The Potential Pitfalls of Anti-Bribery and Corruption Compliance

Because ABC compliance is driven by enforcement as opposed to regulation, gaps may only become visible when an incident occurs, and by then, it’s too late. If a corporation can prove to the regulator they’ve done everything in their power to prevent corruption, and any bribes were the actions of a rogue individual, then they may be able to avoid hefty fines, or at least reduce the impact.

Knowing What to Look For Can Be the Ultimate Advantage

If you rely on them, you’ll want to start paying closer attention to your third-party suppliers, vendors and business partners. In 2016, a record $2.48 billion in fines were levied against companies who had breached the Foreign & Corrupt Practices Act (FCPA). More than 90 percent of all FCPA cases involve third-party intermediaries, according to a survey by Ernst & Young. The recent introduction of Sapin II in France marks yet another move towards globally enforced anti-corruption regulation, with countries working together to bring prosecutions. Yet many corporations still are not implementing a strong and effective anti-bribery and corruption (ABC) compliance program.

Beyond the obvious fines and penalties, the fallout from bribery investigations and enforcement presents a major risk to a corporation’s brand reputation and bottom line. Yet, because ABC compliance is driven by enforcement as opposed to regulation, gaps may only become visible when an incident occurs, and by then, it’s too late. If a corporation can prove to the regulator they’ve done everything in their power to prevent corruption, and any bribes were the actions of a rogue individual, then they may be able to avoid hefty fines, or at least reduce the impact. On this basis, we think there are three “pitfalls” corporations need to consider when implementing a strong and effective ABC compliance program.

The Risk of Third-Party Corruption

The first pitfall many corporations get hit by stems from not checking the connections of their third-party suppliers. Case in point, three years ago, a company was fined over $700 million for FCPA violations relating to tens of millions of dollars in bribes, in countries around the world, including Indonesia, Saudi Arabia, Egypt and the Bahamas. At the time, Assistant Attorney General Leslie R. Cadwell of the Justice Department’s Crime Division stated, “This case is emblematic of how the Department of Justice will investigate and prosecute FCPA cases – and other corporate crimes. We encourage companies to maintain robust compliance programs, to voluntarily disclose and eradicate misconduct when it is detected, and to cooperate with the government’s investigation. But we will not wait for companies to act responsibly.”

The risk of third-party corruption does not stop at fines from the Department of Justice or United States Securities and Exchange Commission (SEC). A bribery investigation can have wide-reaching impacts on a business as a whole. A company can spend billions of dollars on internal investigations and, for public companies, the FCPA action can cause a shock to the stock price, lowering the company’s value. Once you also take into consideration the cost of damage to brand reputation and negative impact on employee morale, the true cost of a bribery investigation can run into billions of dollars.

To protect against the risk of prosecution, corporations need to conduct adequate due diligence on all third-party relationships. That means understanding who is a Politically Exposed Person, and whether a third-party partner has government connections, is operating in a sanctioned country, or might even have negative reputational issues which appear in media reporting. This makes it possible to identify third-party risks across the organization and prevent any of those relationships from damaging the company.

Spotting State-Owned Companies

The second pitfall that corporations need to be aware of relates to knowing if you are doing business with a state-owned corporation. This is sometimes harder than one might think. Linking an individual to a state-owned company requires you to accurately match the individual’s name with their employer, and identify which companies are owned by the government. The murky world of offshore shell companies makes this difficult, particularly when dealing with countries known for state-sponsored corruption.

By way of illustration, in the travel sector, some airlines screen the names of passengers to ensure that they are not inadvertently giving complimentary upgrades to anyone who could be a foreign public official – not just those who are recognized as having a relationship to a state-owned entity. An upgrade to first class has a monetary value in the thousands of dollars and might be perceived as a bribe under the FCPA, so it is worth the extra safeguard. It isn’t a world of brown envelopes filled with used bills. Corporations need to take extra care when dealing with state-owned companies or corporations with links to government officials.

The Cost of Compliance

The third pitfall facing corporations is the cost of complying with FCPA, UK Bribery Act or other regulations. We recently heard from the compliance director of one large corporation who had been given a budget for implementing an anti-bribery and corruption policy across the entire Asia-Pacific region of $15,000USD. An amount like that would never allow them to mount an effective ABC program. On the other hand, some companies are spending upwards of $15,000 just to carry out due diligence on one supplier. This level of expenditure on one supplier is not cost effective when you may have 20,000 to 50,000 vendors. How do you avoid overpaying and under complying?

Many corporations may be tempted to conduct due diligence and risk mapping in-house, but this can end up being more expensive than hiring an external company to do it for you. In a recent case we helped with, a big-name retailer had some 20,000 third-party vendors and didn’t know where to start conducting their due diligence. Even a quick internet search on each of the third-party vendors could take upwards of 4,000 hours, and even then, would probably not be fully compliant with the U.K. Bribery Act.

Automation of screening and first level due diligence can help speed up this process, reducing the cost of conducting due diligence on a large number of third-party suppliers. Corporations can also carry out ongoing monitoring, and possibly use machine learning algorithms to automatically flag if a third-party supplier is connected to any high-risk individuals or corporations, and then decide on the appropriate action to take. This reduces the cost significantly when compared to in-house or lawyer-led methods while ensuring that the corporation is carrying out an adequate level of due diligence for compliance purposes.

There’s No Silver Bullet

Humans are, by our very nature, fallible. No matter what measures are put in place by a corporation, one rogue employee may decide to circumvent all of the compliance programs; the due diligence, training, communication, management messaging and even simple common sense may not limit them. But by avoiding these three pitfalls, a corporation protects itself from recriminations. For example, when the employee of a major U.S. bank paid a bribe in China, the bank was able to provide evidence of its comprehensive ABC procedures. Ultimately, the FCPA prosecuted the individual who committed the crime, not the bank.

Many corporations are behind the curve on anti-bribery and corruption compliance. For multinational corporations with thousands of third-party relationships, it can be difficult to know where to begin. Having effective ABC compliance processes in place is like having an insurance policy – when bribery or corruption occurs, a corporation can prove to the enforcers that they did everything in their power to prevent it from happening. New technology and methods make this level of fine-grained due diligence and risk mapping of third-party relationships feasible, without increasing the cost to a company’s bottom-line. As anti-corruption legislation grows throughout OECD countries, corporations need to take the necessary steps to protect against these three landmines before it’s too late.