Author: Michael Rasmussen                                                                                                 ...
Author: Michael Rasmussen                                                                                      mkras@Corp-...
Author: Michael Rasmussen                                                               ...
Author: Michael Rasmussen                                                                                       mkras@Corp...
Author: Michael Rasmussen                                                               ...
Author: Michael Rasmussen                                                                                     mkras@Corp-I...
Author: Michael Rasmussen                                                                
Author: Michael Rasmussen                                                                                     mkras@Corp-I...
Upcoming SlideShare
Loading in …5

Anti bribery and-corruption_the_good_the_bad_and_the_ugly


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Anti bribery and-corruption_the_good_the_bad_and_the_ugly

  1. 1. Author: Michael Rasmussen +1.888.365.4560  ANTIBRIBERY AND CORRUPTION: THE GOOD,THE BAD, AND THE UGLY  The  Good,  the  Bad,  and  the  Ugly  of  ABC ................................ 2   Starting  with  the  Ugly:  The  Growing  Burden  of  ABC  Laws  and  Regulations....................................... 2   Next,  the  Bad:  Ignorance  Is  no  Excuse .............................................................................................. 3   The  Good:  A  Strong  Compliance  Program  Ready  to  Defend  the  Organization ................................... 3  Meeting  Anticorruption  Obligations....................................... 4  Transaction  Monitoring:  The  Cornerstone  of  a  Strong  Antibribery  and  Corruption  Program...................................... 6   Oversight  Systems:  Bringing  Order  to  Compliance............................................................................ 7    Tuesday, October 2, 2012 Page 1 of 8
  2. 2. Author: Michael Rasmussen +1.888.365.4560The dynamic and global nature of business is challenging for risk and complianceprocesses. As organizations expand operations and business relationships — vendors,supply chain, outsourcers, service providers, consultants and staffing — their riskexposure grows exponentially, internally and externally. Organizations need to stay ontop of their game by monitoring relationships and transactions for bribery and corruption,expanding regulations, increased fines and sanctions, and aggressive regulators andprosecutors around the world.The Good, the Bad, and the Ugly of ABCStarting with the Ugly: The Growing Burden of ABC Laws and RegulationsLaws such as the Foreign Corrupt Practices Act (FCPA) have been in place in the U.S.for nearly 35 years. Each year shows increasing noncompliance and growing fines andpenalties by the U.S. Department of Justice. The U.K. Bribery Act (UKBA) wasapproved in 2010, and went into force July 2011. Both the FCPA and the UKBA arecountry-specific initiatives to support the Organization for Economic Cooperation andDevelopmentʼs (OECD) anticorruption initiatives. Other legislation such as the U.S.Dodd-Frank Wall Street Reform Act gives corporate whistleblowers that provideinformation that leads to a successful SEC enforcement 10 percent to 30 percent ofmonetary sanctions over $1 million. While the UKBA is still too new to measure itseffect, the FCPA has a long trajectory of increasing penalties and enforcement actions.Consider:  The average FCPA penalty in its 35-year history is $50 million. In the past few years the average is over $66 million. To date the largest penalty has been against Siemens, at $800 million.  Investigation costs can run as much as the penalty. Siemenʼs spent over $800 million for investigation and legal costs. If the average recent fine is $66 million, the organization can expect to spend at least half that much on investigation.  The cost of complying with enforcement actions is significant. These typically require the organization to build and maintain a compliance program to specific requirements, and an independent external monitor to validate the program on a periodic basis.The ugly side of ABC enforcement actions is that the penalty is only half the cost to theorganization. If the average penalty in the past two years is $66 million, the organizationcan expect the total cost to investigate and respond to issues of bribery and corruptionTuesday, October 2, 2012 © 2012, Corporate Integrity, LLC. All rights reserved. Page 2 of 8
  3. 3. Author: Michael Rasmussen +1.888.365.4560will be over $100 million, on average.Next, the Bad: Ignorance Is no ExcuseGrowing documentation of enforcement actions shows us the organization andexecutives cannot claim ignorance. It is imperative that the organization understandswhom it is doing business with and the transactions being done. Organizations needstrong internal controls to look for suspicious transactions and to ensure theorganization is doing business with right organizations and not the wrong ones.In the Nature Sunshine FCPA action, the government charged the COO (CEO at time ofinvestigation) and CFO with violating FCPAʼs books and records clause and did nothave adequate control over and internal control provisions. This was in response tobribes paid by a Brazilian company subsidiary to customs officials to importunregistered products into Brazil. The SECʼs investigation determined neither the COOnor CFO had any involvement in or knowledge of the improper cash payments in Brazil.However, the SEC found they violated the FCPAʼs internal control provisions in theircapacities as control persons under Section 20(a). The SEC based its argument on thetheory that the COO and CFO failed to supervise the companyʼs internal controls andoversight of process to keep accurate books and records.The Good: A Strong Compliance Program Ready to Defend the OrganizationIn April 2012 a landmark FCPA decision was announced. For the first time on record thegovernment did not prosecute an organization for violation of FCPA: The company,Morgan Stanley, had a strong compliance program including a system of internalcontrols meant to ensure accountability for its assets and to prevent bribery andcorruption. The Department of Justice stated: “Morgan Stanleyʼs internal policies, which were updated regularly to reflect regulatory developments and specific risks, prohibited bribery and addressed corruption risks associated with the giving of gifts, business entertainment, travel, lodging, meals, charitable contributions and employment. Morgan Stanley frequently trained its employees on its internal policies, the FCPA and other anticorruption laws. . . . Morgan Stanleyʼs compliance personnel regularly monitored transactions, randomly audited particular employees, transactions and business units, and tested to identify illicit payments. Moreover, Morgan Stanley conducted extensive due diligence on all new business partners and imposed stringent controls on payments made to business partners.” 11, October 2, 2012 Page 3 of 8
