Tag Archives: certification

Corruption Is Not (Mainly) an Assurance Problem

Posted on by
4

The study of corruption these days is often heavily empirical, involving the close analysis of case studies or quantitative data. But sometimes it’s helpful to take a step back and think about the nature of the corruption phenomenon in more abstract, theoretical terms—not because this sort of abstract thinking translates neatly and directly into specific policy recommendations (it usually doesn’t), but rather because it helps us organize the otherwise overwhelming mass of particular information in a way that facilitates thinking, in broad strategic terms, about the kind of problem we’re dealing with and what kinds of interventions might be most promising.

It’s in that spirit that a range of contributions have suggested that our conventional ways of thinking about and responding to corruption are flawed, or at least incomplete, because they fail to recognize the extent to which the problem of corruption is a manifestation of the bad equilibrium in what game theorists would call an “assurance game.” The basic idea behind an assurance game is often traced back to Rousseau’s parable of the “Stag Hunt,” in which two hunters are chasing a stag when a hare runs by; if both hunters continue to pursue the stag, they’ll catch it and both will be better off (half a stag is better than a whole hare), but if one hunter chases after the hare, that hunter will get something while the other ends up with nothing. The key feature of this game is that it captures a setting where there are two stable outcomes (“equilibria”)—either both hunters hunt the stag or both chase the hare—and one of those (the stag) is clearly better for both of them. If both hunters go after the stag, and expect the other to do so as well, neither has an incentive to get distracted chasing the hare. But if both hunters expect the other to go after the hare, then both hunters will go after the hare themselves, because hunting the stage alone (in this parable) guarantees one will go hungry, while chasing the hare at least yields something. In that sense, the assurance game differs from the more famous “Prisoners’ Dilemma” game (and from other so-called “free rider” problems), because in the latter class of games each player has an incentive to take the “anti-social” action regardless of what everyone else is expected to do, even though everyone would be better off if they all cooperated.

What does this all have to do with corruption? Well, a number of scholars have advanced quite explicit arguments that the corruption is basically the equivalent of the hare-chasing equilibrium in the Stag Hunt: Everyone does it because everyone expects everyone else to do it, but if everyone could be assured that everyone else would act honestly, nobody would have an incentive to behave corruptly. The earliest scholarly paper of which I’m aware that argued that corruption is more like an assurance game than a prisoners’ dilemma is Professor Philip Nichols’ 2004 article, but the idea has been developed further by other scholars. For example, Professors Persson, Rothstein, and Teorell interpret the results of interviews in Kenya and Uganda as suggesting that corruption in those societies is more like an assurance game than a principal-agent problem, and in a 2019 follow-up paper these scholars argue more generally that systematic corruption “resemble[s] an assurance game…. Within this collective-action framework, unlike the single-equilibrium ‘prisoners dilemma,’ … what action is taken by any individual depends on expectations regarding how others will act.” And Professor Avinash Dixit, though more agnostic as to whether systemic corruption more closely resembles a prisoners’ dilemma or an assurance game, suggests that the latter is an important possibility. And for these and like-minded scholars, seeing corruption in these terms has important implications for how we might fight it. Professors Nichols and Dixit, for example, each independently argue for (somewhat different forms of) certification systems, which, in the assurance game context, can induce a shift from the “bad” (corrupt) equilibrium to the “good” (honest) equilibrium even without material sanctions. Professors Persson, Rothstein, and Teorell are somewhat less specific in the policy proposals that flow from seeing corruption as primarily an assurance problem, but they argue that understanding the problem in this way implies that “rather than ‘fixing the incentives,’ the important thing will be to change actors’ believes about what ‘all’ other actors are likely to do,” and that this in turn requires “a more revolutionary type of change,” though they acknowledge that we still don’t have a clear sense of what can induce successful “equilibrium shifts” of this type.

I want to push back (gently but firmly) against the notion that it’s helpful to think of corruption as (primarily) an assurance problem. But before I pursue my critique of this idea, let me start out by acknowledging that the scholars who have framed corruption as an assurance problem are almost certainly correct in highlighting that corruption is one of those social phenomena for which pervasiveness correlates with attractiveness. In other words, the more people who (are expected to) engage in corruption, the more people who (have an incentive to) engage in corruption. That insight is hardly unique to corruption, but it is certainly important in the corruption context, and may have a range of significant implications for anticorruption policy. My beef with the “corruption is an assurance problem” is not with that key insight, but with what seems to me to be a substantial exaggeration of the importance of that factor relative to other factors. Continue reading

