Compliance Strategies

Archived Posts from this Category

April 28, 2010

How to Maintain Strong Compliance in a Weak Economy

Posted by wrageblog under Compliance Strategies, FCPA
Leave a Comment 

Lowering costs without lowering standards.

Most compliance officers already know what their senior management should: US and international enforcement of anti-bribery laws is not slowing down just because the economy has. In fact, US enforcement of the Foreign Corrupt Practices Act is at an all-time high, with more than 120 open files. Germany, which saw its first significant anti- bribery prosecution just last year, now has 60 investigations underway in addition to the recently concluded MAN AG investigation. The United Kingdom completed its first prosecution for corporate bribery earlier this year and other countries are joining the club at a brisk pace.

With enforcement up and budgets down, in-house counsel and compliance officers need to find creative, cost-effective ways to update their policies to address the specific risks facing their companies, to establish and disseminate a persuasive corporate message, to train the right people with the right level of detail, and to test their processes to ensure compliance and remediate where needed.

In times of shrinking budgets, making the business case for anti-bribery compliance becomes more important

There has been a lot of fairly worrying, if muted, debate recently about whether compliance is a luxury — whether compliance budgets should be cut disproportionately to other budgets until “the economy recovers.” Too little attention is paid to the business case for anti-bribery compliance. In addition to the risk associated with this criminal activity, there are sound business reasons for avoiding bribery as a sales strategy in foreign markets.

Problems associated with bribery are expensive. Fines have crept up into the hundreds of millions of dollars and companies face the possibility of debarment at home, overseas and by international organizations. Even before a fine is assessed, the cost of an investigation into an inappropriate payment can easily run into hundreds of thousands of dollars. Business is disrupted, management is distracted, potential partners are made nervous, top employees may look elsewhere and consumers may be offended, leading to erosion of market share.

Anti-Bribery Basics on a Budget: management message

Once the problem is framed as a business problem (as well as a legal and reputational one), the solution should also follow sound business principles: how can we have the greatest impact at the lowest cost to the company? A vast industry has developed around anti-bribery compliance and some of the expense of a strong program is unavoidable, but a few very effective steps can be taken with relatively little expense.

 Everyone agrees that a clear message from senior management is critical to the successful rollout and maintenance of a good anti-bribery compliance program. A powerful and cost-effective way to demonstrate this management support is with a company-wide email from the CEO. The message can stress the company’s commitment to transparent business practices and it can direct people to the company’s policy, emphasizing that violations won’t be tolerated. Employees can be advised in clear and direct language that they are expected to walk away from business rather than make inappropriate payments. By itself, this message will do very little, but as a first step or a “refresher” message, it can have considerable impact at almost no cost.

Anti-Bribery Basics on a Budget: coherent overall policy and roll-out

Both time and money can be wasted by approaching compliance in a scattered, ad hoc manner. Companies should plan carefully in order to avoid losing resources from false starts, inattention to conflicting legal requirements across different markets, poor translations, and similar problems.

From the outset, compliance policies and supporting documentation should be accessible electronically and widely available; a link can be embedded in the email message from senior management. Programs that are available electronically are less expensive, more environmentally friendly and easier to update than hard copies, which have to be printed, shipped, stored and for which the whole process starts over again whenever there is an updated version.

The policy also should be linguistically accessible. It should include straightforward, laypersons’ language. Take the time to “field test” it with a handful of sophisticated, but non-legal employees. While a review of anti-bribery policies by outside counsel usually makes sense, having counsel draft the policy from start to finish usually doesn’t. It is doubly expensive to pay for lawyers to draft legally dense language and then to have to dedicate the time and expertise to answering the many questions from confused employees that the “legalese” is likely to generate.

In-person training has an important role in any robust anti-bribery training program, but it can be slow and expensive to reach all employees, in all locations. A combination of on-line training and webcasts can be very cost-effective. Webcasts, in particular, provide employees with an opportunity to pose questions, which can, in turn, educate the trainers on the specific challenges that employees face.

