On the safe side

Your company’s compliance policy should help it to steer clear of bribery and corruption risks, but is it up to the job? Seth Berman investigates

One would think we have had our fill of shocking headlines cataloguing corrupt business practices and the staggering fines and penalties that go with them. From the US side of the Atlantic, the numbers can truly make your head swim.

For example, the US government collected around $750,000 in fines under the Foreign Corrupt Practices Act (FCPA) last year. It targeted high-profile industries, including energy (Weatherford), fashion (Ralph Lauren), financial services (Diebold) and food processing (ADM), and prosecuted more executives individually than in previous years.

And with British regulators armed with the UK Bribery Act (also known as ‘the FCPA on steroids’) and publicly declaring war on corrupt business practices, the stage is set for a massive trend in anti-corruption enforcement actions in the years to come.

With the US, UK and Germany in the vanguard of global anti-bribery enforcement, other countries are also clamping down on such activity. China’s pursuit of domestic and international companies that are believed to contravene its bribery and corruption laws has been widely documented.

 Without an effective bribery and corruption compliance strategy, organisations face heightened governance risks 

But despite some 41 countries signing up to the Organisation for Economic Co-operation and Development Anti-Bribery Convention, of which China is not a signatory, just four are currently known to be actively investigating and prosecuting alleged breaches. Alongside the US, the UK and Germany, only Switzerland has been deemed by Transparency International as having an active enforcement strategy.

Echoing these findings, the European Commission last year published its first EU Anti-Corruption Report, which concluded that “the effectiveness of anti-corruption policies [across EU Member States] is quite different”.

Nevertheless, without an effective bribery and corruption compliance strategy, organisations face heightened governance risks. This is illustrated by Germany’s decision to launch a bribery investigation into aircraft manufacturer Airbus, reportedly relating to contracts in Saudi Arabia and Romania. Meanwhile, the UK’s Serious Fraud Office has begun criminal proceedings against an Alstom company in the wake of an earlier successful investigation by Swiss authorities.

All of this begs one very important question: why are so many respected companies still having such difficulty getting their collective hands around the problem of corruption in the workplace? In other words, why are we still reading those headlines?

The answer, surely, is not a lack of desire. Most companies today have implemented compliance programmes that are designed to increase awareness of risky business situations and provide a framework to employees for avoiding horribles such as: bribery, anti-competitive behaviour, and importing/exporting goods or technology in violation of trade sanctions. And yet, these programmes far too often suffer from one or more of these five fatal flaws.

Five fatal flaws

1. Compliance policies must be written with the employees in mind. That means, whether authored by a lawyer or not, they cannot read like a legal document. If, for example, your anti-corruption policy has paragraphs numbered 1.1.1, 1.1.2 and so on, it is a good sign that you are in trouble. Compliance policies must be short, devoid of legal jargon and filled with answers to the most pressing and frequently asked questions. They must also be tailored to each organisation in order to ensure that they are practical and operationally feasible. And, equally important, policies must be meaningfully accessible to everyone through translations and training.
2. Compliance is not just a list of rules designed to say ‘no’ and stifle growth. The rules, limits and procedures put in place should not be formulaic – they should be written with the corporation’s culture and tolerance for risk in mind. If you have written or adopted a policy that always says ‘no’, start again. Finding the balance that allows business to be won safely is the key to making the programme a success.
3. Any tick-the-box approach to training is doomed to fail. In the well-known and often discussed Morgan Stanley declination from prosecution, the US government recognised that the organisation’s compliance programme included robust training delivered in numerous formats (for example, FCPA reminders, online training and live training sessions). In addition, this training was not delivered once and then forgotten – it was repeated for the employee base frequently. Make sure you are hitting mid to senior management and others in risky territories/business functions with active, entertaining and informative live training sessions at regular intervals (every two to three years, for example). In between those live training sessions, annual online training will underscore and remind employees of what they have learned.
4. Like good business, compliance programmes must evolve. Far too many companies, however, seem to treat it more like a ‘one-and-done’ phenomenon, and they do so at their peril. The reason for this is simple. Over time, you will naturally open up new markets, sell different products and work with new customers. You will also rely upon a multitude of third parties and partners to help you to succeed – such as sales agents, distributors, customs brokers, logistics specialists and many others – and they, too, will change as your business grows. All of these factors involve risk, and so it is essential to routinely examine your programme and ensure that it is protecting you and your company from the risks you face today. A failure to do so can leave you entirely exposed and playing defence against the wrong foe or, worse yet, one that does not even exist.
5. Use technology to help all of your policies and procedures become more accessible and less confusing to your employees. By marrying compliance and technology, you can make it significantly easier for employees to find answers to time-sensitive questions when they are needed most and ensure those answers are presented clearly, concisely and in a customised manner. There are also technical solutions that support the implementation of new and updated policies while ensuring your team receives the appropriate level of training. And mobile technology can play a vital role in providing access to your policies in the field. Bribery or anti-trust issues rarely arise in the office and a compliance application on a smartphone, for example, can help an employee to make the right choice when faced with a decision as to whether a client dinner or gift is allowed under your policies.

In addition, the latest compliance tools provide senior executives and compliance professionals with a credible, robust and transparent audit trail around policy access and use. This can help organisations to make informed decisions about where to spend their precious compliance resources, minimise the likelihood of investigations or prosecutions, and maximise their ability to successfully navigate a regulator’s inquiry should one arise.

Finally, compliance technology can go a long way to supporting a ‘culture of compliance’. In its definition of an effective compliance and ethics programme, the US government highlights the need for companies to “promote an organisational culture that encourages ethical conduct and a commitment to compliance with the law” (US Sentencing Guidelines, §8B2.1 (a)(2)). Enforcement agencies often start with the belief that your programme is merely ‘window dressing’ and leave it to you to convince them otherwise. Effective use of technology can make that process significantly easier.

It is time for a compliance renaissance, and by following these simple steps – writing policies with your employees in mind, providing meaningful and varied training, routinely assessing your risks and updating your policies, and using technology to help create and reinforce a culture of compliance – you can revitalise your programme and better protect yourself from disaster. And who knows, in time, those headlines we are all so tired of reading can finally start to disappear.

Six things you need to know about compliance

1. Anti-corruption enforcement actions are set to rise.
2. Governance risks are heightened unless there is an effective bribery and corruption compliance strategy in place.
3. Policies cannot read like a legal document.
4. A ‘tick-the-box’ approach to training is doomed to fail.
5. Remember that compliance programmes must evolve.
6. Harness technology to make compliance more effective.

About the author

Seth Berman is executive MD of Stroz Friedberg, a risk management, investigations and intelligence company. He leads its Europe and Asia operations. www.strozfriedberg.com