Implementing an anti-bribery and corruption policy
5 minute read
This is a case study for business owners on how to effectively implement an anti-bribery and corruption policy.
Finlay operates a tech start-up, and is ready to launch an application that may expand into several countries. She spent a lot of time “running the numbers” and has not had time to consider many regulatory risks for the business. In particular, she has not turned her mind to whether planned growth into other countries may increase bribery and corruption risk to her business. She read online that technology companies are currently being targeted by regulators of certain countries who are particularly focused on potential violations of bribery and corruption laws. She read an article about corruption risks for start-ups, particularly when dealing with intermediaries in foreign markets and through various investments methods. Finlay is starting to put in place appropriate compliance policies and controls for the business and she is eager to implement an anti-bribery and corruption (ABC) compliance framework as part of the overall business strategy.
Prevention is the best method to deter bribery and corruption
An ABC compliance framework is the first line of defence for an organisation. Implementation of an ABC policy, regular training, and controls (including systems and processes for monitoring and auditing) are essential in efforts to stamp out bribery and corruption.
What can Finlay’s business do to manage the risks of bribery and corruption?
It should implement an ABC compliance framework, including an ABC policy and fit for purpose controls, to prevent any breach of Australian or foreign anti-bribery laws, and prevent other business and reputational risks.
Step 1: Make a commitment from the top
There must be dedication to preventing bribery and corruption from senior management. Setting the tone for a visible and robust ABC compliance framework will help foster a culture of compliance. Finlay’s eagerness to get on the front foot with implementing an ABC compliance framework in the early stages of her business is a great start.
Step 2: Perform a risk assessment
An organisation must regularly perform risk assessments to identify the bribery and corruption risks associated with its operations and the controls that are needed to effectively prevent and mitigate those risks. It should understand the jurisdictions where it does business and the industries it does business with (directly or through intermediaries), what the regulatory framework is, and what types of red flags may exist in connection with its operations in those places.
Ongoing due diligence checks are required, particularly with regards to business partners, third parties, and consultancy services. This should include an assessment of their track record (e.g. previous allegations of bribery) and the likelihood they are linked to politically exposed persons.
Finlay’s business is only starting out, so in addition to focusing on the markets it is going to be operating in and the type of services it will offer, Finlay may also need to consider:
- How the business will manage its relationships (including implementation of the ABC framework) with third party service providers and particularly any agents or intermediaries engaging on behalf of the business;
- If and how it will interact with any government officials; and
- Whether any of its dealings carry a heightened risk of the potential for requests for improper payments.
As the business grows, the risk assessment should be re-visited as the business model changes, providing a systematic way to assess ABC risks and the appropriateness of the compliance framework.
Step 3: Draft and implement an ABC policy
An ABC policy should address the risks identified in the risk assessment and be proportionate to the operations of the business. It should contain the following essentials:
- Prohibition on bribery and corruption in any form, including the falsification of books and records;
- Acknowledgment of the serious criminal and civil penalties that may be incurred by both the company and its employees;
- The reputational damage that may be done if the organisation is involved in bribery or corruption;
- Explanation of the bribery and corruption risks that the organisation faces;
- Provision for training of managers and employees likely to be exposed to bribery or corruption about how to recognise and deal with it;
- Requirement for third party service providers to acknowledge the ABC compliance framework (i.e. a statement that they will comply with these standards);
- Outline the controls the business has in place to prevent or mitigate bribery and corruption risks (such as identifying when a risk assessment is required, due diligence requirements, mandatory approvals for engagements with government officials and third party agents or consultants, requiring staff to report red flags or potential breaches of the policy, monitoring of compliance with controls and regular audits); and
- Reference to a whistleblowing policy and reminder to staff that whistleblowers are in many cases legally protected from adverse consequences, and failure to protect and support whistleblowers may result in penalties for the business.
Step 4: Provide ongoing communication and training
It is vital that an ABC policy is communicated and understood throughout the business by key stakeholders, including through regular training. Training provides the knowledge and skills needed to implement procedures and deal with any bribery and corruption related questions or issues that may arise. Effective training may take the form of e-learning courses, traditional on-site training, e-mail and intranet communications, and policy signings. All staff should complete ABC training. It may also be appropriate for employees whose responsibilities are inherently high risk (with respect to bribery) to undertake additional tailored training or receive targeted communications.
Step 5: Incentivise ethical behaviour and reporting
It must be clear that compliance with the ABC compliance framework is mandatory for all staff and that no employee will suffer adverse consequences for refusing to pay bribes or for whistleblowing, even where that stops or delays a business transaction. Disciplinary measures should be established for non-compliance. Remuneration frameworks should be structured so that staff will not be incentivised to make unlawful payments to reach performance benchmarks.
Step 6: Conduct regular monitoring and review
Your business should regularly monitor and review the effectiveness of your ABC compliance framework. This is done to assess whether it is adequate and proportionate – that is, whether the compliance framework is fit for purpose and being implemented and operating effectively. A periodic audit will provide a level of assurance about whether the ABC compliance framework is working as intended and help to identify adjustments, as required. A record should be kept of all steps taken towards compliance.
The Bribery Prevention Network acknowledges the pro-bono contribution of Corrs Chambers Westgarth in developing this case study.