Enhancing anti-bribery and corruption programmes
February 2017 | FEATURE | FRAUD & CORRUPTION
Financier Worldwide Magazine
Given the regulatory pressures companies find themselves under today, they cannot afford to neglect anti-bribery and corruption requirements.
The most effective way to fight corporate corruption is to design, implement and maintain a compliance programme that promotes ethical business practices from within. However, this is often easier said than done. The uncomfortable truth is that bribery and corruption is still a blight which affects a wide spectrum of industries. In Transparency International’s latest report into global corruption, two-thirds of the 168 countries listed scored below 50 on a scale from 0 (considered highly corrupt) to 100 (considered very clean).
According to data from the International Monetary Fund, around $1.5 trillion worth of bribes change hands every year, the equivalent of around 5 percent of global GDP. But the impact of this malfeasance is not restricted to just financial cost: bribery and corruption is often linked to a laundry list of other criminal activities, including drug and human trafficking. Accordingly, companies and regulators must do more to ensure their efforts are coordinated. As criminals become more sophisticated in their methods, companies and regulators must respond. A global network of regulators working toward a common goal would go some way to reducing criminality. “This is a time of great change,” says Jonathan Armstrong, a partner at Cordery Compliance. “We are seeing an increase in enforcement and particularly in international cooperation. We are seeing new laws – like the French Sapin II law.”
Under the Sapin II law, larger firms – those with more than 500 employees and annual revenue of at least €100m – will be required to enforce a compliance programme which should include: (i) a risk assessment mechanism; (ii) a code of conduct; (iii) accounting controls; (iv) a third-party due diligence mechanism; (v) a system for internally reporting suspected wrongdoings; (vi) training for employees; (vii) a policy regarding the disciplinary actions to be taken where necessary: and (viii) a mechanism for evaluating the compliance system. For French companies that do not comply, the new anti-corruption agency (which is to be established by the new law) will have the power to impose fines and issue warnings or injunctions. Furthermore, the agency will publish its decisions, which could cause firms to suffer additional reputational damage.
Of course, Sapin II is not the only regulation with which companies must achieve compliance. Cornerstone pieces of legislation such as the UK Bribery Act and the Foreign Corrupt Practices Act (FCPA) have helped to define the fight against bribery and corruption in recent years, with more national and regional legislation coming on stream subsequently. As a result, organisations must be compliant with a litany of regulations, across a multitude of jurisdictions. Further, they must be prepared for even greater scrutiny in the future, according to Mark Surguy, a partner at Weightmans LLP. “More prosecutions, more convictions and more severe punishment is likely,” says Mr Surguy. “Individuals are going to be imprisoned for bribery and corruption. More companies are going to be named and shamed and hit with big fines. There is already an offence of failing to prevent bribery, and this offence is going to be prosecuted with greater frequency and success. It is also true, however, that companies will increasingly turn themselves in, in order to mitigate the penalties.”
In late 2016, US regulators reminded companies about the considerable benefits for any organisation willing to voluntarily report potential violations of the FCPA and cooperate with government investigations. According to both the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ), self reporting of transgressions and meaningful cooperation with the authorities could see companies incur reduced charges and penalties in the future. The Serious Fraud Office (SFO) in the UK also reminded companies of the benefits of self reporting, particularly before corporate legal teams jeopardise investigations by “plowing up the crime scene”, in the words of SFO director David Green. As Mr Green notes, companies must be careful that carrying out their own investigations do not impinge upon their ability to cooperate fully with regulators.
Though cooperation is likely to be a watchword for regulators in key jurisdictions, domestic enforcement will also be a focal point. Companies must consider the importance placed upon anti-bribery and corruption provisions at home, when designing their internal compliance functions. In the UK, the SFO’s anti-corruption enforcement efforts will likely continue to pick up steam, as will that of other regulators, says Neil Swift, a partner at Peters & Peters. “The Financial Conduct Authority’s remit in ensuring the integrity of UK financial markets includes policing bribery and corruption controls, and they have imposed heavy fines on institutions for systems failings. Internationally, the use of anonymous corporations, often used to receive corrupt payments, is very much in focus. Bribery and corruption is a real focus of law enforcement agencies around the world, and consequently regulatory action is an increasing risk for companies,” he says.
