Internal Controls and Anti-Corruption Culture Are Still the Best Deterrents to Bribery

Scott Moritz, Managing Director Protiviti Forensic

In my post yesterday, I suggested penalizing companies that pay bribes where it hurts them the most: in falling stock price and market share — not just civil fines and penalties. But ultimately, it is the internal controls and anti-corruption culture that companies set in place that serve as the most effective deterrent.

While anti-corruption and its correlation with business ethics command a great deal of attention, bribery of foreign public officials and employees of state-owned companies remains an enormous challenge for companies seeking to operate ethically and within the rule of law of each country in which they do business.

In December 2014, the OECD published the Foreign Bribery Report, an analysis of the crime of bribery of foreign public officials. For those unfamiliar with the report, it is a study of 427 prosecutions of bribery offenses that have been brought in countries that are signatories to the OECD Anti-Bribery Convention, enacted in 1999. The report is a very comprehensive analysis of cases involving bribery of foreign officials, and it debunks some widely held beliefs about bribery and corruption. We covered the findings of the report in detail in a blog post back in 2014 – these findings are as relevant as ever, and I highly recommend a read.

Unfortunately, the current state of companies’ abilities to deter, detect, investigate and report fraud and corruption remains discouragingly anemic. Despite the many legal and economic incentives for companies to maintain robust anti-fraud and anti-corruption programs, most companies do not dedicate sufficient resources to adequately manage the risks of their employees and business partners paying bribes to gain unfair business advantages. This was recently confirmed in Protiviti’s 2016 White Collar Crime and Fraud Risk Survey.

For example, despite the fact that the OECD Foreign Bribery Report cited that 75 percent of the foreign bribery cases that they studied involved bribes that were paid by third-party business partners, Protiviti’s survey revealed that only 6 percent of respondents reported a high degree of confidence in their organization’s vendor fraud and corruption risk oversight. More than 35 percent of those surveyed stated that they did not perform any form of due diligence on the third parties acting on their behalf. And an equal number of respondents (35 percent) stated that they were not aware of any efforts to identify foreign government agencies, state-owned companies and public international organizations amongst their customer base.

Our findings also suggested that most companies do not perform sufficient due diligence on the corruption risk and anti-corruption practices of their acquisition targets, which often leads to the unwitting “purchase” of ongoing corruption and bribery schemes that continue, sometimes for many years, after the deal has been closed. Hiring practices is another area that has come into focus due to recent corruption enforcement actions. Here again, our survey revealed that only 34 percent of respondents could say that their organizations attempt to determine whether job candidates are family members or associates of government officials in a position to influence the award of contracts.

In order for anti-corruption efforts to be truly effective and to reduce the human suffering corruption causes, compliance professionals have to do not “just this” or “just that,” but everything: Correct misconceptions about the sources of corruption risk in order to direct resources where they would be most effective; understand where their organizations are most vulnerable in order to apply strong internal controls to these areas; and question the cultural acceptance of kleptocracy and bribery as a way of life. Until there is a highly publicized linkage between the companies that pay bribes, the corrupt regimes that favor bribe payers and the human toll that corruption and kleptocracy take in those countries, anti-corruption efforts will continue to be less than effective.

1 comment

  • Internal controls are important of course, but the problem is is that companies that act consistent with the statutory standard (this is “sufficient to provide reasonable assurances”) are held liable by the SEC in what amounts to a hindsight driven theory of strict liability that is inconsistent with the statutory standard, case law, and indeed the SEC’s own guidance. Indeed, many books and records and internal controls enforcement actions concern just one or a few subsidiary employees engaged in kickbacks, and/or otherwise taking affirmative steps to conceal their conduct from the parent company issuer.

    2016 corporate enforcement actions that fit this mold, just to name a few, include SAP, Nordion, Nu Skin, Johnson Controls.

    Professor Mike Koehler