Do we really know what adequate procedures look like and will they actually prevent bribery?
Dan Silver, Global Functions and Compliance Officer for Shell, but speaking in a personal capacity, began our final Business Ethics Debate of 2016 by posing the question, are ethics and compliance a force for good or simply an insurance policy?
The insurance policy approach involves a lot of investment in ethics and compliance programmes to create an audit trail that ticks all the boxes, shows how much work has been done and aims to keep the regulator happy. But, as the cynic often asks, does it actually prevent bribery?
On the plus side, a lot of the work involves creating a culture and set of values that can drive change within an organisation. Activities that promote transparency, support staff who donāt break the rules to get a job done and encourage honesty when things go wrong, all make a positive difference.
While on the negative side, there is something of a compliance arms race in operation with regulators and advisers competing to raise the bar on what will be considered adequate.
Yet despite all these endeavours, corruption scandals continue to hit the headlines: it seems that no matter how robust the processes, if someone decides to bend the rules they can. This is more likely to happen when the messages or incentives of the organisations are misaligned or at least perceived to be.
The current regulatory focus on culture and leadership addresses this reality, but the definition of what adequate really means is still left to the organisations to decide. Four challenging issues were highlighted:
Managing agents and intermediaries: This is a highly challenging area of bribery prevention. Some regulators advise businesses not to use them as the risk is too high. Some organisations do ban political consultants preferring to own the relationship with governments themselves. But inevitably many third parties will be used to interact with government organisations to organise permits, visas, consents etc. One approach is to ensure robust due diligence of any third parties, add ABC clauses to any contracts, insist on training and implement regular monitoring of the intermediariesā activities. All of this can be difficult to manage and can be seen as interference, nonetheless organisations need to make a judgement call as to what would be considered adequate.
Training: Is on-line training enough or should it be face-to-face? How often should it be refreshed? How can you ensure it is relevant and engaging? What is considered enough?
ISO37001: Is this more than another box-ticking exercise?
Audits of suppliers: Companies choosing to ask for audit rights of suppliers need to decide which suppliers and how to monitor, how often to audit and how to handle any red flags: failing to respond to a red flag would not go down well with the regulators.
Asked whether anti-bribery and corruption programmes were a force for good or simply an insurance policy, the majority felt they were a force for good.
Few companies were investing in this level of ABC compliance before 2010, so it is inevitable that much of the ABC activities in hand could be described as box-ticking exercises as more needed to be done to ensure compliance with the new law. However, the advantage of a legislative requirement is that it drives organisations to allocate sufficient resources to address the need: the first step towards change.
Many therefore view this as a two-stage process, beginning with the need to be compliant and moving, over time, to a change in culture and behaviour which will drive up standards of corporate conduct, becoming as integral to the way organisations operate as health and safety is today. This, in turn, will help protect reputation, enhance competition and protect against prosecution.
Organisations will need to monitor behaviour on an ongoing basis; this applies particularly to agents and intermediaries as well as employees. Managing third parties will inevitably require a multifaceted approach and a clear understanding of the risk ā they donāt all represent a corruption liability. However, making sure the right individuals are recruited and the right monitoring systems are in place is paramount.
Training can help with both external and internal ABC management and where possible this should be face-to-face. Including classroom or workshop style training is considered to be far more effective than relying solely on an online approach, although it does require more budget. Such face-to-face training can also help build trust which is essential if any speak-up systems in operation are to work effectively. Such speak-up systems are an essential part of the process and organisations need to ensure that stakeholders are willing and able to use them.
Certification was cautioned against as it can make senior management feel ābullet proofā and engender a sense of complacency. Organisations were wary of ISO37001, feeling that it would not alone constitute an adequate procedure against corrupt practices, was more of a tick-box exercise and would not be tailored to the specific risks of individual organisations. Obtaining ISO37001 was likened to driving a car with an insurance policy, but without passing a test.
The GoodCorporation Perspective: What should adequate procedures look like?
With no established precedent for adequate procedures, businesses remain fearful that what they have in place is insufficient. GoodCorporation advises corporates to follow the principles outlined in the Ministry of Justice guidelines on the Bribery Act to ensure that they take a proportionate approach and can evidence top-level commitment, risk assessment, due diligence, communication and training on policies and procedures, on-going monitoring and regular reviews.
Businesses are more at risk from corruption by third parties than in any other area of their operations making ABC due diligence vital, this should be done using a risk based approach and relationships should be monitored to check for any red flags and suspicious activities.
Tone from the top remains essential and the more organisations can do to embed a strong ethical culture with clear expectations of behaviour and guidance on what to do in challenging situations the more likely they are to achieve compliance. Once established this can provide competitive advantage and protect reputation.
GoodCorporation offers a range of services to help organisations comply with international anti-corruption legislation using our Anti-Bribery and Corruption Framework and providing ABC due diligence support. We can also help our clients with ABC benchmarking as well as training and reviews.
Posted December 2016