Most enforcement actions involving bribery involve a commercial intermediary: an agent, consultant, or other “middleman” of some kind. Due diligence is an unavoidable expense, but promoting buy-in amongst commercial intermediaries can make the process much more efficient. Taking the time to explain to intermediaries that they are not being targeted and their integrity is not being impugned can save a lot of time in the long run. Hearing that this is the company’s standard procedure in all markets can do a great deal to reduce resistance. Extending on-line training to commercial intermediaries can also help them to understand the benefits of compliance and the risks of non-compliance.

All companies struggle with the issue of hospitality and travel and what constitutes “reasonable” levels of each. Some companies establish elaborate country-by-country standards while others try to impose a single financial standard worldwide, across vastly different economic situations. One no-cost resource provides guidance for almost all cities and has the additional benefit of being produced and maintained by the US government. The US Department of State maintains per diem thresholds for almost all cities, broken down by meals, accommodation and incidentals. While the motivation of providing something of value to a foreign government official must be considered, the amounts can be reasonably tied to those that the US government has deemed reasonable for its own employees.

Facilitating payments – the “grease” or expediting payments made to get something to which the payer is otherwise entitled — are expensive, risky, a rich source of books and records violations and a violation of local law in the markets in which they’re made. Increasingly, these are falling out of favor with enforcement agencies. Prohibiting these can save companies money while lowering risk – very cost-effective indeed.

Finally, when employees do violate corporate policy, it can send a powerful message to publicize the circumstances within the company. Details of the offense, sanitized of identifying information, can be posted, together with the sanction, whether loss of bonus, demotion or termination. Employees will take anti-bribery compliance seriously if they believe that management takes it seriously.

These are just a handful of the basics that a good program should address. None is particularly onerous or expensive, but, taken together, these steps would put a company’s program near the head of the pack in a field where, surprisingly, many companies continue to do too little for fear of the cost. The long list of recent enforcement actions highlights the folly of this false economy.

This article was first published by Alexandra Wrage in Corporate Compliance Insights: 2010‐03‐16

 

March 4, 2010

OECD Issues Good Practice Guidance

Posted by wrageblog under Compliance Strategies, OECD | Tags: , , |
Leave a Comment 

TRACE welcomes the practical guidance provided by the OECD in its March 3rd release of a “Good Practice Guidance on Internal Controls, Ethics, and Compliance,” which now forms Annex II to the Working Group on Bribery’s Recommendation of the Council for Further Combating Bribery of Foreign Public Officials in International Business Transactions initially issued on November 29, 2009.  The Good Practice Guidance was negotiated and agreed by the 38 member states comprising the Working Group and, as such, represents the first real attempt to conform anti-bribery compliance expectations across borders.  Going forward, the Working Group’s monitoring mechanism will include monitoring countries’ progress in encouraging their respective private sectors to implement the document’s principles.

As emphasized in the OECD press release, the Good Practice Guidance calls on companies and organizations to: (i) adopt a clear and visible anti-bribery policy that is strongly supported by senior management; (ii) instill a sense of responsibility for compliance with the policy at all levels of the company, as well as independent compliance structures; (iii) keep up regular communication and training on foreign bribery for all employees, as well as with business partners; and (iv) encourage observance of anti-bribery compliance measures, and disciplinary procedures to address their violations.  The document also recommends that companies implement compliance procedures specifically addressing due diligence on business partners, gifts, hospitality and travel, political contributions, charitable donations and sponsorships, facilitation payments, and solicitation and extortion.

The Good Practice Guidance also contains a section on “Actions by Business Organisations and Professional Associations.”  The section discusses the important role business organizations and professional associations can play in supporting companies’ efforts to develop and implement effective compliance programs by (i) disseminating information on foreign bribery issues, including regarding relevant developments in international and regional forums, and access to relevant databases; (ii) making training, prevention, due diligence, and other compliance tools available; (iii) providing general advice on carrying out due diligence; and (iv) providing general advice and support on resisting extortion and solicitation.  TRACE is proud to be an active member of the community of organizations supporting businesses in these crucial areas.

 

January 11, 2010

Tailoring Compliance for SMEs

Posted by wrageblog under Compliance Strategies, FCPA, SMEs, TRACE, What Works?
Leave a Comment 

In addition to large multinationals, TRACE works with over 1000 small and medium-sized enterprises. Anne Richardson discusses some of the challenges in tailoring an anti-bribery compliance program for these smaller entities.

