1
|
Anti-Corruption Compliance Program Benchmarking Survey
Anti-Corruption Compliance Program Benchmarking Survey
2
|
Anti-Corruption Compliance Program Benchmarking Survey
3
|
Anti-Corruption Compliance Program Benchmarking Survey
INTRODUCTION BY KAPLAN & WALKER LLP Over the years, the FCPA Blog has been an indispensable resource for Anti-Corruption related information and ideas. We are delighted and honored to have had this opportunity to partner with Dick Cassin and his colleagues at the Blog (and their new partners at Ethics360) on this benchmarking survey, which we hope will be viewed as part of that tradition. We have been providing compliance program related legal services to organizations since the 1990’s and during that time have frequently seen the important role that benchmarking can play in helping companies and their advisors develop, improve and assess compliance programs generally. The case for Anti-Corruption compliance program benchmarking in particular is, we believe, especially strong. This is due in part to the increasingly grave consequences of sub-optimal performance in this area and also to the high degree of operational complexity for Anti-Corruption compliance programs. As much as any other area of law, the devil is in the details when it comes to ensuring compliance program effectiveness here. In drafting this survey, we drew upon various Anti-Corruption related best practices of organizations with which we are familiar. Of course, we do not suggest that any particular compliance tool or approach necessarily makes sense for all organizations. Like any compliance area, Anti-Corruption efforts require mechanisms that are riskbased and otherwise well-tailored to an organization’s particular needs. However, we hope that having the data contained in this report will allow companies to address the challenge of ensuring compliance efficacy in an informed way, based in part, and as appropriate, on the experience of others.
Kaplan & Walker LLP
4
|
Anti-Corruption Compliance Program Benchmarking Survey
INTRODUCTION BY RICHARD L. CASSIN The Anti-Corruption Compliance Program Benchmarks Survey was the creation of Jeff Kaplan and Rebecca Walker. I had the pleasure to help get the word out about it through the FCPA Blog. The response from the global compliance community was enthusiastic. That’s partly because Jeff and Rebecca wrote the Survey to be, among other things, an inventory of compliance best practices. Just taking the Survey could help a company diagnose its compliance condition and find ways to make it better. The positive response was also due to the growing worldwide interest in compliance. That phenomenon prompted me to ask on the FCPA Blog not long ago if ours will be the time when international public corruption is finally tossed into the trashcan of history? There are plenty of reasons to think so. Only five years ago, even thoughtful people believed overseas bribery was a victimless crime -- a harmless agreement between two consenting adults. Happily, that idea is largely gone, replaced by awareness, still growing, that graft’s victims can be counted in the billions. What changed attitudes? Not one thing but many. Respected NGOs are now speaking for the victims. The stories aren’t pleasant (think ‘Blood Diamond’) but the links between graft and human rights abuses are now in plain sight. Though the damage from corruption can be seen and felt, it’s hard to measure, putting it in the realm of ‘soft’ science. Still, some brave academics have taken up the cause of compliance. The U.N. and OECD are promoting the links between compliance, ethics, and human rights. It’s one of the most important new trends of corporate citizenship. And ordinary people have more power to fight corruption than at any time in history. There’s easy access to online public and private hotlines. Cell phones record ‘secret’ shakedowns in the tax office, snap photos of cash-grabbing clerks, and capture videos of corrupt cops and judges that might appear on YouTube an hour later. Through Facebook, victims find each other and lock arms. And with Twitter, a hundred thousand people can be in the streets by noon to march against sleaze. No wonder the interest in compliance is spreading well beyond the United States. The U.K. is now on the front lines, Canada has joined the fight, the G-7 has more attention on enforcement than ever, and the OECD is pushing all of its members to get on board. Sure, there’s lots of work ahead. But these really are hopeful times. Part of that hope is based on the work of people like Jeff Kaplan and Rebecca Walker. And of all those who completed the Anti-Corruption Compliance Program Benchmarks Survey. Their thoughtful responses made this landmark Report possible. Richard L. Cassin The FCPA Blog
5
|
Anti-Corruption Compliance Program Benchmarking Survey
CONTENT 06
Selected Highlights Of The Survey
07
Introduction And Demographic Information
08
Risk Assessment
11
Policies And Procedures
11
Overall approach to Anti-Corruption policy
12
Specific requirements concerning providing items of value to government officials
12
Gifts and entertainment
14
Travel
16
Charitable contributions and community support payments
18
Facilitating payments
20
Personal safety payments
21
Requirements concerning retaining and using third-party intermediaries
21
Due diligence requirements in engaging tpis
23
General TPL agreements/certifications regarding Anti-Corruption laws
24
Specific TPL compliance program requirements: training, auditing and monitoring
26
Requirements concerning mergers, acquisitions and joint ventures
29
Program Governance And Management
33
Training And Communications
33
Web-based training
35
In-person training
36
Role-based training
36
Training best practices
37
Other communications
38
Compliance Checking
38
Auditing
39
Self-assessments
41
Incentives
42
Program Documentation
43
Authority And Independence
43
Other Best Practices
45
Appendix – Demographic Information Regarding Respondents
9
|
Anti-Corruption Compliance Program Benchmarking Survey
Which of the following best describes Anti-Corruption risk assessment at your company?
