Anti-Corruption Due Diligence
Introduction:
Due diligence is proving to be one of the more challenging areas of Anti-Corruption management. Both the UK Bribery Act and the US Foreign Corrupt Practices Act (FCPA) have required businesses to focus their attention in this area. In 2011, every FCPA / SEC (US Securities and Exchange Commission) investigation involved the payment of bribes via third parties.
At GoodCorporation’s Business Ethics Debate on anti-corruption due diligence, our speaker highlighted the need for businesses to accept full accountability for the activities of third parties, by expanding due diligence, but also reminding businesses of the importance of ‘end-to-end responsibility’ – making sure that due diligence does not become the only process, but remains an essential part of wider risk evaluation and checking processes.
What executives are now asking is, how extensive should due diligence be and how can I get the necessary budget from the Board?
Business Concerns: Doing the right thing?
Some businesses feel they do not have a clear idea of what constitutes good due diligence and asked if shared due diligence across industries or sectors might be beneficial, reducing the inevitable repetitive checking of the same third parties.
The role of anti-corruption certification was raised, however, businesses should be wary, as a kite mark is only as good as those that award it. A kite mark that relies on too much box ticking and not enough thorough checking of implementation will not afford sufficient protection for businesses.
To be sure of robust due diligence, a business effectively needs to be able to get a proper insider’s view of its suppliers and intermediaries. But how can businesses get the worthwhile and trustworthy intelligence they feel they need? Could trade bodies help businesses by vetting suppliers? Would business find this sufficiently reliable?
Managing due diligence in challenging parts of the world
In some parts of the world, conducting due diligence checks has proved particularly problematic. There were reports of falsified information being provided and individuals placed at risk either for asking the questions or providing the answers. There are signs, though, of change in some of the more challenging, emerging markets and particularly in companies that are already liable under the Bribery Act or the FCPA and also in those that are hoping to become global.
Forums are now operating in these marketplaces trying to share views and move the debate forward.
In addition, there needs to be greater collaboration between companies, Governments and Embassies, with the UK Government being urged to encourage and empower its embassies to support businesses more actively in their anti-corruption complaints to local governments, particularly in challenging markets where corrupt practices have been more prevalent.
Historically the purchasing department has managed supplier contracts, with the focus on financial stability, product and price rather than ethical conduct. Under the Bribery Act, businesses are being held accountable for the corrupt activities of third parties acting on their behalf. Consequently, due diligence must now include code of conduct and behaviour checks. Identifying who owns this process within the organisation must be one of the key first steps to ensuring successful due diligence, and unless this is driven from the top down, with full board approval, it is unlikely to be as successful as it should be.
Culture
Equally important is ensuring that anti-bribery and corruption systems are fully embedded. If a zero-tolerance approach to corruption is an integral part of company culture and employees are empowered to report improper behaviour, then an in-built monitoring system can effectively be in place. The best policemen can be those on the ground who are working with third parties on a daily basis. Organisations should encourage employees to share the responsibility for stamping out unethical conduct. Again, driving this from the top is more likely to make it work.
Best Practice
Third parties, both new and existing, need to be selected using a careful and rigorous process. This can be extremely costly: figures of about to £1m to design and launch a due diligence service were quoted during the debate, but some large organisations estimated that the costs could be several million pounds to do the due diligence work well.
To control costs a carefully designed risk management approach to due diligence is crucial. Different levels of due diligence can then be applied according to the risk identified for any particular type of supplier. The use of external third party checkers was suggested as the most thorough means of obtaining the right level of due diligence. Not enough of this is currently being done.
In addition, businesses need to extend due diligence beyond the awarding of the contract and undertake regular checks and monitoring, particularly of third parties in the high-risk category. Businesses must not assume that passing the selection test is an assurance of on-going good behaviour.
And due diligence should also be applied to existing suppliers as well as new ones – working with a company for some time is not a sufficient guarantee that they are acting properly on your behalf at all times.
Key steps to good due diligence:
- Drive due diligence from the top: CEO and the Board
- Ensure a culture of ethical best practice is instilled throughout the organisation and involve all staff in upholding the Code of Conduct
- Design a sensible system to categorise suppliers according to their likely risk
- Use a due diligence questionnaire to obtain intimate details about the third party Use databases and public sources sparingly to support these checks
- Conduct regular on-going checks and monitoring of high-risk suppliers.
GoodCorporation Business Ethics Debate March 2012