Corruption, perhaps more than anything, risks irreparably damaging a hard-earned reputation. While reputation risk due to corruption goes along with other risks (especially ESG risks), reputation damage typically arises when a company pretends to have proper anti-corruption measures in place and then gets caught in a corruption scandal it is ill-equipped to deal with.
The emergence of anti-corruption compliance
Citizens in countries across the globe continue to see business executives and politicians as corrupt. Corruption shakes the foundations of civil society, weakens trust in public institutions and destroys faith in democratic leadership.
Though corruption has been decried throughout history and across cultures, like other crimes, it has grown increasingly sophisticated over the last several decades with devastating effects on the well-being and dignity of countless innocent people.
Corruption and bribery, price-fixing, systemic financial manipulation, toxic spills and corporate misconduct have tragic and far-reaching consequences for individual victims and society at large.
Fines for corporate misconduct have reached astronomic levels which were unthinkable a handful of years ago. Individual managers and directors are now also being held accountable.
Boards of international companies and those looking to expand their global footprint face constantly shifting politics, economic, tax, regulatory and legal risks. They are being challenged to evaluate these risks in the context of ongoing operations and expansion. They are often faced with the additional challenge of needing to deal in real-time with the actions of foreign governments and their regulators who may be influenced by unethical motives, politics, culture, and value systems embedded in foreign markets but unknown to corporate headquarters. These require a proper set of policies, protocols and other mechanisms to identify and cope with these threats.
Is your board structured to accommodate the constant demands of your geographic presence, use the tools at its disposal and demonstrate vigilance leading to reliable oversight?
How does your board make informed decisions and assess the financial impact of these risks?
Who does your board rely on and how does it obtain truthful, independent, knowledgeable feedback through formal or informal channels when it cannot be onsite?
The most challenging aspect of anti-corruption compliance is ensuring that it is integrated into company operations and the overall business strategy. In the same way that security regulations are only effective if they are accepted, understood and implemented by all, anti-corruption procedures require employees to accept and appreciate their effectiveness in order to ensure appropriate implementation.
Although talented people with the best intentions design anti-corruption compliance procedures, they are up against audacious individuals who can be very creative at bypassing company rules. It is therefore necessary to question our way of addressing the issue on a regular basis. Compliance must evolve constantly to adapt to the ever-changing methods used by criminals.
Combating corruption and fraud is an endless battle and in order to keep up with global fraud trends, fraud deterrence must show determination and perseverance.
Governance Response to Rumors of Bribery
Corporate board members devote significant time to financial oversight and strategy, while often neglecting steps needed to protect and promote its most important intangible asset – its culture and reputation. The negative effects of rumors of bribery and corruption can often be as problematic as clear accusations or even convictions.
Corporate boards should assess the actual and potential impact that allegations of corruption and other unethical conduct may have on the share price of their company including their company’s market capitalization. There are plenty of recent examples to show that simple allegations of corruption, even when occurring a decade in the past, can cause share price to plummet by more than fifty per cent.
Corporate directors and officers have three general legal duties; the duty to act carefully, the duty to act loyally, and the duty to act lawfully. The duty of care of corporate directors and officers is a special case of the duty of care imposed throughout the law under the general heading of negligence. Laws build on moral, policy, and experiential propositions. The law of negligence is no exception. Its moral proposition is that if a person assumes a role whose performance involves risk that affect others, this person is under a moral duty to perform that role carefully. Therefore, corporate directors and officers are under an obligation to take steps to affirmatively reduce risks, and an omission may be wrongful.
On this foundation of moral blame, the law of negligence has established a structure of legal blame or liability. The structure of legal blame under the law of negligence generally parallels the structure of moral blame. Government officials are engaged in governing by definition and their decisions will often have adverse effects on others. When government officials are threatened with personal liability for acts taken pursuant to their official duties, they may well be induced to act with an excess of caution or otherwise to skew their decisions in ways that result in less than full fidelity to the objective and independent criteria that ought to guide their conduct (i.e. veer towards corruption).
There are plenty of case studies that evaluate the impact that the loss of trust from key stakeholders resulting from public rumors and allegations can have. These stakeholders may be the general public and institutional investors but they may also include existing and potential clients. Institutional investors are especially increasingly sensitive to compliance related violations (or rumors thereof) by companies within their portfolio. As an example, the world’s largest pension fund (Norwegian Government Pension Fund) excluded the telecommunications company ZTE from funding due to alleged corrupt behavior.
International authorities are beginning to establish a track record of corporate convictions and multi-million-dollar penalties. Recent and ongoing criminal prosecutions of individuals have also put executives on notice that they too will face the harsh consequences of violating anti-corruption laws including the U.S. Foreign Corrupt Practices Act (FCPA) or the Canadian Corruption of Foreign Public Officials Act (CFPOA). Under Canada’s Integrity Regime (a government policy intended to ensure the government only contracts with clean companies), companies that do business with government also face suspension or debarment when charged or convicted under the CFPOA or similar foreign anti-corruption laws.
