What can companies, directors and in-house counsel do to reduce corruption risks?
Anti-bribery and corruption risk management
What you need to know
- There is broad scope for companies and directors to be held criminally and civilly liable for corrupt conduct of individuals within or associated with their organisation.
- One of the most effective means of avoiding liability is for companies, directors and in-house counsel to implement and maintain a culture of strict compliance with anti-corruption laws.
What you need to do
- Implementing and maintaining a culture of compliance can be achieved through key measures including leadership commitment, policies, procedures, training, controls and staying abreast of legal developments.
Introduction
In Part 1 of our ABC for In-House Counsel series, we examined the broad scope for companies and directors to be held criminally and civilly liable for corrupt conduct of individuals within or associated with their organisation.
This article focuses on what you can do to reduce the risk of bribery or corruption issues arising, as well as reducing the risk of being held liable for bribery or corruption offences committed by others. In other words, this article discusses what you can do to establish an appropriate corporate culture of compliance.
What is an appropriate corporate culture of compliance?
Corporate culture is the underlying mindset or values of the company. There is increasing Australian and international focus on compliance with anti-bribery and corruption laws, prompting many companies to review their internal policies and ensure their corporate culture is one of strict compliance with those laws.
There has been very little regulatory guidance in Australia regarding what constitutes an appropriate corporate culture of compliance and what companies can do to combat bribery and corruption. In part, this could be attributed to the vast differences between organisations and the lack of a "one size fits all" solution.
Factors relevant to assessing a company's culture of compliance include:
- the level of leadership commitment to compliance (including whether senior officers openly discuss, and encourage others to comply with, anti-bribery policies and legislation);
- the company's openness to hear and willingness to address any employee concerns in relation to potential bribery or corruption issues;
- the company's approach to ensuring that any disclosures made by employees in relation to potential contraventions of laws or policies, or compliance procedures that require improvement, are taken seriously, and that employees who make such disclosures are treated with respect (including being permitted to make disclosures anonymously if they wish);
- whether the company has a demonstrated zero tolerance approach to contraventions of anti-bribery and corruption laws and compliance policies; and
- the company's ongoing commitment to training, review and improvements of compliance policies and procedures.
These points are discussed in more detail below.
Leadership commitment
Although there is no one size fits all solution, a successful culture of compliance can only be developed if the leaders within the corporation are committed to combatting bribery and corruption.
The board of directors and senior executives within a company lead by example and set a tone for how employees at other levels, as well as associates, approach business on a day-to-day basis. In addition, it is important for leaders to frequently communicate internally about the significance of compliance with anti-bribery and corruption laws.
Development and implementing a policy
When a company has a leadership team that is committed to developing a culture of compliance, it must then develop and implement an effective anti-bribery policy. Again, the content of the policy must be assessed in light of the specific company, including:
- its size;
- the industry and place where it operates;
- the extent to which it deals with government;
- its remuneration structures; and
- other key risk or exposure areas.
Generally speaking, a company's anti-bribery policy should clearly demonstrate its commitment to compliance with anti-bribery and corruption laws, and describe the internal controls and values that will be used to underpin such compliance.
We set out below the key issues that, in our experience, companies should consider when developing their compliance policy and associated procedures. It is important to remember that companies may address each issue differently (and there may be additional issues that need to be considered), and that the policy must be well adapted to the particular organisation.
Due Diligence
When a company has a leadership team that is committed to developing a culture of compliance, it must then develop and implement an effective anti-bribery policy. Again, the content of the policy must be assessed in light of the specific company, including:
Corporations should assess bribery risks by undertaking proper due diligence in relation to their overall activities, as well as prospective transactions and projects. It is also necessary to exercise proper due diligence before entering into a commercial relationship with agents and other business associates (including joint venture partners, sub-contractors, consultants and suppliers), and before hiring employees (particularly for senior positions).
In order to conduct proper due diligence, you need to obtain sufficient information to assess the bribery risk posed by a potential transaction, project, employee or business associate. Some relevant information is likely to be freely available online, but third party service providers are usually able to provide more extensive information. You should then analyse the information to determine whether the transaction or project is in line with your organisation's anti-bribery policy and values. This process must be fully documented, fair and transparent.
When hiring employees, it may be good practice to include a clause in employment contracts requiring the employee to commit to compliance with anti-bribery and corruption laws, as well as your organisation's anti-bribery policy.
Internal financial records
It is important to implement appropriate financial controls that assist with the management of bribery risks. These controls should go toward ensuring that financial transactions are managed properly and recorded accurately and efficiently.
