Published on February 27, 2014
Corporate Integrity 101 A collection of articles on making Compliance a Competitive Advantage Scott Lane CEO of The Red Flag Group
Contents 4-7. The UK Bribery Act and Middle East 8-9. Compliance training high on the agenda 10-11. Top roles demand special screen tests 12-13. Business integrity proves profitable 14-15. System can increase profits and cut risk 16-17. Onus on business to step up and comply 18-19. Communicate to enjoy advantage 20-21. Ignoring risk strategy can lead to disaster 22-23. Firms should guard against espionage 24-25. Giving gifts can lead to jail time 26-27. Foster a culture of compliance 28-29. Governance must be wide-ranging 30-31. Training ensures customer satisfaction 32-33. Be wary when using agents abroad 34-36. Agents and consultants
The UK Bribery Act and Middle East There is little doubt in the business world today that Middle East is becoming an increasingly important market for the products and services of companies from around the world. This is particularly true of the cash-rich sovereign wealth funds holders such as Abu Dhabi, Kuwait and Qatar, which have become a stabilizing influence during the most recent financial crisis. Dubai as well is quickly bouncing back from the global recession. The sentiment is that if a company is not selling its products in rapidly growing Middle East, it is missing out on the best action. However, an anti-corruption legislation with extraterritorial reach will soon be enacted in the UK which will drastically affect many companies operating in Middle East, regardless of whether they were incorporated in the UK or not. As long as they are carrying on any part of their business in the UK, they will be caught by the Act. The UK Bribery Act, which received Royal Assent in April, is expected to come into force in April next year. Its provisions are in many respects stricter than those of the US Foreign Corrupt Practices Act (FCPA)–a defacto compliance standard for companies who operate internationally. Under this new Act, companies which are carrying out business in Middle East - where local business practices can contravene well-accepted international anti-bribery rules – face increased compliance risk. Provisions under the UK Bribery Act The Act introduces new bribery offences into UK law: A general offence of bribing another person or receiving a bribe – This will be based on the improper performance test. There is an expectation that one performs his/ her duties according to a relevant expectation. This expectation entails performing a function in good faith, impartially, while importing a position of trust. Performance would be deemed Page 4
improper if an action (or a failure to act) breaches that expectation. The offence can be committed by a company, its employees, agents or subsidiaries. A discrete offence of bribing a foreign official – This occurs where a financial or any other advantage is given, directly or through third parties, to a foreign public official to influence them in their official capacity to award or retain business contracts. This offence does not require improper performance to have taken place nor does the payment need to have been made “corruptly” as required by the FCPA. This offence can also be committed by a company, its employees, agents or subsidiaries. A corporate offence of failing to prevent bribery – This has generated the most interest, as it is a strict liability offence for corporations and partnerships who fail to prevent bribery from occurring. T he Act states that if a person associated with an organisation commits bribery to obtain an advantage for the company, then the organisation is guilty of the offence regardless of whether it was the organisation’s intent to do so. The company also does not even need to be aware that bribery has taken place. The only defence is if a company can show it has adequate procedures in place that were meant to stop bribery from occurring. Private Bribery - It has always been an offence under UK law to bribe a private person and causing the said person to perform their duties contrary to good faith or impartiality. The Act simply continues to make the bribing of private persons illegal. Relevancy to Middle East T he Act stat es that if a person asso with an org ciated anisation co mmits brib obtain an ad ery to vantage for the compan organisatio y, then the n is guilty of the offen of whether ce regardle it was the ss organisatio do so. The n’s intent to company al so does no to be awar t even nee e that brib d ery has tak only defence en place. T he is if a com pany can sh adequate p ow it has rocedures in place that w to stop brib ere meant ery from occ urring. Middle East parent company would be deemed to have been carrying on business in the UK would depend on whether the subsidiary’s activities form part of the parent’s business operations, and the degree of ownership and control exerted. The UK Bribery Act will apply to businesses operating in Middle East, just like any other business in the world. However, companies who operate in Middle East face additional risks of being caught under the Act because of the region’s unique business culture. Middle East is an area with its own laws, cultures, and business customs. In turn, these laws, as expected of developing legal jurisdictions, are typically prescriptive in nature but lack the precision in wording desired by corporate compliance and legal departments. Like the FCPA, the UK Bribery Act includes extraterritorial provisions that apply to Middle East – just like how it applies to any other part of the world. Under the Act, the person committing the bribery offence does not have to be a UK citizen nor does the activity have to fall within UK jurisdiction, but only that they maintain a “close connection” with the UK. Commercial organisations include not only partnerships or companies incorporated in the UK, but also partnerships and companies which are incorporated elsewhere but carry on any part of their business in the UK. The Act does not clearly define what “carrying on business” means. However, common sense dictates that it would denote some series of activities designed to advance an enterprise for financial gain, particularly acts with an element of repetition. At the same time, control issues arise because the business customs of the Middle East market in which the international firm is operating in is likely to be very different from the country in which the company is headquartered. This is especially so for companies originating from jurisdictions where there is a lower perception of corruption such as the US or New Zealand. Danger zones are not limited to countries where there is perceived to be greater levels of corruption such as Iran, Yemen, or Iraq. Even countries like Qatar, UAE, and Israel, which are respectively ranked 19th, 28th, and 29th on the Transparency International’s Corruption Perception Index, all have their own peculiar business-related customs on gift-giving and receiving, and hospitality through which firms need to navigate. For example, a company which is based in Middle East but carries on operations around the world – including a branch in the UK – will most likely be liable under the act. A finer question would be whether a Middle East company who owns a UK subsidiary would be similarly liable. Since the UK subsidiary would be a separate legal entity, then the question whether the This disparity in the way business is done between a firm’s home market and their Middle East operations is an issue that companies have found increasingly problematic in recent years with governments around the world cracking down on corruption. It manifests itself in a number of ways. Typically, the Middle East branch adopts the attitude that senior management and compliance at a company’s head office in its home country Page 5
