faq on anti-corruption certification
How can I know my compliance program is good enough to be certified? How are standards determined? Are the same standards applied to all companies? Is certification linked to a particular government agency or international institution? Does certification attest that a company has not / will not commit bribery? How can authorities, investors and other stakeholders be sure that certification is not just another form of “whitewashing” or “window-dressing”? What happens if a company certified by ETHIC Intelligence commits bribery? Can certification be used as an “affirmative defense” vis-à-vis judicial authorities? What is the added value of certification once an in-depth audit has been performed? How transparent is the certification process? What information on a particular certificate is made publicly available? Is the certification process itself “certified”? Is there a mechanism in place to avoid situations of conflict of interest within the certification process? How can I be sure that a bribe was not paid to “secure an award”? Is a “quality control” conducted on certifications awarded? How long does the certification process last?
Though there is no such thing as a “one size fits all” compliance program, all compliance programs must meet certain key criteria. The way the key criteria are applied will make for a more or less effective compliance program depending on a company’s specificities (size, sector, organizational structure, business model, geographical locations). Key criteria, which have been developed to cover all major international guidelines and recommenctions, are: Information, training, tools/processes, control (see question 2: How are standards determined?). Key criteria must be preceded by an adequate corruption risk assessment. Companies applying for Anti-corruption Compliance System Certification must be able to answer ‘yes’ to all of the questions below:
- Has my company assessed its particular corruption risks?
- Does my company take a zero-tolerance stance on the corruption issue? Is this stance clearly and regularly communicated from the highest level to all employees, particularly the most exposed employees?
- Does my company organize training sessions on why and how to prevent corruption?
- Has my company developed specific tools and processes (code of conduct, policy on third parties, etc.) adapted to my business and dedicated to helping employees detect and prevent corruption?
- Does my company regularly control the effectiveness of the information, training, tools and processes in place?
Companies applying for Anti-corruption Compliance Policy Certification must be able to answer ‘yes’ to all the questions below:
- Has my company assessed its particular corruption risks as regards the policy or process to be certified? (Example for the certification of a sales agents policy: the type of agent used, the size of the contracts upon which sales agents work, and other factors, will determine the level of corruption risk a company is exposed to with regards to its sales agents)
- Does my company take a zero-tolerance stance on the corruption issue, in particular as regards the policy or process to be certified? (Ex. sales agents are regularly reminded of why and how the company does not tolerate its sales agents paying bribes)
- Does my company organize training sessions on why and how to prevent corruption, as regards the policy or process to be certified?
- Does my company regularly control the effectiveness of the information, training, tools and processes in place as regards the policy or process to be certified?
Companies applying for Anti-corruption Compliance Program Certification must be able to answer ‘yes’ to all the questions below:
- Has my company assessed its particular corruption risks?
- Does the design of my company’s compliance program include a zero-tolerance stance on the corruption issue?
- Does the design of my company’s compliance program include training sessions on why and how to prevent corruption?
- Does the design of my company’s compliance program include the development of specific tools and processes (code of conduct, policy on third parties, etc.) adapted to my business and dedicated to helping employees detect and prevent corruption?
- Does the design of my company’s compliance program provide for regularly control the effectiveness of the information, training, tools and processes in place?
Answering ‘no’ to any of these questions does not necessarily represent the failure of an anti-corruption compliance program or policy but rather an opportunity for improvement. Preparing a program for certification has the effect of completing and strengthening compliance programs (see why companies choose to have their anti-corruption compliance programs certified). Do feel free to contact us with any questions you might have on preparing for certificate eligibility.
There are currently no all-encompassing, international standards specific to anti-corruption compliance programs. However, guidance and recommendations issued by certain judicial authorities such as the United States Department of Justice (through its US Federal Sentencing Guidelines to address FCPA violations and its 2012 Resource Guide) or the United Kingdom’s Ministry of Justice (through its Bribery Act Guidance) as well as by international organizations such as the OECD, the International Chamber of Commerce, Transparency International and others provide a strong enough corpus of standards by which to measure anti-corruption compliance programs. In its certification terms of reference, ETHIC Intelligence includes not only the above guidance and recommendations, but also policies and procedures that have been adopted by companies and which have proven particularly effective. The way standards are applied in companies may vary depending on the companies’ specificities (size, organizational structure, areas of operation, etc.). A compliance program which is effective in one company may be completely ineffective in another. ETHIC Intelligence terms of reference and methodology take into account that there is no such thing as a “one size fits all” compliance program, and assesses how standards are met via four key criteria (information, training, tools/processes, and control). For more information on ETHIC Intelligence terms of reference, click here.