Internationally, cases have shown that enforcement agencies are going to continue to scrutinize anti-bribery and anti-corruption (ABC) compliance programs and will likely bring charges when violations are the result of willful or reckless conduct. In particular, enforcement agencies may bring charges when there is a failure to adequately ensure the existence of an effective ABC compliance program resulting in the failure to prevent violations of the law.
Therefore, board members and executives must protect their organizations and themselves, by effectively implementing a robust ABC compliance program, as well as maintaining effective detection and investigation procedures including continuous improvement of the effectiveness of any existing ABC compliance program.
Compliance vs Ethics
While “Compliance” involves following the laws and rules that apply to your organization, “Ethics” goes beyond what the law requires. It involves doing the right thing and following both the spirit and not just the letter of the law. Some view good corporate ethics as the social license to operate.
Rules matter, but culture and ethics matter more. Organizations may have written, accessible policies, processes and tools, all of which their employees are trained on. However, if the organization has a poor culture, none of its controls, policies or procedures will matter. Instead, in organizations with poor cultures, employees tend to act in ways that harm the organization’s reputation, increase the risk of compliance failures and act in ways that can lead to illegal and/or fraudulent conduct. What’s written on a piece of paper is only of value if the people required to abide by it believe in it, implement it and enforce it.
The Integrity Challenges
Organizations cannot control the integrity of individuals, but they can certainly influence it.
An organization’s culture influences the integrity of those employees that are either on the fence or would rationalize wrongdoing when the culture promotes willful blindness, permits ignorance of policies and controls, or encourages the avoidance of those controls through unreasonable business goals and rewarding success by any means.
No controls, compliance program, or business culture can eliminate or totally prevent people without integrity from doing wrong, but the absence of those factors greatly increases the capacity of wrongdoers to operate with impunity, while the strong presence of those factors greatly increases the likelihood of preventing and detecting wrongdoing, as well as providing a foundation to mitigate its impacts and consequences on the organization. People often adopt the mindset of the masses and tend to fall in-line.
Non-compliance seriously increases risk and liability, depreciates M&A and joint venture value, potentially damages the brand, undermines and reduces trust and confidence, increases the potential for prosecution, and threatens sustainability.
In addition to an organization’s culture, business and thought leaders must also consider what role greed, selfishness, blind ambition, reckless need for recognition or even performance anxiety can play in the non-compliance rationalization process.
These leaders must be pro-active and continuously diligent in their efforts to mitigate individual and organizational risks.
Establishing a Corporate Compliance Program is no longer “Nice to Have”, but rather an absolute “Must Have”
Over the last few years, we have observed a strong increase of international collaboration in enforcement by various authorities. Not only does this help bring international corruption cases to conclusion more quickly but it also gives a clear message to potential perpetrators: the chances of getting caught are increasing.
With all the public discussion around corruption scandals and the massive impact that sanctions such as debarment, monitorship, and huge monetary penalties, executives that continue to ignore corruption run the risk of not only exposing their organizations failure to implement effective anti-corruption compliance programs, but are also acting with gross negligence and gambling with the future of their company and its employees.
The dramatic reputational and financial impact of non-compliance and unethical management practices as presented in the press and social media in connection with SNC Lavalin, Bombardier, Volkswagen, Valeant, Petrobras and others have contributed to the investment community taking increased interest in long term sustainability of companies within their portfolios and how ethics and compliance are embedded in a company’s corporate culture. Institutional investors are increasingly demanding evidence of effective compliance programs before making significant investments in portfolio corporations.
There clearly is a new recognition that establishing a corporate compliance program is no longer “nice to have”, but rather an absolute “must have” for all corporations. As more and more stakeholders are demanding robust compliance programs, those companies that embrace ethics and compliance will emerge with a competitive advantage.
The C-suite executives need to provide the appropriate tone from the top and ensure that ethical behavior will be considered as part of the performance evaluation process of middle and senior managers. Equally there should be zero tolerance for violations, even if it may affect top executives and other “high achievers”.
A key element of the foundation for a successful compliance program will always have to be a thorough compliance risk assessment, taking into consideration the companies’ geographical footprint, industry sector, government interactions, past identified fraudulent activities and other policy violations, third party relationships and overall business models, to name just a few of the input factors that should be considered for an in-depth compliance risk assessment.
Only if compliance risks are clearly identified will the Chief Compliance Officer or equivalent be able to design effective risk mitigation measures, helping to prevent corrupt activities. Such risk assessment should be repeated regularly, in order to account for changes in the respective market environment as well as other changes to related risk parameters.
Prevention of corrupt activities largely depends on targeted risk mitigation measures and starts with ensuring sufficient awareness across all company stakeholders. The more people know about the factors that contribute to corruption, the harder will it be for corrupt individuals to continue their unethical practices.