simply do not understand how business has to be done in on the local level in the foreign Middle East market. Consequentially, even where companies have top notch compliance programmes that govern the range of actions corporate employees are allowed to engage in, they are often ignored because of concerns that compliance would drive business towards competitors with more relaxed compliance and ethical standards. This is easiest when there is no top-down commitment to compliance on the local level, which means that non-compliance is simply covered up until regulators are alerted - leading to expensive remediation measures that could involve hefty fines. Again, all of this applies equally to other anti-bribery legislation already in existence around the world, such as the FCPA, but the introduction of the stricter UK Act means that companies will now face additional risk for any illicit actions of Page 6 employees in problematic Middle East markets – in addition to liability they now face under the quasi-international FCPA and the laws of the local Middle East market. Unlike the FCPA, which requires a company to know (or least ought to have known) of bribery that has taken place in order for it to be an offence, there is no such requirement under UK Bribery Act’s general offences. If the Act comes into effect without any further legislative changes – and none are expected – it would mean that companies with such Middle East operations who disregard their corporate code of conduct will stand to face significant compliance risk. Finally and as previously mentioned, the UK Bribery Act prohibits bribery of both private individuals and companies, in addition to being limited to foreign officials as per defacto standards set by the FCPA. This means that companies operating in problematic Middle East countries will now have to
cast a wider net in reviewing how it conducts business with its clients, customers, vendors, suppliers, and other third parties. Companies will also have to review their relationships with private companies and individuals in addition to government officials to minimise all aspects of compliance risk. Corporate gifts and entertainment This is perhaps a big concern to companies in Middle East, where there is an entrenched culture of relationships as part of the daily operation of businesses. Standards there which may be considered lavish by UK or US standards may be the norm in such countries. In countries such as the UAE, Qatar, Oman and Saudi Arabia, gift giving or providing entertainment forms part of the relationship building process in the course of business. Under the Act, hospitality will only amount to bribery if it is proved that it was offered to influence the recipient to act improperly. In addition, the general bribery offence will be based on the improper performance test. That is, routine and inexpensive hospitality, as judged by the standards of a reasonable person in the UK, is unlikely to be considered improper conduct. Note that the improper performance test does not apply when a foreign official is involved. Whether a gift or entertainment is considered excessive however, will be based upon the discretion of the prosecution. The Act does have a carve-out in the form of allowances for local laws which permit certain gifts or payments to be made, but not for mere adherence to cultural norms or customary business practices. Reasonable gifts and entertainment, that are commensurate with the recipient’s seniority and are within the industry’s norm, are unlikely to attract attention from UK regulators. It helps if a company has a specific gift and entertainment budget, with clear control and approval procedures for expenditure. Facilitation payments Unlike the FCPA, the UK Bribery Act makes no distinction between bribery and facilitation or “grease” payments (i.e. small payments to public officials designed to ensure the prompt performance of a duty they are already bound to perform.) The FCPA’s facilitation carve-out has limited application but generally allows facilitation payments where they are permitted under the host country’s laws, and applies only to nondiscretionary actions by a foreign official such as processing paperwork, providing police protection or mail pickup. The UK Act makes no exception for such non-discretionary grease payments. Whether a case is brought to trial will be up to the discretion of the prosecutor, and it is not expected that there will be many cases targeting small facilitating payments made by companies. Companies which currently allow facilitation payments to be made, even if only under strict compliance controls, should examine their policies to see whether they conform to the new Act. Recommendations After it came into force in July 2011, the UK Bribery Act has become the strictest anti-bribery regime in the world, and as such it may become easier for companies, especially those operating in Middle East, to be caught by its provisions. Companies should review their operations, as well as their policies and procedures, and find out the degree to which they must adapt their business practices to safeguard themselves from the legislation’s penalties – which include both substantial fines for companies and prison sentences of up to 10 years for individuals. In 2010, the UK Ministry of Justice launched a consultation exercise on what “adequate procedures” organisations would have to put in place to defend against the strict liability of the Act. Since the Act extends to all persons “associated” with an organisation, this creates significant risk for organisations if they do not have “adequate procedures” in place to prevent bribery from occurring. Results from the consultation and legislation guidance are available in the official website now. . In the meantime, companies should begin to make sure they have the following good corporate governance measures in place: A senior officer, such as a chief ethics and compliance officer, appointed to and given authority to implement and monitor anti-bribery measures. A structure of top-down responsibility where directors are responsible for establishing a culture where corruption is not tolerated, through the design and implementation of an effective anti-bribery compliance programme. Statements issued from the company’s senior management about the expected compliance culture and the consequences of compliance breaches. A code of conduct, clearly communicated both internally and externally. Companies should also have a discrete gift and entertainment policy for approving gifts and providing entertainment to clients and customers. There must also be a valid and effective mechanism for monitoring whether the policy is being adhered to. A comprehensive due diligence process used to choose reputable agents and business partners as many business in Middle East are carried out through intermediate s and joint venture partners. Page 7
Compliance training high on the agenda With more corporate scandals being investigated by the authorities and a renewed shareholder focus on ethics, directors are requesting more training Training the board of directors of public and private corporations in compliance programmes has become increasingly common over the past several years. The most significant reason for this movement is the increase of corporate crimes attached to corporate directors who may become involved in civil or criminal liability for their unethical acts. Page 8 One example in 2007 involved the legality of backdating stock options. Almost 150 companies were involved in lengthy and expensive investigations around the legality of options granting practices.
