How to Make your Anti-Bribery Program Work

Image: vladans

Designing a state-of-the-art anti-bribery and anti-corruption program and impressing on everybody in the company to comply with it doesn’t mean the program works.

To ensure your business is meeting authorities’ expectations, you must test whether the efforts you have in place are effective, said Matt Queler, a principal in Deloitte’s financial advisory services and a former assistant chief in the US Department of Justice’s Foreign Corrupt Practices Act unit.

Take hotlines, for example, Queler said. Multinational companies set them up for employees to report problems, but that doesn’t ensure they’re effective. A company that tests how well its hotline works might be concerned and could take remedial steps if it had 20,000 employees in a particular location and none of them ever called the hotline.

Third-party due-diligence assessments are another example, he said. To ensure contractors, suppliers, and vendors that pose a corruption potential are flagged, multinationals should review whether the people doing the due diligence are effectively assessing third-party bribery and corruption risks.

“The companies that are testing the effectiveness of their program … are better able to detect and prevent future misconduct,” Queler said. “They’re better able … to deter people from ever engaging in the conduct in the first place.”

Improving the effectiveness of your anti-bribery effort

Do you understand the bribery and corruption risks specific to your industry, geography, business structure, business partners, and level of government oversight?

And have you installed clear policies, procedures, and financial controls tailored to those risks?

Then consider these four insights suggested by Queler and the Ethisphere Institute, a US research organization focused on corporate compliance and ethics, to improve the effectiveness of your efforts in preventing corruption and bribery:

Beware the tone in the middle

It’s not enough for senior managers to create a culture that doesn’t allow bribery and corruption. Middle managers must be held accountable for fully implementing compliance efforts because most compliance risks arise at this level.

Ensure the compliance function has independent authority 

Assign responsibility for anti-corruption compliance to senior-level representatives who have independence, authority, and adequate resources.

Customize training in high-risk markets

Regular training for all employees isn’t enough. Provide specialized training for employees in high-risk markets or business units and require that high-risk business partners also receive training.

Test for effectiveness

Due-diligence reports and other data generated by monitoring a compliance program can be used to assess, for example, whether employees call a hotline to report problems or whether third parties made the right hiring choices.

Data analytics allow companies to dig even deeper and identify problems that might otherwise have been missed, such as potentially fraudulent sales practices.

Many forward-thinking companies are using advanced data analytics to make sure their compliance systems are working.

For example, Queler said, companies can monitor hotline reports from all over the world to determine the promptness of responses and whether people are comfortable calling the hotline and unafraid of retaliation.

A company that reviewed and approved 200 third parties can monitor the performance of those third parties and use data to assess whether the right decisions were made on whether to hire the third parties.

Banks and financial institutions are using analytics to identify potentially fraudulent practices within their sales teams, such as rewards for opening accounts that may be abused by taking advantage of unwitting customers.

The largest companies that face the most substantial risks need to understand where their biggest areas of risk are, Queler said. Most of the largest multinational companies have a plan for testing certain aspects of their program every year.

“They may not test everything every year, but they’re going to test certain aspects,” he said. “And it’s going to be in a risk-based, thoughtful way, and they’re going to [test] their highest-risk areas most often, and they’re going to [test] their lesser-risk areas less often.”

It’s impossible to prescribe exactly the right testing and monitoring regimen, he said, because every company is different and faces its own unique risks. But finding the right way to test and monitor risks is critical.

“There is no one right answer, except to say that depending on your risk and your resources, having some testing and some monitoring is considered very, very important to an effective compliance program,” Queler said.


About the author

Sabine Vollmer is an FM magazine senior editor.


Copyright © FM Financial Management. All rights reserved

This article first appeared in FM Financial Management, which is published by the Association of International Certified Professional Accountants. The AICPA combines the strengths of the American Institute of CPAs (AICPA) and the Chartered Institute of Management Accountants (CIMA).


Suggested Articles

Some of you might have already been aware of the news that Questex—with the aim to focus on event business—will shut down permanently all media brands in Asia…

Some advice for transitioning into an advisory role

Global risks are intensifying but the collective will to tackle them appears to be lacking. Check out this report for areas of concern