Financial controls that should be considered include:
- establishing an independent team which is responsible for financial records;
- implementing layered authorisation or approval requirements;
- scheduling regular audits (potentially to be carried out by a variety of independent auditors); and
- limiting the use of cash within the organisation.
Benefits to third parties
A key risk area in most organisations (and particularly those that deal with the Government on a regular basis) is the provision by an employee of benefits (such as gifts, hospitality and donations) to a third party. The provision of benefits may amount to a bribery offence, even if the person involved did not intend it to be a bribe.
You should implement procedures that aim to prevent or limit as far as possible the offering, provision or acceptance of benefits where the offering, provision or acceptance could reasonably be perceived as bribery. Although this is a risk area, it does not necessarily follow that your organisation should not provide or accept any gifts or other benefits; instead, any benefits offered, accepted or provided must be reasonable, proportionate and fully documented. When assessing what is reasonable and proportionate, it is necessary to consider aspects such as value, accepted standards in the relevant community and the frequency of offering, providing or accepting such benefits.
To address these risks, organisations may consider including a gifts and hospitality policy within their broader anti-bribery policy,. In particular, the policy could include the following:
- prohibiting benefits that may affect one party's impartiality or influence a business decision;
- setting a permissible limit for benefits;
- implementing an approval regime for benefits (if over a certain limit);
- implementing a system whereby accurate records of any benefits given or received are kept; and/or
- the requirement that any benefits offered, provided or accepted are done in an open and transparent manner.
While a well-drafted gifts and hospitality policy will assist employees to navigate the boundaries between gifts and bribery, difficult situations may still arise. It is therefore important that such a policy includes a clear point of contact for any uncertainties or queries employees may have.
Whistle-blower protections
Staff should be encouraged, and have the ability, to report any suspected or actual bribery (including any attempts to engage in bribery). To encourage such reporting, organisations should consider having clearly identified personnel to whom reports are made (and who can give advice when a concern is raised), and establishing a system that ensures reporting can be done anonymously and on a confidential basis.
Training
Employees (and some business associates) should be provided with adequate training on the anti-bribery policy and procedures. Face-to-face training should be provided, at least to employees in high-risk areas, on a regular basis. If in-person training is not practical, organisations should consider providing such training by video conference or webinar. Organisations should also ensure that policies and training materials are easily accessible to all relevant personnel who do not attend such training, or wish to review the materials as a refresher (such as through online training modules and documentation).
Other than providing information regarding the anti-bribery policy and procedures, training should also cover: (i) the specific bribery risks that the company is most likely to face; (ii) how personnel can identify and avoid potential bribery in their day-to-day work; (iii) how concerns can be reported internally within the organisation; and (iv) what the consequences may be (both within the organisation and at State or Federal level) for non-compliance with the policy and/or anti-bribery laws.
Maintenance and review
Once an anti-bribery policy and associated procedures have been implemented, management must continually monitor and review their effectiveness. Companies should consider appointing a compliance manager or team (often part of the in-house legal team) who oversees the anti-bribery system that the company has in place, and monitors the implementation of the policy and procedures. Companies could also consider engaging independent auditors to assist in assessing the effectiveness of the system, either on a regular basis or after an issue with the system has been identified by the company.
Critically, if a corruption issue arises, a company should take steps to identify and address any deficiencies in the company's policies and procedures that may have allowed the issue to arise.
Anti-bribery and corruption is an area that is under scrutiny and is also constantly developing. It is important for companies to stay abreast of, and keep their internal policies and procedures in line with, developments in the ABC area.
Consider certification
In 2016, the International Organisation for Standardisation released a new standard (ISO 37001) to assist organisations to implement effective anti-bribery management systems. ISO 37001 is increasingly used by organisations, both in Australia and internationally. Whilst certification that your company's anti-bribery management systems comply with ISO 37001 is no guarantee that bribery issues will not arise or that your company may not still be exposed to corporate liability, certification will assist companies to demonstrate that that they have implemented an appropriate corporate culture of compliance and should not be held liable.
What happens if a corruption issue arises?
In Part 3 of this series, we will consider the practical steps that you should take to minimise the harm caused if a corruption issue arises.
Authors: Alyssa Phillips (Partner), James Clarke (Senior Associate), Melanie Wong (Lawyer).
Key Contacts
We bring together lawyers of the highest calibre with the technical knowledge, industry experience and regional know-how to provide the incisive advice our clients need.
Keep up to date
Sign up to receive the latest legal developments, insights and news from Ashurst. By signing up, you agree to receive commercial messages from us. You may unsubscribe at any time.
Sign upThe information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.
