What if – and this is a big what if – your company is starting from scratch on its anti-corruption compliance program? Your company’s Code of Conduct includes a paragraph prohibiting foreign bribery and mandating accurate books and records, and says little more. Some companies are able to relate to these questions.
At the outset, your company has to recognize a couple of reality checks – your compliance program will take a year to two years until it is fully implemented. You cannot roll out your entire program with one big announcement, expect buy in or expect the program to be effective.
So, what do you do first? How do you prioritize your effort?
First, you take a deep breath and work within the realities. Second, you have the Board and/or top management authorize and direct the design and implementation of the compliance program. And, of course, you have to secure a commitment to resources. With these assurances in hand, now we get to the fun part.
The tone-at-the-top is your launching pad, whether it comes from the Board or from senior management. The message has to be communicated effectively and throughout the organization.
With the message, comes a commitment to design and implement a new anti-corruption compliance program that is comprehensive and important to the organization. The compliance officer now needs to act and act quickly to create a framework for the program, with the assistance of internal auditors and other key players in the company.
The most important task ahead is the risk assessment – a broad examination which examines all of the components of the company, the nature and extent of government interactions, the existence of financial controls, policies and procedures for gifts, meals, travel and entertainment, as well as general due diligence of third parties, joint venture partners and merger and acquisitions.
The risk assessment must be carefully conducted in order to identify the risks which will then be used to develop the overall compliance program and what issues need to be emphasized. Too often, the risk assessment is viewed as a mechanical exercise more than a careful and deliberate review mechanism which provides a solid foundation for a compliance program.
In future posts we will examine in greater detail the risk assessment and the subsequent steps which need to occur as you develop and roll out your compliance program.