Worth MacMurray
- Works with global companies to prepare for ISO 37001 independent 3rd party audits
- Expertise in advising C-Suite, Board of Directors and operational personnel on regulatory compliance and supplier requirements, and related investigations
- Public and private company General Counsel and Chief Compliance Officer experience with a wide range of corporate business, strategic and legal matters, including: M&A, SEC, IP licensing and protection, equity and debt financing, commercial dispute resolution, bid protests, government contracts, software revenue recognition, employment and strategic growth initiatives
- Member of the U.S. Technical Advisory Group for the ISO 37001 international standard for anti-bribery management systems
- Working territories - US, Europe, Latin America, the Caribbean, Asia/Pacific, and Africa
- All 9 Best Practices
- Pre-Meeting Discovery Process
- One-on-One Call with Expert
- Meeting Summary Report
- Post-Meeting Engagement
Using Business Tools to Fight Bribery and Leverage FCPA Programs: ISO 37001
Overview
Bribery is a serious and under-appreciated risk for U.S. companies doing business overseas.
And the crime of bribery has a low threshold definition: generally, companies or individuals giving anything of value to a foreign governmental official to obtain or retain business violate U.S. anti-bribery law.
The U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (for public companies) continue to increase anti-bribery enforcement activities. Recent cases have resulted in significant fines and penalties for both the entities and persons involved. Increasingly, DOJ is seeking convictions including prison time for corporate executives – even from smaller companies – involved in bribery.
Anti-bribery compliance programs significantly reduce bribery risks and consequences. Programs tailored to a business’s unique facts and circumstances (size, business sector, geographies, etc.) can help identify and mitigate bribery possibilities. Typical anti-bribery techniques involve a focus on high-risk activities, personnel training and applying appropriate controls.An effective anti-bribery compliance program may result in law enforcement deciding not to pursue charges if there is a bribery event – because the event is seen as non-systemic, and because the company has made tangible and proactive efforts to do the right thing.
Here are nine Best Practices for anti-bribery compliance programs for companies doing business overseas:
Best Practice 1: Do a bribery risk assessment.
Policies and programs need a focus and foundation. The bribery risk assessment evaluates how and where the company does business and identifies higher risk situations and activities that require particular attention through controls and monitoring. For example, as one control, a company doing business in a country with a well-established corruption history should consider detailed in-person anti-corruption training for company personnel located in and regularly traveling to that country.
Best Practice 2: Conduct due diligence on agents.
Agents can be high value business associates, but they also represent high bribery risk. Appropriate due diligence helps identify relationships and past events that may exclude certain persons from acting as company agents, and provides the basis for hiring other qualified persons who do not have problematic backgrounds.
Best Practice 3: Put controls in place.
Best Practice 4: Implement an anti-bribery policy and program.
Best Practice 5: Implement a policy-and-program training and communications plan.
- Not realizing that bribery is a crime with serious company and personal consequences
- A belief that “it’s part of the local culture” and therefore permissible
- Or because of management’s clearly communicated message of “I don’t care how you do it, just make this quarter’s numbers”
Best Practice 6: Put program governance in place.
Best Practice 7: Delegate day-to-day program operational responsibility to a senior officer.
Best Practice 8: Respond to bribery allegations and apply lessons learned.
Anti-bribery compliance programs are not foolproof, nor are they a guarantee that bribery won’t be alleged or actually occur. When allegations occur, they should be taken seriously. Objective and thorough investigations should take place, possibly involving legal counsel, if an initial assessment of the facts indicates that there may be actual issues.
At the conclusion of the investigation, and after carefully considering whether or not employee discipline, contract termination, disclosure and/or other actions or responses are appropriate under the circumstances, perform a root cause analysis. Consider:
- How did this incident occur?
- What program weaknesses does this incident bring to light?
- Are there are similar weaknesses in other program areas?
- What changes need to be made to strengthen these areas?
- Was this an isolated incident or are there larger systemic problems that need to be addressed?
Best Practice 9: Document, document, document.
Law enforcement takes the view that “if it isn’t written down, it doesn’t exist.” Document all anti-bribery program components and major activities to be able to show that your company has an “effective compliance program.” Use visual tools such as large format maps to simplify compliance concepts and provide easily understood views into program operations.