The number of senior executives and board members being fired or resigning is growing as companies seek to limit further damage. In some situations, the executives have had to cede their powers, resign from the board, and have even been indicted by the United States Securities and Exchange Commission. With more corporate scandals being investigated by the authorities and a renewed shareholder focus on ethics, directors are requesting more training on their duties and the expectations of their roles. They also want to know that the company has effective training programmes in place for all employees, not just themselves. An effective ethics and compliance programme should include the following: Simply providing information about the ethics and compliance programme is not necessarily the same as training. Such information and data may include the number of complaints to a compliance hotline, or the result of an internal investigation. This is not board training. The board should get training on the company’s code of conduct. Having the board complete the training not only provides them with guidelines on what not to do, but it sends a powerful tone from the top to the rest of the organisation that ethics and compliance are important. Training should be challenging, regular and substantial. Time should be spent on developing a workshop, role play or a real-life example. Board training should he held at least twice a year for one to two hours. Any shorter should be a warning sign that the board is not “learning”, but simply sharing information. Training should also present a challenge to members of the board. Training should be tailored to a risk profile. Boards cannot be expected to learn about every potential legal issue facing the company. They need to be trained on only the most significant legal, ethical and compliance risks, based on the priority of risks from a risk assessment. External advice is important. Board training should be led by the inhouse legal or compliance teams, but supplemented by leading external experts on compliance matters that relate directly to the company. W ith more co rporate scan dals being investigated by the auth orities and renewed sh a areholder fo cus on ethic are requesti s, directors ng more trai ning on thei and the exp r duties ectations of their roles. also want to They know that th e company effective trai has ning program mes in place employees, for all not just them selves. The board should demand that management take training seriously. The board should set the risk profile of the organisation and ensure that there is a risk management process in place. The training programme put in place should also be effectively implemented by management. Boards should know the company’s particular compliance programme in detail. The board must be able to describe the company’s programme in detail, and always be ready to answer questions about the programme and its effectiveness. If a board member is asked by a regulator to explain the programme and is unable or ill-equipped to do so, this will show the regulator that there is limited “tone at the top” – an essential part in any ethics and compliance programme. The board should have access to some benchmark data about the company’s ethics and compliance programme, and that of its competitors and industry leaders. Being able to show that your company’s programme is consistent with the industry and your competitors is a useful tool to show any regulators that your programme is at “best practice” standards. The company secretary should be able to prove that the board has been substantially trained. Copies of the board of directors’ meeting agendas and minutes specifically showing when, where and for how long training sessions were held should be kept, as well as copies of the actual training, including PowerPoint files. The board should be able to recognise red flags. While directors are not expected to become legal experts, the minimum standard is that they can identify red flags in the company, and know what to do and how to approach management for investigation and review. Page 9
Top roles demand special screen tests The more competitive the market – and Middle East is highly competitive – the greater the need for screening employees, partners and alliances There has been a surge of interest in the world in the matter of “embellished” resumés, accompanied by a call for a comprehensive screening of job candidates and even senior staff. Page 10 A senior executive at the InterContinental Hotels Group recently resigned after being found guilty of misleading the company about his academic qualifications.
Patrick Imbardelli, chief executive of the group’s Asia-Pacific operations, stepped down after an internal review uncovered that he had misrepresented his academic record on his CV. He was due to join the board this month. The company said he had claimed to have been awarded a bachelor’s degree from Victoria University in Australia, and a bachelor’s degree and an MBA from Cornell University in the United States. It was found that he had attended classes at these institutions, but not graduated. What does this mean for private and public companies looking to fill board-of-director positions and placing people in senior management roles? How does a board ensure that new hires have represented their skills and experience truthfully and accurately? CV Checks Even a simple background check can help ascertain the overall accuracy of somebody’s CV. These are fundamental steps and should be mandatory in any hiring process. Ideally, a comprehensive check should be done before the person comes on board. These checks are also effective in warning prospective applicants that CV validation does takes place, with consequences for those giving false or misleading information. Integrity Checks An employee, senior manager or board member found to have “adjusted” his or her CV risks being viewed with suspicion throughout his or her career. As far as possible, an integrity check should be conducted for all appointees at manager level and above; mandatory, in-depth screening should be conducted for president, vice-president and board of director roles. These should go beyond a simple resumé check to include an analysis of a candidate’s commercial integrity. Speaking to previous work colleagues, business acquaintances or partners should provide sufficient input for an integrity check. If there are any doubts about a prospective hire’s integrity, these can be cleared with the help of trained investigators. Testing While it is perfectly normal practice, like test-driving a new car or trying on new clothes in a fitting room, to put a junior employee on probation, you would not consider doing the same with a senior executive. But it is perfectly in order to have senior executives spending time with an experienced ethics and compliance professional, who will walk them through a series of hypothetical corporate situations posing ethical challenges and testing their responses along the way. B ackground screening and inte assessments grity should be an essential of the hirin part g and prom oting proce important ss. This is with new em ployees, bu so with tho t even more se moving in to senior po more comp sitions. The etitive the m arket – and is highly co Middle Eas mpetitive – t the greater screening em the need fo ployees, par r tners and al liances. This mode of assessing as part of the hiring process is certainly preferable to trying to assess someone who has already joined the firm. Testing processes usually involve discussions about such issues as: How should one respond when offered an inducement or bribe by a supplier?; How do you conduct business in emerging markets, where bribery and kickbacks are commonplace?; How do you identify and handle a conflict of interest among market players?, and; How do you deal with anti-competitive conduct and cartel arrangements? Background screening and integrity assessments should be an essential part of the hiring and promoting process. This is important with new employees, but even more so with those moving into senior positions. The more competitive the market – and Middle East is highly competitive – the greater the need for screening employees, partners and alliances. Page 11
Business integrity proves profitable Whatever the reason that a company starts to look at ethics and responsible business, the key message is that such programmes drive more profit Many companies are starting to see that ethics and responsible business can be a key growth driver. Several of them have started developing more ethical and responsible businesses through codes of business conduct and training programmes for their employees. Some have started the process because of a fear of being involved in a corporate scandal that could destroy their share price or customer goodwill, others because they feel that Page 12 running an ethical and responsible business is a competitive advantage. The key message is that such programmes drive more profit. Over the past few years, too much focus has been on the proposition that ‘you could go to jail’ for being involved in or ‘turning a blind eye’ to unethical business. However, despite the
