Tag Archives: corporate compliance programs

Dear Governments: Please Don’t Make Private Certification the Touchstone of an Adequate Anti-Bribery Program!!!

Posted on by
6

A little while back, I posted a couple of critical commentaries (here and here) about the efforts underway to develop an International Organization for Standardization (ISO) standard for corporate anti-bribery programs (ISO 37001), modeled on the already-existing UK standard developed by the British Standard Institute (BS 10500). (For those unfamiliar with these organizations or what they do, these standards are developed by a private consortium, and then private firms conduct–for a fee–audits of companies and provide a “certification” that the company is in compliance with the standard. These standards in the past have dealt with technical or quality control issues — the proposed anti-bribery standard is, to the best of my knowledge, the first ISO standard to deal with a legal issue of this type.) Without rehashing my earlier posts here, I raised questions both about how these certifications were supposed to work in practice, and about what they were for. I raised but dismissed the possibility that law enforcement might treat ISO/BS certification as an adequate indicator that a firm had a satisfactory compliance program (or that absence of ISO/BS certification as an indicator the compliance program was inadequate). I dismissed the possibility because lots of people (including those who work in the compliance certification business and those involved with the development of the ISO standard), assured me that such certification was not intended to have that kind of dispositive legal significance (even if it might be relevant to the law enforcement agency’s inquiry).

I would have left the matter there, and probably not written about it again, but for some remarks at last December’s World Bank International Corruption Hunters Alliance meeting. On a panel about “Fighting Transnational Bribery,” Detective Inspector Roger Cook, with the Operations area in the City of London Police’s Economic Crime Directorate, spoke with great enthusiasm about BS 10500, the model for the proposed ISO 37001. (This is perhaps unsurprising given that, as I just learned from his City of London police bio, he “contributed to the development and implementation of … BS 10500 and the developing ISO 37001.”) I don’t have a transcript or a video, nor am I a trained stenographer, but I tried to copy down Detective Inspector Cook’s remarks on this topic as close to verbatim as possible, and they went (according to my notes) more or less like this:

[If you’re a company, the BS 10500 standard] is going to give you a lot of comfort. Simply by getting accredited, then you have those adequate procedures that the UK Bribery Act requires companies to have [(that is, to satisfy the affirmative defense to the strict liability offense of failure to prevent foreign bribery)]. If the company has BS 10500 [certification], we’re not going to look much further, as long as they’re applying it properly. And an ISO standard [ISO 37001] is also in the works, about 18 months away. Think how good that would be, if every company going for a public contract were accredited. [We should] make that [certification] a condition for public contracts.

Now, Detective Inspector Cook was speaking in his personal capacity, not on behalf of the City of London Police or the British government. And he is not affiliated with the Serious Fraud Office (SFO), which has principal responsibility for bringing enforcement actions under the UK Bribery Act. But I nonetheless found these remarks quite troubling, so perhaps it’s worth restating the reasons why private anti-bribery certification or accreditation, according to something like the proposed ISO standard, should not be considered necessary or sufficient to establish the compliance defense under the UK Bribery Act, and should not be considered necessary or sufficient to engage in government contracting. Continue reading

Guest Post: Collective Action by Multinational Companies–A Recipe for Fighting Corruption in Emerging Markets

Posted on by
2

GAB is pleased to welcome back Gönenç Gürkaynak, the managing partner and head of the Regulatory and Compliance Department at ELIG, Attorneys-at-Law (Istanbul), who contributes the following guest post:

In too many countries, particularly emerging markets, corrupt public officials and getting rich by taking bribes, and they often seem immune from domestic law enforcement due to their influence over the judiciary. In such situations, collective action by the private sector—in cooperation with civil society—may be the key to changing the rules of this corrupt game. In particular, multinational companies (MNCs) can and should act collectively to require their intermediaries (e.g., distributors, agencies, etc.) to comply with stringent anticorruption rules. Considering that MNCs working in foreign jurisdictions act mostly through intermediaries (e.g. distributors, agencies, etc.) and that, according to the recent OECD Foreign Bribery Report, three-quarters of foreign bribery cases involve intermediaries, using collective action to targeting corruption by local intermediaries can help choke off the supply of bribes that corrupt public officials are so keen to extract.

