What do others do? Where do I stand as compared to other companies in my sector? Can you provide me with benchmark data? Those were recurrent questions that I was asked as a Paris-based FCPA lawyer and academic.
Whistleblowers are key tools to uncovering unlawful activities and preventing corporate misconduct. However, according to the 2017 Eurobarometer on Corruption, 81% of individuals experiencing or witnessing corruption indicated that they have not reported it. Moreover, only 47% of the respondents knew where to report a case.
Many compliance managers have asked me if the fact that their business associates were certified ISO 37001 would relieve them of the responsibility of conducting further due diligence.
It is a relevant question which requires a detailed response.
The French National Prosecutor’s office recently concluded a deferred prosecution agreement with the Société Générale bank to settle suspicions it had paid bribes to foreign public officials. Société Générale was issued fines of 250,150,755 euros. For the first time since the entry into force of the Sapin II law, this resolution was coordinated with the US Department of Justice which also concluded a deferred prosecution agreement with the French bank based on the same facts.
Every act of corruption involves a conflict of interest. The receiver or corrupted individual acts in his own interest and not in that of the organization he represents.
At its core, anti-corruption is about your company’s values. What is the value that drives your company: that you have superior products and/or services that would improve your customers’ lives, or you need to cheat one deal at a time? Are you looking to a long-term future for both your company and the communities where it does business, or do you just want to make sure you get through today? I believe companies that have clear sense of their mission and long-term vision would be more competitive than those that focus on short-term deals and quick growth, because the long-term mission focus compels strategies and investments consistent with sustainable business growth.
Is it necessary to conduct due diligence on clients, and if so, how? I have been asked this question frequently over the past few months.
Conducting due diligence on third parties who work for or with the company is manifestly necessary and useful. If the third party represents a corruption risk, the risk can be mitigated with anti-corruption clauses, modifications to working conditions, anti-corruption training, more intensive monitoring or by demanding audit rights and subsequent controls.
The imminent general data protection regulation (GDPR) will be one of the most influential frameworks in the data privacy sector. Throughout Europe, data privacy will soon be harmonized by law. The regulation was adopted in April 2016 and its enforcement will be mandatory from May 2018 for companies processing personal data.
Compliance officers will be obliged to follow very specific procedures when handling personal data particularly as it pertains to issues of whistleblowing.
Modern working conditions rely heavily on digitally displayed workflows which produce huge amounts of data, forcing compliance officers, following the regulation, to handle and control European citizens’ personal data to prevent abuses.
France’s Supreme Court recently determined that double jeopardy isn’t a viable defense to prevent the prosecution of a company that had entered into a plea agreement for charges tried in another country
The decision by the Cour de Cassation, rendered on March 14, involved Swiss oil trader Vitol, which allegedly bribed the government of Iraq to obtain oil under the United Nations' Oil-for-Food program that ran from 1996 to 2003. Under that program, Iraq could sell oil on the open market to purchase humanitarian supplies for its citizens.
At WhistleB, we applaud a more positive view of the value of whistleblower tips. The UK-based Financial Times1 and Sweden’s Dagens Nyheter2 have published pieces in the last month related to high-profile whistleblowing matters and their articles highlight that whistleblowers need the strictest protection. We could not agree more. Organisations should offer a safe environment for reporting misconduct and protecting the anonymity of people who dare to report.
Carrying out due diligence on third parties which is not based on a risk assessment is counterproductive for the following reasons:
A whistleblowing system is now an incontrovertible tool for compliance.
But it is not enough to have a whistleblowing system; it must be one that works….one that raises alarms on suspicion of fraud or corruption effectively.
If the whistleblowing system results in very few alerts being raised, the Compliance Officer is faced with a paradox:
Either the compliance program is particularly effective
or – the opposite – the whistleblowing system is ineffective
In other words, is a procedure which raises very few alerts reassuring or...alarming?
Whistleblowing has been recognized as playing a crucial role in the fight against corruption, fraud, mismanagement, and various other crimes. The Council of Europe underlined that whistleblowing can act as an “early warning to prevent damage as well as to detect wrongdoing that may otherwise remain hidden”.
Some countries, including Italy, have already implemented laws to protect whistleblowers, however whistleblowing is far from being used as a real instrument to detect crimes. The OECD Foreign Bribery Report (2014) describes how very low the percentage is – only close to 2 % of the concluded foreign bribery cases were detected through whistleblowing.
ISO 37001 is an international standard which specifies the procedures which an organization should implement to assist it prevent bribery, and identify and deal with any bribery which occurs. It requires organizations to implement these procedures on a reasonable and proportionate basis according to the type and size of the organization, and the nature and extent of bribery risks faced. It is applicable to small, medium and large organizations in the public and private sector, and can be used in any country. It cannot provide absolute assurance that no bribery will occur, but it can help establish that the organization has implemented reasonable and proportionate anti-bribery procedures.
Yes. This agreement is the first Convention Judiciaire d’Intérêt Public (“CJIP”) – which stands for Judicial Agreement in the Public Interest – concluded by the French National Financial Prosecutor (“NFP”) since the adoption, in December 2016, of the “Law regarding transparency, the fight against corruption and the modernization of economic life”, better known as the “Loi Sapin II”. The CJIP and the Paris Court’s decision became binding and public on November 24, 2017 after a 10 day opt-out period left to the Bank.
Why mapping corruption risk is important ?
It is important for three reasons:
The first reason is because compliance is efficient only if it is tailored to the organization’s specific corruption risk.
If corruption risks are not evaluated sufficiently, underestimated or overestimated, a compliance program will not be effective.
If underestimated, corruption risks will not be properly mitigated.
A lot has been written and said during the past year about protecting whistleblowers. International legal instruments require countries to protect people prepared to report wrongdoing within their organizations; however, we have yet to see any significant increase in either the number of whistleblowers coming forward or in the quality of their reports.
In 2015, new anti-corruption legislation came into force which required all public agencies in Ukraine to develop risk-based anti-corruption programs. To support this work, the National Agency on Corruption Prevention, which is responsible for the training and implementation of the state’s anti-corruption policy, approved a methodology for carrying out corruption risk assessments as well as recommendations for the development of these programmes. At the end of 2017, using this methodology, the Ministry of Defence (MoD) established a corruption risk assessment committee, which identifies spheres with the biggest risks. Dr. Soloviov was a member of the committee and lists the highest risk areas in defense processes.
40 years after the publication of the FCPA and 20 years after the signature of the OECD Anti-Bribery Convention, 2017 saw several developments in the fight against corruption.
And if these developments, although relatively isolated for the time being, were to become more commonplace I could, we all could, dream of a world where corruption disappears. My dream for 2018 is that the three following wishes become reality:
The intensification of investigations and criminal prosecutions of executives from large companies as well as of politicians and high level public servants in Brazil this past year is particularly significant.
I remember the satisfaction of the signatory countries’ representatives when, 20 years ago, an agreement was reached at the OECD on Combating Bribery of Foreign Public Officials in International Business Transactions. Finally, there was a legal instrument to combat this insidious practice. Yet the text was only signed by a few states and countries’ willingness to prosecute its companies for acts of corruption committed overseas - acts which resulted in contracts and profits at home - was, except for the United States, largely absent.