Practical guidance on dealing with fraud and corruption

25 June 2013

Harry Rek

Some practical guidelines for an effective anti-bribery compliance program

An effective anti-bribery program is more than a set of rules (or a "Code of Conduct") but should be seen as a set of measures within an organization to prevent deliberate and non-deliberate unethical conduct, and processes for reporting breaches and dealing with consequences of breaches.

The following is an indication of topics which may be found in anti-bribery programs:

• A formal statement of the organization’s management

A formal statement appropriately communicated can be very effective in establishing and fostering an anti-bribery culture in the organization. An effective statement could include (i) a commitment to carry out business fairly, honestly and openly, and (ii) a commitment to zero tolerance towards bribery. It should be noted that these statements become more effective when repeated regularly. Furthermore, the management of the organization should include specific anti-bribery provisions in a Code of Conduct which should be easily accessible, for example through its website. Management could request its employees and/or business partners to commit to the Code of Conduct (if possible in writing, for instance – in the case of employees - by reference in the employment agreement). It is advisable to provide employees with examples which are considered to be in breach of the Code of Conduct (see also the paragraph below on gifts and facilitation payments).

• Risk assessment

An anti-bribery compliance program should include a specific stand-alone bribery risk assessment procedure, which enables the organization to identify and implement safeguards against the specific risks it faces. Commonly encountered risks can be categorised in the broad groups such as: country risk, sectoral risk, transaction risk, business opportunity risk and/or business partnership risk. The risk assessments should be communicated to all employees, and this should become embedded in the organisation, so that all employees are able to recognize the existence of certain risks, and that they know how to act if such a risk should materialize. It should be mentioned that the assessment of bribery risk could be undermined by internal structures of a company. For example, an unbalanced bonus structure could lead to irresponsible risk taking. Therefore, it is recommended that other policies of the organization are brought in line with the compliance program.

• Due diligence of existing or prospective associated persons

An anti-bribery program should include a due diligence procedure for persons performing services for the organization, such as business partners, local intermediaries, agents etc. The organization could introduce a specific questionnaire for persons providing services to the organization. Another relationship that carries particular implications is an acquisition or a merger of another entity by the organization. This may sound elaborate but the due diligence procedure can be proportionate to the identified risk and can be performed by specialized agencies.

It is recommended that prospective employees are also subject to the due diligence. Therefore, the compliance program should also apply to recruitment and human resources.

• The provision of gifts, hospitality and promotional expenditure; political donations and/or facilitation payments

The program should include rules relating to hospitality, promotional and business expenditure. It is not the intention to criminalize bona fide gifts, however, gifts can be employed as bribes. A gift becomes a bribe when there is an intention to influence an official in order to secure a business advantage. Any gifts should be proportionate.

The organization should prohibit facilitation payments since these are widely considered as bribes. Relatively small payments made in money or in kind to public officials, in accordance with widely known and followed local customs can be considered as facilitation payments. Such payments could be used to influence the procedures involved with certain government actions (for example to expedite licenses to perform business). Furthermore, the organization should not make any payments or donations in kind to political parties or their institutions, agencies or representatives (nor facilitate it through its bank accounts or on behalf of any employee action committee).

• Financial and commercial controls

It is recommended that all financial transactions of the organization are recorded in a timely and accurate manner. Also all information relating to a financial transaction should be recorded in the books. The financial records should conform to accepted accounting standards and should be designed to prevent bribery, such as off-the-books transactions and false or artificial entries.

• Review and training

The program should be reviewed regularly and employees should be trained regularly how to implement and use the compliance program.

• Delegation of authority procedures and the avoidance of conflicts of interest

The Code of Conduct should include rules on conflicts of interest. An employee is faced with a conflict of interest when his personal relationships, participation in external activities or interest in another venture influence (or appears to influence) his decisions. Such conflicts should be notified to a manager of the organization, since such conflicts could damage the organizations reputation.
Furthermore, the organization should introduce a procedure, whereby top-level management is involved in case of high risk decisions. For example no one other than the board of the organization should decide upon the foundation of any new legal entity and/or company. Top level management should be consulted before entering into any business in countries where the organization has no prior engagement. The imposed economic sanctions of the United Nations and the European Union should be followed by the organization. If business is entered into high risk countries (and/or countries on the UN sanctions list), top level management should be involved in the decision making.

• The reporting of bribery including ‘speak up’ or ‘whistle blowing’ procedures and sanctions for breaches of the organisation’s anti-bribery rules

The employees of the organization should be aware of the risks taken when
dealing in breach of the Code of Conduct or other procedures of the compliance program, such as fines, dismissal and imprisonment. The Code of Conduct should include a procedure for so called whistle blowing. Some organizations have introduced a helpline or online assistant where questions can be asked in confidence and violations can be reported anonymously.

• Self-reporting

It should be clear to which authorities a breach of anti-bribery rules (or a suspicion of such breach) should be reported ("self-reporting"), who within the organization should do the self-reporting and which amount of internal investigation should be done before reporting a suspicion of breach to the authorities.