- Works with global companies to prepare for ISO 37001 independent 3rd party audits
- Expertise in advising C-Suite, Board of Directors and operational personnel on regulatory compliance and supplier requirements, and related investigations
- Public and private company General Counsel and Chief Compliance Officer experience with a wide range of corporate business, strategic and legal matters, including: M&A, SEC, IP licensing and protection, equity and debt financing, commercial dispute resolution, bid protests, government contracts, software revenue recognition, employment and strategic growth initiatives
- Member of the U.S. Technical Advisory Group for the ISO 37001 international standard for anti-bribery management systems
- Working territories - US, Europe, Latin America, the Caribbean, Asia/Pacific, and Africa
- All 9 Best Practices
- Pre-Call Discovery Process
- One-on-One Call with Expert
- Session Summary Report
- Post-Session Engagement
Using Business Tools to Fight Bribery and Leverage FCPA Programs: ISO 37001
Bribery is a serious and under-appreciated risk for U.S. companies doing business overseas.
And the crime of bribery has a low threshold definition: generally, companies or individuals giving anything of value to a foreign governmental official to obtain or retain business violate U.S. anti-bribery law.
The U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (for public companies) continue to increase anti-bribery enforcement activities. Recent cases have resulted in significant fines and penalties for both the entities and persons involved. Increasingly, DOJ is seeking convictions including prison time for corporate executives – even from smaller companies – involved in bribery.Anti-bribery compliance programs significantly reduce bribery risks and consequences. Programs tailored to a business’s unique facts and circumstances (size, business sector, geographies, etc.) can help identify and mitigate bribery possibilities. Typical anti-bribery techniques involve a focus on high-risk activities, personnel training and applying appropriate controls.
An effective anti-bribery compliance program may result in law enforcement deciding not to pursue charges if there is a bribery event – because the event is seen as non-systemic, and because the company has made tangible and proactive efforts to do the right thing.
Here are nine Best Practices for anti-bribery compliance programs for companies doing business overseas:
Best Practice 1: Do a bribery risk assessment.
Policies and programs need a focus and foundation. The bribery risk assessment evaluates how and where the company does business and identifies higher risk situations and activities that require particular attention through controls and monitoring. For example, as one control, a company doing business in a country with a well-established corruption history should consider detailed in-person anti-corruption training for company personnel located in and regularly traveling to that country.
Best Practice 2: Conduct due diligence on agents.Agents can be high value business associates, but they also represent high bribery risk. Appropriate due diligence helps identify relationships and past events that may exclude certain persons from acting as company agents, and provides the basis for hiring other qualified persons who do not have problematic backgrounds.
A company’s higher bribery risk situations and activities identified through the risk assessment need particular attention. For example, a company with an overseas sales office should consider applying controls to its petty cash, gifts and entertainment, community relations, and political contributions accounts. Depending upon the location, employees may need country-specific anti-bribery training and internal audit may want to include that office in its audit plan site visits.
Best Practice 3: Put controls in place.
A company’s anti-bribery (or anti-corruption) policy should be clear, understandable and written in a way that is consistent with the company’s corporate culture. The policy should also create and provide details on the related anti-bribery (or anti-corruption) program. For completeness, and to have the maximum benefit, the program should meet leading standards’ definitions of “an effective compliance program.”
Best Practice 4: Implement an anti-bribery policy and program.
Bribes require people. People bribe for a variety of reasons, including:
Best Practice 5: Implement a policy-and-program training and communications plan.
- Not realizing that bribery is a crime with serious company and personal consequences
- A belief that “it’s part of the local culture” and therefore permissible
- Or because of management’s clearly communicated message of “I don’t care how you do it, just make this quarter’s numbers”
Typically, the company board of directors should oversee the program, and management is responsible for its implementation and operation. Both groups should be trained concerning their respective responsibilities. Periodic status reports should be provided to each group from the appointed compliance officer (See Best Practice 7).
Best Practice 6: Put program governance in place.
The U.S. government and leading practice standards all promote the importance of the chief compliance officer role. The widely-held view is that a company shows that compliance is taken seriously and is a priority only if there is a compliance officer role within senior management. This person (who may hold a full- or part-time role to be performed along with his/her other duties, depending on the circumstances) manages the program, and should have adequate resources to do his or her job.
Best Practice 7: Delegate day-to-day program operational responsibility to a senior officer.
Best Practice 8: Respond to bribery allegations and apply lessons learned.
Anti-bribery compliance programs are not foolproof, nor are they a guarantee that bribery won’t be alleged or actually occur. When allegations occur, they should be taken seriously. Objective and thorough investigations should take place, possibly involving legal counsel, if an initial assessment of the facts indicates that there may be actual issues.
At the conclusion of the investigation, and after carefully considering whether or not employee discipline, contract termination, disclosure and/or other actions or responses are appropriate under the circumstances, perform a root cause analysis. Consider:
- How did this incident occur?
- What program weaknesses does this incident bring to light?
- Are there are similar weaknesses in other program areas?
- What changes need to be made to strengthen these areas?
- Was this an isolated incident or are there larger systemic problems that need to be addressed?
Best Practice 9: Document, document, document.
Law enforcement takes the view that “if it isn’t written down, it doesn’t exist.” Document all anti-bribery program components and major activities to be able to show that your company has an “effective compliance program.” Use visual tools such as large format maps to simplify compliance concepts and provide easily understood views into program operations.