Requiring business corporations to institute an anticorruption compliance program should be a part of any national strategy to fight corruption. The argument is simple. Corporate employees or their agents are always on the paying side of a bribery offense and often a facilitator of conflict of interest and other forms of corruption. Making it against company policy for employees or agents to participate in any corrupt act with stringent sanctions up to and including termination for a violation will help shut down the supply side of the corruption equation.
Even where a company’s compliance program is a sham, established simply to comply with the law, it can still be help in combating corruption. A sham program would be a violation of law, and were the company investigated, the existence of a sham program would be easy for investigators to spot, easing their task of determining wrongdoing. So there seems to be no reason why lawmakers shouldn’t insist that firms subject to their law, whether state-owned or privately-held, establish a program. And between the many guides published by international organizations (examples here and here), NGOs (here and here), academics, the burgeoning compliance industry, and the issuance of an international standard for such programs, there is no dearth of information on how to create and operate an effective one.
I have argued the case for a compliance requirement in several posts (examples here and here), as have many other GAB contributors (examples here and here). My most recent plea for mandating private sector compliance programs came in this one noting such a requirement in Vietnam’s new anticorruption law. But one thing I have not done is address two obvious questions about compliance programs that Matthew posed in a comment to the Vietnam post: How are compliance requirement laws enforced? How effective are they in practice?
It turns out these obvious, innocent sounding questions (the kind law professors always seem to ask) aren’t all that easy to answer. What I have found so far follows. Readers with more information earnestly requested to supplement it.
United States. Under American federal law, companies awarded a public contract of $5 million or more that will take at least 120 days to perform must establish a compliance program. The law is enforced in two ways. One, the public servant responsible for overseeing the contract must ensure the contractor has a program (Federal Acquisition Regulation 42.302(a)(71)). Two, during an audit, the auditors may examine whether a contractor has a program as they did in this review of a USAID project where they found an NGO hired to monitor the project did not have one.
I have seen no data or reports on how effective contracting officers’ oversight of contractors is in ensuring compliance. Nor have I uncovered any list of audit reports that have examined the compliance program issue. Again, a plea to readers with additional information to share it — either by contributing a comment to this post or by submitting a guest post.
United Kingdom. Section 7 of the 2010 United Kingdom Bribery Act imposes criminal liability on any company that fails to have “in place adequate procedures designed to prevent persons associated with [it]” from paying a bribe. In a 2017 article, Genevieve LeBaron and Andreas Rühmkorf of Sheffield Law School examined its effectiveness. They reviewed the publicly available documents of 25 large British firms — their codes of ethics, terms and conditions imposed on companies in their supply chain, and other documents and reports of their conduct since 2010; they conducted an in-depth analysis of how one company’s conduct had evolved since 2010 as well. Their conclusion: “bribery has become a genuine compliance issue that companies are addressing through due diligence mechanisms.”
Granted that the LeBaron and Rühmkorf research isn’t the kind of rigorous quantitative analysis that would find a home in the American Economic Review and that my findings speak to attempts to enforce the law rather than the law’s effectiveness. But as reviews (here and here) of the research on deterring corporate crime observe, precise measures of the effect of law on corporate behavior remain out-of- reach. Data bases on corporate crime are non-existent; systematic procedures for identifying unreported crime similar to crime victimization surveys are not conducted; identifying the many ways corporate behavior is affected is a conceptual and methodological challenge of the first-order, and even the definition of “corporate crime” is contested. What the LeBaron and Rühmkorf work and my own findings do provide is evidence confirming that most powerful of scientific principles: common sense. That demanding companies act to stop employees and agents from engaging in corruption is a useful weapon in the fight to contain corruption.