attempts of many regulators around the world, the number of business executives going to jail for corporate crime is extremely small compared to the amount of business being conducted and the potential for unethical or illegal conduct. For an ethical leadership or corporate citizenship initiative to be effective, it must be acknowledged that such activities drive a company’s business performance and profit. Some leaders do not yet see the connection. Five reasons to help drive the message in your organisation that “ethics can be profitable” are: Ethical businesses are better at attracting and keeping customers. The ability to attract customers away from competitors, as well as prevent your own customers from defecting is a key aspect for any business. An effective way of achieving this goal is by creating customer loyalty. In effect, they help you market your product. Having a business that operates with a strong ethics and integrity system is essential in maintaining customers’ goodwill and loyalty. It would be rare for a customer to act as an ambassador for your product if your company was seen as having a poor record on ethical business, environmental stewardship or health and safety. Ethical businesses demand employee loyalty. In the current climate, employees have a choice of company to work for. It is not as simple as deciding a role based on the salary alone. Job candidates are looking deeper into the operations of the company, its management, its products and its status in the community. Running a respected ethical and responsible business gives your company that added advantage to attract and retain top talent, thereby reducing your costs, decreasing your turnover and driving better margins. Ethical businesses attract institutional investors. The institutional investor is now extremely astute. They look beyond the purely financial and operational aspects, and at ongoing sustainability. This often reflects management’s approach to building an ethical and sustainable business over the long term. The last thing institutional investors want to do is to invest in the “next Enron”, no matter how good the financials may look in the short or medium term. Many organisations see developing an ethical, responsible and sustainable business as the key to attract, and, in many cases, diversify their institutional investor base. Nowadays, specific funds focus on sustainable investments, which allow your company to potentially attract a new class of investor altogether. E thical busi nesses are better at at and keepin tracting g customer s. The ab attract cu ility to stomers aw ay from as well as competitors prevent yo , ur own cu defecting is stomers fro a key aspec m t for any An effectiv business. e way of ac hieving this creating cu goal is by stomer loya lty. In effe you market ct, they hel your produ p ct. Having that operat a business es with a st rong ethics system is es and integrit sential in m y aintaining goodwill an customers’ d loyalty. Ethics support easy brand extensions. The ability to expand a brand and motivate an existing customer to purchase an additional product is one of the most significant profit drivers for any organisation. When expanding regionally, a positive reputation assists in getting local grants and tax breaks, attracting employees more quickly, and allowing your company to get up and running and gain customers faster. Ethical business can minimise cost. Having your business involved in an ethical scandal could lead to a significant cost blow-out. Leaving aside the direct costs (namely lawyer’s fees, investigators, forensic accountants and consultants) the main costs could be losing customers, suppliers, partners or strategic investors. Calculate, say, a 5 per cent drop in revenue because of the fallout and add that to the cost of dealing with the issue and you have a potentially significant number. These numbers don’t include the potential effect to your brand and negative publicity, which often exponentially exceed the direct costs and loss of customer revenue. Avoiding such scandals by having an infrastructure around ethics and responsible business is key. There will always be a group of people that pushes back on the basis that they are entirely ethical. In addition to reminding people that “you can go to jail” for many illegal and unethical acts, focus on the real drivers of business growth, customer loyalty and increased profits. Page 13
System can increase profits and cut risk Good practice for all private companies is to develop even the most basic form of an ethics and compliance programme Developing an ethics and compliance infrastructure is essential for any public company, especially those that are listed on a stock exchange. What about private companies? Is there a need to develop an ethics and compliance programme when you are a privately-held organisation? The answer is “yes” for a number of reasons. Firstly, there is substantial evidence that creating a system of ethics and Page 14 compliance actually produces more profit by attracting more customers and driving down legal and investigation costs. Secondly, an ethics and compliance programme is a good risk management mechanism as it identifies legal and ethical risks in your business and builds sufficient safeguards to manage those risks before they become a crisis.
The risk of unethical, or illegal, behaviour equally applies in private organisations as it does in public ones. Issues like employee fraud, theft of intellectual property and misuse of confidential information tend to happen more in smaller companies than they do in large ones, simply because adequate controls are not in place to stop or detect such activity in private companies. Good practice for all private companies is to develop even the most basic form of an ethics and compliance programme. While a large-scale programme of the type used by big multinationals might be seen as over-the-top for a private company, there are some simple risk mitigation and management systems that can be put in place quickly and inexpensively. Employment agreements - Make sure all your employees have valid employment agreements. These agreements should have the necessary sections on protecting confidential information after the employee leaves the company and should also address intellectual property rights. Signature policies - Most small private companies have a rudimentary system of cheque signatories for bank accounts. Most employee fraud can be avoided if tighter controls are implemented over the issuing of cheques and the access to bank accounts. Signature policies should be regularly reviewed and updated, particularly as employees leave or change roles. Board membership - Good corporate governance principles should indicate that the board maintains an adequate level of non-executive and executive directors. Having independent non-executive directors aids in building a system of ethics and compliance into the organisation as it shows that even executive directors are not immune from “doing the right thing”. Ethics start at the top, and the right “tone at the top” is essential to maintaining and communicating an effective compliance programme. Audit committee - Good practice for private companies is to set up an audit committee. While not required by most local laws, an audit committee, with sufficient numbers of independent and financially literate members, is useful in managing the financial reporting and ethical health of a company. The committee will help run the company’s financial dealings in an ethical manner. If the private company is looking to become public at some stage in its development, setting up the audit committee while being private, and not legally being required to do so, is a good testing ground. T he risk of unethical, or illegal, b equally ap ehaviour plies in pri vate organ as it does in isations public ones . Issues lik fraud, theft e employee of intellectu al property of confiden and misuse tial inform ation tend more in sm to happen aller comp anies than large ones, they do in simply bec ause adequ are not in p ate controls lace to stop or detect su private com ch activity in panies. Code of ethics - Having a code of ethics is a simple but effective way to convey the manner in which the organisation wishes to conduct business. A code for a private company can be short and simple, yet still covering the major areas of risk for the company. It should be a guide for employees on how they are expected to behave while conducting company business. Whistle-blowing policy - A policy that allows all employees to report ethics or compliance violations in a nonthreatening way is just as necessary in a small company as it is in a large one. In many private companies, it is impossible for employees to feel comfortable to report matters directly to management due to their close relationships. A simple policy and anonymous reporting hotline can identify potential issues quickly and reduce the risk of ethical violations. Training - Ethics and compliance training is essential for all employees in any business. Methods like eLearning and web-based courseware can be accessed by small companies to train employees on ethics. Continuous training on ethical issues reduces the potential for violations and should be the centre point for any ethics programme. Page 15
Onus on business to step up and comply Ensuring that your organisation is ready to deal with the growing anti-corruption compliance focus is essential In 2009 I was involved in putting together the first AntiCorruption Asia Summit being held in Hong Kong next month. This is the first time that an event has been held in Asia that places a strong focus on the development of corporate anticorruption programmes. It will showcase various sponsors’ products including compliance consulting, integrity due diligence providers, e-learning solutions and anti-bribery & Page 16 Foreign Corrupt Practices ACT (FCPA) specialist law firms. My firm, The Red Flag Group, sponsors the event with our related company The Integrity Portal, which conducts integrity due diligence and analysis for companies.
