In a recent article entitled “Bribery and Corruption Compliance: the Playing Field Levels,” Timothy Coleman and Paul Lomas, attorneys from the law firm of Freshfields Bruckhaus Deringer, discuss what they term the “tectonic shift” in anti-bribery and anti-corruption compliance internationally. The authors posit that increased enforcement of the US Foreign Corrupt Practices Act (FCPA); the release of the Organization of Economic Cooperation and Development (OECD) Good Practice Guidance on Internal Controls, Ethics and Compliance (OECD Good Practices); and the impending July 1 implementation date of the U.K. Bribery Act have all acted to place “new burdens” on companies to have the highest standard of anti-bribery corruption programs in place.
The requirements of the FCPA are interpreted through the U.S. Sentencing Guidelines, various Deferred Prosecution Agreements and Department of Justice Opinion Releases. The Bribery Act is interpreted through Guidance released by the U.K. Ministry of Justice. The OECD Good Practices contain its own commentary on interpretation. Using these documents, collectively called “the Sources,” we will discuss the authors’ 10 essential elements of an anti-bribery and anti-corruption compliance program.
10 Essential Elements of An Anti-Bribery and Anti-Corruption Compliance Program
- Risk Assessment: As all three of the Sources speak to the need for risk assessments, the authors recommend that a company annually assess its risk for bribery and corruption and use this assessment as a guidelines to take steps to reduce the overall risk of such conduct.
- Implementation Generally: While the OECD Good Practices does not specifically address this element, it is contained within the FCPA and Bribery Act. The FCPA most generally says that an anti-corruption policy should be implemented while the Bribery Act more specifically recommends the embedding of “reasonable policies and procedures throughout the organization with an eye towards practical business issues.”
- Participation: This means involvement by all levels of an organization, including (a) appropriate ‘tone at the top’; (b) senior level involvement; (c) individual responsibility; and (d) company-wide culture.
- Policies and Procedures: All three Sources require that written policies and procedures form the cornerstone for any anti-corruption and anti-bribery program. Care should be taken that it be written in plain English and not “by lawyers for lawyers.”
- Enforcement: This is defined as internal company enforcement and here the authors point to not only ongoing monitoring, auditing and assessment but also granularity down to the individual employee level. There should be both a “carrot and stick” approach so that employees are disciplined for compliance failures but also rewarded (and seen to be rewarded) for doing business through appropriate compliance avenues.
- Reporting and Response: Under the FCPA, an anonymous reporting hotline should be a component of a company’s overall compliance program. The Bribery Act calls it a “speak up” line, but, whatever it is called, there should be recognized reporting mechanisms in place that allow an employee to report allegations of bribery and corruption and protections in place to guard against retaliation for such reporting.
- Third Party Compliance: All robust anti-bribery and anti-corruption programs discuss the risk of third parties. They all agree that this risk must be properly evaluated, investigated and managed going forward. Appropriate due diligence must be performed and compliance terms and conditions are important with all third parties. General oversight after the contract is signed is also a key element.
- Training: All the Sources of guidance state that training of company employees with an annual certification is an important part of an effective anti-bribery and anti-corruption program. The Bribery Act extends this training to third parties.
- Periodic Review: It is important for a company to engage in a review on no less than an annual basis. The Sources list several areas that should be assessed. A company should determine if its overall program in effective both internally and externally. Additionally, if there are new best practices, a company should assess whether those concepts should be brought into its anti-bribery and anti-corruption program. If a company moves into a new business areas or a new geographic area, these new risks should be assessed, evaluated and managed as well.
- Record Keeping and Internal Controls: Both the FCPA and Bribery Act have language that makes clear that not only must books and records adequately reflect a company’s expenses but that internal controls are key defense and preventative measure against bribery and corruption.
The authors then advocate a three-step implementation plan for an anti-bribery and anti-corruption program. This three step approach being: (1) Strategic Planning, where risks are assessed and then resources are dedicated to ameliorating or managing the risks; (2) Written Compliance Policy, every company should commit its entire anti-bribery and anti-corruption program to writing and distributed company-wide and to appropriate third parties; and (3) Implementation Plan, after risks are assessed a company-wide implantation plan should be created to begin to implement the policy beginning with the highest risks first and moving step-by-step throughout the company.
We congratulate the authors for a thoughtful paper which is of great use to the compliance practitioner. If your company is implementing a compliance program, this article lays out a clear road map that you can follow. However, the paper is equally of value to the company which needs to assess or review its overall anti-bribery and anti-corruption program. The authors use of the FCPA interpretations, the Bribery Act Guidance and OECD Good Practices are references point throughout the piece which provide an excellent resource for the compliance practitioner to gauge an ongoing compliance program. We welcome the authors’ contribution.
Source : corporatecomplianceinsights