Ten_Values

C OMPLIANCE Addressing Anti-Bribery and Corruption Compliance Table of Contents Anti-Bribery and Corruption Compliance Burden ......................................................2 Corporate Bounty Hunter Provisions Underline the Need for a Strong Anti-Bribery and Corruption Program ...................................................................2 Meeting Anti-Bribery and Corruption Obligations .....................................................3 The Role of Technology in Managing Anti-Corruption ...............................................4 Accuity Delivers an Anti-Bribery and Corruption Compliance Management Solution ....................................................................................................4 1 Addressing Anti-Bribery and Corruption Compliance ©2012 Accuity, Inc. All rights reserved. Proprietary & Confidential Anti-Bribery and Corruption Compliance Burden Business is global, distributed and dynamic. Firms of all sizes and industries have global client, partner, vendor and supply-chain relationships. The modern firm depends on a complex web of business relationships that make it impossible to define where the firm starts and stops. Adding to this complexity is the dynamic nature of business—it is everchanging, with a revolving door of employees, partners and strategies in an environment where risk, economics and regulations are in a constant state of change. How does a firm validate that it is current with legal, regulatory and other obligations in the face of an ever-changing business environment' The complexity of today’s global, distributed and dynamic business makes regulatory compliance a challenge— particularly for anti-bribery and corruption. The larger the firm, the more complex its interactions with external entities (e.g., government, regulators, contractors, vendors and other third parties), around the world. Firms face increasing exposure to anti-bribery and corruption laws and regulations. Laws such as the Foreign Corrupt Practices Act (FCPA) have been in place in the U.S. for 35 years.1 Despite this length of time, each year shows increasing non-compliance and growing fines, penalties and judgments by the U.S. Department of Justice.2 In 2010, the number of enforcement actions was twice that of any previous year.3 The financial impact is more significant than the fine alone. Investigation and litigation costs can easily equal the cost of the fine itself. The firm must then also bear the weight of interaction with a corporate monitor to validate its compliance program for the next 10 to 20 years and report to the Federal government. Not to mention the reputation and brand impact that bribery and corruption has upon the firm. If the FCPA is not enough, the United Kingdom approved the U.K. Bribery Act (UKBA) legislation in 2010, which went into force in July 2011.4 This anti-corruption law brings broader scope and implications to anti-corruption compliance. The UKBA makes it illegal for a firm operating or listed in the U.K. to make unofficial payments to public officials to secure or expedite performance of routine or necessary business transactions. The scope of the UKBA includes anyone with business operations in the U.K. and covers acts and omissions anywhere in the world. Firms need to be prepared to defend themselves—UKBA has a rebuttable position that an employee is acting on behalf of the firm. The firm must demonstrate it has an appropriate compliance program in place to overcome this burden of proof. http://www.justice.gov/criminal/fraud/fcpa/ FCPA Penalty structure: Violation is $250,000 and/or five years in prison for individuals, $2 million in fines for corporations. Violation of accounting provisions is $500,000 and/or twenty years in prison for individuals, or $5 million for corporations. Willful violation of the books and records and internal control provisions is $25 million for the company, $5 million for an individual and up to 20 years in prison. Both the FCPA and the UKBA are country-specific initiatives in support of the Organization for Economic Cooperation and Development’s (OECD) anti-corruption initiatives in 34 democratic countries around the world.5 The OECD published its Good Practice Guidance on Internal Controls, Ethics, and Compliance to combat corruption around the world.6 Other countries are ramping up their anti-bribery and corruption laws, which will further impact global business. Corporate Bounty-Hunter Provisions Underline the Need for a Strong Anti-Bribery and Corruption Program This is the era of the corporate bounty hunter. Government is increasingly turning to insiders (e.g., employees), incenting them to report wrongdoing and non-compliance. In the U.S. the Securities and Exchange Commission (SEC) and Department of Justice (DOJ) have extended their compliance monitoring into a firm’s activities by enlisting the eyes, ears and voice of the firm’s employees. The framework for this is established in the Dodd-Frank Act whistleblower provisions, which entice employees to report violations, such as bribery and corruption, to the government. The scope includes areas of fraud, antitrust, insider trading, corruption and bribery. Corporate whistleblowers that provide information which leads to a successful SEC enforcement receive 10 percent to 30 percent of the monetary sanctions over $1 million. In an era of increased scrutiny and judgments for anti-corruption, this is a significant concern that keeps executives, the board, legal and compliance professionals up at night. Firms cannot afford ad hoc approaches to anti-bribery and corruption. In the era of the corporate bounty hunter, established processes must be in place to prevent corruption from happening. And when it does happen, the ability to demonstrate established compliance and monitoring processes can significantly reduce the penalties imposed upon the firm. 1 3 2 4 5 6 http://www.justice.gov/criminal/fraud/fcpa/cases/2011.html www.opsi.gov.uk/acts/acts2010/ukpga_20100023_en_1 http://www.oecd.org/department/0,3355,en_2649_34855_1_1_1_1_1,00.html http://www.oecd.org/dataoecd/5/51/44884389.pdf Addressing Anti-Bribery and Corruption Compliance ©2012 Accuity, Inc. All rights reserved. Proprietary & Confidential 2 Meeting Anti-Bribery and Corruption Obligations With increased exposure to anti-corruption laws and investigations, how does a firm respond to its compliance obligations' The best offense in anti-bribery and corruption is an active defense. Firms must be prepared to show they have a strong compliance program in place to mitigate or avoid exposure to penalties. In today’s complex business environment, if incidents do occur—the firm defends itself by demonstrating it has implemented appropriate compliance measures. Preventive measures must work alongside detective measures to monitor for corruption, and the