“While large, multinational companies tend to dominate anti-bribery enforcement headlines, sole proprietors and small and medium-sized enterprises (“SMEs”) are no less subject to the FCPA or other anti-bribery laws. As anti-bribery compliance programs gain standing in the U.S. and abroad, SMEs – whether business partners to multinational companies or contractors with international organizations and financial institutions – will increasingly be expected to measure up. The majority of publicly-available guidance on designing and implementing an anti-bribery compliance program focuses on the needs and challenges of the large multinational. Most publicly-disclosed anti-bribery policies – often a source of inspiration and imitation for companies new to compliance – are published by multinationals, most of which are issuers. While the main elements of a strong policy and program are the same for all companies, regardless of size, SMEs require distinct content to match their organizational structure and risk profile. Below are several areas where anti-bribery policies and programs may require different approaches for SMEs:

• Communication is a core element of a compliance program and TRACE advocates using technology to help spread the message: CEOs can send strongly-worded emails to all personnel or companies can create a compliance “space” on the company intranet easily accessible to employees. Many SMEs, particularly those located in emerging markets, do not have a company email system or intranet available to all employees. In these cases, the anti-bribery policy can be posted at the facility or distributed in hard copies to all personnel.

• In designing a compliance program, emphasis is given to assignments of responsibility within the organization and ensuring that “responsible persons” have sufficient authority and independence (particularly, independence from sales and marketing). In smaller companies, however, where individuals wear multiple hats and there is little clear segregation between functions, it may not be feasible to designate a point of contact or responsible person independent from sales and marketing. This is unavoidable in such situations and these companies should endeavor to assign compliance responsibilities to the most appropriate individual(s) with authority to administer the policy and related procedures. The responsible persons will have to remain mindful of the potential conflict in this dual role.

• A system of internal controls is another core element of a compliance program, but one where a SME will vary significantly from a multinational. While companies of all sizes can commit themselves to maintaining accurate books and records, implementing and conducting regular assessments of an internal controls system will often take a very different form in a multinational than a SME. The checks and balances a company implements for its recordkeeping and accounting practices is intimately tied to the company’s size, organization and reporting structure. Likewise, the scope and manner of internal controls “audits” will look different for SMEs and may include greater reliance on external reviews by accountants or auditors. Periodic assessments of the compliance program overall may also involve an independent, external body in the case of SMEs, especially those without independent boards or audit committees charged with such reviews and assessments.”

 

November 4, 2009

Commercial (Private) Bribery in the Spotlight

Posted by wrageblog under Compliance Strategies, Gift Hospitality & Travel, TRACE
1 Comment 

Carolyn Lindsey with TRACE has been leading a benchmarking project on commercial (private) bribery and provides this update:

“Anti-bribery compliance programs, including gifts and hospitality policies, have typically focused on conduct when interacting with government officials. However, recently companies are becoming increasingly aware of the risks associated with bribing private sector customers. Indeed, several recent enforcement actions in the United States have included charges of commercial (private) bribery and a number of countries and international conventions criminalize this conduct.

To determine how companies are handling this issue, TRACE recently conducted a benchmarking survey. Out of a total of 78 respondents, the majority, 90.2 percent, indicated that their anti-bribery compliance policies cover bribery of both private sector and public sector customers. However, companies take varying approaches to providing gifts and hospitality to private sector customers. 52.8 percent of respondents indicated that they have the same gifts and hospitality policy for both the private sector, while 47.2 percent responded that their policies have different standards for private sector customers.

Gifts and hospitality has always been a gray area of anti-bribery compliance and, based on the results of the recent TRACE survey, this is especially true when it comes to dealing with private sector customers. The survey results, and anecdotal information that TRACE has received from companies, led us to wonder what best practices should be when it comes to providing gifts, hospitality and entertainment to private sector customers. To answer this question, TRACE launched a follow-up working group to create guidelines in this area, specifically posing the question whether a company’s gifts and entertainment policy needs to be as restrictive for private sector customers as it does for public sector customers.