The reason I mention the summit is because it highlights the staggering pace of change that is happening in ethics and compliance fields in Asia. Even five years ago we would not have been able to hold this conference because there was little – if any – focus on anti-bribery throughout Asia. It was always seen as an issue, but companies and governments turned a blind eye, hoping it would go away. Take for example how China has stepped up its anticorruption efforts with the establishment of the National Bureau of Corruption Prevention (NBCP). T he countr y has punished ministerial several -level or higher offi “serious co cials for rruption” in the pas including t five year the former s, State Food Administrat and Drug ion head Zh eng Xiaoyu head of th , the former e National Bureau of Qiu Xiaohu Statistics a, and the former Shan secretary C ghai party hen Liangy u. The bureau, which will report directly to the State Council, or China’s cabinet, aims to monitor the flow of suspicious assets and suspicious corruption activities by establishing an information-sharing system among prosecuting organs, courts, police authorities and banks. Unlike previous anti-corruption efforts in China, the NBCP will also guide anti-corruption work in companies, public undertakings and non-governmental organisations, help trade associations to establish selfdiscipline systems and mechanisms, prevent commercial bribery, and extend corruption prevention work to rural organisations as well as urban communities. To date, China’s focus has been on the prosecution of its own party members. More than 90,000 officials were disciplined last year alone, accounting for 0.14 per cent of the total Communist Party members. The country has punished several ministerial-level or higher officials for “serious corruption” in the past five years, including the former State Food and Drug Administration head Zheng Xiaoyu, the former head of the National Bureau of Statistics Qiu Xiaohua, and the former Shanghai party secretary Chen Liangyu. The NBCP will, under the framework of the United Nations Convention Against Corruption, offer help to developing countries with corruption prevention and work to win technical support and other assistance from foreign countries or international organisations. This is the first significant change in China’s anti-corruption efforts and now squarely places the onus on business to step up and comply with anti-corruption regulations which have been lacking in China’s business community. Although foreign-invested corporations in China have had to comply with their “home country” anticorruption legislation (for example, the US Foreign Corrupt Practices Act) they also need to consider local Chinese legislation which, with the launch of the NBCP, will be strongly enforced. The charter of the bureau includes working with other anticorruption bodies in other foreign countries to develop strategies to counter international corruption. This aspect is particularly important to foreign-invested companies in China. For example, a US-based company operating in China will be subject to the US Foreign Corrupt Practices Act and could be prosecuted for violations taking place in China by the US Department of Justice. Under the charter of the NBCP it is expected that discussions, document sharing and co-operation between the US Department of Justice and the NBCP would take place. In some cases, the prosecution by the US Department of Justice may lead to a further prosecution by the NBCP under local Chinese antibribery legislation and vice versa. Ensuring that your organisation is ready to deal with the growing anti-corruption compliance focus is essential. The best way to test your readiness is to understand how the law affects your company and to understand the global developments in this area. Page 17
Communicate to enjoy advantage A good compliance system shows that a company is less likely to be subject to massive downswings in stock prices when a compliance violation occurs Almost every company has some form of compliance programme. In some cases, it might be as simple as ensuring that basic company registry information is filed on time and for others, particularly listed companies or those that have regulatory requirements, the programme is much broader and essential to the operation of the business. Compliance programmes are an asset to any business. They not only allow the business to operate in a way that complies with Page 18 necessary laws and policies, but they often force the company to streamline processes and procedures and improve efficiency. Many companies focus on training staff on their compliance programmes, making sure that every relevant staff member understands the rules and procedures. Training is essential for good compliance, it provides employees with repeated training on compliance topics and allows the employee to test that knowledge with some form of quiz or exam.