Guest Post: The Draft ISO 37001 Anti-Bribery Standard’s Promise and Limitations

Posted on by
6

William Marquardt and David Holley, respectively Director and Managing Director at the Berkeley Research Group, LLC (a private management consulting firm) contribute the following guest post, which is written in their personal capacity and does not necessarily reflect the opinions, position, or policy of the Berkeley Research Group or its other employees and affiliates:

This past April, the International Organization for Standardization (ISO) released its draft standard on anti-bribery management systems (ISO 37001). The standard is tentatively scheduled to be finalized later this year. In substantive content, the draft ISO standard is similar to the FCPA Resource Guide provided by the U.S. Department of Justice and Securities and Exchange Commission, in that it provides a list of elements that an effective anti-bribery/corruption (“ABC”) program should contain. In terms of the specific elements listed, the proposed ISO standard provides a number of sound recommendations – such as a comprehensive, risk-based approach, as well as management commitment to promoting an ethical corporate culture—but with a few exceptions, the draft ISO 37001 standard is not much different from the guidance available from the DOJ/SEC and other sources in multiple jurisdictions.

That’s not to say that there is nothing whatsoever distinctive about ISO 37001. It does differ from the existing guidance in some ways, some good (such as the comprehensive focus on documentation, document retention, and document availability) and some not so good (such as the unrealistic recommendations regarding extension of management’s internal control systems to third-party vendors). The draft ISO standard also puzzlingly omits consideration of certain key issues –such as the labor law and data privacy issues that arise in connection with bribery investigations, questions regarding how to address anti-bribery concerns in connection with M&A or joint venture due diligence, and (most generally) the integration of ABC management systems into the firm’s wider financial, operational, and regulatory functions. But, again, in most respects the ISO 37001 draft standard closely resembles existing ABC guidance.

What makes the ISO 37001 standard distinctive, and the reason its finalization would be potentially such big news, is that ISO 37001 (like other ISO standards dealing with more technical matters) is intended to be subject to independent “certification” by third-party auditors. In other words, if and when the ISO 37001 standard is finalized, companies will be able to hire auditing firms to review their ABC programs and (if the auditor determines the firm meets the ISO 37001 criteria) to provide a formal certification that the company is ISO 37001-compliant. The question whether formal ISO 37001 certification of this sort will be a good thing (for firms, or for the world) has been hotly debated (for previous discussions on this blog, see here and here). Continue reading

Dear Governments: Please Don’t Make Private Certification the Touchstone of an Adequate Anti-Bribery Program!!!

Posted on by
6

A little while back, I posted a couple of critical commentaries (here and here) about the efforts underway to develop an International Organization for Standardization (ISO) standard for corporate anti-bribery programs (ISO 37001), modeled on the already-existing UK standard developed by the British Standard Institute (BS 10500). (For those unfamiliar with these organizations or what they do, these standards are developed by a private consortium, and then private firms conduct–for a fee–audits of companies and provide a “certification” that the company is in compliance with the standard. These standards in the past have dealt with technical or quality control issues — the proposed anti-bribery standard is, to the best of my knowledge, the first ISO standard to deal with a legal issue of this type.) Without rehashing my earlier posts here, I raised questions both about how these certifications were supposed to work in practice, and about what they were for. I raised but dismissed the possibility that law enforcement might treat ISO/BS certification as an adequate indicator that a firm had a satisfactory compliance program (or that absence of ISO/BS certification as an indicator the compliance program was inadequate). I dismissed the possibility because lots of people (including those who work in the compliance certification business and those involved with the development of the ISO standard), assured me that such certification was not intended to have that kind of dispositive legal significance (even if it might be relevant to the law enforcement agency’s inquiry).

I would have left the matter there, and probably not written about it again, but for some remarks at last December’s World Bank International Corruption Hunters Alliance meeting. On a panel about “Fighting Transnational Bribery,” Detective Inspector Roger Cook, with the Operations area in the City of London Police’s Economic Crime Directorate, spoke with great enthusiasm about BS 10500, the model for the proposed ISO 37001. (This is perhaps unsurprising given that, as I just learned from his City of London police bio, he “contributed to the development and implementation of … BS 10500 and the developing ISO 37001.”) I don’t have a transcript or a video, nor am I a trained stenographer, but I tried to copy down Detective Inspector Cook’s remarks on this topic as close to verbatim as possible, and they went (according to my notes) more or less like this:

[If you’re a company, the BS 10500 standard] is going to give you a lot of comfort. Simply by getting accredited, then you have those adequate procedures that the UK Bribery Act requires companies to have [(that is, to satisfy the affirmative defense to the strict liability offense of failure to prevent foreign bribery)]. If the company has BS 10500 [certification], we’re not going to look much further, as long as they’re applying it properly. And an ISO standard [ISO 37001] is also in the works, about 18 months away. Think how good that would be, if every company going for a public contract were accredited. [We should] make that [certification] a condition for public contracts.

