In conjunction with International Fraud Awareness Week, we will be running a series of blog posts by our Investigations & Fraud Risk Management practice leaders. For more on the topic, and to listen to our recorded webinars, visit www.protiviti.com.
By Scott Moritz
Managing Director, Leader of Protiviti’s Investigations & Fraud Risk Management practice
The difference between high-performing anti-corruption programs and those that aren’t often comes down to the information that the organization collects and analyzes in the execution of its anti-corruption vigilance. Such information provides the basis for informed decisions across a wide range of anti-corruption activities: background investigations of customers; controls and prohibitions over gifts, travel and entertainment; the review and approvals of requests to make charitable donations; and hiring decisions, among others.
Effective anti-corruption programs are tailored to fit a company’s unique size, product mix and customer base and take into consideration the Hallmarks of Effective Compliance Programs as outlined in A Resource Guide to the U.S. Foreign Corrupt Practices Act (the Guide), published by the U.S. Department of Justice and the Securities and Exchange Commission (2012), as well as other authoritative guidance. The Guide provides detailed information on what the U.S. government views as an effective compliance program; however, companies that are not collecting the right information on which to make critical compliance decisions risk violating the Foreign Corrupt Practices Act (FCPA) just the same.
Below, we outline the three most critical areas for which companies need to collect the right information, in order to deem their anti-corruption programs effective.
1. Customer Information and Categorization
Most companies are ill-prepared to answer even the most basic questions about their customers – for example, whether the customer is a government or private enterprise. These companies must collect sufficient information (e.g., the identity of majority shareholders, directors and key executives) that would allow them to readily identify the category of customer they are engaging with. Employees of government agencies, state-owned companies or public international organizations, such as the World Bank, the International Red Cross or the United Nations, are very likely to meet the definition of “foreign officials,” and interaction with foreign officials in a commercial context needs to be conducted with careful scrutiny to avoid violating anti-bribery statutes.
The risk comes into play most often where gift-giving and charitable contributions are involved. If your organization is not collecting that type of information that would allow it to distinguish foreign officials from regular customers easily, classifying them into risk categories, and educating company personnel on the risks of providing gifts, paying for travel or entertainment of these individuals, either directly or through your retained intermediaries, sooner or later you will find yourself offering “something of value” to gain “an unfair business advantage” – which together form the basis of a bribe payment and a violation of the FCPA.
Companies with well-developed anti-corruption programs, on the other hand, not only have this type of knowledge about their customers but they also anticipate the need to provide a gift, entertainment or contribution and have a control process in place through which they ensure the propriety of the interaction. The process may include submitting a written request, setting forth the details of the proposed business courtesy or contribution, the nature of the relationship with the receiving customer or agency, and the business case supporting the need. This enables a supervisor to evaluate whether the gift is reasonable and appropriate from an anti-corruption compliance perspective, and positions the company to better defend itself if a law enforcement or regulatory agency were to question the transaction later on.
2. Focus on Intermediaries
Another common lack of knowledge relates to third-party business partners and the subset of those that can act as intermediaries for the company and as such give rise to liability under anti-bribery laws. To protect itself from being held liable for violations by a third party, a company must have complete transparency and control over its non-U.S. intermediaries’ practices, including sales and payment practices, record-keeping, and the extent of anti-corruption training of the intermediary’s employees – especially those likely to interact with foreign officials.
Some intermediaries may be designated as “high risk” and held to a heightened standard of care if they meet certain criteria. The criteria used to risk rank intermediaries often includes whether they are operating in a country designated as representing high corruption risk by the Transparency International Corruption Perceptions Index; whether they are paid by a sales commission, contingency fee or success fee; and whether the nature of their business activities puts them in regular interaction with government agencies and state-owned companies. In this last category, sales agents, distributors, freight forwarders, customs brokers, environmental consultants, tax advisers, lawyers, accountants and consultants are most commonly among the types of business intermediaries that represent heightened corruption risk.
It is also important that intermediaries apply the same standard of care with regard to gift-giving as the company. This is especially true for distributors, since companies often have little knowledge about the distributors’ customer base. Distributors should be classifying customers themselves and submitting planned gifts for approval, similar to the company’s own anti-corruption practices.
3. Employment and Internship Candidates
Recent investigations and enforcement actions have brought into focus certain illegal hiring practices and have exposed the fact that many companies do not really know whether a candidate is a family member or close associate of a government official with whom the company does business. While hiring the family member of a government official isn’t necessarily illegal, these are potential high-risk hires, and companies need to be careful to ensure that a new hire or intern does not represent either a conflict of interest or the appearance of quid pro quo.
The problem is that most companies are not collecting the type of information about their potential hires that would enable them to make this risk-based decision. The most important things to know are whether any of the candidate’s family members are foreign officials and whether anyone within the company was asked by a foreign official to assist the candidate in securing employment. The company also needs to determine whether it has had any prior business with the government or state-owned agency to which the prospective hire is connected, to avoid accusations of quid pro quo (hiring a relative of a government official in exchange for a government contract, for example). By understanding upfront the candidate’s political connections, the company can take steps to ensure that the candidate meets all of the company’s hiring criteria, there is no business before the candidate’s family members at the time of his or her candidacy, and no other factors exist that would result in contravention of the law.
At the end, it all comes down to knowing the vital information needed in the appropriate circumstances and asking the necessary questions to obtain that information. While an effective anti-corruption program involves more than learning about your customers, intermediaries and employees, companies that understand the critical significance of the above three areas and are serious about improving the quality of the data they collect and analyze to support their decision-making processes will significantly reduce their risks of violating the Foreign Corrupt Practices Act, the UK Bribery Act or other anti-corruption statutes.