3.9%
My company does not conduct an Anti-Corruption risk assessment
11.8%
2% Other
A largely informal, undocumented process
33.3%
A stand-alone, documented process dedicated solely or largely to Anti-Corruption risk
26.5%
Part of a documented, enterprise-wide process focusing on risks of all kinds – meaning not only compliance risks, but others encompassed within an “ERM� framework
22.5%
Part of a documented process focusing on compliance risks of all kinds
Comments of note about risk assessment included the following: Fewer than 4% of respondents do not conduct any type of Anti-Corruption risk assessment, and fewer than 12% have a largely informal, undocumented Anti-Corruption risk assessment process.
t
A combination of internal and external assessments.
t
No formal risk assessment has been performed; however, during an FCPA investigation [a] significant amount of information was gathered and used in the same manner as if a risk assessment had [been] conducted.
t
Global and focused risk assessment in each of the big ticket compliance areas, i.e., AntiTrust, Anti-Bribery.
t
On an annual basis, we distribute a self-assessment for our locations around the world to complete. The self-assessment includes information such as % of sales to government entities, third party sales agents, training, etc. The information is then included in the risk assessment and scored to identify the higher risk locations who then receive an on-site review of transactions the following fiscal year.
21 |
Anti-Corruption Compliance Program Benchmarking Survey
Requirements concerning retaining and using thirdparty intermediaries Retaining and using third-party intermediaries (“TPIs”) has, of course, been an area of major Anti-Corruption related risk.14 For this reason, this area is also a major focus of all relevant Anti-Corruption compliance program standards,15 as well as of this survey.
Due Diligence Requirements in Engaging TPIs The first set of questions here concerned the due-diligence-related mechanics of retaining TPIs – both in terms of securing information about the TPI and seeking appropriate approval regarding their use:
TPIs must complete a due diligence questionnaire or similar document. This requirement applies with respect to: Table legend: Some TPIs All TPIs We don’t have this requirement Don’t know
44.3% 35.1% 16.5% 4.1%
The employee proposing to use the TPI must complete a due diligence questionnaire or similar document. This requirement applies with respect to:
41.5% 33.0% 21.3% 4.3%
14
E.g., US v. Siemens Aktiengesellschaft, No. 1:08-cr-00367-RJL (D.D.C. 2008).
For example, the OECD Anti-Bribery Guidance provides that companies should have “ethics and compliance programmes or measures designed to prevent and detect foreign bribery applicable, where appropriate and subject to contractual arrangements, to third parties such as agents and other intermediaries, consultants, representative distributors, contractors and suppliers, consortia, and joint venture partners (hereinafter “business partners”), including, inter alia, the following essential elements: i) properly documented risk-based due diligence pertaining to the hiring, as well as the appropriate and regular oversight of business partners; ii) informing business partners of the company’s commitment to abiding by laws on the prohibitions against foreign bribery, and of the company’s ethics and compliance programme or measures for preventing and detecting such bribery ; and iii) seeking a reciprocal commitment from business partners.” 15