Doing business in new markets can leave a company feeling uneasy about the risk of employees and contractors falling foul of bribery and corruption laws. Jonathan Lovell, head of KPMG Forensic in Birmingham looks at how local companies can minimise that risk
While new and emerging markets create opportunities for business, they also pose an increased threat of fraud and corruption. Many developing countries are well known to be dogged by corruption and in some cases this has led to a number of those countries being seen as no-go areas for some businesses.
With this in mind, it is essential for businesses to understand anti-bribery legislation, and to ensure that they comply both with the spirit and the letter of the law. In this respect, there are two key pieces of legislation to consider.
Firstly, the UK Anti-Terrorism, Crime and Security Act 2001, identifies bribery and corruption as a criminal offence.
The UK 2001 Act came into force after the UK signed the OECD Anti-Bribery Convention, and is meant to deter UK companies and nationals from committing acts of bribery overseas.
UK companies and nationals can now be prosecuted in the UK for an act of bribery committed wholly overseas.
Secondly, the US Foreign Corrupt Practices Act 1977 was enacted as a result of a number of scandals and was designed to restore public confidence in the integrity of the US business system.
The US FCPA has extra-territorial reach and is broad in its application, extending well beyond companies listed on the US stock exchanges.
A comprehensive understanding of the provisions of both these Acts is critical to any enterprise operating in multiple jurisdictions. In order to prevent, detect and respond to bribery and corruption issues, an effective compliance programme should be implemented.
Each company needs to consider their specific risk factors and relevant business processes in order to implement an effective program. There is no single answer as to what an effective compliance programme should look like, although it may include the following.
Tone at the top
Setting the tone at the top, including the assignment of one or more independent senior individuals charged with responsibility for compliance is central to an effective compliance programme.
These individuals are responsible for the implementation and oversight of compliance with anti-bribery and corruption policies and procedures established in accordance with a company’s overall compliance programme.
They should have a clear reporting line to the senior executives of the company to facilitate effective communication and to keep anti-bribery and corruption compliance on the agenda.
It is unlikely to be sufficient to simply add anti-bribery and corruption compliance to an individual’s existing responsibilities if they do not have the requisite time and resources to fulfil the requirements of the role.
Those charged with responsibility for anti-bribery and corruption compliance should be supported by adequately trained, qualified and capable personnel who have the time and resources to assist them with their anti-bribery and corruption responsibilities.
An international anti-bribery and compliance policy
A company should have a clearly articulated global compliance programme which sets out the requirements of the UK, US and other anti-bribery and corruption legislation relevant to its business, along with the policies and procedures the company has adopted to comply with the legislation. This global programme should be adopted and implemented by the local business units and departments of the company.
Training and certification
Regular training for employees and agents should be given to ensure they are aware of their responsibilities under the relevant anti-bribery and corruption legislation, and the activities for which they may be found liable. Employees and agents should also be required to sign an annual certification to demonstrate their understanding.
Integrity due diligence
In-depth, accurate and timely information allows companies to make informed decisions regarding who they are doing business with and enables them to take necessary precautions for monitoring high risk areas of their operations.
Integrity due diligence involves the search, collection and analysis of information – from both public and confidential sources – on the background, ownership, business track record, reputation and integrity of entities or individuals.
A reporting system for employees and agents to report suspected anti-bribery and corruption violations and other criminal conduct can be an important element of an effective compliance programme. A hotline enables anonymous reporting and can often be the first indication of a problem that needs to be addressed.
Previous KPMG research has found that 50 per cent of fraudulent or corrupt activity is discovered through whistle-blowing by employees, and that employees are twice as likely to report such activity through hotlines compared to five years previously.
Monitoring for compliance and feedback
A risk-based approach to monitoring for compliance should be adopted. This should target activity towards those areas that are considered most at risk.
For example, high-risk jurisdictions or business areas in which controls are considered to be weak, or where a previous violation has occurred.An annual risk assessment should be completed to ensure changes in the nature and size of business operations are taken into account.
Monitoring for compliance in conjunction with a risk-based approach, may include in-country visits to conduct on-site audits and to review systems and controls.
A comprehensive compliance programme should be regularly updated with findings from the monitoring process and changes in local legislation, to ensure it is up-to-date and relevant to the business.
The compliance programme should also be adapted to incorporate recommendations from investigations into alleged violations, taking into account lessons learnt to improve the framework for the future.
To be effective against the threat of fraud, corruption and misconduct, organisations should have a robust cross-border investigations methodology which will enable them to respond efficiently and effectively to violations. An effective response programme should clearly set out the response to an alleged violation including who is responsible for leading the investigation, how the alleged wrongdoer is dealt with, and the process for investigating the alleged violation including procedures for maintaining the integrity of the data.
The response programme should also set clear guidelines for the use of external lawyers to establish legal privilege if applicable, and make decisions regarding disclosure to the regulators. It should also address when professional services firms are to be used to conduct an independent investigation.
Non-compliance of anti-bribery and corruption laws can be severe. For example, failure to comply with the US FCPA could result in fines in the tens of millions of dollars including potential disgorgement of profits from illicitly-gained contracts.
With increased activity by both the US and UK regulators, plus the ongoing negative business perception of corruption among the emerging markets, failure to take action to prevent, detect and respond to bribery and corruption, could prove expensive.