Ask the Experts
What is Anti-Bribery And Corruption (ABAC)?
Anti-Bribery and Corruption essentially falls under principles of the Foreign Corrupt Practices Act and related regulations in many other countries. These regulations and laws attempt to take bribery out of the process of selling on an international basis. So they want to take out the, unfortunately, traditional concepts of fairly large bribes being paid to government officials in order to win pretty lucrative government business in many overseas markets.
What steps should companies take to be in compliance with anti-bribery and corruption regulations?
One of the first things that you need to do to think about ABAC compliance, is to really try and think about it in terms of all the ways it touches your business. It's often tempting to say, "Well, we're gonna really tighten up our code of conduct and that'll mean that we're safe," or "We're going to inspect our travel and entertainment transactions much more closely." But the reality is, bribes are like water, they're going to find the path of least resistance and you really need to take a much more holistic approach across the business to building an ethics and compliance structure... as opposed to tackling where you think the next point of vulnerability is.
What are regulators looking for in an anti-bribery and corruption program?
The DOJ guidance really talks about 10 pillars of compliance. Some of them internal, some of them behavioral, some of them procedural. They all begin with having the right tone at the top, the right culture of compliance. If it is generally perceived the compliance is a priority, that it is well resourced, that it is discussed in board meetings as a regular agenda item, then it's going to be taken more seriously at the business. In addition to the tone at the top, we often hear of the mood in the middle. Because executives can set the tone and they can live the tone but unless it's really embraced and becomes important to middle management, the day to day tracking of properly compliant activities is not gonna be attended to.
What are the checks and balances needed for an effective anti-bribery and corruption program?
Certainly things like code of conduct and training really set expectations with associates and employees. Not just to behave ethically as a choice but to be aware of the things where they may not otherwise feel like something is a bribe. An extravagant gift could be viewed as a bribe. You have to make sure people really understand what we mean by a bribe. It's not always a bag of cash. Code of conduct training is critical. It needs to be followed up with routinely. You also need checks and balances around transactions, often referred to as books and records. You need a way of accounting for payments and knowing exactly what they're for...
How do regulators expect companies to control their third-party business partners?
Having a process to truly understand who your third parties are, what services they're supposed to be delivering to you, understand whether the amounts involved are appropriate to those services and the risks associated with those third parties. When third parties are in play, you really need to find a way to control what they are doing in pursuit of your aims. Are they doing it in the right way? But also, is this a legitimate third party for the purpose stated? Is that money really going to where we think it is or is there some risk of it being a disguised transaction?
What is the best approach for managing third party anti-corruption compliance?
There are different degrees of risk involved in different third party relationships and the most important thing you can do is to first really try and segment your third party universe and start looking at those risk factors. What service is this third party providing to me? How much am I ultimately going to be spending with them? What part of the world are they located in? There are certainly jurisdictions with elevated risk of bribery and jurisdictions that are generally considered to be low risk and of course, what is the transaction that we're involved in together? Is it with a government party? Is it with a commercial party? Is it a large transaction or is it just a recurring service that they support?