Corporate culture. The PricewaterhouseCoopers guide emphasizes the importance of “tone at the top” as the first step to developing a strong program. The CEO, board, and senior executives should provide leadership throughout the development and implementation of the program. “It’s important to communicate to employees that reaching bottom-line objectives is not all that’s important,” says François Valerian, TI’s head of private sector programs.
Documentation. TI’s Business Principles recommends that the anti-corruption program be documented in writing. For a large company with a board of directors, the proposal should be presented to the board and agreed to by resolution. For a small organization, colleagues and partners should document their approval of the goals of an anti-corruption program, and once it is developed, they should formally designate it as policy. Regardless of the company’s size, once the program is developed, written, and approved by senior management, the plan must be promulgated, and its tenets must be implemented and enforced. Actions taken under the plan, such as employee training, should also be documented.
Assessing risks. Experts agree that organizations should complete a thorough risk assessment before trying to develop an anti-corruption program. They can then use the data to develop a program suited to their particular risks. “You don’t want to just put into place some set of policies and procedures that isn’t tailored to your company,” Low says. “Something that doesn’t fit is really worse than having nothing at all, because people are going to ignore it and then you really look venal if you have a problem.”
The risk assessment should consider the corruption level of all the locations worldwide where the company operates, the kind of risks in the business or industry segments in which the company operates, and where the risks are within the organization. TI has created two tools to help corporations with their risk assessments, Valerian says. They are the Bribe Payers Index (BPI), which offers a look at the supply side of corruption, and the Corruption Perception Index (CPI), which examines the demand side.
The BPI, based on a survey of approximately 2,600 executives in 26 countries and territories, ranks countries as well as industry sectors on the likelihood that companies in these groups will pay a bribe. The CPI, a composite index based on 13 different surveys, measures the perceived level of public sector corruption in 180 countries and territories.
Companies should also consider third parties in their risk assessments. Third parties have always been a high-risk area, Low says, but historically organizations have focused on sales and marketing activities. Low says that recent corruption cases show that companies should be considering a wider range of possible third-party risks, including joint ventures or partners, customs brokers, third-party contractors handling immigration services, regulatory authorities, and security authorities.
“Basically a company has to look at who it’s working with, where it conducts its business, and then how it conducts its business,” Low says. “Anywhere [that a company] may be relying on somebody to interact with some aspect of government on their behalf, especially if there are discretionary actions of government that are involved, there are FCPA risks,” she adds.
Another important aspect of a risk assessment is to identify the indicators of fraud in an organization, says Kvamme. “As a result of the risk assessment, you can build a kind of red flag system,’” he says. “You can use this red flag system as a very proactive system...to tell your staff, ‘If you ever see anything like these indicators or red flags, use our proactive reporting system and report.’”
Policies and procedures. The risk assessment should have identified the forms a bribe might take in the environments where the company operates. The anti-corruption program must then describe the corporate policy for dealing with those situations. “Some activities are very clear cut, saying you don’t bribe is pretty clear cut;” Low says. “But when do gifts, when does entertainment, when does hiring somebody, when do charitable activities sort of cross the line?”
Among some issues companies may want to address are facilitation payments, gifts and entertainment, and political and charitable contributions.
Facilitation payments. While the FCPA states that it is bribery for a company to pay a government official to help its business, there is an exception provided in the U.S. law for what is called “facilitation payments.” These are payments that expedite certain routine government actions like small amounts paid to facilitate the connection of telephone service, to obtain a visa, or for police protection. However, France, Germany, the United Kingdom, and most other OECD countries do not allow facilitation payments, and the OECD recently called on countries to eliminate the exception.
There is a trend, Low says, for companies to eliminate or limit the facilitation payments that they allow. “It takes a lot of work to apply the U.S. exception,” she says. “You’ve got to be pretty confident that you’re dealing with routine governmental action, and in some countries, it’s hard to figure out what the nature of the governmental action is.”
Gifts and entertainment. Gift giving is a common and accepted practice in many countries and is often used to build relationships. However, it is a practice that is easily abused, and an organization should place limits on gifts given or received. Companies may want to set a monetary-value limit on gifts or provide employees with an idea of what is acceptable by giving examples of small gifts, such as flowers or chocolates, as well as examples of excessive gifts like jewelry or airline tickets. The frequency with which employees should accept gifts may need to be addressed as well.
Entertainment, such as meals or other hosted events, should not be accepted or given if it is extravagant or on a frequent basis. A normal business lunch at a reasonable restaurant is probably fine, Kvamme says.
Political and charitable contributions. Organizations should set up guidelines for political and charitable contributions. Local law should be consulted at the outset to determine whether there are any restrictions and what these are. TI’s guidelines caution that granting paid leave to an employee to support a political group may be regarded as a political contribution made by the business. The timing of contributions should also be regulated. For example, companies should not make contributions to a political party while negotiating a business deal or any other company matter with authorities tied to that political party.
For charitable donations, TI recommends ensuring that a charity is registered with local or national authorities. Organizations should also identify the officials of the charity to prevent a conflict of interest, and companies should make sure that any donation to a charity with which a customer has a connection is not and does not appear to be a quid pro quo for business. The group also recommends creating an approval process for donations so that there are counterchecks for any payments made.
Companies should never give money to an individual and should maintain a written record of all contributions.