Not many people realize that the US has elected one
president who served as a prisoner of war. That man was Andrew Jackson, who was
captured by the British during the Revolutionary War. Now, can you name the
American President who killed another man in a duel? If you guessed Andrew
Jackson you are right and if you knew that today is the anniversary you receive
extra credit and can proceed directly to Final Jeopardy.
I thought about the somewhat surprising history on Jackson
when I read the recently released the "2013 Anti-Bribery and Corruption
Benchmarking Report-A joint effort between Kroll and Compliance Week" (the
"Survey"). Much like Jackson himself, the Survey had some interesting and
somewhat disturbing findings as well regarding companies and their third
parties. The findings were troubling because I think that most compliance
practitioners recognize that their highest compliance risks under the Foreign
Corrupt Practices Act (FPCA) and UK Bribery Act revolve around third parties.
Some of the highlights of the survey are as follows.
While 43% of respondents said their bribery and
corruption risks have increased in the last two years, another 39% said those
compliance risks have remained mostly the same and, finally, 7.7% reported that
they believe their compliance risks have actually fallen. Regarding future
corruption risks, the respondents were split with half saying they expect
compliance risks to rise in the next 12 months, and half do not. The single
most common reason given for increasing compliance risks was expansion into new
markets, followed by more vigorous enforcement of current anti-bribery laws.
The Survey reported the "good news is that 57% of respondents say they conduct
an enterprise-wide assessment of bribery and corruption risk annually. The bad
news: the other 43% conduct such an assessment less than once a year, and 16.9%
say they've never conducted a corruption risk assessment at all. A solid
majority of companies also say they have some sort of documented approach to
managing bribery and corruption risks; 37.7 say they have a "well-defined,
documented process dedicated solely to global bribery risks," and another 42.7%
say they treat corruption risks as part of a larger documented process to
address all compliance risks."
The Survey indicated that most companies have a good
understanding of the need to, and performance of due diligence on third parties
or acquisition targets. It found that 87% perform at least some sort of due
diligence on third parties, and the criteria that help a compliance department
decide how much diligence to perform generally seem risk-based. The top
criteria were, in order, the nature of the work a third party would provide;
the amount of contact the third party has with foreign officials; and where the
third party is domiciled. A variety of tools were used to perform due
diligence. These tools included: certifications from the third party that it
has no corruption problems; reviews by your company's legal or finance team;
and data collected by your local business-unit leaders. Reference checks,
on-site interviews, and research from professional investigators were some of
the less-used techniques.
The Survey found that many companies are still struggling
with ongoing anti-corruption monitoring and training for their third parties.
Regarding training, 47% of the respondents said that they conduct no
anti-corruption training with their third parties at all. The efforts companies
do take to educate and monitor third parties are somewhat pro forma. More than
70% require certification from their third parties that they have completed
anti-corruption training; 43% require in-person training and another 40%
require online training. Large companies require training considerably more
often than smaller ones, although when looking at all the common training
methods, fully 100% of respondents say their company uses at least one method,
if not more.
An astonishing 47% of all respondents said they conduct
no anti-corruption training with their third parties at all. The numbers are
even higher for companies based outside of North America (51%) and those with
less than $1 billion in annual revenue (55%). Violet Ho, senior managing
director for Kroll's practice in greater China, was quoted as saying, "A lot of
companies have very good intentions of doing a thorough job looking at their
third parties," Ho says. "But ultimately when you are a very large organization
with more than 10,000 vendors, it's not financially viable. You do not really
have the time or resources to look deep into each and every one of them."
Another factor that Ho noted was significant is that companies often do not
even know how many third parties they use, which makes training all of them
impossible. Moreover, corporations typically have much less bargaining power
with third parties, especially when they are located in far-flung
jurisdictions. The result: if a company is using only one vendor to source an
item and asks that vendor to promise to follow some anti-corruption code of
conduct, the vendor feels emboldened to refuse.
Lastly, Ho stated "Trying to reach all third parties with
a generic, headquarters-issued policy is a waste of time and money. Such
policies tempt employees and third parties to find loopholes, and they ignore
important regional differences. On-the-ground workers, are focused on revenue
and profit, not compliance. Those goals aren't mutually exclusive, but they do
require coordination for a policy's effective implementation-which adds all the
more pressure on compliance officers to articulate why strong anti-corruption
programs are good for business." Clearly this Survey shows the challenges
around third parties.
For all a company's efforts at risk assessment, due
diligence, and monitoring third parties, the ultimate question for a compliance
officer is simply does my system work? Questions about effectiveness,
therefore, get to that core issue of whether all the compliance activities
outlined above actually make the business less vulnerable to corruption risk.
The Survey found that the responses in their anti-corruption procedures
depended on how close to home the tasks actually are. 73% rated their training
of domestic employees as "effective" or "very effective." That figure dropped
to 63.8% for foreign employees, and only 30% for third parties.
Melvin Glapion, Kroll managing director in EMEA, said
that this phenomenon was the "downward and outward" problem. He explained that
this meant that companies tend to overestimate how seriously messages sent from
corporate headquarters are received elsewhere. Cultural differences abound, and
many employees don't see how anti-bribery policies apply to them in their daily
jobs. Worse, the person doing compliance checks is often less senior than the
executives he or she is monitoring.
Companies with less than $1 billion in revenue were
actually more confident in their procedures' effectiveness than larger
businesses, the survey showed. Glapion was quoted as saying "that may be
because smaller organizations have less bureaucracy and fewer third parties, or
they may feel that they are not necessarily in the firing line."
The Survey appears to indicate that companies still have
a long way to go in certain areas, particularly third parties. The Survey
provides the compliance practitioner with a good benchmark to look at the
overall company program.
Visit the FCPA Compliance and Ethics Blog,
hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and
other forms of risk management for a worldwide energy practice, tax issues
faced by multi-national US companies, insurance coverage issues and protection
of trade secrets.
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other
professional advice or services. This publication is not a substitute for such
legal advice or services, nor should it be used as a basis for any decision or
action that may affect your business. Before making any decision or taking any
action that may affect your business, you should consult a qualified legal
advisor. The author, his affiliates, and related entities shall not be
responsible for any loss sustained by any person or entity that relies on this
publication. The Author gives his permission to link, post, distribute, or
reference this article for any lawful purpose, provided attribution is made to
the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2013
For more information about LexisNexis
products and solutions connect with us through our corporate site.