Last month Russia joined the Anti-Bribery Convention of the Organization for Economic Cooperation and Development. The move is the latest indication that countries are beefing up their anti-corruption laws. Multinational companies are under more scrutiny from more countries than ever before, prompting many to review their practices in the area.
But just what distinguishes a best-in-class anti-corruption compliance program from all the rest?
According to compliance and legal experts, the most effective and efficient anti-corruption programs typically have five elements in common: a risk assessment, one global set of standards, wise use of technology, a strong tone at the top, and constant monitoring of effectiveness. Companies that incorporate these characteristics will go a long way toward reducing corruption risks
Anti-corruption risk assessment. A comprehensive anti-corruption risk assessment, tailored to the company's specific industry, geography, and its customers, is a fundamental starting point. “Anti-corruption risk assessments are paramount to the success of any anti-corruption program, because until you truly know what the risks are to the business, there is no way you can build a program to effectively mitigate them,” says Bill Pollard, a partner in Deloitte's Foreign Corrupt Practices Act consulting practice.
Any company can follow the U.S. Sentencing Guidelines or similar guidance to build the elements of a generic anti-corruption program, so long as they can answer the following question: “What are the specific risks you're trying to build the program around to mitigate?” says Pollard. “That's not something companies always seem to start with.”
FCPA experts say that building an anti-corruption program without a clear understanding of the risks can lead to a lot of wheel-spinning. “Unless a program is thoughtfully designed for the way a company does business in its market with its specific customers, than it's just not going to work as well as it could,” says Dick Cassin of Cassin Law and author of The FCPA Blog.
So how does one perform an anti-corruption risk assessment? For multinational companies, in particular, one of the primary influences on corruption risk is the type and extent of interaction with government officials. Compliance officers can gauge a company's corruption risk in part by assessing the level of exposure in countries with especially high levels of corruption.
• What countries do we conduct business in where corruption levels are above average?
• What third parties do we do business with?
• How is that business conducted?
• How do we make payments related to that third party?
• What due diligence have we performed on third parties, particular in high-risk areas?
• What kind of training have we provided on anti-corruption?
Another characteristic of effective anti-corruption programs is coordination among business units, including legal, compliance, audit, human resources, IT, accounting, and finance, as well as sales and marketing. The chief compliance officer at the corporate headquarters also should have a strong working relationship with compliance officers in countries with high corruption risks.
An effective risk assessment “flows naturally into a program roadmap not just for where you're spending time, but where you need budget resources,” says Howard Sklar, former global trade and anti-corruption strategist with Hewlett-Packard and now senior counsel for Recommind. A solid program roadmap also allows the company to easily adapt to new risks caused by expanding into a new geography, launching a new product, or building a new facility, Sklar adds.
One set of global standards. With so many anti-corruption laws—the most prominent being the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act—each of which allows for various tolerance in risk, the most effective policies and procedures are those that follow a global standard for compliance. Compliance officers at companies that do this most effectively frame their policies and procedures around the common features shared by all anti-corruption regulations, rather than tailoring them to specific laws. Typically, companies want to hew to the highest common denominator, or the toughest standards of all the laws.
Cassin reminds companies that policies and procedures should cover all relevant risks, including political and charitable contributions, gifts and hospitality, promotional expenses, and controls around facilitation payments. Training on these policies and procedures also is a major component of rolling out anti-corruption corporate policies.
“Unless a program is thoughtfully designed for the way a company does business in its market with its specific customers, than it's just not going to work as well as it could.”
—Dick Cassin,
Founder,
Cassin Law
Leverage technology. Too many times, companies list anti-corruption as a top risk, “but don't then treat it as a top risk in terms of budget and resources, and that's a big problem,” Sklar says.
Companies with effective anti-corruption programs provide a healthy budget for technologies that enable for greater efficiencies. Some automation tools, for example, offer continuous monitoring of unusual transactions or payments.
But you don't have to spend a fortune to use technology to beef up anti-corruption practices. Many effective tools are likely already in use by many companies for other purposes. Sklar says he is a fan of using pre-existing technology to meet anti-corruption objectives. He offers an example of using an internal OFAC screening tool, which allows screening for Politically Exposed Persons (PEP), as a substitute for screening government officials. By using PEP screening to also screen the vendors list involves “zero increment in cost, but significant increase in risk mitigation,” he says.
Tone-at-the-top. You've likely grown tired of the “tone at the top” refrain. But for many companies, that's all it is: a line. To build a corporate culture intolerant of corruption means that senior management must consistently demonstrate their commitment to a corporate culture of integrity and a zero tolerance approach to corruption. That includes how senior management holds individuals accountable for wrongful actions.
“At OfficeMax, one of our most absolute values is integrity. It is the backbone of our relationships and the basis on which we make business decisions,” says Ravi Saligram, president and CEO of OfficeMax, in a statement announcing OfficeMax's selection as one of the World's Most Ethical Companies by the Ethisphere Institute.
The CEO's commitment to integrity also can't be overshadowed by putting business factors, such as profitability, ahead of a commitment to ethical behavior. For example, if the CEO says he or she expects all employees to act with integrity, and yet only measures sales team performance on how much they sell, the CEO is sending an inconsistent message, Sklar says.
The most effective anti-corruption programs embrace an ethical culture that is “woven into the fabric of the company,” says Cassin. Whether it regards marketing and sales practices, product promotion, or agent selection, all employees should buy into and be aware of an anti-corruption culture.
They also get the word out to the entire organization with constant and consistent messaging. “Through annual ethics and legal compliance training and regular communications from leadership, every individual at our company knows about the importance of doing the right thing, the right way, for the right reasons, every time,” says Gary Chadick, general counsel and secretary of Rockwell Collins, which was also selected as one of the World's Most Ethical Companies.
Monitoring effectiveness. What is the company doing to monitor, test, sample, and audit all activities that could lead to violations of anti-corruption laws? The answer varies greatly from company-to-company. Some compliance executives conduct surveys that assess values, ethics, and compliance to measure corporate culture. Other executives have consistently pointed to the volume and frequency of their hotline calls to measure the effectiveness of their anti-corruption programs.
To dig deeper into those issues, internal audit adds value by assessing how effectively management has responded to key risks. The challenge, Cassin says, is that “nobody has any bright-line answer about how quickly internal controls should work,” but it helps to obtain the assistance of an external auditor in case internal audit misses something, he says.
Overall, fostering a culture of consistent communication; corroboration between the operational units, the board, and senior management; and demonstrating zero tolerance for corruption activity make for the most effective and efficient global anti-corruption programs.
No comments yet