Compliance Rules for Rules Sakes?
In response to the aggressive enforcement environment, companies have been revising policies for travel, gifts, entertainment, and hospitality. As they do so, it is important for each company to consider these questions –
What is the precise risk which is being addressed?
How will the policy minimize the risk of bribery?
How will internal accounting controls incorporate these policies?
Companies know that the risks of misconduct and misuse of money is significant. Many bribery schemes have developed under the accounting control radar screen when actors took excessive amounts of money from petty cash, or used other accounts to funnel illegal bribes to government customers. For this reason, the design of policies is a fundamental piece of any compliance program.
In a perfect world, companies will adopt policies which vary in each country according to the risk assessment for that country. Unfortunately, companies cannot draft and implement different policies on such a micro scale. Instead, companies recognize that operational requirements across the organization require policies and procedures which cut across regions in which the company operates.
But policies should not be adopted just to say a company has a policy. A strict policy without any rational justification is a costly policy. Too many companies simply adopt a flat amount for certain expenditures above which prior approval may be required. Companies are apparently competing on how can be the toughest. This is not the best way to achieve compliance.
As an alternative, I would suggest that companies talk to their staff to determine what kinds of policies would work best. How much do they routinely spend, or even want to spend, to give gifts, entertain or provide hospitality? Given the typical amounts of expenditures which do not raise a risk, then policies may be set at expenditure levels where the risk starts to grow, or a sliding scale may be used depending on the position of the government official with whom the interaction is going to occur.
The bottom line is that there needs to be a reason for a policy other than the policy itself.