This document outlines the key points from a presentation on anti-corruption compliance given by Iohann Le Frapper. It discusses the basics of anti-corruption standards and definitions, the importance of risk assessment to identify high risk areas, how to conduct due diligence on business partners, and guidance on adequate anti-corruption procedures from the UK Bribery Act.

1. Organized by the MENA-OECD
Investment Programme in cooperation
with the IMF-Middle East Center for
Economics and Finance
Kuweit
April 22, 2013

2. Iohann Le Frapper
As Vice-chair of ICC Corporate Responsibility and Anti-
corruption Commission

3. 1.- Interactive session
 We all have part of the truth in matters of integrity
 My contribution to this Training is based on compliance
practice and integrity standards
 I am here to speak, to listen and to share: please interrupt me
for questions
 There are the national and the international standards
 There are worldwide norms (OECD and United Nations
Convention) which are recognized everywhere and good
corporate practice which is based on a vast experience
 The anti-corruption standards are universal and each company
has to choose its prevention measures according to its culture,
its size, its resources, its industry, its business model, etc..

4. 2.- The Basics
 The basic rules
 a.- UNCAC, OECD, FCPA, UK Bribery Act
 b.- The basic terminology:
 economic fraud,
 bribery and corruption,
 various forms of corruption (national and international/public and
private/direct and indirect/mother company, subsidiaries and
affiliates/trading in influence),
 Gifts, entertainment and hospitality, and
 money laundering

5. 3.- Definitions
 The term “corruption” covers many aspects of economic fraud
 You can have
 large and small corruption
 “street corruption” and “office corruption”
 corruption with money or other undue advantages
 corruption with laundered money or clean money
 corruption from a slush fund or from a regular stream
 national/international, public/private, direct from a company or
indirect through an intermediary, mother company or subsidiary
and affiliates
 active v. passive
 trading in influence

6. 4.- Risk Assessment I
 A company starts with a Risk Profile/Risk Assessment to identify and prioritize its
risks, esp. corruption.
 Pro-active or crisis mode.
 Risk assessment: cornerstone and critical initial step in designing an effective
compliance program.
 It is the task of the highest body of the corporation (the Board or the owner) to
define the risks the corporation is ready to take on.
 The basic approach of a risk assessment exercise:
 identifying risks : scoping
 measuring them, and
 managing them.
 Oversight by top-level management : from kick-off to final report
 Prioritization of areas of highest risks: likelihood/frequency ? Potential impact?
 As a result of such assessment, the company avoids focusing on false or minor
problems.

7. 5.- Risk Assessment II
 Appropriate resources :Risk assessment with internal/external information sources
and resources.
 Work plan : need to plan budget, level of activity (eg. interview list, document
review?) and timing.
 Call upon operational people and experts: insurance people, Health, Safety,
Environment &Quality (“HSEQ”) people and lawyers
 Typical risks to review : country, industry-specificities, transactions, business
opportunities, business partnership/joint venture ?
 Identify precisely weak points/processes in the organization (e.g. where are you
dealing the most with cash?)
 In which countries do you have business operations where the risk for fraudulent
activity is the highest?
 Degree of business with government entities ?
 Level of regulation of relevant industry ?
 Which supply/marketing channel presents the most challenges?
 Are your intermediaries/business partners a low or high risk for your company?
 Gifts, hospitality and entertainment activities ?

8. 6.- Risk Assessment III
 Gap analysis :address whether existing compliance program address identified risks
?
 Consider ethical awareness survey or interviews to gather data from employees
about high-risks and knowledge of values and policies of the organisation.
 Next stage : recommendations for design or improvement of internal controls
(remediation measures);
 Strength of internal controls : ascertain how compliance program operates in
practice.
 Purpose of risk-assessment is to educate senior managers, seek their input on
findings/report and get their buy-in for anti-corruption program (sponsor must be
one senior executive).
 The risk assessment must be documented (to evidence, if needed, the bona fide of
anti-corruption program) and monitored;
 Dynamic risk-assessment :regular reviews and updates needed to reflect external
developments, risk profile changes and lessons learned through action plan’s
implementation

9. 7.- Due Diligence
 Before joining forces with a new partner, agent,
associate or even executive, you should make
checks on integrity, competence, reputation
 You can do this in very different ways but it
should be
 a continuous and sustainable method
 leaving behind a paper trail, and
 no “box ticking”

10. 8.-Adequate Procedures Guidance-
UK Bribery Act.
 Principle 3 :Risk Assessment
 “The commercial organisation assesses the
nature and extent of its exposure to potential
external and internal risks of bribery on its
behalf by persons associated with it. The
assessment is periodic, informed and
documented”.
http://www.justice.gov.uk/downloads/legisl
ation/bribery-act-2010-guidance.pdf

11. 9.-Adequate Procedures Guidance-
UK Bribery Act.
 Commentary on Principle 3
 “3.1 For many commercial organisations , this principle will manifest
itself as part of a more general risk assessment carried out in relation to
business objectives. For others, its application may produce a more
specific stand alone bribery risk assessment. The purpose of this
principle is to promote the adoption of risk assessment procedures that
are proportionate to the organisation’s size and structure and to the
nature, scale and location of its activities. But whatever approach is
adopted the fuller the understanding of the bribery risks an organisation
faces, the more effective its efforts to prevent bribery are likely to be.
 3.2 Some aspects of risk assessment involve procedures that fall within
the generally accepted meaning of the term ‘due diligence’. The role of
due diligence as a risk mitigation tool is separately dealt with under
Principle 4.”

12. 10.-Adequate Procedures
Guidance-UK Bribery Act.
 Procedures for Principle 3
 “3.3 Risk assessment procedures that enable the commercial organisation accurately
to identify and prioritise the risks it faces will, whatever its size, activities, customers
or markets, usually reflect a few basic characteristics. These are:
 • Oversight of the risk assessment by top level management.
 • Appropriate resourcing – this should reflect the scale of the organisation’s business
and the need to identify and prioritise all relevant risks.
 • Identification of the internal and external information sources that will enable risk
to be assessed and reviewed.
 • Due diligence enquiries(see Principle 4).
 • Accurate and appropriate documentation of the risk assessment and its
conclusions.
 3.4 As a commercial organisation’s business evolves, so will the bribery risks it faces
and hence so should its risk assessment. For example, the risk assessment that
applies to a commercial organisation’s domestic operations might not apply when it
enters a new market in a part of the world in which it has not done business
before(see Principle 6 for more on this).”