This is the ninth in a series of articles intended to assist organizations in assessing their anti-corruption programs through the lens of the 10 hallmarks of an effective compliance program as set forth in “A Resource Guide to the U.S. Foreign Corrupt Practices Act” (“the Guide”), jointly published by the U.S. Department of Justice and the Securities and Exchange Commission in November of 2012. This article centers on hallmark number nine:
Continuous Improvement: Periodic Testing and Review
An anti-corruption program should be a living, breathing embodiment and reflection of the current and contemplated corruption risks that are nuanced to the world at large, the industry in which the company operates and the organization’s unique characteristics – including its products and services, customer base, organizational structure and geographic footprint.
Benjamin Franklin wrote, “…in this world nothing can be said to be certain, except death and taxes.” In the business world, a third universal certainty is change. Your business will expand or contract. You will enter new markets and perhaps withdraw from others. You may acquire companies, divest parts of the company, merge or form joint ventures. You may launch new products or new lines of business. These are just a few examples of changes that may occur within your organization. But what about changes on the outside?
One ongoing phenomenon is the extent to which the DOJ and SEC in the United States and the Serious Fraud Office in the United Kingdom are looking more broadly at certain industries as part of the investigation of one or more industry participants. If you learn a competitor has a bribery problem, it is an excellent time to dust off your anti-corruption program and consider refreshing it.
Whether the changes are occurring internally, externally or both, having a mechanism to track, consider and apply those changes to your anti-corruption program will help keep your program from becoming stale and out of step with the current and emerging risks it is intended to help mitigate.
Most often, a key part of the mechanism to measure organizational performance and perform periodic testing and review is the internal audit function. As noted earlier, internal audit is on the front lines in the war on corruption. In most organizations, internal auditors are generalists. But when considered an extension of the organization’s anti-corruption program, internal audit should receive some advanced training on anti-corruption. Specifically, internal auditors should understand key concepts comprising the FCPA, the risk factors that can trigger liability, the types of red flags indicative of potential problems and the investigative steps to follow in the event they suspect a potential violation.
This article is part nine in a 10-part series exploring Anti-Corruption and the 10 Hallmarks of an Effective Compliance Program. Each piece in the series is based on a section from a whitepaper published by Protiviti, titled “Viewing Your Anti-Corruption Efforts Through the Lens of the Hallmarks of an Effective Compliance Program,” which is available in full at:http://www.protiviti.com/en-US/Documents/White-Papers/Internal-Audit/Viewing-Anti-Corruption-Efforts-Lens-Hallmarks-Effective-Compliance-Program-Protiviti.pdf.