they consider could form the basis of enforcement actions and discussions are continuing,”.
The August 16, 2013 announcement was just over two years before the Samarco mine disaster occurred at the BHP-Vale JV in Brazil, where the catastrophic release of approximately 40 million cubic meters of tailings killed 19 people and contaminated approximately 668 kilometers of river. It was also around the same time that The Instituto Pristino issued a report, which warned of structural design flaws that could lead to a tailings dam failure at the Samarco Mine.
Later, in approximately February of 2015, the JV conducted a worst case risk assessment where they predicted the outcome of a tailings release and the potential devastation that may occur.
So, approximately 5-24 months before the incident at the Samarco tailings dam, BHP and its management representatives on the Samarco Board were aware of the following:
- BHP had inadequate controls to address a heightened risk (Olympic Games in China), which resulted in significant reputational damage to the company;
- The Instituto Pristino had warned of potential structural design flaws that could cause a catastrophic release of tailings from Samarco, which may kill members of the downstream community;
- A Samarco worst-case risk assessment, conducted six months before the tailings dam breach at Samarco, concluded that there would be a loss of life in the downstream community, if there was a worst-case tailings release; and,
- The fiduciary responsibilities of the Samarco JV directors, whether from Brazil, Australia or the U.S., required the Samarco Board to consider other external factors that might impact the value of the company (such as a catastrophic release of tailings).
Granted, BHP is a resource company, but evolution, when it comes to developing appropriate internal controls, should not follow the geologic time scale. Some corrective actions need to be initiated quickly, and 5-24 months seems excruciatingly long.
Evolution should occur quickly and not follow the geologic time scale. There should be a sense of urgency to learn and improve
In reviewing this, we should not forget the effort undertaken by BHP to better understand the risk posed to communities as a result of tailings dams. However, this was after the fact and stakeholders expect vigorous foresight, not hindsight, from operators in high-risk industries.
Also, stakeholders expect corporations to have the appropriate wisdom and patience to learn from previous failures, like the findings from the SEC investigation and the Samarco tragedy, and implement appropriate controls (adjustments) across the organization to prevent future mishaps.
Destroying 15,000-Year-Old Aboriginal Sites
Well, as the prison guard said in the 1967 movie, Cool Hand Luke, “What we’ve got here is failure to communicate. Some men, you just can’t reach.”
This appears to be the problem at BHP. The learnings from previous scandals and catastrophes apparently don’t reach the senior executives or board members responsible for risk identification. Or, if they do, they are ignored.
In June of 2020 it was reported that BHP was about to destroy 40 Aboriginal sites in Western Australia as part of an expansion to an iron-ore mining project. While the company insisted that it was given approval from the Western Australian Government to destroy the sites, it halted its plans as a result of the uproar created when Rio Tinto blasted two 46,000-Year-Old indigenous sites in May of 2020.
Approval to do something does not necessarily make it right, and may actually be counter to the fiduciary responsibilities of company directors. Likewise, some corporations take a more conservative approach in jurisdictions where regulations don’t exist or a poorly enforced.
BHP faced this same issue over a decade ago when it decided to develop and implement its Fatal Risk Controls (focused on employee safety) at its mining operations world-wide.
After evaluating the situation at a corporate level, BHP determined that, while some jurisdictions may not have detailed regulations around working at height and permit to work, for example, it would implement detailed controls, world-wide, around seven key areas of employee safety.
So, BHP decided that its rules would be followed, at a minimum, in order to ensure the safety of employees, especially in jurisdictions that did not regulate the activity. It was the right thing to do.
Preventing employee injuries worldwide was important, but blowing up a 15,000-year-old cultural heritage site was ok?
Someone within BHP’s management team should have realized the significant risk to the company’s reputation, host communities and investors if it was to destroy a 15,000-year-old Aboriginal site. It’s not rocket science and a decision to pull the plug should have been made a lot sooner, and well before external pressure was applied.
There is a common theme with the significant reputational events discussed above. All were identified by external parties or forces. Had the events not come to the attention of the public or investors, there is every likelihood that they would have gone unnoticed.
As Adele Ferguson stated on September 12, 2020, “We are now operating in a world where trust has been broken and communities will no longer put up with companies that operate in the dark and feast on opacity.”
Zero accountability creates a culture of arrogance and impunity, which is dangerous for any company. In such an environment it is difficult for a corporation to “reduce the risk of facing high ethical and operational risks and associated costs, whilst protecting their own business, the interests of their stakeholders and society as a whole.”
Also, given the frequency and severity of the events, BHP doesn’t appear to be improving and evolving, which is the “hallmark of an effective compliance program”. It appears to have the same “check-the-box” approach to risk mitigation, which the U.S. SEC faulted it for in May of 2015.
Zero accountability creates a culture of arrogance and impunity