Ten Touch Points of Potential Corruption Risk You Should Not Overlook

While organizations often focus their corruption monitoring activities on gifts, meals and entertainment, they may not have thought about other touch points with government officials that could give rise to corruption risk. Understanding these touch points is important as organizations consider whether their internal policies, controls, communications, training and supporting documentation are proportionate and mitigate appropriately their potential exposure to risk events such as bribery, conflicts of interest, illegal gratuities, solicitation and economic extortion.

Organizations can identify touch points with government officials through a variety of means, each of which may generate potential “red flags” requiring attention. Due diligence is one of the most common ways to discover whether an organization has a potential or existing relationship with a government entity. Discussions with operational and financial personnel – local or regional management, such as office managers; sales directors; research and development personnel; contract, customer or account relationship managers; finance and accounting personnel; legal and human resource departments; and supply chain and logistics personnel – also contribute to an organization’s identification and awareness of these touch points.

Ten touch points involving government officials that an organization should consider for corruption risk assessment purposes include:

1. Agents and intermediaries. Are any of the organization’s agents or intermediaries considered to be government officials? As the behavior of agents and intermediaries has come under the scrutiny of regulators and law enforcement, agent and intermediary relationships are important touch points an organization needs to consider in the context of its internal control framework. Agents and intermediaries who are government officials may pose an elevated risk to the organization and, therefore, require more stringent anti-corruption compliance controls and monitoring activities.
2. Consultants. Organizations often employ consultants to assist in areas that require specialized skills or experience to “help get the job done.” Sometimes, an organization selects consultants based upon their networks of relationships within government and industry. An organization should consider when and, more importantly, how a consultant will interact with government officials on its behalf, as well as whether an appropriate level of oversight and supervision is in place.
3. Charitable contributions and community giving. Is the organization a “good corporate citizen” that, knowingly or otherwise, is perpetuating corruption under the guise of charitable and community-related giving? Organizations conducting business in emerging and developing markets are sometimes confronted with demands of “quid-pro-quo” arrangements in the form of cash, gifts or infrastructure improvements – supposedly for the betterment of local schools, orphanages, community and recreation centers, or other charitable organizations – that ultimately benefit government officials or someone close to them, rather than the community as a whole. Activities involving charitable contributions and community giving should be vetted, authorized and documented carefully so that these touch points are transparent and in compliance with anti-corruption policies, laws and regulations.
4. Customers/clients. Organizations may have government or government-owned, -funded or -controlled entities (“government-related entities”) as clients or customers. While this may seem to be an obvious touch point, it may go unrecognized in locations where information about corporate structure and ownership is not readily available, or when organizations do not identify and monitor customers or clients by industry segment, as “government” would be an industry segment that would be reviewed closely. As organizations undertake financial due diligence activities to ensure the creditworthiness of those with whom they conduct business, they should also embrace a risk-based compliance due diligence strategy so that potential touch points with customers or clients are known.
5. Employees. Are there any government officials, or relatives of these officials, on the organization’s payroll? This is another touch point that may not readily be apparent. From a risk management perspective, it is important for an organization to know whether employment (including internships, part-time and/or full-time employment) has been exchanged as a “business courtesy” or “favor” that may improperly benefit the organization as well as the government official.
6. Regulated government activity. Permits, licenses, patents, inspections and audits involving health and safety, product quality, taxes, etc., necessitate interaction with officials at various levels of government (e.g., local, state, federal). This is a touch point in which requests for payment to expedite “routine government action,” commonly referred to as facilitation payments, can arise. An organization should think carefully through the probability and impact that these touch points may have on its risk profile and address them accordingly, as some countries do not permit such payments.
7. Joint venture and other business arrangements. Many organizations have entered into business relationships with a government or government-related entity. Whether a joint venture, partnership, franchise agreement or other business arrangement, this touch point is one that should be formally documented and, thus, easily recognized. However, some organizations have verbal agreements – informal “understandings” perhaps consummated over a handshake years ago – that can require more effort to identify. These touch points can pose greater risk to the organization due to limited awareness and the resulting lack of robust monitoring activities.
8. Financial institutions. In some countries, financial institutions are owned or controlled by the government. Organizations that enter into relationships with these financial institutions, particularly relationships tied to project or other debt financing, may find themselves with an unexpected touch point involving a government official. While such touch points may present a low risk to the organization, they still should be considered during risk assessment activities.
9. Utilities and other public services. “Turning on the lights,” “talking on the phone,” “taking out the trash” and similar activities in overseas locations can require connectivity by and with government officials, most likely at the local level. This is another touch point in which requests for facilitation payments may arise. Organizations typically treat this risk event on an individual basis in accordance with their prescribed anti-corruption controls.
10. Vendors and suppliers. Organizations may obtain a variety of materials and goods from a government or government-related entity. Over time, this touch point may become “familiar” or “routine” and overlooked during risk assessment activities. As the supply chain is critical to an organization’s daily operations, it is imperative that touch points involving vendors and suppliers be known and potential risk events considered thoroughly.

About the author Pam Verick is a director in Protiviti’s Litigation, Restructuring and Investigative Services group where she focuses on investigations and leads the firm’s fraud risk management practice. Verick has 19 years of risk management experience, including creation of fraud governance systems and fraud risk management programs, planning and execution of fraud risk assessments, and conducting investigations to address fraud, misconduct and potential violations of the Foreign Corrupt Practices Act. She also assists with compliance and ethics programs for both the public and private sectors. Verick’s technical expertise in risk management, specifically in matters involving fraud and misconduct, was developed through her work with Fortune 500 and 1000 companies and non-profit organizations, as well as federal, state and local government agencies. Verick has also facilitated numerous fraud and misconduct trainings and fraud risk workshops. She has assisted numerous internal and external audit teams, as well as legal counsel, in the review of whistleblower statements made in connection with suspected fraudulent activities, and performed internal forensic investigations. In addition, she has experience in developing and managing new products and technology-enabled methodologies in the areas of corporate governance, enterprise risk management, internal audit services and fraud risk. Verick speaks nationally and internationally on issues relating to the Foreign Corrupt Practices Act, Sarbanes-Oxley, fraud and misconduct risk and corporate anti-fraud matters.