The collective action strategy suggested here is designed for settings in which many MNCs, as well as large local companies, work with a limited number of local intermediaries that provide assistance in dealing with a sector or government agency prone to corruption; the approach is most effective when other potential intermediaries might be able to compete with the more established intermediaries if given the opportunity. In such a setting, the collective action approach—perhaps initiated by the MNCs, perhaps facilitated by some third party like a civil society organization—could work as follows: Continue reading

Bribery in the Boardroom: Implications for Internal Reporting Programs

Posted on by
2

Early last month, the OECD released its first Foreign Bribery Report. According to Angel Gurria, the organization’s Secretary-General, the report “endeavors to measure, and to describe, transnational corruption based on data from the 427 foreign bribery cases that have been concluded since the entry into force of the OECD Anti-Bribery Convention in 1999.” The report as a whole is quite interesting, but I would like to hone in on the OECD’s findings regarding who engages in bribery, and how this should change how we approach arguments on whistleblower internal reporting requirements.

The report found that, contrary to popular belief, in the majority of cases senior management were aware of or endorsed the payment of whatever bribe occurred (in 41% of the cases senior management was implicated, in 12% even the highest level executives were aware of the bribe being paid). As the report notes, this “debunk[s] the “rogue employee” myth,” and this, I would argue, calls into question internal reporting requirements as a means of combating foreign bribery. Continue reading

Guest Post: Fighting Corporate Corruption in Thailand, Part Two — Private Initiatives

Posted on by
1

Karin Zarifi, an independent consultant to the Securities and Exchange Commission Thailand, contributes the following post (the second in a two-part series on combating corporate corruption among Thai public companies):

In my last post, I discussed how the Thai Securities and Exchange Commission (SEC) was undertaking innovative measures, in conjunction with private sector initiatives, to fight corruption and encourage good corporate governance in Thai public companies. One of the SEC’s most important partners in its efforts is the Stock Exchange of Thailand (SET), on which approximately 600 companies are listed. The SET and the SEC have been promoting their own and each other’s initiatives, as well as those of private sector organizations like the Thai Institute of Directors (IOD) and the Thaipat Institute, in ways that are encouraging, and seem to be helping Thailand to become a corporate sustainability leader among Association of Southeast Asian Nations (ASEAN) member countries.

The role of the SET in fighting corruption cannot be overlooked. Stock exchanges are uniquely positioned to use their listing and disclosure requirements to encourage sustainable practices, including anticorruption, by listed companies and allow consideration by investors. The role of stock exchanges in wealthy countries — most notably the New York Stock Exchange — in imposing ethics and disclosure requirements on listed companies is already well-known. The SET’s recent initiatives demonstrate that stock exchanges in developing countries can also play this role. Although a stock exchange’s anticorruption initiatives cannot substitute for appropriate action by government regulators, they are a vital complement to government efforts to prohibit bribery and corruption. Continue reading

Guest Post: Fighting Corporate Corruption in Thailand, Part One — Securities Regulation

Posted on by
3

Karin Zarifi, an independent consultant to the Securities and Exchange Commission Thailand, contributes the following post (the first in a two-part series on combating corporate corruption among Thai public companies):

In Thailand, despite increased focus on anticorruption, corporate governance and Corporate Social Responsibility (CSR) improvements in the private sector (see, e.g., here and here), the Thai business community does not seem convinced that anticorruption is in its interest, at least short-term. Only last April, companies listed on the Stock Exchange of Thailand (SET) were telling the Thai Securities and Exchange Commission (SEC) that they were unwilling to stay away from paying “tea money” (that is, bribes), for fear of losing out to competitors. Yet the last nine months have seen considerable progress on this front.

Some of the progress has been driven by private sector initiatives, including initiatives spearheaded by the SET. I will discuss these in my next post. But much of the progress has been driven by the Thai SEC. As Jeena Kim pointed out in a recent post on this blog (in the context of South Korea) securities regulators are well-positioned — and often better-positioned than public prosecutors — to take effective action against corporate corruption. But whereas Ms. Kim highlighted the Korean securities regulator’s ability to enforce South Korea’s foreign anti-bribery laws, the Thai example illustrates how securities regulators can encourage the development of a culture of compliance, good corporate governance, and corporate social responsibility more generally, using tools beyond simply enforcing the securities laws. Continue reading

Guest Post: Compliance Culture in Emerging Markets — Tone at the Top or Tone in the Middle?