In addition to a training plan, a broader communication plan should also be considered by the company. A communication plan for your compliance programme is essential for both internal and external stakeholders. Such a plan should include communicating to external stakeholders such as auditors, media, shareholders, customers, key partners and, in some cases, regulators. Each of these parties holds a stake in the success of your company’s compliance programme. Good effective communication of that programme can build shareholder value. Auditors are responsible for reviewing the company’s books and records and making an assessment on the health of the company as it relates to material risks, particularly financial ones. Communicating your compliance programme to your auditors is essential to help them understand your approach at managing and interpreting risks in compliance failures. Communicating the programme may also help when compliance issues are being investigated by the company, and auditors will naturally be interested in also conducting a parallel investigation so far as it concerns potential financial risks. These parallel investigations can be very costly to the company. It is essential to limit any parallel investigation by conducting an investigation to a level that is established and agreed to by the auditors. It is important to make your compliance system known to the media or, at the very least, to ensure the system is media-ready. A media-ready compliance system is one that has statements ready to be released when the company is being questioned about a critical compliance issue that has occurred. A media-ready statement gives the media a reportable statement on the company’s compliance system and it may allow the company to portray itself to the media as having an active compliance system despite the event that may have taken place to raise the media’s interest in the first place. In many cases, a well-drafted, media-ready compliance system can help to deflect attention from the compliance crisis to a company’s compliance system itself. Compliance can be a competitive advantage. A good compliance system shows that a company is less likely to be subject to massive downswings in stock prices when a compliance violation occurs. Good compliance systems also reduce risk exposures to the company’s balance sheets. Many companies market their compliance system on the investor relations page of their websites. This is a good way of communicating compliance systems to shareholders and linking the value of compliance programmes to shareholder value. A communicat ion plan fo r your com programme pliance is essential for both inte external stak rnal and eholders. Su ch a plan sh communicat ould include ing to extern al stakehold auditors, m ers such as edia, shareh olders, cust partners an omers, key d, in some cases, regula these parties tors. Each of holds a stak e in the succ company’s co ess of your mpliance pro gramme. Goo communicat d effective ion of that programme shareholder can build value. Just like communicating to shareholders is important to building shareholder value, communicating to customers and key third parties is equally important. Allowing a customer to feel comfortable that their risk as a customer is being addressed by the company, and giving them advance notice on changes that may affect them, is essential. Changes to your compliance system (for example, by requiring additional personal information from customers or asking a customer to complete new annual forms) should be communicated to the customer before asking for the new requests. Ideally, these changes should be communicated to the customer in advance, identifying why the changes are being made and the benefits they have for customers, such as greater security control. For those companies that are regulated by industry regulators or even government regulators, it is often advisable to meet with the regulators to talk through your compliance system. Having this sort of dialogue often builds essential relationships with the regulator and may potentially smooth over things when enforcement issues arise. In some cases, while not strictly required under the law, regulators are keen to see that the company is on top of its compliance of the law that the regulator enforces. Doing so may avoid costly audits. Communicating your compliance system to third parties can be a great advantage to building value with stakeholders. Failing to communicate externally and remaining silent often raises more questions than are necessary and does not instil comfort in stakeholders that compliance is being taken seriously. Page 19
Ignoring risk strategy can lead to disaster One of the most important functions of the board in a modern corporation is to oversee risk management A catastrophic failure of risk management by some of the world’s leading banks and financial institutions directly contributed to the global financial meltdown and the failure of some institutions. This happened despite those institutions having risk departments that are the envy of other companies. If this is true, why did these departments fail? Why were these risks not identified? Were the risks too remote to consider Page 20 likely? Did the risk department miscalculate the effect of the risk eventuating? Were the risks ever communicated up the chain to management? Did management react appropriately? These are the questions that should be asked right now across almost every business engaged in international commerce, and nowhere will the questions be directed more frequently than at boards of directors of corporations of every shape and size.
After all, one of the most important functions of the board in modern corporations is to oversee risk management. This is something that is often overlooked. A non-existent risk department – or, worse, one that is ineffective – can directly contribute to the downfall of a company. Yet, if you ask the average senior manager what they think of their risk department, you often hear them described as “an overhead” or “a necessary evil”. In some cases, the manager will say: “I think that is part of finance.” If risk management is one of the four pillars of the role of the board, then every company must have someone responsible for executing risk strategy. There are three key aspects to any risk department. You actually have one. Every company should have someone looking at risk management. Even if the company is small, a plan should be prepared similar to a sales plan, marketing plan or financial plan. It should be prepared and be presented to the board regularly for review and approval. The recommendations in the plan should be adopted. Identifying risks and never getting around to doing anything about them is not risk management. Position in the company and reporting. Risk management is one of the most essential roles of the board. Yet risk management is often pushed too low in the organisation’s structure. Occasionally, it reports to finance, sometimes to legal, sometimes it is buried within operations. Someone senior in the organisation must be responsible for risk management. That person must report direct to the CEO or preferably to the risk committee of the board. Having a risk department that is unheard is worse than not having one in the first place. Risk management is a very complex role and it should be given that exposure by a reporting structure that reflects its importance. Experience and talent. The risk department should be staffed with experienced people who not only understand the risk function but also have an acute understanding across many areas of the business. This understanding should not be limited to the company’s products and services; it needs to extend to a solid understanding of finance, operations, country risk, macroeconomics and microeconomics, plus a host of issues such as union involvement, weather, trading cycles, etc. Many risk managers have excellent skills in risk identification and presenting these risks in a colourful, graphical and slick way. I f risk man agement h ad been lo some bank oked at by s and finan cial compan a key role ies as and had bee n staffed w with direct ith experts reporting li nes to the board, ther CEO or the e would hav e been a go that comm od chance on-sense ri sk principle minimised s would hav the collapse e of some com the loss to st panies and aff and shar eholders. But, unfortunately, some lack the true business experience and judgment essential in knowing how to provide valuable advice to the company on limiting exposure arising from a risk event. To overcome these issues, it is essential that the head of risk management is a senior manager. Preferably, the person should be someone who has worked for the company in many roles over many years, understands the company and its culture, and has a very good understanding of a range of business. Preferably, the person might be the next CEO or someone in line to join the management team. Too many times, companies fail because risks are either not identified (because risk managers are too busy managing spreadsheets and using online tools) or because, once identified, the head of risk management is not senior enough to have a voice that can be heard quickly by the CEO and have the respect to be regarded as a significant enough voice. In some cases, risk management is seen as an operational part of the company and therefore not worthy of reporting to the CEO. If risk management had been looked at by some banks and financial companies as a key role and had been staffed with experts with direct reporting lines to the CEO or the board, there would have been a good chance that common-sense risk principles would have minimised the collapse of some companies and the loss to staff and shareholders. Page 21
Firms should guard against espionage Corporate espionage is a tricky issue. One man’s market research can be another’s corporate espionage. As a rule of thumb in business, you always want to find out what your competitors are doing, and they will want to know what you are up to. Business intelligence can be accomplished in different ways, and companies routinely tread a fine line between purely legitimate means through open source material to outright theft. One case made the headlines recently. Starwood Hotels, operator of the successful W brand of luxury hotels, sued the rival Page 22 Hilton chain of hotels for allegedly stealing its most sensitive corporate secrets to start its own luxury brand. According to reports, it was alleged that before two former senior Starwood executives left their company to join the rival chain late last year, they e-mailed and sent more than 100,000 electronic and paper documents to their future employers.
