Steps to evaluate and address corruption risk
Steps to evaluate and address corruption risk
1 Conduct a corruption risk assessment
The risk assessment process should include a review of the company’s existing compliance program, including its governance and reporting structure, adequacy of resources, whistleblower response and internal investigations process. Companies need to assess whether the program structure is effectively resourced and positioned to address identified corruption risks and, if not, what steps need to be taken to meet those risks.
2 Setting the tone by developing a corporate anti-corruption policy
Companies should design and implement an anti-corruption policy based on the requirements of the FCPA and the UK Bribery Act. The policy should discuss the company’s commitment to accuracy in reporting and recording transactions and having in place internal controls for proper control, accountability and safeguarding of shareholder assets. The policy should also provide operational guidance on how compliance will be achieved in high-risk areas.
3 Implement specific anti-corruption policies and controls based on risk
Adopt policies for retaining agents, consultants and other vendors
This is a very important area and the central focus of many companies’ anti-corruption compliance programs. It is also perhaps the most expensive in terms of effort and resources needed to address the risks posed by intermediaries.
Incorporate anti-corruption into employee travel, gifts and entertainment rules
Such payments, or even offers, need to be monitored carefully to avoid even the appearance of impropriety. Gift giving, meals and entertainment provided to government officials should be addressed in the company’s overall anti-corruption policy and training.
Consider banning facilitating payments
Many companies are banning facilitating payments, with limited exceptions for situations involving potential imminent harm to life or property. Else, there should be appropriate review and pre-approval of all such payments.
Develop guidance for charitable giving, political contributions and offset commitments
All charitable giving should be subject to an approval process that asks specific questions related to the purpose of the gift and the bona fides of the organization. There should be heightened scrutiny in countries with a high incidence of corruption.
4 Implement anti-corruption financial controls
Increased financial controls in high-risk areas can be a critical firewall in avoiding FCPA books and records violations. Such controls include enhanced transaction review, approval and accounting procedures, controls around bank accounts and petty cash, enhanced vendor approval and payment processes, and increased scrutiny of high-risk transactions.
5 Conduct anti-corruption compliance training
Training should highlight the company’s position that it does not tolerate corruption, explain its anti-corruption policies for compliance with the requirements of the FCPA and UK Bribery Act, discuss potential red flags or problem situations, and provide guidance for employees to get help. Companies need to consider a mixture of live training for certain targeted and senior employees and web-based training for all employees.
6 Monitor the program
Compliance programs that are not monitored are generally not very effective. Monitoring means anti-corruption compliance internal audits. It also means having an effective whistleblower process. It can also include requiring anti-corruption certifications and conducting data analytics on high-risk transactions.
7 Incorporate anti-corruption procedures into mergers and acquisitions and joint venture due diligence
Companies must develop a policy and specific procedures for anti-corruption due diligence in any contemplated merger, acquisition or joint venture. This should include:
- Background investigation and public database searches of key executives
- Interviews of key executives relating to past corruption and risks of corruption in the business
- Review of documents related to an acquired company’s anti-corruption compliance program, past incidents of corruption and risks of corruption in the business
- Forensic accounting and transaction testing procedures related to high-corruption risk transactions
8Periodically reassess risk and modify the program
Comprehensive corruption risk assessments should be conducted periodically to make sure that the anti-corruption program is evolving to meet new risks posed by the changing business and external environment. There must be a process that provides an extensive review of corruption risk every three to five years. If the business changes significantly, such a process should be accelerated.