ETHIC Intelligence terms of reference encompass legislation and recommendations issued from several different countries and international organizations. ETHIC Intelligence certification is not linked to any government agency or international institution in particular. ETHIC Intelligence does, however, maintain regular working contact with government authorities and organisations such as the OECD Working Group on Bribery to ensure continual improvement of methodology and terms of reference as well as to promote anti-corruption compliance certification globally.
- See ETHIC Intelligence’s response to the UK Ministry of Justice consultation on guidance about commercial organisations preventing bribery (8 November 2010)
ETHIC Intelligence certificates in no way guarantee that an act of corruption has not been or shall never be committed. They attest to the fact that a company has identified its specific corruption risk and implemented a compliance program to effectively address this risk. Audits of anti-corruption compliance programs are not forensic; they are made to gauge the quality and effectiveness of processes to detect and prevent corruption.
5. How can authorities, investors and other stakeholders be sure that certification is not just another form of “whitewashing” or “window-dressing”?
Unlike other certifications which remain largely declarative, ETHIC Intelligence certification requires a thorough, on-site audit of the design and effective implementation of anti-corruption compliance programs. The audit includes documentation and interviews provided by the company, but also documentation and interviews requested by the auditor which the company is then obligated to provide. Audits are also conducted in a significant number of business operations such as subsidiaries, projects and consortiums, regardless of country locations. Programs must first be deemed sufficient by the auditor, then by the ETHIC Intelligence certification committee. Companies wishing to use ETHIC Intelligence certification as cosmetic “window-dressing” will fail to obtain certification if their anti-corruption compliance program is not indeed well designed and effectively implemented.
Companies with appropriate anti-corruption compliance programs can never fully expect to be shielded from corruption-related risks. By having quality compliance programs, companies effectively reduce corruption risks though they can never fully eradicate the risk of accidents. If the act of corruption resulted from a failure or weakness of the compliance program, and that this failure or weakness was deliberately hidden from auditors and the committee during the certification process, ETHIC Intelligence immediately withdraws its certification of the company. It is important to note that while no company having obtained ETHIC Intelligence certification has as of yet been prosecuted for acts of corruption occurring after certification was awarded, one certified company has been prosecuted for acts of corruption committed prior to certification. In this case, the judge mentioned the company’s efforts to establish an effective compliance program since the corruption occurred and took into account ETHIC Intelligence certification as proof of these efforts.
Certification cannot be used in and of itself as an affirmative defense vis-à-vis judicial authorities. However, certification provides authorities with externally-verified evidence (through the audit report, supporting documentation and certification committee letters) of the concrete steps taken by a company to prevent corruption, thus aiding an investigation and/or prosecution. Certification also provides elements of defense for companies facing investigations or prosecution. In one recent example, a company prosecuted for acts of bribery committed prior to certification was sentenced to a much smaller fine because it had developped a robust compliance program which was subsequently certified.
External verification is indeed useful for companies to ensure that their anti-corruption compliance programs have been appropriately designed and are effectively implemented. Authorities such as that of the United States (through steps 5 and 7 of the US Federal Sentencing Guidelines) and the United Kingdom (through Principle 6 of its Bribery Act Guidance) as well as international organizations include external verification of compliance programs in their recommendations on preventing corruption. The ETHIC Intelligence certification process includes the benefits of external verification because it integrates a thorough, on-site audit of compliance programs. Beyond the benefits of external verification, certification:
- Increases visibility of anti-corruption commitments;
- Fosters employee support for anti-corruption compliance programs;
- Promotes a clear and identifiable standard for anti-corruption compliance policies and procedures;
- Provides assurance of the quality of an anti-corruption program and a benchmark against other companies’ programs;
- Provides standard target objectives for anti-corruption policies;
- Gives evidence to prosecutors of company compliance efforts.
For a more detailed explanation on how certification is useful beyond external verification, see “the added value of ETHIC Intelligence certification / How ETHIC Intelligence certification is different from others’” section.
9. How transparent is the certification process? What information on a particular certificate is made publicly available?
Companies having obtained a certificate are required to post the ETHIC Intelligence certificate logo on an appropriate and easily accessible page of their website, along with an explanatory text. This information is then linked to a page on the ETHIC Intelligence website which contains:
- The certificate awarded, which includes: The company’s name, the company’s registration number, the date of award, the date of expiry and the type of certificate awarded)
- A ‘Decision of Award and Registration’ document issued by ETHIC Intelligence which includes: The names of the certification committee members involved in the decision to award, a letter signed by the company’s CEO confirming his/her intention to submit the company’s anti-corruption compliance program or policy to an audit and review for certification, a summary of the terms of reference of the certificate against which the company’s compliance program or policy was assessed.
ETHIC Intelligence regularly verifies that the above information is available online and that the certification logo, explanatory text and links are placed on the appropriate page of the company’s website. ETHIC Intelligence does not communicate on certification that is ongoing or that has been denied. Companies having failed to obtain certification are encouraged to improve their anti-corruption compliance programs. ETHIC Intelligence provides them with concrete recommendations tailored to their specific situation and that will allow them to make the necessary improvements.