Those involved in the working group expressed a strong preference for creating a standard, uniform gifts and hospitality policy for all customers and vendors, regardless of whether they have any ties to the government. This was driven in part by the difficulty in determining who actually is a government official in some countries and the ease of administering a single, uniform policy. The proposed TRACE guidelines for providing gifts and hospitality to private sector customers are as follows:

• Companies should consider enacting the same gifts and hospitality policy for both private sector customers and government customers.
• Companies should consider implementing similar approval processes and/or reporting for all gifts and hospitality requests. Approval processes will vary depending on the size and structure of the company and can include dollar thresholds.
• All gifts and hospitality must be reasonable and customary.
• All hospitality and travel must be provided in connection with a bona fide and legitimate business purpose.
• Companies should comply with local laws and regulations when providing gifts and hospitality to private sector customers.

So, does this mean that the days of client entertainment purely for relationship building are coming to an end? Certainly, few companies would allow their employees to take a procurement official out for a game of golf simply to create goodwill. A number of companies have said that regardless of their official policies, their corporate practice of giving gifts and providing hospitality to private sector customers has changed over the past five years to become more restrictive.

TRACE welcomes thoughts from the compliance community as to what best practices in this area should be. Should companies have a single standard for both the private and public sectors, or can companies engage in a different type of relationship building with their private sector customers?”

 

October 5, 2009

TRACE Benchmarking Survey: Facilitation Payments

Posted by wrageblog under Compliance Strategies, FCPA, Facilitating Payments, OECD, TRACE, enforcement | Tags: , , |
Leave a Comment 

In the recent TRACE benchmarking survey on facilitating payments, more than 45 percent of respondents said that if such payments were prohibited everywhere, their jobs would be easier, and another 48 percent said such a prohibition would not affect their jobs at all. Fewer than 7 percent of those responding said their jobs would be more difficult if facilitation payments were banned. Our finding that 93 percent of respondents’ jobs would be easier or unaffected if facilitation payments were banned confirms the growing recognition worldwide that what grease payments tend to facilitate is more demands and, in many cases, they make doing business even more difficult.

Seventy-six percent of respondents stated that they believe it is possible to do business successfully without making facilitation payments if there is sufficient management support and careful planning.  Buttressing this, 71% believe the employees of their company either never, or only rarely, make facilitation payments, regardless of whether facilitation payments are permitted under their corporate policies.  When respondents were asked to gauge the level of risk facilitation payments pose to a company with respect to books and records violations or violations of other internal accounting controls, 58% assess such risk level as medium to high.   Asked to assess how likely their company is to face a governmental investigation or prosecution related to facilitation payments, just over half believe they are moderately or highly likely to face such an investigation in the country where they are headquartered, and 40% believe they are likely to be investigated or prosecuted in the country where the payment is made. 

To see the full report, please visit the TRACE website.

 

September 10, 2009

How to Kill a Code of Conduct

Posted by wrageblog under Compliance Strategies, Training | Tags: |
Leave a Comment 

A Code of Conduct that is done well sets forth your company’s values and priorities in a way that makes employees and stakeholders understand the type of behavior that won’t be tolerated and the consequences for violations.

Here’s how to produce a worthless Code, together with a few suggestions about how to get it right.

COMMUNICATION

Silence: Many employees won’t have the time or the interest to read the Code of Conduct. This disinclination can be exacerbated by keeping the rollout quiet. Even those who want to read it won’t look for it if they don’t know it exists.

Fanfare is the cure. A new Code should be rolled out with some fanfare: Its importance is reinforced on the company intranet and in printed materials, and it is incorporated into and referred to often in subsequent training programs.

PLACEMENT

Hard to Find: Post the Code of Conduct on a bulletin board in a back hall. Store the other copies in a drawer somewhere. Let someone who wants to read it badly enough track down the person whose job it was to file it away. A Code of Conduct that is not readily accessible to all employees—when they need to refer to it—is virtually useless and poses no threat to the current corporate culture. Employees faced with questionable situations won’t seek guidance from a Code of Conduct that they have to request from another office… often in a different time zone. Burying the Code of Conduct on the company website three levels down with obscure links helps too. Busy employees in
the business development office are unlikely to take 15 or 20 minutes out of their day to dig through the company website looking for a Code of Conduct that they think they recall hearing about during annual training a few months back.