firm must respond quickly and efficiently. This includes reporting and cooperating with authorities in investigations. While there are different laws around the world aimed at anti-bribery and corruption, the framework and requirements of these laws are based on common capabilities at the backbone of any good compliance program. From a U.S. perspective, the approach is to show that the firm has met the elements of an effective compliance program as established by the United States Sentencing Commission Organizational Guidelines.7 The U.S. guidelines complement and coordinate well with the U.K.’s guidance requiring a company to demonstrate adequate procedures to prevent bribery. It is a full defense in the U.K. Bribery Act when a firm proves that despite a particular incident of bribery it nevertheless has proper compliance practices in place to prevent it. Both U.S. and U.K. guidance aligns with and supports OECD Good Practice on Internal Controls, Ethics, and Compliance.8 • Know Who You Do Business With: It is critical to establish a risk-monitoring framework that catalogs third-party relationships, markets and geographies. Due diligence efforts must make sure the firm contracts with ethical entities. If there is a high degree of corruption risk in a relationship, preventive and detective controls must be established. This means knowing your vendors, partners, suppliers and even your own employees, with proper background checks to understand if they are susceptible to corruption and unethical conduct. • Keep Information Current: Due diligence and risk assessment efforts must be kept current. These are not point-in-time efforts that happen once; they need to be done on a regular basis or when the business becomes aware of conditions that point to increased risk of corruption. • Established Policies and Procedures: Firms must have documented and up-to-date policies and procedures that address corruption. The code of conduct must filter down to address anti-corruption, gifts, hospitality, entertainment and expenses, customer travel, political contributions, charitable donations and sponsorships, facilitation payments and solicitation and extortion. Requirements and processes must be clearly documented and adhered to. • Effective Training and Communication: Written policies are not enough—individuals need to know what is expected of them. Firms must implement anti-corruption training programs to educate at-risk employees and business partners. This includes getting acknowledgements from employees and business partners to affirm their understanding, and attestation of their commitment to behave according to established policies and procedures. • Manage Business Change: The firm must monitor the business environment for changes that introduce greater risk of corruption. The firm must document changes required to business practices as a result of observations and investigations, and address deficiencies through a careful program of change management. This requires that business change be monitored by compliance processes to actively prevent and detect corruption. Firms need to have the following compliance capabilities in place: • 7 8 3 Understand Your Risk: A firm must have a risk-based approach to managing anti-corruption. This includes periodic assessment (e.g., annual) of exposure to bribery, corruption and unethical conduct. The risk-assessment process should also be dynamic—conducted when there is significant business change that could lead to exposure (e.g., mergers and acquisitions, new strategies and new markets). Risk assessments should cover exposure to corruption in specific markets, business relationships and geographies. http://www.ussc.gov/Guidelines/Organizational_Guidelines/guidelines_chapter_8.htm http://www.oecd.org/dataoecd/5/51/44884389.pdf Addressing Anti-Bribery and Corruption Compliance ©2012 Accuity, Inc. All rights reserved. Proprietary & Confidential The Role of Technology in Managing Anti-Corruption Compliance must be an active part of culture and processes to prevent and detect corruption, bribery and fraud. Anti-bribery and corruption processes must be monitored, maintained and nurtured. The challenge is establishing corruption prevention and detection activities that move the firm from an ad hoc reactive mode to one that actively manages, monitors, detects and prevents corruption risk. This requires the firm to implement technology to manage anti-bribery and corruption compliance. Technology facilitates a firm’s ability to manage and monitor anti-corruption compliance by enabling and automating activities, information, processes and reporting. The use of technology for compliance delivers processes that are: • Efficient: Compliance technology lowers cost, reduces redundancy and improves human capital efficiencies by delivering accountability and reporting that is burdensome in manual and document centric approaches. • Effective: Compliance technology delivers consistent and accurate information about the state of anti-bribery and corruption initiatives, to assess exposure. Information is more accurate, current and readily available. • Accuity Delivers an Anti-Bribery and Corruption Compliance Management Solution There are two primary models to manage compliance with anti-corruption obligations. One approach is build-your-own, ad hoc and ultimately labor-intensive and produces significant manual processes and piles of documents. A more economical approach focuses on software designed to manage these complex and diverse needs. Accuity, part of BankersAccuity, offers ComplianceMAX™ and the Anti-Bribery and Corruption Solution, a flexible compliance management platform. The Solution eases the compliance burden by delivering operational effectiveness, human and financial efficiency and agility to compliance processes. The solution enables a firm to manage anti-bribery and corruption programs including monitoring and enforcing policy through workflow management; screening and tracking of high-risk entities and relationships; reporting and communicating compliance issues; and ensuring a state of readiness for inspections and audits. Agile: Compliance technology improves decision-making and business performance through increased insight and business intelligence so the business can achieve objectives while avoiding loss. Only with For more information, please visit www.AccuitySolutions.com/AntiBriberyandCorruption Addressing Anti-Bribery and Corruption Compliance ©2012 Accuity, Inc. All rights reserved. Proprietary & Confidential 4 www.AccuitySolutions.com/AntiBriberyandCorruption Chicago · Dubai · London · New York · San Diego · Shanghai · Singapore · Sydney · Turin © 2012 Accuity, Inc. All rights reserved. All other company and product names, trademarks and registered trademarks used here are the property of their respective owners. 04.13.12