At the time of its launch in 2006, the ETHIC Intelligence certification process was validated by the Basel Institute on Governance, an internationally-recognized, independent research center specialized in governance, corruption, asset recovery and money-laundering issues. The institute, which is presided by Mark Pieth (former Chairman of the OECD Working Group on Bribery in International Business Transactions), provided ETHIC Intelligence with important recommendations on avoiding situations of conflicts of interest and increasing transparency. One major recommendation by the institute, which ETHIC Intelligence immediately adopted, was to establish a strict separation between the audit, decision of award and administrative functions of the certification process. As a result, audits are conducted by accredited inspection firms and auditors, decisions to award are made by an independent committee of experts, and administrative tasks are carried out by the ETHIC Intelligence team (click here for more on Chinese wall to avoid situations of conflicts of interest). Excerpts of the Basel Institute on Governance’s 2006 and 2009 homologation reports on ETHIC Intelligence certification are available here. ETHIC Intelligence certification committee members have since replaced the Basel Institute on Governance in validating certification methodology and certificates awarded. Through yearly working meetings, certification committee members are now very much involved in verifying certification files and making recommendations on improving methodology and keeping standards up to date.
11. Is there a mechanism in place to avoid situations of conflict of interest within the certification process? How can I be sure that a bribe was not paid to “secure an award”?
ETHIC Intelligence does not have discretionary power on the awarding or denying of certificates (more on chinese wall to avoid situations of conflicts of interest) and any bribes made to secure an award would be entirely ineffective. ETHIC Intelligence’s role in the certification process is merely technical. The ETHIC Intelligence team ensures that ETHIC Intelligence methodology is correctly observed, that all questions arising from the audit and review have been correctly addressed and that the process is adapted to the certification’s scope. The decision to award a certificate is based first on an assessment by the auditor to transmit the file to the certification committee if it deems the compliance program sufficient. The final decision is then made by three independent committee members. The decision is therefore spread among several actors, none of whom include members of the ETHIC Intelligence team.
Validations of a sample of certificates awarded are now carried out each year by certification committee members. Members choose a sample of certificate files in which he/she has not participated, and verify that the certification process has been correctly followed by the auditor, ETHIC Intelligence and the committee. The committee members can also recommend ways of improving the certification process. In all cases, minor non-compliant issues within the program under review are systematically brought to the attention of the company. Though minor non-compliant issues do not delay the certification process nor prevent a certificate from being awarded, they must be remediated prior to certificate renewal.
The length of a certification process can vary depending the size of the entity audited and on whether or not the auditor or the certification committee identifies non-compliant issues within the program under review. In the event that no major non-compliant issues are identified, the certification process can be completed between two and three months (approximately one week for the audit of a small entity and two months for the audit of large companies with subsidiaries worldwide, and one month for committee review). Major non-compliant issues identified by the auditor or the certification committee do not necessarily result in certification refusal. These issues are immediately communicated to the company along with recommendations on how to address them. The company is accorded up to one year to remediate the issues, during which the certification process is suspended. Companies wishing to apply for certification but failing to appropriately address major non-compliant issues within one year are required to renew the certification process from the beginning. Remedial action taken within the one-year time limit is resubmitted to the auditor or committee and, if deemed sufficient, the certification process is resumed. Major non-compliant issues are therefore seen as an opportunity for improvement and companies under certification are at all times accompanied in the process of strengthening their anti-corruption compliance programs. In all cases, minor non-compliant issues within the program under review are systematically brought to the attention of the company. Though minor non-compliant issues do not delay the certification process nor prevent a certificate from being awarded, they must be remediated prior to certificate renewal.
The cost of certification varies according to the size of an entity’s turnover, number of employees and number of subsidiaries. To request a rough estimate of the cost of certification, please feel free to contact us. The cost of the audit towards certification varies according to the number of ‘man/days’ needed to complete the audit. Audit pricing and payment is handled directly with the inspection company in charge of the audit. It is important to remember that certification represents a small fraction of the cost of designing and implementing an anti-corruption compliance program, yet it can turn this cost into an important investment (see section Why companies choose to have their anti-corruption compliance programs certified). Ask us a question
Tags : anti-corruption compliance program, anti corruption affirmative defense, added value of anti corruption certification, certification process transparency, certification and conflicts of interest, cost of anti corruption certification
Is your anti-corruption compliance program up to international best practices standards ?
Strengthen, benchmark and communicate positively on your program through certification.
Reach international standards. Get results.
Anti-corruption compliance questions ? comments ?Contact us!
Keep abreast of anti-corruption compliance news
Sign up to receive our monthly newsletter