with co-author Joel Lange
The increasing volume and complexity of anti-corruption measures has put pressure on businesses to find efficient ways to stay compliant. Anti-corruption policies, processes and procedures must apply not only within the company, but along its entire supply chain, too. Businesses cannot hope to do this efficiently with manual processes and siloed applications. Yet the results of a recent survey suggest there is scope to improve on the integration and automation of anti-corruption programs.
The 2016 Global Anti-Corruption Survey from Dow Jones Risk and Compliance, in association with MetricStream Research, provides insight into anti-corruption management in more than 300 companies across North America, Western Europe, Asia-Pacific and other countries. In it, under half (48 percent) of respondents reported usage of governance, risk and compliance (GRC) systems in anti-corruption compliance.
To protect company reputation and preserve brand integrity, anti-corruption measures should be addressed systematically, as part of a cohesive GRC framework, and be executed with as much automation as possible for consistency and reliability. This protects employees and the company by applying technology not just to ensure due diligence, but to support the development of a GRC culture as well. GRC isn’t an add-on activity; it should be a way of operating.
The right tone needs to be set at the top. Senior leaders must ensure that as employees at all levels of the organization implement business strategy, their behavior and actions embody the principles of anti-corruption policies. That isn’t to say that employees intend to be non-compliant, but if company messages around GRC stay at the hypothetical level, they stand to be lost during the daily endeavors of meeting targets.
Small decision, big impact
Take, for example, new market entry. The intent to expand into Asia is a strategic decision, but the day-to-day execution of that strategy will involve thousands of details with hundreds of small decisions made day after day. How company policy is interpreted each time within those decisions will determine how compliant company action is. The judgment call of each decision-maker every time they encounter a “gray” area could have a long-term impact.
Annual training and the periodic mention of anti-corruption in internal communications isn’t sufficient to support employees nor to integrate anti-corruption practices into the fabric of the organization. Instead, the reality of the day-to-day implementation of processes and procedures needs to be revealed through effective, ongoing monitoring. This ensures the correct application of GRC on a deal-by-deal basis.
The survey shows that concerns about violating anti-corruption regulations have a real impact on business — 65 percent reported they’d delayed or stopped work with a business partner as a result.
Undoubtedly, companies are more aware than ever of the need to know what’s going on with their suppliers and partners. Regulation has mandated an ethical end-to-end responsibility for the supply chain; the Foreign Corrupt Practices Act (FCPA) for example, calls out risk-based due diligence with third parties and its relevance in the overall effectiveness of a company’s compliance program.
Despite this, only 27 percent monitor business partners quarterly or more often. Many more, 36 percent, monitor only on an annual periodicity.
It would seem there is scope to integrate partners more comprehensively into anti-corruption practices. Over half (58 percent) of respondents indicated that training on their anti-corruption program is provisioned for partners, but this leaves over 40 percent of partners without structured training on company expectations. It’s a communications gap that can be filled to the benefit of all involved.
According to the survey, government sanctions provide the biggest incentive for a partner review — 89 percent reported this as being the most likely trigger for a review, which is an increase on 12 percent in a year. Considering the increased use of sanctions in enforcing national security and economic policies, such as those applied to Russia after its annexation of Crimea, businesses should continue to focus on developments in government sanctions enforcement. Government strategies to combat kleptocracies are also a significant contribution to sanctions enforcement.
Due diligence
A deeper appreciation of the need for internal anti-corruption scrutiny is reflected among the 60 percent of respondents who believe senior-level executives and board members always require due diligence. This was ranked second only to merger and acquisition targets and above both third-party agents/consultants and suppliers.
Such a commitment to internal due diligence indicates an understanding of the impact the personal and professional relationships of business leaders can have on company brand and reputation. As the “faces” of the brand, they must be beyond reproach, and their memberships on other organizations’ boards and their investments must be scrutinized to ensure they do not create problematic conflicts of interest.
Business relationships of senior management cannot be off limits to anti-corruption monitoring. A company could suffer as a result of the private business activities of board members, such as contraventions of anti-corruption laws or sanctions violations.
As one of the most common and overt forms of corruption, the findings on bribery make interesting reading. Nearly one-third (31 percent) of survey respondents didn’t say bribery should always be reported to the authorities. When asked about facilitation payments, 27 percent said it isn’t realistic to ban them. This is symptomatic of the challenges raised by international business. With disparities across regions, it is hard to achieve a level playing field where everyone works from the same rule book. Respondents mentioned different cultural expectations and the legitimacy of facilitation payments in some countries.
The annual survey provides a useful pulse point of the business environment. Respondents mentioned Iran, China, Russia, Iraq and the Ukraine most often as countries where business endeavors are most likely to be disrupted due to concerns about legality, information quality or potentially violating anti-corruption regulations.
There are indicators in the survey that compliance programs are having an effect. In the past two years, there has been a 7 percent drop in respondents who reported business had been lost to an unethical competitor. This stands at 26 percent, down from 28 percent in 2015 and 33 percent in 2014.
In addition to fines, penalties and costly legal proceedings, companies falling foul of anti-corruption measures can cause deep damage to their brand and reputation. Anti-corruption regulations are increasingly complex. Businesses are looking for ways to manage risk and compliance as an integrated, automated part of daily operations. By so doing they can effectively establish and reinforce good practice to better protect the company from damaging contraventions.
One of the foremost thought leaders in IT, French Caldwell has been decisively shaping the GRC market for the last 12 years.