With regulatory efforts continuing at pace, compliance programmes must be fit for purpose. Organisations must take anti-bribery and corruption legislation into consideration, as failure to do so could have drastic consequences. So what should companies do to improve their programmes? “It all starts with the people,” says Erica Salmon Byrne, executive vice president of governance and compliance for The Ethisphere Institute. “Who is managing your anti-bribery and corruption programme? Do they understand the business so they can write policies and implement training that makes sense? And are your incentives aligned so that you are not undermining your programmes? That is a starting point.” Companies need to institute comprehensive anti-bribery provisions, as well as accounting and internal audit requirements, designed to establish and maintain adequate compliance procedures.
The board of directors and the C-suite must take a participatory role in designing and implementing anti-bribery and corruption programmes. Furthermore, companies must fully understand their compliance provisions. Where anti-bribery programmes are found to be wanting, those deficiencies must be acknowledged and addressed. It is better that companies identify and rectify those issues, rather than allow regulators to do the same further down the line.
“There has to be leadership from the top of the company,” says Mr Surguy. “A tick-box approach to so-called compliance will not work either. Nor will bringing in the lawyers for a lunchtime seminar. There has to be a proper and ongoing risk evaluation and clear efforts to understand and mitigate the risks. There has to be a more open culture and recognition that for the most part the standards of the Western world are different to the standards of the rest of the world when it comes to business practice. There needs to be more and better training. Businesses should consider having their programmes independently audited. The first thing any criminal investigator will do when investigating a business is ask to see evidence of the programme so it needs to be documented. Do not become complacent: check on people and speak up if something seems wrong. Take advice on your obligations and consult specialists who really do know what they are talking about and not self-styled consultants who have no real understanding of the law, the sector and business culture.”
Training programmes should reflect the company’s attitude toward risk and reinforce its stance against bribery and corruption. Training is the first line of defence against criminality and should be treated as such. However, it should also reflect the legislative and regulatory requirements of the jurisdiction in which the training is taking place. Individual staff requirements must also be factored in. Training must reflect the individual’s role in the organisation and should be appropriate for both their responsibilities and skill set.
Beyond internal programmes, it is equally important that bribery and corruption not be allowed to bleed into organisations via external agents. Third parties have a key role to play in diminishing the impact of bribery and corruption, including from a financial perspective. “A lot of what companies can do depends on the third parties they use. Sharing the burden with the sales chain or the supply chain need not have a great financial impact but could solve many of the problems,” says Mr Armstrong. “Companies ought to look at compliance holistically – for example, the same agents who are a bribery risk may also be a slavery risk and a sanctions risk. Be clear what you expect from those you do business with.” Managing third-party bribery and corruption risks must be a priority. According to the OECD, working with third parties presents the single largest corruption risk to companies.
Companies that are able to view the bigger picture of their compliance programmes may avoid costly fines in the long run. A key part of this holistic approach to overall compliance management should take in other companies operating within particular industries or jurisdictions. “Make sure you have taken the time to check out your peers, and define peers broadly, by industry, global reach, employee size and revenue,” says Ms Byrne. “Start with your risks too as you look at the programme; make sure you are focusing your resources on your biggest risks. Last, leverage technology effectively. You can do a lot with automated systems and with surveys to help target your initiatives.”
Implementing effective anti-bribery and corruption compliance programmes can be an expensive process, particularly when companies utilise technology. It is, however, ultimately cheaper than the alternative of incurring fines and other sanctions. In November, it was announced that JP Morgan agreed to a pay a $264m fine to the SEC and the DOJ for breaching bribery laws. It is not alone. “Barclays were fined £72m by the FCA for failing to handle the financial crime risks posed by business with certain politically exposed persons. As part of their DPA, XYZ paid a fine and disgorgement of profit of £6.5m for failing to prevent bribery. Having pleaded guilty to failing to prevent bribery, Sweett Group paid a fine, confiscation and costs of over £2.3m. All will have paid their own substantial legal costs. In comparison, the cost of regulatory compliance is inconsequential,” says Mr Swift.
Anti-bribery and corruption compliance cannot be viewed as optional. These are not relics from a bygone era, nor are they practices that only go on behind the closed doors of competitor firms or in countries with more immature regulatory provisions.
Companies must be aware of the changing nature of the regulatory landscape in the US. The outlook for FCPA enforcement is increasingly complicated. The election of Donald Trump has created significant question marks around the future of the FCPA, and though any changes in enforcement may take some time to materialise, his dislike of the Act has been well documented.
Regardless of political developments in the US, bribery and corruption will continue to affect companies across a spectrum of industries and jurisdictions. Companies should implement and develop their anti-bribery and corruption protections with care and fervour, evolving them as new risks are identified and as regulatory and legislative developments unfold.
© Financier Worldwide