  4. 4. Author: Michael Rasmussen +1.888.365.4560This illustrates that strong processes — up-to-date policies, training and transactionmonitoring — defend the organization and keep it out of trouble.Meeting Anticorruption ObligationsIn todayʼs complex business environment the organization protects itself bydemonstrating it implements appropriate compliance measures to prevent and detectcorruption and noncompliance. Preventive measures should avoid corruption, alongsidedetective measures to monitor for corruption and respond quickly and efficiently.While laws around the world are aimed at antibribery and corruption, complianceaspects of these laws are based on common requirements. From a U.S. perspective,the best defense is to show the organization meets the elements of an effectivecompliance program as established by the U.S. Sentencing Commission OrganizationalGuidelines.2 The guidelines compliment and coordinate well with the U.K.ʼs guidancerequiring a company to demonstrate adequate procedures to prevent bribery. It is a fulldefense in the U.K. Bribery Act when an organization proves that despite a particularincident of bribery it nevertheless has proper compliance practices in place to preventcorruption and bribery. Both the U.S. and U.K. guidance align and support the OECDGood Practice on Internal Controls, Ethics and Compliance.3An integrated view of the U.S., U.K. and OECD guidance requires an organization havethe following compliance elements in place: • Understand your risk: An organization must conduct periodic assessment (e.g., annual) of the exposure of the organization to corruption and unethical conduct. • Approach compliance in proportionality of risk: If in a certain area of the world or business partner scores as a higher risk to corruption, the organization must respond with stronger compliance procedures and controls. • Tone at the top: Management must communicate that they support the antibribery and corruption compliance program and will not tolerate corruption in any form. At the same time they must be informed about the effectiveness and operations of compliance initiatives for anticorruption. • Know who you do business with: Due diligence efforts must be in place to make sure the organization is contracting with ethical entities. If there is a high degree of risk to corruption in a relationship, it is necessary that additional2, October 2, 2012 © 2012, Corporate Integrity, LLC. All rights reserved. Page 4 of 8
  5. 5. Author: Michael Rasmussen +1.888.365.4560 preventive and detective controls be established in accordance with the risk. • Keep information current: These are not point-in-time efforts that happen once. Business transactions and relationships evolve and require ongoing monitoring to look for issues that point to bribery and corruption. • Compliance oversight: The organization needs someone responsible for oversight of antibribery and corruption compliance processes and activities, with the authority to report to the audit committee of the board. • Established policies and procedures: Organizations must have documented and up-to-date policies and procedures that address bribery and corruption. The code of conduct is the governing policy that addresses gifts, hospitality, entertainment, expenses, customer travel, political contributions, charitable donations and sponsorships and facilitation payments. • Effective training and communication: Written policies are not enough — individuals need to know what is expected of them. Organizations must implement training programs on the organizationʼs policies and practices for employees and business partners at risk of bribery, corruption and fraud. • Implement communication and reporting processes: The organization must have communication channels where employees can get questions on policies answered to avoid noncompliance issues. The organization must also have a hotline reporting system for individuals to report suspected misconduct. • Assessment and monitoring: The organization must have regular compliance assessment and monitoring activities to ensure policies, procedures and controls are in place and working. • Investigations: Investigation processes must quickly identify (e.g., hotline, surveys, management reports, exit interviews) potential incidents and quickly and effectively investigate and resolve issues. • Internal accounting controls: Organizations must keep detailed books, records and accounts that accurately reflect transactions and disposition of assets that could be implicated in bribery and corruption issues. • Manage change to the business: Organizations must monitor the business environment for changes that impact its anticorruption program or introduce greater risk of corruption.Compliance must be an active and living part of the organization to prevent and detectcorruption, bribery and fraud in international business. It is a continuous and ongoingprocess that must be monitored, maintained and nurtured. The challenge is establishingcorruption prevention and detection activities that move the organization from a reactivefire-fighting mode to one that proactively manages, monitors, prevents and detectscorruption and compliance related risks.Tuesday, October 2, 2012 Page 5 of 8
