4 minute read
Ten years in compliance: Reflecting on the UK Bribery Act
Ten years in compliance:en years in compliance:
Reflectingon theeflecting on the UKBriberyActK Bribery Act
Advertisement
In 2010 the UK Bribery Act was unveiled to a mixed reception. 1 While there was some debate at the ঞ me about whether the legislaঞ on would have a “real” impact, the Bribery Act was recently described in a Parliamentary review as the “internaঞ onal gold standard” of anঞ -bribery legislaঞ on. We thought it would be appropriate to refl ect on how bribery and corruption compliance has changed over the last decade.
Defi ning what ‘good’ looks like
By 2010, the US Foreign Corrupt Practices Act (FCPA) had been in force over 30 years. Yet, aside from
1 The UK Bribery Act subsequently became eff ecࢼ ve from July 2011 the OECD’s 2009 Good Practice Guidance, there was li le guidance for companies looking to establish or improve their compliance program. The “Adequate Procedures” guidance released by the UK Ministry of Jusঞ ce following the UK Bribery Act contributed to a change in this dialogue by encouraging organisaঞ ons to consider what compliance measures are appropriate given their resources and risk profi le and emphasized tone and communicaঞ on. Following the introduction of the Bribery Act, discussions about bribery and corrupঞ on compliance programs have become more sophisঞ cated. In late 2012, the US Department of Jusঞ ce issued its “Hallmarks of Eff ecঞ ve Compliance Programs” which largely echoed the Adequate Procedures. Others followed including SAPIN-II in France and the Clean Company Act in Brazil, which reinforced the emerging consensus around best pracঞ ce approaches to compliance.
A broader view of compliance
While there are differences in approach between countries, a shared view of some of the key building blocks of a compliance program has provided a helpful starঞ ng point for many organisaঞ ons. Guidance associated with the diff erent regimes will conঞ nue to change, but it is hard to see agreement on the need to maintain risk-based compliance programs changing any ঞ me soon.
The net eff ect has been to raise “best pracঞ ce” expectaঞ ons and promote an increasingly familiar view of the key pillars of a robust compliance program. While greater clarity over what good looks like does not guarantee the right result, it’s an important step along the way. This broader interpretation of the essenঞ al components of an eff ecঞ ve compliance program has also encouraged a renewed focus on the human factors that contribute to bribery and other conduct risk. Today, we see increasing adoption of behavioural science in the design and delivery of compliance programs, with more sophisticated training, communication and incentives designed to engage people and drive changes in behaviour.
Embracing technology
Over the last decade the use of data analysis and review technology as an essenঞ al component of risk management has been completely accepted. For example, ten years ago, red-fl ag data analysis was considered relaঞ vely sophisঞ cated and not rouঞ nely performed. While challenges remain, both in managing the various data sources that are a feature of most organisaঞ ons and in navigaঞ ng data privacy obligaঞ ons, redfl ag analyঞ cs are now seen as standard for many compliance monitoring acঞ viঞ es. More generally, the last decade has seen an explosion in the range of technology at the disposal of compliance teams. Developments in arঞ - fi cial intelligence and machine learning are now being used to analyse increasingly complex and extensive data more effi ciently. Over ঞ me these tools have also been embraced by regulators and enforcement agencies and are now considered a core part of the compliance toolkit.
Persistent challenges
Unfortunately, despite these developments, the stream of record-breaking penalঞ es across the world demonstrates the corrupঞ on problem has not been solved. In our experience, organisaঞ ons conঞ nue to face fundamental challenges
in dealing with bribery and corrupঞ on risk. To take one example, risks arising from third party relaঞ onships sঞ ll cause problems for many. Compliance teams are expected to fi nd pracঞ cal soluঞ ons tailored to local operaঞ ng condiঞ ons, not only for third parঞ es but all aspects of bribery and corrupঞ on risk, and they must do this with ঞ ght budgets and limited resources.
Conclusion
Reflecting on the changes in corporate compliance over the last ten years, many aspects look and feel different. While thinking around compliance programs has converged, there is mounঞ ng public pressure to address corrupঞ on, fuelled by the proliferaঞ on of social media and leaks of sensitive data. However, there remain diff erences in legislaঞ on and, more significantly, enforcement activity, across the world. Combined social and regulatory pressure will be essential to drive further change over the next decade. We hope that with increasing use of collecঞ ve acঞ on, organisaঞ ons can continue to influence the political, economic, and enforcement condiঞ ons that sustain corrupঞ on. It will be interesঞ ng to see what the next ten years have in store.
Michael Zimmern & Lorynn Demetriades
