Your company has engaged in a comprehensive risk assessment that identifies the corruption risks related to your company’s location, customers, interactions with government officials, business sector, and personnel). You also have implemented a policy stating that bribery and corruption are illegal and contrary to your company’s values, and that any such activities are prohibited. But your work is not done. Enforcement authorities expect to see an anti-corruption compliance program that contains specific procedures and controls that are designed to prevent and detect bribery and other forms of corruption (see US Sentencing Guidelines §8B2.1(a)). This post focuses on procedures and controls that help prevent corrupt conduct; our next post will focus on procedures and controls that help detect corrupt conduct.
As Benjamin Franklin reportedly said, “An ounce of prevention is worth a pound of cure.” Procedures and controls help personnel develop the “questioning attitude” that can help prevent wrongdoing by alerting them to the need for extra diligence, and by forcing them to slow down and ask the necessary questions. But there is no one-size-fits-all approach to developing these procedures and controls. As the UK government has explained, a company’s bribery prevention procedures should be “proportionate to the bribery risks it faces and to the nature, scale and complexity of the commercial organisation’s activities” (The Bribery Act 2010: Guidance p.21). In other words, the outcome of your risk analysis should inform the procedures and controls you adopt.
Consider how the following examples of procedures and controls correspond to a given company’s specific corruption risks:
Potential risk
Examples of procedures and/or controls
A healthcare company hires doctors at overseas, state-owned hospitals to run clinical trials. It wants to have the hiring decision focus on the individual’s qualifications and background, and prevent product sales considerations from being part of the hiring analysis.
- Clinical personnel must complete an approval form and get it signed by a manager before hiring any doctor. The form includes information about the research justification for hiring the particular doctor over others.
- All company personnel who interact with doctors are required to complete regular anti-corruption training that focuses on the risks presented by these interactions.
- Payments to doctors are audited on a regular basis, and company personnel are aware of this standard procedure.
An agricultural company hires customs brokers to facilitate the conveyance of perishable goods through customs. It wants to prevent these agents from using bribes to speed up this process.
- Any proposed broker must complete a detailed due diligence questionnaire that asks about the broker’s relations with government officials and his or her qualifications for the position. The questionnaire is reviewed independently by the compliance team before approval is given to hire the broker.
- All customs brokers and other agents must represent and warrant compliance with the company’s anti-corruption policy and agree to regular audits of their activities (including review of their books and records) on behalf of the company.
- Any payments to brokers above those agreed to in the contract are subject to a special approval process.
A company is committed to giving back to the communities at their primary overseas locations through donations to schools. However, it wants to avoid any impropriety as to which schools are chosen, and how donations are allocated.
- Donations are made in the form of goods or equipment, not in cash, and the need for such goods or equipment is independently verified with school officials.
- Donations requested by a government official are normally not permitted, with exceptions requiring the Chief Compliance Officer’s prior written authorization after a complete review of the facts.
- Donations are made only to the actual school organizations, never to any individual.
- Donations valued above a certain amount must be approved by a member of the compliance team.
A company plans to acquire a new subsidiary in a country where corruption is prevalent. It wants to minimize any compliance-related problems from the company it is acquiring.
- Prior to the acquisition, appropriate personnel conduct extensive due diligence on the target company to understand its overall anti-corruption program, with special attention to the risk profile and related procedures/controls. In addition, target company records (including its financial books and records) must be scrutinized to identify past issues that could subject the acquiring company to future liability.
- After the acquisition, the company rolls out its anti-corruption compliance program in the acquired company according to an established timeline, focusing first on the higher risk situations. The roll-out includes program training for all appropriate new personnel.
We offer the above examples as illustrations only. Your company’s unique risk profile will inform the types of procedures and controls that best fit its facts and circumstances. The key is to target procedures and controls that are operationally as close as possible to those activities that present the greatest risk of bribes.