As part of my continuing series on building an anti-corruption compliance program from scratch, we need to work on the next step in our continuing series.  In yesterday’s post I described the risk assessment process.  So, your Bible is now complete. 

Your risk assessment outlines potential risks and covers the following: geographic areas of operation and levels of corruption in these countries; industry corruption levels and enforcement actions; foreign government interactions: sales, regulatory and audit or inspections; use of third party agents, intermediaries and/or distributors; existing policies and procedures for gifts, meals, entertainment and travel; existence of joint ventures and policies and procedures for due diligence for joint ventures and mergers and acquisitions; response to foreign government tenders; interactions with suppliers and procurement officers; and charitable contributions.

With these risks as your guideposts, you now need to take stock of the organization and internal controls used within the company.  How do your company’s systems interact?  For example, are all of your offices and regions interconnected electronically so that documents can be shared, transmitted and the work flow process can be monitored for approvals and payments?  How are contracts approved?  How are payments approved?  These areas have to be mapped out and they become the skeleton upon which the anti-corruption program can be crafted.

To be more specific, here is what I mean — if I am a sales person in country X, who needs to approve a contract I am proposing with a customer in country X?  How high does the approval process go?  In some companies, a centralized headquarters must approve all contracts before a payment can be made under the the contract, or a product or service ordered pursuant to the contract.  You would be surprised to learn how many companies have a complete disconnect between the accounts payable or accounts receivable side and the contract review and approval.  A regional manager who signs off on a payment, may result in a payment being made, even though the contract itself has never been properly approved.  Hard to imagine but all too often occurs in the real world.

So now what — well, we concentrate on the preparation of a 15-page, clearly written anti-corruption policy.  The policy outlines the Company’s overall approach, addressing a number of general topics, including: 

The Compliance Officer: Who is the Compliance Officer and what lines of reporting will the Compliance Officer have — to the Audit Committee or Compliance Committee (if one exists)? Will he/she report to the General Counsel or CEO or other senior manager?

Third Party Agents: What specific policies will be established for third party agents?  A centralized review of any due diligence and proposed contract, requiring high-level approval of a a new third party relationship?  If approved, how will individual transactions and contracts secured by the third party agent be reviewed and who will have authority to approve?  In addition to these basic consideration, a careful and detailed due diligence requirement has to be standardized across the company, with modifications made on the local level to reflect local conditions.  These documents and forms are critical and must be mandated as part of the overall program.  Documentation is your insurance policy.  Almost any decision can be justified  so long as there is a reasonable basis for the decision and there is a document outlining the considerations and the review process.  A final requirement in this area is standardized language concerning anti-corruption compliance by the third party, access to audit their records, and anti-corruption compliance training and policies.

Gifts, Meals, Entertainment and Travel: What specific policies will be established for gifts, meals, entertainment and travel?  In these areas, companies engage in hyper-complexity with decision matrices varying with amounts, pre-approval requirements, and consideration of the recipient’s position in the government.  My motto is the simpler the better, and relying on pre-approval reviews for serious risks.  One key question I encourage companies to ask their staff — what type of gifts do they want to provide? What type and how expensive are meals and entertainment they want to provide to private customers? foreign government officials?  A key point to remember is that whatever is authorized the key here is the gift-giver’s intent — is it corrupt? or general business relations?

Joint Ventures and Mergers/Acquisitions: One of the more critical policy areas which needs to be addressed is the due diligence and approval process for proposed joint ventures and mergers and acquisitions.  This is a area ripe for mischief, possible pitfalls and dangerous results when a company gets itself into hot water by acquiring companies with a record of foreign bribery and non-compliance.

Our next post will examine remaining issues for the overall policy statement.