  6. 6. Author: Michael Rasmussen +1.888.365.4560Transaction Monitoring: The Cornerstone of a StrongAntibribery and Corruption ProgramMost organizations have policy and training programs in place. These are essentialcomponents — but by themselves do not keep organizations out of hot water. What theU.S. Department of Justice called out in the Morgan Stanley case were their policiesand training, but they also had regular monitoring and auditing of transactions. Thetransaction-monitoring component is what makes companies different — it keeps themout of hot water, and when they do get in hot water it helps them recover.Think of this as a maturity curve. Ineffective compliance programs are ad hoc in natureand often supported by hundreds to thousands of documents and spreadsheets that areerror-prone and difficult to reconcile. Established compliance programs have strongpolicies and training programs — this is good, but does not protect the organizationcompletely. An effective compliance program has policies and training, but also hasregular monitoring of business relationships and transactions — the organization isprepared to defend itself in enforcement actions. Organizations with transactionmonitoring can demonstrate strong controls in place for FCPA books and records andinternal control provisions; they can prevent suspicious transactions from happening tobegin with, or alert the organization to suspicious activity before it becomes a greaterissue. Transaction monitoring can accomplish the following: • The organization understands its risk as it continuously monitors transactions to alert the organization to bribery and corruption. • Monitoring can be tailored to address risk proportionality to the business, so high- risk transactions and business relationships are more effectively monitored. • Management is better prepared to take action and enforce tone, as suspicious transactions are brought to their attention to take action on. • The organization knows who it is doing business with as transactions with new vendors are reviewed and it ensures proper screening is done. • The most current information about business partners and transactions can be held to policy thresholds and due-diligence efforts. • Bribery and corruption issues can be monitored and prevented, alongside proper compliance oversight. • Transaction monitoring assures policies are complied with and exceptions enforced, documented and managed. • Employee training is reinforced, alerting workers when they do something outside of standard policies. • Robust communication and reporting alerts management to potential exposure.Tuesday, October 2, 2012 © 2012, Corporate Integrity, LLC. All rights reserved. Page 6 of 8
  7. 7. Author: Michael Rasmussen +1.888.365.4560 • Internal accounting controls keep accurate records, and accurately reflect transactions and disposition of assets.Policies, training, audits and assessments are still needed. Transaction monitoringmakes all of them an ongoing reality. In this way, the organization is prepared to defenditself in an enforcement action and demonstrate to law enforcement and regulators it isdoing everything possible to prevent bribery and corruption.Oversight Systems: Bringing Order to ComplianceOversight Systems is a solution provider in the compliance market that CorporateIntegrity has researched and evaluated. Through a purpose-built continuous transactionanalysis, Oversight Systems eases the anticorruption compliance burden by deliveringoperational effectiveness, human and financial efficiency and agility to complianceprocesses. Its solution monitors transactions and the personnel that perform them, anddetects and prevents bribery, corruption and other types of fraud.While other vendors help with policy communication and training for ABC compliance,Oversight Systems is one of the few that take compliance to the transaction level toensure bribery and corruption does not happen in course of business transactions.Specifically, Oversight Systems accomplishes:  Data analytics: Oversight Systems monitors for bribery and corruption by monitoring accounting and ERP data to identify trends and anomalies.  Exception management: The ability to review and analyze transactions flagged as suspicious and grant exceptions when needed.  Real-time detection: Oversight Systems can monitor transactions, activity, and business relationships in real-time to help prevent issues from happening.  Continuous monitoring: By reviewing every transaction in the system the organization can look at transactions individually and in aggregate. This can detect bribery and corruption activity that may have flown under the radar initially.  Limit exposure: Continuous monitoring can prevent bribery and corruption or limit scope and duration to reduce exposure to the organization.  Business relationship monitoring: Through integration with third-party content sources such as politically exposed person (PEP) screening and watch lists, the organization can feel confident it is doing business with people that are not known to be susceptible to corruption.  Breadth of analytic capabilities: Oversight Systems has one of the most expansive analytic engines for analyzing business transactions. It covers Boolean logic, chaining, recurrence, format outliers, similarity, clustering and consolidation,Tuesday, October 2, 2012 Page 7 of 8
  8. 8. Author: Michael Rasmussen +1.888.365.4560 temporal analysis, aggregation, numerical statistics, meta reasoning, sentiment, spatial, image and linguistic analytical capabilities.  Process automation: Integrated workflow and task management ensures everyone knows what is in their queue and what is expected of them.  Reporting and dashboard: The analytic engine drives a robust reporting and dashboarding ability that allows for customization to specific manager needs.The core compliance capabilities of the Oversight Systems solution enable a completetransaction monitoring and response system for bribery and corruption. This helpsorganizations achieve a system of internal control and monitoring to meet requirementsof a regulatory compliance program.Oversight Systems is tuned to help with other areas of risk and compliance such asfraud, error and waste. Organizations that use Oversight Systems report they havelowered costs for monitoring and audit, minimized errors, were able to detect issues andareas for improvement in a timely manner, and gained greater clarity of businessprocess and transaction performance.Tuesday, October 2, 2012 © 2012, Corporate Integrity, LLC. All rights reserved. Page 8 of 8