Bribery and corruption remain significant fraud risks for businesses across the world. Therefore, regulators are trying to issue comprehensive compliance guidelines backed by stringent enforcement actions to help organisations reduce instances of bribery and corruption.
Per TRACE (an anti-bribery standard setting organisation), India has been ranked 82 out of 194 countries in the year 2021 in the TRACE Bribery Risk Matrix, a global list that measures business bribery risk. 1 In addition, per the Transparency International Corruption Perception Index, India ranked 85 out of 180 countries in a global list. 2 This points towards the need for organisations to relook at their Anti-bribery and Anti-corruption (ABAC) compliance programme.
The global corruption cost assessed at US$1 trillion 3 in 2014-15 has increased to US$3.6 trillion 4 in 2018-19 and may even be higher in 2022. ABAC compliance should no longer remain to be a tick-in-the-box function. It needs to be comprehensive, practical, and effective in curbing bribery and corruption. Lack of an anti-corruption programme can be viewed as a violation of the applicable legislation(s), such as the Prevention of Corruption Act, Foreign Corrupt Practices Act, UK Bribery Act.
The role of a compliance officer has evolved significantly, with incidents of non-compliance in the recent past that have led to high fines and penalties by regulators, action on the Key Management Personnels (KMPs), and reputational impact on organisations. They now have the responsibility of adequately scrutinising the compliance framework, overseeing the integrity of financial information and risk management practices, including the company’s vigil mechanism.
Compliance officers need to act with the highest standards of vigilance and prudence in implementing an adequate and effective compliance programme, failing which, they may be perceived as failing in their fiduciary responsibilities. This, coupled with the recent enforcement trends (which show that corporate enforcement levels picked up between April and June 2022 and the DOJ and SEC each initiated5 two FCPA-related enforcement actions6) emphasises the need to have an adequate and effective ABAC compliance programme.
Organisations cannot have a one-size-fits-all approach on ABAC compliance programme, which may not reflect the risks they face at the ground level. Below are some questions that compliance officers may ask themselves while designing the ABAC compliance programme:
Consideration of each company’s unique circumstances
- Was your compliance programme built after considering the risks associated with the complexity of your industry, relevant market, applicable regulations, maturity level of financial controls, etc.?
- Have you factored in the level of corruption risk in your geography while designing the compliance programme?
- Have you considered the factors for operational integration of the compliance programme?
Sufficiency of necessary manpower and resources
- Considering your responsibilities and expectations, do you have enough resources to implement and monitor the effectiveness of the compliance programme in this dynamic environment?
- Do you have an appropriate and tailored training and awareness programme for the audience within (and third parties of) the organisation?
Periodic/regular risk assessment
- How often do you perform risk assessment from the ABAC perspective for relevant functions/departments and third parties within the organisation?
- Do you have a process to capture the learnings from previously carried out risk assessments?
- How often do you perform regular risk assessment for third parties after they have been onboarded to identify any potential issues?
Sufficient direct or indirect access to data for the compliance resources
- Do you have a centralised mechanism to pull out data across geographies or businesses to perform focussed compliance analytics?
- Do you analyse the data manually or is there a platform to do it on a continuous basis?
- How frequently would you be able to access the data and perform the required analytics/reviews as a surprise audit?
Integration of the acquired entity into existing compliance structures
- Do you conduct a post-acquisition due diligence?
- Do you have a process to integrate your compliance framework with that of the acquired entity?
A few organisations believe that if they fly below the radar and keep their policies and procedures up to date (tick-in-the-box approach), there would be no regulatory scrutiny and subsequently, no penal actions.
This may have worked in the past, but with the recent upward trend in ABAC cases, combined with the changing regulatory landscape, governance standards, stakeholder expectations, and public sentiments around bribery and corruption, organisations and compliance officers need to relook at their compliance framework and establish a robust ABAC programme.
Courtesy- https://timesofindia.indiatimes.com/blogs/voices/managing-bribery-and-corruption-risks-are-you-geared-up/