The documents, Starwood maintained in its lawsuit filed in New York in April, consisted of the blueprints for the launch of a new luxury hotel brand – setting out how to negotiate with developers, train employees and market the brand. There were also strategic development plans, marketing and demographic studies training manuals for its entire luxury brand line, and the names and contract details of property owners around the world who could be interested in signing hotel management contracts. Hilton allegedly took this information and launched its own luxury hotel concept in March. The lawsuit claims that Hilton was able to fast track and bypass many of the time consuming research and development legwork that hotels normally do, saved tens of millions of dollars and avoided the trial and error normally associated with the opening of a new chain of hotels. In the lawsuit, Starwood is seeking monetary damages, and a court order that Hilton cancel the rollout of its recently launched luxury hotel chain. Hilton said the lawsuit was “without merit and will vigorously defend itself”. In today’s evolved economy, where an estimated 70 per cent of the market value of United States firms reside in their trade secrets and intellectual property, it is vital that companies understand how to safeguard their confidential information. One of the more obvious things to do is to prevent data breaches when employees leave. Companies should separate confidential trade secrets and client information from other less essential data. Clearly identify them as such, and establish a well documented procedure for staff to access this information. Develop a culture of compliance with these rules. Limit access to computers with USB ports because a lot of information can be stolen. Proactive monitoring of employee computers and telecommunications usage. If the regulatory framework allows, employers could install keystroke logging or packet sniffing software onto computers, which respectively record the keystroke activities of computer users, and collect information on data transfers initiated by the user. Where that may be inapplicable, companies should at the very least monitor voice calls and e-mail traffic. Taking into account the sensitivity of such a scheme, which could notify employees of this type of workplace surveillance, they should request consent. Where express consent is not available, they could limit monitoring voice communication to only those that are of a business nature. I n the case o f senior staf f defections discretely id to rivals, entify other staff memb are likely to ers who join their fo rmer collea if they are gues and, found to be stealing the trade secr company’s ets, termin ate their immediately employmen . At the sam t e time, ther to commun e is a need icate to the rest of the happening. firm what is In the case of senior staff defections to rivals, discretely identify other staff members who are likely to join their former colleagues and, if they are found to be stealing the company’s trade secrets, terminate their employment immediately. At the same time, there is a need to communicate to the rest of the firm what is happening. Review employment contracts to make sure they contain the necessary provisions to prevent department executives from soliciting clients or staff members for a set time, and make sure they comply with local labour regulations. Employee screening will help companies ferret out security risks both for incumbents and new applicants. They could include comprehensive background and credit investigations, polygraph and integrity tests to uncover information that could reflect whether they are likely to steal sensitive corporate information. Companies must also be more careful when conducting competitive market research so they aren’t misinterpreted by their rivals. Page 23
Giving gifts can lead to jail time It doesn’t happen very often, but the latest cautionary tale to come out of Hong Kong’s venerable graft-buster reads like a gag in a Stephen Chow Sing-chi comedy. In March, the director of a local construction company, 37-year-old Chin Tat-yung, was jailed for two months for bribing police officers. According to the press release issued by the Independent Commission Against Corruption (ICAC), Chin was found guilty of offering 15 boxes of moon cakes to police officers while having dealings with them. That’s right – moon cakes. Not brown paper bags stuffed with cash, but the boxes of high cholesterol, overly sweet Chinese pastries that everyone buys for the Mid-Autumn Festival. Chin’s company, Brilliant Ray, was a contractor working on roadwork projects in Hong Kong. As part of the Page 24 process to implement these contracts, his company required certain approvals from the police. Between January and September 2007, the police had given more than 50 approvals for Chin’s company. So come the MidAutumn Festival, Chin probably thought he had better solidify his relationships with the police and thank his good friends for the past nine months of approvals.
It probably didn’t even cross his mind that giving moon cakes might be inappropriate. After all, it was the Mid-Autumn Festival when it is customary to give friends and business associates moon cakes. Also, 15 boxes of moon cakes, assuming they were the less expensive variety, would have cost about HK$1,800 – the price of a decent meal in a good restaurant. So, 11 days before the festival, he called up his good friends at the police and asked if he could visit the station. When he arrived, he gave a police constable the 15 boxes and a customary greeting of “Happy MidAutumn Festival” and thought nothing more of it. T his case hig hlights this common p in Asia of ractice giving moo n cakes an customary d other items as gift s to busines While this s associates case pushed . it into a cate suggested gory which that briber y had tak everyday p en place, ractice ther in e is a fine common line betwee gift giving n and comm governmen ercial (or t) bribery. Chin was then charged with one count of offering an advantage to prescribed officers in contravention of the Prevention of Bribery Ordinance, to which he pleaded guilty. In sentencing, the magistrate said that just because Chin did not realise the gifts would constitute a bribe was not an excuse that would spare him from being locked up in jail. This case is important in the anti-corruption and compliance scene because it involves giving a gift of relatively inconsequential value. Almost every company in Hong Kong sends moon cakes to important clients, suppliers or other parties without giving as much as a single thought as to how it could be interpreted. Its significance is compounded because a jail sentence was given to the accused person and no account was made for the fact that he was ignorant that such activity might be interpreted as being against the law. If you don’t want to spend time in a jail cell, but still want to respect local customs of gift giving at culturally significant times, here are some suggestions: Customary events Giving clients or suppliers moon cakes is a perfectly acceptable gift at Mid-Autumn Festival as they are customary and generally inexpensive. However, some simple rules should be considered in order to avoid any infringement of local or international laws. The lack of a quid pro quo In this case, although it was Mid-Autumn Festival, the fact that the gift was given after the receiving officers had granted a number of relevant approvals did not help Chin’s defence. The lack of a quid pro quo, a Latin term which means that an item or service has been traded in return for something of value, is essential in being able to argue that – by design – the gift was not a bribe of any kind. generally alright because the custom in