The good news according to the 2015 Anti-Bribery and Corruption (ABC) Benchmarking Report is that many risks have plateaued since the report’s launch in 2011. The bad news is that the survey answers still paint a discouraging picture of compliance officers’ struggles to implement a global strategy for anti-bribery compliance and to tame vendor and third party risks.
Produced by Kroll and Compliance Week, the ABC Report provides an annual, comprehensive view of the types of ABC risks compliance officers face, the resources available for mitigating risks, and how these resources can be best utilized in effective compliance programs. Nearly 250 representatives worldwide from industries including financial services, industrial manufacturing, business services, and insurance responded to the report’s survey, which was broken into four categories: risks, third parties, due diligence efforts, and program effectiveness.
If risks seemingly have plateaued, have compliance efforts also? Though roughly half of all compliance officers surveyed expect their bribery and corruption risks to increase this year (within 1 percentage point of last year’s report), the companies have only minimally stepped up their efforts to enhance compliance in third-party relationships. Forty-eight percent reportedly never train their third parties on anti-bribery and corruption issues, a concerning statistic as third parties arguably bring the gravest risk and heaviest burden for compliance programs.
Risks and organizational responses
The report’s top types of “corrupt behavior” mirrored previous years’: bribery, money laundering, bid-rigging, and price-fixing, followed by conflict minerals and human trafficking. Despite this variety in potential risks faced by compliance officers, Kroll Managing Director Lonnie Keene underscores due diligence as the ultimate key to any compliance program strategy.
Yet due diligence must encompass all units within a company, especially the department responsible for finance or accounting. Fifteen percent of respondents admitted low confidence in their organization’s financial controls to catch books-and-records violations of the Foreign Corrupt Practices Act (FCPA). “Recent enforcement actions focused on books and records make clear that when it comes to scrutinizing payments made to third parties, both compliance and finance cannot work independently of each other,” emphasizes Kroll Managing Director Robert Huff. Silos – whether between headquarters and third party firms or inter-departmentally – must be addressed such that employees know when to communicate concerns to the compliance officer.
Effectiveness and automation
More than one-fifth of this year’s respondents noted upwards of 5,000 third parties operating within their value chains. This incredible quantity multiplies the responsibilities of a Chief Compliance Officer’s (CCO) extended to-do list: keeping tabs on increasing enforcement of anti-bribery and corruption laws in each market; reviewing risk assessments at both the onset of a business relationship and on a recurring basis; and continuously monitoring for any suspicious activity. David Holley, Senior Managing Director at Kroll, likens “trying to conduct due diligence on a large number of third parties with whom you are doing business on a regular basis [to] trying to change out the engine of a moving car.”
Still, resources at hand are underutilized. Proactive CCOs are prioritizing monitoring of companies using a risk-based approach that calculates how much due diligence to perform: considering factors such as interaction with foreign or customs officials, nature of the work to be performed, and the markets that a third party operates in. Automating programs can also flag abnormalities in finance, assess risk through calibrated responses to questionnaires, and quickly route information to appropriate staff for decision-making. Successful CCOs are also stepping away from the dry lectures and legal jargon-filled PowerPoint presentations to elicit more enthusiasm from employees and third parties, and ultimately make training more engaging than going through the motions.
As corrupt practices become more sophisticated, compliance programs require constant fine-tuning. CIPE’s own Anti-Corruption Compliance Guidebook recommends low-cost yet effective practices for third parties such as reinforcing a commitment to compliance via team meetings and company memos or circulating case studies, tools, and resources on a regular basis. At the same time, compliance efforts need to be properly documented and evaluated to make sure that the program really works.
“At the end of the day,” concludes Huff, “there’s more to satisfying compliance requirements than that gut feeling, and being able to document and provide evidence of particular past issues is going to go a long way toward meeting those regulatory expectations.”
Stephanie Bandyk is a Program Assistant for Global Programs at CIPE.