Anti-Bribery and Corruption Compliance Practices
Compliance Week published its 2014 Anti-Bribery and Corruption Benchmarking Report, a survey of over 180 executives involved in ethics and FCPA compliance and internal audit (here). The Survey focused on risk, dealing with third parties and due diligence.
Risk: The Survey assessed areas of responsibility for the Chief Compliance Offer or CCO of the company. In the area of cyber security and privacy, business organizations reported varying practices with respect to the role of the COO:
- 43.9% — COO responsible for data privacy laws and breach disclosure, not cyber security
- 31% — COO has no oversight in these areas
- 22.5% — COO responsible for both areas
The COO is, however, almost uniformly responsible for traditional corruption areas such as anti-bribery. With respect to other corruption issues, companies have adopted varying practices regarding the responsibility of the COO:
- Anti-bribery – 95.7% stated the COO was responsible for this area
- Bid-rigging – 64.7% stated that the COO is responsible for this area
- Money Laundering – 62.6%, the COO is responsible
- Price-fixing – 59.9%, the COO is responsible
- Conflict minerals – 24.1%, the COO is responsible
In assessing risk, business organizations were close to evenly split on whether bribery and corruption would continue to increase over the next three years. This is an interesting assessment given the efforts of U.S. enforcement official in this area and the increasing efforts of officials in other countries:
- Increase – 50.8% noted the risk would increase
- Remain the same – 29.9% indicated that the risk would remain about the same
- Decrease – 5.3% responded that the risk would decrease
Third parties: Affiliations with third parties frequently present significant risk for business organizations. The DOJ and the SEC, for example, have brought a number of FCPA actions centered on third parties. Despite this fact over half of those surveyed did not provide any training on anti-bribery and corruption issues to third parties:
- Never – 58.3% indicated that they never provide training on anti-bribery and corruption issues to third parties
- Annually – 19.8% of those responding indicated that they provide training annually
- Bi-annually – 14.4% provide training every two years
- Every 3 to 5 years – 7.5% provide training every few years
For those that do provide training to third parties, the vast majority include them in their Code of Conduct while many use a certification, on-boarding questionnaire and web based training:
- 70.5% — Include in Code of Conduct
- 59% — Certification included in contract materials
- 57.7% — Part of on-boarding questionnaire and process
- 52.6% — On-line or web-based training
- 44.9% –Distribute materials for employees to review
- 42.9% –In-person on-site training
Due diligence: Due diligence is a continuing area of focus in anti-bribery and corruption actions. It can be particularly critical in mergers and acquisitions. One issue centers on the type of information would influence a corporate decision not to work with a third party:
- 77% — Allegations/rumors of bribes but no proof
- 64.2% — History of litigation
- 59.9% — Politically exposed person
- 55.1% — Not well known for doing the work needed
Business organizations also reported using a variety of methods in conducting due diligence including:
- 69.2% — Reference checks
- 64.1% — Information collected by business units
- 56.4% — Public English data bases
- 51.3% — Adverse local language media searches
- 51.3% — Corporate legal department reviews
- 50% — Public data bases, local language
- 37.2% — Litigation searches in local jurisdiction
- 37.2% — Adverse media services, English only
- 34.6% — Investigation by professional investigators
- 33.3% — Reputational interviews in local jurisdiction
- 28.2% — U.S. commercial services
- 23.1% — Opinion of local or international law firm
Overall the Survey provides insight practices and views of business organizations on key questions regarding anti-bribery and corruption compliance.