Training Executives on Anti-Corruption Laws – Best Practices
Good strategists manage uncertainty by playing the probabilities, but too many executives use wishful thinking when it comes to anti-corruption compliance. Playing the probabilities means understanding the odds of success. Just 1 in 12 companies manages to mitigate reputational risk exposure resulting from non-compliance and which in turn results in a high level of reputational risk exposure.
Non-compliance seriously increases risk and liability, depreciates M&A and joint venture value, potentially damages the brand, undermines and reduces trust and confidence, increases the potential for investigation and prosecution, and threatens sustainability. Executives must be pro-active and continuously diligent in their efforts to mitigate individual and organizational risks.
Corporate boards are due for a rude awakening – compliance expectations and competing stakeholders are demanding increased and more effective oversight. Directors, therefore, need to learn how to carry out these important functions.
When training executives on anti-corruption laws we need to make them realize that Boards and senior executives need to do substantially more than a once-a-year “flyover” of their anti-corruption compliance programs if they expect the regulators to conclude that their program meets the government’s definition of “effective.”
Boards need to be well-versed in all elements of the anti-corruption compliance program, regularly interact with compliance and legal personnel, and receive timely briefings on the program and the personnel responsible for its stewardship and operationalization. Directors and senior executives must understand that any compliance failures are something that they may have to answer to.
The existence of adequate policies and procedures does not provide a full defence against bribery charges but can be a useful tool for negotiating with authorities or avoiding proceedings against corporate entities. Further, because liability can also be founded on ‘wilful blindness’, the existence of anti-corruption policies and procedures can be helpful in rebutting any inference that a company or its executives ignored bribery. Bad acts can happen even if a company has attempted to prevent corruption, but its goodwill will be advantageous in curbing underserved penalties.
There is still a place for tone at the top, but it needs to be broadened to conduct at the top. The board and senior leadership must set the right tone in their communications across the company and outwardly. But tone needs to be paired with persistent actions on the part of the board and senior leadership signaling that ethics and compliance are a top priority and that the company is committed to doing business the right way and is prepared to back up its words with actions, including walking away from business and relationships that are not in alignment with the company’s organizational ethos. That is how tone at the top becomes conduct at the top.
When training Boards and senior executives on anti-corruption laws, we also need to make them realize that they cannot control the integrity of individuals, but they can certainly influence it. An organization’s culture influences the integrity of those employees that are either on the fence or would rationalize wrongdoing when the culture promotes willful blindness, permits ignorance of policies and controls, or encourages the avoidance of those controls through unreasonable business goals and rewarding success by any means.
Finally, Boards and senior executives need to be aware that no controls, compliance program, or business culture can eliminate or totally prevent people without integrity from doing wrong, but the absence of those factors greatly increases the capacity of wrongdoers to operate with impunity, while the strong presence of those factors greatly increases the likelihood of preventing and detecting wrongdoing, as well as providing a foundation to mitigate its impacts and consequences on the organization.
How to establish a robust ethics and compliance program
Global Compact Network Canada has published “Designing an Anti-Corruption Compliance Program – A Guide for Canadian Businesses” which suggests that in order to have an effective compliance program some very important questions need to be addressed and documented:
- Does the CEO have the requisite skills and experience to move the organization forward?
- Does the CEO possess the character and moral fibre to model and contribute to the development of a values-centered enterprise and strategy
- Does the CEO have the chemistry and communication skills necessary to rally others to successfully and consistently deliver on the organization’s value proposition to all stakeholders?
- Does the organization support the ethical culture and anti-corruption compliance program through training and communication, which includes allowing employees to raise ethics and corruption compliance issues without fear of retaliation?
- What is the process for assessing ethics and corruption compliance risks within the organization?
- Have they updated their policies, procedures and internal controls to address emerging risks (e.g., cyber risk, anti-corruption)?
- Does the current ethics and anti-corruption compliance program cover the organization’s global operations, including management, employees, shareholders, customers, subcontractors, business partners and vendors?
- Does the organization have an ethics and compliance officer?
- Does a reporting and monitoring process keep the board of directors informed of key ethics and corruption compliance issues, as well as the actions taken to address them?
- Are ethics and corruption compliance issue a regular item on the board agenda?
Here are some practical suggestions that may be useful to Board members and senior executives:
- Sustained leadership on transparency and integrity is vital.
- Strong anti-corruption measures and repeated staff training is crucial.
- The compliance office must be answering directly to the CEO and report to the Board.
- When allegations occur, move quickly with a forensic audit and external investigation, and if criminal issues are uncovered turn them over to the appropriate authorities.
- Ensure that the staff remuneration is not an incentive to sell contracts at all cost.
- Make it clear in documentation that this is a “clean” company that does not bribe – this has been demonstrated to be a deterrent for bribe asking.
- Include in the external audit a review of the compliance on anti-corruption measures.
- Ensure full transparency in contract management.
- Publish who the real beneficial owners of their company and subsidiaries are.
- Beware of transfer pricing and tax evasion since it creates impoverishment in countries where the company is working; especially in the natural resources sector and in poorer countries.