Steps to evaluate and address corruption risk

  • Share

Steps to evaluate and address corruption risk

1 Conduct a corruption risk assessment

The risk assessment process should include a review of the company’s existing compliance program, including its governance and reporting structure, adequacy of resources, whistleblower response and internal investigations process. Companies need to assess whether the program structure is effectively resourced and positioned to address identified corruption risks and, if not, what steps need to be taken to meet those risks.

2 Setting the tone by developing a corporate anti-corruption policy

Companies should design and implement an anti-corruption policy based on the requirements of the FCPA and the UK Bribery Act. The policy should discuss the company’s commitment to accuracy in reporting and recording transactions and having in place internal controls for proper control, accountability and safeguarding of shareholder assets. The policy should also provide operational guidance on how compliance will be achieved in high-risk areas.

3 Implement specific anti-corruption policies and controls based on risk

Adopt policies for retaining agents, consultants and other vendors

This is a very important area and the central focus of many companies’ anti-corruption compliance programs. It is also perhaps the most expensive in terms of effort and resources needed to address the risks posed by intermediaries.

Incorporate anti-corruption into employee travel, gifts and entertainment rules

Such payments, or even offers, need to be monitored carefully to avoid even the appearance of impropriety. Gift giving, meals and entertainment provided to government officials should be addressed in the company’s overall anti-corruption policy and training.

Consider banning facilitating payments

Many companies are banning facilitating payments, with limited exceptions for situations involving potential imminent harm to life or property. Else, there should be appropriate review and pre-approval of all such payments.

Develop guidance for charitable giving, political contributions and offset commitments

All charitable giving should be subject to an approval process that asks specific questions related to the purpose of the gift and the bona fides of the organization. There should be heightened scrutiny in countries with a high incidence of corruption.

4 Implement anti-corruption financial controls

Increased financial controls in high-risk areas can be a critical firewall in avoiding FCPA books and records violations. Such controls include enhanced transaction review, approval and accounting procedures, controls around bank accounts and petty cash, enhanced vendor approval and payment processes, and increased scrutiny of high-risk transactions.

5 Conduct anti-corruption compliance training

Training should highlight the company’s position that it does not tolerate corruption, explain its anti-corruption policies for compliance with the requirements of the FCPA and UK Bribery Act, discuss potential red flags or problem situations, and provide guidance for employees to get help. Companies need to consider a mixture of live training for certain targeted and senior employees and web-based training for all employees.

6 Monitor the program

Compliance programs that are not monitored are generally not very effective. Monitoring means anti-corruption compliance internal audits. It also means having an effective whistleblower process. It can also include requiring anti-corruption certifications and conducting data analytics on high-risk transactions.

7 Incorporate anti-corruption procedures into mergers and acquisitions and joint venture due diligence

Companies must develop a policy and specific procedures for anti-corruption due diligence in any contemplated merger, acquisition or joint venture. This should include:

  • Background investigation and public database searches of key executives
  • Interviews of key executives relating to past corruption and risks of corruption in the business
  • Review of documents related to an acquired company’s anti-corruption compliance program, past incidents of corruption and risks of corruption in the business
  • Forensic accounting and transaction testing procedures related to high-corruption risk transactions

8Periodically reassess risk and modify the program

Comprehensive corruption risk assessments should be conducted periodically to make sure that the anti-corruption program is evolving to meet new risks posed by the changing business and external environment. There must be a process that provides an extensive review of corruption risk every three to five years. If the business changes significantly, such a process should be accelerated.