most offices is to cut them into small pieces and share them around. Caution should be exercised when a large number of moon cakes are given to one person or entity. Quality of the gift Always ensure that gifts are middle of the range – nothing too lavish and certainly nothing high-end. The quality of the gift should be commensurate with the recipient’s position, stature and seniority. This case highlights this common practice in Asia of giving moon cakes and other customary items as gifts to business associates. While this case pushed it into a category which suggested that bribery had taken place, in everyday practice there is a fine line between common gift giving and commercial (or government) bribery. Whenever you or your organisation considers sending a gift to business partners, keep in mind the guidelines I have outlined above. Another useful tip that I would like to mention is to examine your company’s gift giving practices. It is a good idea to implement procedures to ensure that if people in your company send moon cakes or other types of gifts to people, they don’t breach the anti-bribery laws, both in the country where the gift is being given or where the business may be registered. Size of the gift Always make sure the size of the gift is reasonable. Giving someone a box of four moon cakes is Page 25
Foster a culture of compliance Developing a culture of compliance is not easy. It is about understanding the behaviour that makes up a corporate culture and how to adjust to improve the culture. One of the components of a company’s culture is how it deals with ethical issues. This includes adherence to corporate values, the existence and development of internal controls, and the implementation of accountability. It forms something that is generally recognised as a culture of compliance in an organisation. Page 26 Having a strong compliance culture often leads to a reduction in the amount of internal controls required to ensure performance because the employees and stakeholders simply do the right thing. An organisation which has a defective compliance culture will often require greater internal controls to steer people in the direction of doing the right thing, and in these cases employees often manage to subvert even the most rigorous systems and processes.
Making an assessment of whether the corporate culture is a business advantage or whether it is an inhibitor of growth is very difficult. This often involves some degree of soul searching and a good hard look at the innate qualities of the chief executive. Some of the questions that can be asked include: Openness Is there an open board culture that promotes active thinking, robust discussion, and, where appropriate, the challenging of management reports? Tone at the top Does the chief executive regularly challenge the management team to act in accordance with a positive compliance culture, is that challenge communicated throughout the company regularly and is it enforced? H aving a stro ng complian ce culture leads to a often reduction in the amo internal con unt of trols requir ed to ensure because the performance employees and stakeho do the righ lders simply t thing. An organisatio defective co n which has mpliance cu a lture will o greater inte ften requir rnal contro e ls to steer p direction o eople in th f doing the e right thing, cases emplo and in thes yees often e manage to the most ri subvert even gorous syst ems and pro cesses. Tone at the middle Does the message from the chief executive and the senior ranks take effect in middle management? Does middle management follow these directions? If not, is it because the message is not getting through, or did it get distorted in the transmission process? Lack of conflict Do all employees and management regularly disclose conflicts of interest? Do they ensure that they always act in the best interests of the organisation as a whole, even if this means that they suffer personally as a result? Understanding Has the company articulated the attributes of the culture it is striving to achieve, and has it sought to identify the gaps between that and what exists? Vision Does the organisation have a long-term vision of sustainability of the company and its key stakeholders? Or is the organisation only focused on short-term goals of the market or its chief executive? Walk the talk What percentage of staff believes that managers do what they say? Can employees point to an example in the past 12 months where a senior executive has taken a position consistent with the organisation’s ethical compliance standards, one which they took to considerable disadvantage to themselves? Can they point to an occasion where the company made a decision to walk away from a deal if there was a high risk of illegal behaviour, corruption or fraud? Honesty Do the managers and leaders of the organisation preach different and inconsistent messages to different departments? Do they have one message for legal, compliance and the board, which promotes ethical and compliant conduct, and another for sales, which promotes getting the business at any cost? Failures Are employees at all levels treated the same for their successes and failures? Documentation Do the organisation’s codes and the words and actions of senior management align with that of the culture? Feedback Does the organisation seek continual feedback from its employees and stakeholders and act on that feedback? What percentage of staff at all levels believe they can raise issues without fear of retribution? Has the organisation implemented a confidential hotline to help with communication of issues, complaints and allegations? Is it effective? Page 27
Governance must be wide-ranging The phrase “corporate governance” can mean different things to different people. Some use it to describe the very broad set of skills, standards and regulations needed to run a successful company and meet all external reporting requirements. Basically, this is in line with the Australasian Compliance Institute’s definition of governance as the system by which organisations are directed and controlled. That involves the allocation of rights and responsibilities across all constituencies, including the board, management, staff, shareholders and other stakeholders. Others, though, take corporate governance
12 MAY/JUNE 2003 THE CORPORATE BOARD acts of corporate leaders, especially CEOs. This broader definition of corporate integrity is a result of two ...
Integrity may be the most critical element of corporate success today. And the lack of it is the surest path to your demise. It's a company value
stakeholder expectations, reputation and brand value. socio-poltical risk, security and human rights. environmental management and climate change
OIG negotiates corporate integrity agreements (CIA) with health care providers and other entities as part of the settlement of Federal health care program ...
Das Sprachangebot für Englisch-Deutsch: Wörterbuch mit Übersetzungen, Flexionstabellen und Audio, interaktivem Forum und Trainer für flexibles Lernen.
Corporate Integrity is the home of Corporate Entertainment in the Birmingham & Midlands area, first class Entertainment from only the best artists and ...
The Value Chain. Complete the CISM Value Chain to ensure your organisation stays pure from corruption. Your application will be verified by MACC.
A Corporate Integrity Agreement (CIA) is a document that outlines the obligations an entity agrees to as part of a civil settlement. An entity agrees to ...
Title: Corporate Integrity Policy: Corporate Integrity Program Document Owner: Blake, David (Vice President) Home Department: Corporate Compliance
All Cognizant employees adhere to our Corporate Integrity practices, which are based on the highest ethical standards.