Posted on by
1

Today’s guest post is from Gönenç Gürkaynak, the managing partner and head of the Regulatory and Compliance Department at ELIG, Attorneys-at-Law, a leading law firm in Istanbul:

When listing the fundamental pillars of a compliance program, guidance on the Foreign Corrupt Practices Act and UK Bribery Act both stress the importance of the top-level commitment — “tone at the top” — for creating and maintaining a compliance culture within the company. Because the actions and stances of the board of directors and senior executives reflect and shape the corporate compliance culture, these directors and managers are expected to fulfill leadership roles within scope of the compliance program of the company. But the compliance leadership of the top-level management can be undermined by the reckless actions of the mid-level managers who have the obligation to meet operational targets and deal with the various problems posed in the field. Accordingly, a tone from the top is not enough to create or sustain a compliance program — especially in emerging markets — unless such tone is supplemented by the voice of the mid-level management (“tone in the middle”). Continue reading

More on Compliance Program Certification/Verification: The Proposed ISO Standard

Posted on by
2

My last post, inspired by Transparency International USA’s recent publication of a report on verifying the effectiveness of corporate anti-bribery programs, talked a bit about the emergence of a set of private firms that provide “certifications” for such programs. I expressed some skepticism about the value of these certification services. Some of my concerns — also expressed in the TI-USA report — had to do the opacity and apparent inconsistency in the methodology that certification firms employ. One possible response to this concern might be to develop an “official” international standard for anti-bribery compliance, and to provide certification that firms meet that standard.

Such an effort is already underway, through an organization called the International Organization for Standardization (ISO), a consortium of national (generally private) standard-setting bodies in 163 different countries. Traditionally, the ISO promulgates international standards with respect to quality control, safety, and technical compatibility. External auditing firms then provide certifications that a firm meets the ISO standard(s) in the relevant areas. The ISO is now already in the process of developing an ISO standard (ISO 37001) for anti-bribery programs — which would be the first ISO standard to deal with a topic like bribery. The draft standard is supposed to be available for public comment by 2015.

Before proceeding further, I should disclose that I’ve been involved — very marginally — in the U.S. Technical Assistance Group that’s supposed to provide commentary on this developing standard. (Basically, I’ve listened in on a few phone calls and seen a few documents circulated to the group.) So I need to be careful what I say on this subject, so as not to disclose anything confidential. I actually think there’s little risk of that, because what I really want to do in this post is not to focus on specific features of the proposed standard, but rather to raise questions about the whole enterprise. The more I think about it, the less justification I can imagine for promulgating an international standard like this. Indeed, it strikes me as entirely the wrong way to go about promoting the very worthy cause of improved corporate anti-bribery compliance programs.

Continue reading

Some Thoughts on Certification of Corporate Anticorruption Programs

Posted on by
1

Last week, I posted a brief announcement about an interesting new report from Transparency International USA about verification of corporate anticorruption compliance programs — that is, efforts to ensure that the measures companies put in place to ensure compliance with anti-bribery law (and other legal and ethical requirements) are actually working. One particularly interesting facet of the report, at least for me, was the discussion of the emerging “certification” industry: private firms that companies can hire to review their compliance programs, and that provide a public certification — basically, a statement saying “we’ve reviewed this company’s compliance program and we think it’s up to scratch.” These certification services are different from more familiar consulting services, where firms assist companies in designing or evaluating their compliance programs (though the firms that offer certification also often offer consulting services as well).

While I’m all for private sector initiative to improve corporate anti-bribery compliance, I’ll admit I’m a bit skeptical as to the value of these services. Indeed, I worry a bit about whether they might in some cases prove counterproductive. And while the TI-USA report uses careful language, I read the report as evincing a fair amount of skepticism as well. I also want to be appropriately circumspect, as I don’t really know enough to have strong views, but let me raise a few concerns about the private anticorruption certification industry.

Continue reading

TI Report on Verification of Corporate Anticorruption Compliance Programs

Posted on by
1

Last week Transparency International-USA released a new report entitled Verification of Anti-Corruption Compliance Programs. The report is available for download on TI-USA’s website (the link there opens the document as a pdf, so I can’t do a direct link). It’s a helpful document on an important but surprisingly neglected topic: although there’s a ton of material out there about how to design a corporate compliance program (for anti-bribery and related matters), there’s much less out there on how to go about assessing these programs to ensure they’re actually working as they’re supposed to.

I won’t bother summarizing the document here. Shruti Shah, the TI-USA Senior Policy Director who was one of the driving forces behind the report, has a nice succinct summary over at the FCPA Blog. I’ll try to do a more substantive post within the next week or two on my reactions to the report and the more general issues it raises, but for now I just wanted to bring this document to the attention of GAB readers.