Recalibrating Cross-Border Corruption Risk Controls

In recent years, one of the most notable trends in anti-bribery and corruption efforts has been the significant increase in cross-border cooperation between law enforcement agencies. High-profile global resolutions involving companies like Rolls-Royce, Airbus and Amec Foster Wheeler exemplify this trend, with authorities including the UK Serious Fraud Office, DOJ, the French Parquet National Financier and Brazil’s Federal Prosecution Service and Comptroller General, working together to resolve multinational bribery cases.

The evolving financial crime landscape, combined with a proliferation of extra-territorial laws, has created a complex environment for multinational businesses seeking to manage cross-border risks. 

Speaking the language

First things first, what is corruption? The answer may be surprising: There is no universally accepted definition. While Transparency International defines corruption as the “abuse of entrusted power for private gain,” the United Nations Office on Drugs and Crime (UNODC) points out that the lack of a universal definition of corruption makes it difficult to assess its prevalence and effects across different jurisdictions, hindering efforts to combat it effectively.

This issue is not merely theoretical; it has significant implications for multinational businesses. Varying definitions and standards can create legal, commercial and reputational minefields. Actions considered legal in one jurisdiction may be illegal in another. Moreover, cultural practices and expectations can greatly influence business operations in different countries.

For example, one of the issues as the UK Bribery Act 2010 was going through Parliament was the practice of facilitation payments, or grease payments, and how the act made no distinction between these “off the books” emoluments for routine government business and bribes (subject to such payments being legal under local law, which they rarely if ever are). These payments, some argued, were simply the cost of doing business in certain countries. Although perceptions have shifted since the act’s introduction, understanding local business practices remains crucial.

Businesses must gain a comprehensive understanding of local legal and regulatory environments and familiarize themselves with prevailing cultural expectations.

Fraud

SCOTUS Limits Scope of Federal Anti-Bribery Law

by Womble Bond Dickinson

July 2, 2024

Court says rewards for past official actions don’t constitute gratuities under Section 666

Read moreDetails

Coordinating across jurisdictions

Differing definitions also complicate the implementation of clear and consistent anti-corruption policies, controls and procedures (PCPs) across all regions of a company’s business. The magic is managing those different risks and regimes within a cohesive compliance framework.

This begins with a thorough assessment of the corruption risks faced by the business in each country. An effective risk assessment should consider factors like jurisdictions, sectors, transactions, business opportunities and business partnerships, alongside internal risk factors like staff remuneration, training, financial controls and existing anti-corruption PCPs. These assessments should be dynamic, allowing for adjustments based on the identified risks, with associated PCPs calibrated accordingly.

One of the principal challenges companies face in implementing effective PCPs across borders was identified by the UK Financial Conduct Authority (FCA) back in May 2021 in a “Dear CEO” letter to retail banks. While the letter dealt with deficiencies in banks’ anti-money laundering PCPs, the principles the regulator outlined are relevant to the anti-corruption sphere. One of the FCA’s concerns related to ownership of key controls where UK branches or subsidiaries of overseas firms were run by head office/group functions. While this was permissible in principle, the FCA found that firms were often reliant on ready-made PCPs developed outside the UK and, crucially, calibrated to anti-money laundering (AML) risks identified outside the UK (and corresponding risk appetites).

In these circumstances, the FCA found that senior management of the UK branch or subsidiary were often unable to demonstrate the assurance work undertaken regarding the effectiveness of those PCPs, or evidence an adequate assessment of whether they fit with the UK’s entity’s business model and risk exposure, or UK laws and regulatory requirements. For example, issues were found in business-wide risk assessments, which were completed at group entity level but failed to cover specific risks present in the UK, which required a separate risk assessment. Customer-level risk assessments and due diligence measures were also found wanting, with some processes being too generic and consequently not calibrated appropriately e.g., relationships with politically exposed persons did not evidence source of wealth and source of funds checks. Moreover, management information often failed to identify weaknesses or gaps in PCPs.

While consistent anti-corruption policies across the group are essential, they must also be tailored to account for country-specific risks. This begins with comprehensive risk assessments at both the group and local levels, leading to customized anti-corruption policies that incorporate due diligence, transaction monitoring, financial controls and structured management information channels.

Responding to issues

All these measures contribute to a company’s preventive and detective anti-corruption strategies. But what happens when a potential breach is identified? The importance of having clear procedures for investigating suspected corruption cannot be overstated. Coordination becomes even more critical in cases involving multiple jurisdictions.

An effective investigation methodology typically starts with a triage process to assess the nature and severity of the issue, determining whether it can be managed internally or if external support is necessary. In corruption cases, involving external legal counsel is advisable to ensure favorable outcomes and maximize legal privilege (which could protect investigation materials from disclosure to third parties). This is particularly important given the wide range of privilege laws across jurisdictions.

A clear investigation plan is essential, ensuring that team members are independent of the issue and that there are established reporting lines and governance structures. Cross-border corruption matters require careful coordination, often necessitating a central investigation group with local teams providing support.

Companies should also consider the timing and necessity of reporting issues to law enforcement or regulatory authorities, ensuring that such decisions are made thoughtfully and collaboratively. The successful global settlements referenced earlier underscore that coordinated engagement with authorities, while complex, is achievable with a clear strategy.

Companies should not focus solely on preventive and detective measures at the expense of reactive compliance frameworks. A well-defined methodology for investigating corrupt practices, with global oversight and local team involvement, is crucial for effective compliance.