Now, Detective Inspector Cook was speaking in his personal capacity, not on behalf of the City of London Police or the British government. And he is not affiliated with the Serious Fraud Office (SFO), which has principal responsibility for bringing enforcement actions under the UK Bribery Act. But I nonetheless found these remarks quite troubling, so perhaps it’s worth restating the reasons why private anti-bribery certification or accreditation, according to something like the proposed ISO standard, should not be considered necessary or sufficient to establish the compliance defense under the UK Bribery Act, and should not be considered necessary or sufficient to engage in government contracting. Continue reading

Guest Post: Fighting Corporate Corruption in Thailand, Part Two — Private Initiatives

Posted on by
1

Karin Zarifi, an independent consultant to the Securities and Exchange Commission Thailand, contributes the following post (the second in a two-part series on combating corporate corruption among Thai public companies):

In my last post, I discussed how the Thai Securities and Exchange Commission (SEC) was undertaking innovative measures, in conjunction with private sector initiatives, to fight corruption and encourage good corporate governance in Thai public companies. One of the SEC’s most important partners in its efforts is the Stock Exchange of Thailand (SET), on which approximately 600 companies are listed. The SET and the SEC have been promoting their own and each other’s initiatives, as well as those of private sector organizations like the Thai Institute of Directors (IOD) and the Thaipat Institute, in ways that are encouraging, and seem to be helping Thailand to become a corporate sustainability leader among Association of Southeast Asian Nations (ASEAN) member countries.

The role of the SET in fighting corruption cannot be overlooked. Stock exchanges are uniquely positioned to use their listing and disclosure requirements to encourage sustainable practices, including anticorruption, by listed companies and allow consideration by investors. The role of stock exchanges in wealthy countries — most notably the New York Stock Exchange — in imposing ethics and disclosure requirements on listed companies is already well-known. The SET’s recent initiatives demonstrate that stock exchanges in developing countries can also play this role. Although a stock exchange’s anticorruption initiatives cannot substitute for appropriate action by government regulators, they are a vital complement to government efforts to prohibit bribery and corruption. Continue reading

More on Compliance Certification–A Response to TRACE International

Posted on by
1

In a recent post, which built directly on a report from Transparency International USA, I raised some questions about the value of the compliance program “certifications” that certain private firms offer to provide.  (In a follow-up post, I also expressed even greater skepticism about current efforts to generate an International Organization for Standards (ISO) anti-bribery compliance program standard.) I won’t repeat everything in the original post here, but to summarize quickly: I expressed concern that “certifying” a compliance program (as distinct from reviewing and assessing it) could prove counterproductive because (1) the certification would not (or should not) be treated as significant by government enforcers or third parties, and (2) the certification might lead companies either to do too little or too much.

TRACE, one of the leading firms that offers compliance certification services (and also, through a separate but affiliated nonprofit, provides anti-bribery compliance support to member companies), has provided a thoughtful, thorough, and enlightening response to my post on the TRACE blog. The TRACE post takes issue with my criticisms, and also uses my post as an opportunity to “address head-on some common assumptions and misunderstandings that … surround anti-bribery certifications.”

I highly recommend that readers interested in this debate — which TI-USA deserves credit for kicking off — read TRACE’s post; I won’t try to summarize it here.  Let me say a few words about where I think we actually agree, then highlight what I think are the most significant points of disagreement, and then highlight one particularly intriguing aspect of the TRACE post that may deserve more extensive consideration. Continue reading

Some Thoughts on Certification of Corporate Anticorruption Programs

Posted on by
1

Last week, I posted a brief announcement about an interesting new report from Transparency International USA about verification of corporate anticorruption compliance programs — that is, efforts to ensure that the measures companies put in place to ensure compliance with anti-bribery law (and other legal and ethical requirements) are actually working. One particularly interesting facet of the report, at least for me, was the discussion of the emerging “certification” industry: private firms that companies can hire to review their compliance programs, and that provide a public certification — basically, a statement saying “we’ve reviewed this company’s compliance program and we think it’s up to scratch.” These certification services are different from more familiar consulting services, where firms assist companies in designing or evaluating their compliance programs (though the firms that offer certification also often offer consulting services as well).

While I’m all for private sector initiative to improve corporate anti-bribery compliance, I’ll admit I’m a bit skeptical as to the value of these services. Indeed, I worry a bit about whether they might in some cases prove counterproductive. And while the TI-USA report uses careful language, I read the report as evincing a fair amount of skepticism as well. I also want to be appropriately circumspect, as I don’t really know enough to have strong views, but let me raise a few concerns about the private anticorruption certification industry.

Continue reading