The cure is access. Make the Code easy to access by providing printed copies for employees and placing a link to it on the intranet.

STYLE

Legalese: First, make sure the Code is only available in English. Second—and this is the most important part—make sure it’s in the kind of English that only a lawyer would understand. If your Code of Conduct does not exist in Chinese or in Russian, your employees in those countries will behave as though it doesn’t exist at all. They will have gotten the message: the local workforce was not worth the expense of translation. Regardless of your efforts to provide translations of the Code, using dense and overly legalistic terminology is guaranteed to confuse and exhaust your employees.

The cure is to speak plainly. Ideally, the Code will be written in a style appropriate for a general audience and it will be translated into all applicable local languages.

GUIDELINES

Vague Directions: Keep the Code vague. Lay on the grand statements of good intent, and then pair them up with dark hints of consequences. A Code of Conduct that is too detailed or overly legalistic will confuse your employees, but too little guidance also presents problems. If your Code consists of one page full of grand aspirations it will be of little help to the employees who should depend on it. Principles of honesty, integrity and sound business ethics are laudable, but they are subjective. For the earnest employees trying to get things right, such language is not very helpful. For more devious employees, intent on inappropriate activities, such exhortations can be ignored or manipulated easily.

Clarity it the cure. An ideal Code will not only inspire people to uphold high standards, but also provide clear guidelines on what to do, what not to do when and where to seek guidance. No Code will ever answer all questions. Codes of Conduct should provide contact information for resources that can answer employee questions about gray areas. The Code should be the beginning, not the end, of ethics and compliance discussions.

IMPLEMENTATION

Bottoms Up: If everyone at the top ignores the Code, you can be sure everyone below them will too. If senior management never mentions the Code, everyone else will conclude that it isn’t worth mentioning.

The cure is a top-down approach. An effective Code sets the company’s ethics and compliance tone and includes strong buy-in from senior management. If you expect your employees to comply with a Code of Conduct, let them hear from the top why the Code is important to your company and what it should mean to them.

ENFORCEMENT

Hollow Threats: You may think it’s enough just to omit mention of enforcement altogether, but you can do better: make some vague references to dire consequences, and then do absolutely nothing when employees are called out.

The cure is consequences. In order to be effective, a Code of Conduct needs to set forth how it will be enforced, and then the company needs to follow through and enforce it. Employees notice when nothing happens to those who commit violations, even when consequences have been clearly specified. They’ll assume the Code is for show, and they’ll be right.

RELEVANCE

Static: You’ve drafted your Code of Conduct, translated it, launched it, distributed it, publicized it, endorsed it, explained it and enforced it … Time to move on to other projects.

Sure. But don’t miss one final chance to sabotage the whole enterprise.
Resolve to do nothing further, and permit the Code to drift out of date and into irrelevance.

The cure is to ensure the code evolves over time. Codes of Conduct should continue to evolve as your company does. New languages should be rolled out as you enter new markets. New marketing strategies may require extension of the Code to commercial third parties. New risks may arise and new regulations may apply. An effective Code is an evolving document that expands to meet the current compliance environment.

So there you have it: recommendations that will kill your Code of Conduct (and a few steps that might save it).

This article was originally published by Alexandra Wrage in Ethisphere magazine in December 2008.

 

June 15, 2009

Cost-Effective Anti-Bribery Compliance Strategies: Training Tip #2

Posted by wrageblog under Compliance Strategies, Training | Tags: , , |
Leave a Comment 

Those conducting anti-bribery training often worry that they aren’t speaking to their audiences’ real concerns. They fear that employees will sit politely through two or three hours of training annually, convinced that the person presenting doesn’t really understand the local challenges and so can’t propose solutions. There are simple steps that can be taken to increase interaction with participants.

Because of the sensitive nature of anti-bribery training, many employees are reluctant to ask their questions in front of their colleagues. Most employees we’ve asked say they would prefer to pose their questions anonymously. It can be effective to offer two chances to ask questions. First, pass around cards and ask everyone to write one question that they hope the training will answer. At an appropriate break about half-way through the training, ask them to write a question based on what they’ve heard so far. The first round should be mandatory. Prior to the second round it can be helpful to give examples of the sorts of questions that usually come up: specific hospitality scenarios, like how to respond to the arrival of an uninvited spouse, or how the company expects employees to respond to requests for favors for customers, like contributions to favorite charities. By making the examples very practical, presenters can encourage employees to ask about the specific dilemmas they face. If the presenter is unfamiliar with the market, a call should be scheduled with management in advance to discuss recent trends or idiosyncrasies.

