Liz David-Barrett, the Director of the Oxford Centre for the Study of Corruption and Transparency, contributes the following guest post:
More and more countries are introducing and enforcing anti-bribery laws these days, as governments implement their commitments under the OECD Anti-Bribery Convention and the UN Convention Against Corruption. By making companies liable for prosecution if they pay bribes to foreign public officials, the drafters hope to persuade companies to stop paying bribes and take measures to ensure that no bribes are paid on their behalf. But do they work? What do companies do when faced with a new anti-bribery law?
The United Kingdom since the introduction of the Bribery Act is a good laboratory for researching this question. Passed in 2010, the Act came into effect only in July 2011. But companies had ample time to prepare, given the prolonged hype as the Bill was debated in parliament. Some companies were — and still are — in denial, perhaps because they think they are not at risk, or the chances of being caught are slim. At the other end of the spectrum, some companies concluded that the Bribery Act created such serious legal risks that they opted to withdraw from certain high-risk markets entirely. But the vast majority of companies have responded to the Bribery Act by introducing or reforming their anti-bribery policies — that is, by amping up their corporate compliance programs. So what have we learned so far from research on UK firms’ anti-bribery compliance programs?
Many companies demonstrate compliance by writing a policy, perhaps improving due diligence on third parties and providing training for staff. They introduce Codes of Conduct or review existing Codes. The better ones set up reporting structures that make it harder to conceal corruption and whistleblowing hotlines that facilitate its exposure. All of these measures look worthwhile, but there are reasons to doubt that they lead to significant changes in behavior. Research suggests that many companies adopt off-the-peg policies and codes — perhaps intended to allow “plausible deniability” if bribery does occur — more than to change employee conduct. If individuals on the ground still face pressures to pay bribes, or their pay structures tempt them to pay bribes in order to maximize sales, these policies are unlikely to be very effective. Similarly, whistleblowing hotlines only help to expose corruption if there is a supportive culture in which individuals feel comfortable revealing misconduct and are not deterred from blowing the whistle for fear of repercussions.
Another problem with the standard compliance program is that other parts of the company fail to implement them. Compliance is a relatively new function in many companies, and its recommendation and exhortations are not always welcomed by colleagues. Indeed, a 2010 Ernst and Young survey found that 75% of North American compliance officers said they struggled to demonstrate their value to the organization. I have interviewed many compliance officers who have to invest a lot of energy in building legitimacy with other parts of the company, particularly the sales and marketing teams, who view compliance as an unwelcome hindrance to business as usual.
A deeper level of change can result when companies engage in specific corruption-related risk assessments, and are prepared to take potentially costly decisions as a result. These risk assessments can relate to specific business decisions – for example, whether to enter a market, whether to acquire a company, or whether to bid for a particular project. Or they can be introduced as part of a regular review of ongoing business. If such a risk assessment evaluates a project or partner as high risk, companies need to introduce more steps to satisfy themselves that the risks can be mitigated. For example, they might conduct due diligence to deeper levels, not just on immediate partners, but also on subcontractors reaching further down the supply chain. At any of these stages, further risks might be revealed which could lead companies to evaluate an opportunity as too risky and hence take the decision not to proceed.
My research has uncovered a range of companies which have taken such decisions. For example, one large construction company decided to withdraw from Russia because it was never awarded contracts as the primary contractor. As a subcontractor, in a context where corruption was rife, the company was unable to conduct sufficient due diligence on other supply-chain members and hence assessed the risk of operating as too great.
Withdrawals may be becoming more common, or perhaps companies are more willing to openly state that such moves are caused by corruption risk. This is one of the difficulties of researching a sensitive topic. However, my research suggests that companies are more likely to make such decisions where the contract in question is relatively small. It is still difficult to walk away from attractive deals or fast-growing markets.
Compliance programs are not a waste of time. Even the most flimsy programs raise awareness of corruption risks. But too often these programs lack what the individuals who face corruption pressures on the ground really need. And that is real practical coping mechanisms. Corruption typically reflects a complex web of social and political pressures. Avoiding it cannot be a tick-box exercise.