Although we hear a lot about regional differences and cultural sensitivities, the fundamentals of anti-bribery compliance don’t vary much. On the other hand, the details do. To the extent that a presentation incorporates rich local detail, it will resonate with its audience and elicit the sort of follow-up questions that can be enlightening for presenter and audience alike.

 

May 19, 2009

Cost-Effective Anti-Bribery Compliance Strategies: Training Tip #1

Posted by wrageblog under Compliance Strategies, Training | Tags: , , |
Leave a Comment 

A comprehensive approach to training far-flung employees can be daunting in terms of both time and expense. And yet, reaching these employees with a strong message and giving them a chance to ask questions relevant to their markets is critically important to a robust anti-bribery program. On-line training can be an important part of a training program, but on-line training alone cannot replace the opportunity to ask sensitive questions of compliance personnel. In-person training is ideal, but when companies have facilities in dozens of countries, it can be difficult – and prohibitively expensive – to reach everyone.

We have seen a third option used with great success. Companies can have an in-house training session filmed and, when shown, followed by a live Q&A session. The program to be filmed should be designed carefully, with opening messages from senior management and presentations from legal, compliance and audit. Any Q&A should be heavily edited. The production values should be high.

When this in-house video is shown at other offices, it should be followed by a moderated teleconference with responsible compliance staff. Whoever hosts the event is responsible for (1) explaining the purpose of the training; (2) moderating questions from the audience for the compliance officer or counsel on the phone; and (3) tracking attendance.

Planned carefully, this can be a very robust and inexpensive way to reach a large number of employees with a clear, tailored and forceful compliance message.

 

May 16, 2009

Cost-Effective Compliance Strategies: Rolling-out Responsibility

Posted by wrageblog under Compliance Strategies | Tags: , |
Leave a Comment 

Assuming your company is sending the right message from the top, the next challenge is ensuring ownership beyond headquarters. How can anti-bribery compliance be made relevant to managers in the field? We have two suggestions.

One compelling and cost-effective way to roll out responsibility for compliance is to require annual certifications from managers that they are not aware of, or do not have reasonable suspicion of, any inappropriate payments made by employees or commercial intermediaries in furtherance of bids or contracts for which they’re responsible. (They should also have the opportunity to indicate and expand if they do have knowledge or suspicion of inappropriate payments.) Most companies require annual training or other certifications of their employees, so an additional certification should not be unduly burdensome. The very act of signing their name to such a certification, on the other hand, can be quite powerful. We have been told that it makes managers pause and ask questions, when they otherwise might not have. Certifications won’t prevent employees determined to break the law, but they will emphasize the importance of anti-bribery compliance for those who are uninformed or who have been indifferent.

More persuasive than just a signature, however, is having real skin in the game. Companies that have added compliance to the categories on employee performance reviews report, not surprisingly, an immediate increase in interest in the issue. Training and reporting requirements are more readily observed. Interaction with the compliance department increases. When a company announces that anti-bribery compliance—or apathy—will have a financial impact on employees, it sends a potent message about the company’s priorities and determination.

 

May 14, 2009

Defining “Tone at the Top”

Posted by wrageblog under Compliance Strategies | Tags: , , |
Leave a Comment 

We’ll post the second in our cost-effective compliance series tomorrow, –addressing how anti-bribery compliance can be made relevant to managers in the field. But first, I wanted to post the best description of “tone at the top” that I’ve heard to date.

Earlier today, I moderated a panel in Virginia that included Howard Sklar, Vice President of Compliance & Ethics at American Express. The panel was asked to discuss ethical leadership and “tone at the top”. Howard opened with this definition:

“Tone at the top is a visible willingness by senior management to let values drive decisions, to prioritize those values above other factors—including financial results—and to expect all others in the organization to do the same.”

Visibility. Values. Priorities. Expectations. It’s all there.

 

Next Page »