The imminent general data protection regulation (GDPR) will be one of the most influential frameworks in the data privacy sector. Throughout Europe, data privacy will soon be harmonized by law. The regulation was adopted in April 2016 and its enforcement will be mandatory from May 2018 for companies processing personal data.
Compliance officers will be obliged to follow very specific procedures when handling personal data particularly as it pertains to issues of whistleblowing.
Modern working conditions rely heavily on digitally displayed workflows which produce huge amounts of data, forcing compliance officers, following the regulation, to handle and control European citizens’ personal data to prevent abuses.
France’s Supreme Court recently determined that double jeopardy isn’t a viable defense to prevent the prosecution of a company that had entered into a plea agreement for charges tried in another country
The decision by the Cour de Cassation, rendered on March 14, involved Swiss oil trader Vitol, which allegedly bribed the government of Iraq to obtain oil under the United Nations' Oil-for-Food program that ran from 1996 to 2003. Under that program, Iraq could sell oil on the open market to purchase humanitarian supplies for its citizens.
At WhistleB, we applaud a more positive view of the value of whistleblower tips. The UK-based Financial Times1 and Sweden’s Dagens Nyheter2 have published pieces in the last month related to high-profile whistleblowing matters and their articles highlight that whistleblowers need the strictest protection. We could not agree more. Organisations should offer a safe environment for reporting misconduct and protecting the anonymity of people who dare to report.
Carrying out due diligence on third parties which is not based on a risk assessment is counterproductive for the following reasons:
A whistleblowing system is now an incontrovertible tool for compliance.
But it is not enough to have a whistleblowing system; it must be one that works….one that raises alarms on suspicion of fraud or corruption effectively.
If the whistleblowing system results in very few alerts being raised, the Compliance Office is faced with a paradox:
Either the compliance program is particularly effective
Or – the opposite – the whistleblowing system is ineffective
In other words, is a procedure which raises very few alerts reassuring or...alarming?
Whistleblowing has been recognized as playing a crucial role in the fight against corruption, fraud, mismanagement, and various other crimes. The Council of Europe underlined that whistleblowing can act as an “early warning to prevent damage as well as to detect wrongdoing that may otherwise remain hidden”.
Some countries, including Italy, have already implemented laws to protect whistleblowers, however whistleblowing is far from being used as a real instrument to detect crimes. The OECD Foreign Bribery Report (2014) describes how very low the percentage is – only close to 2 % of the concluded foreign bribery cases were detected through whistleblowing.
ISO 37001 is an international standard which specifies the procedures which an organization should implement to assist it prevent bribery, and identify and deal with any bribery which occurs. It requires organizations to implement these procedures on a reasonable and proportionate basis according to the type and size of the organization, and the nature and extent of bribery risks faced. It is applicable to small, medium and large organizations in the public and private sector, and can be used in any country. It cannot provide absolute assurance that no bribery will occur, but it can help establish that the organization has implemented reasonable and proportionate anti-bribery procedures.
Yes. This agreement is the first Convention Judiciaire d’Intérêt Public (“CJIP”) – which stands for Judicial Agreement in the Public Interest – concluded by the French National Financial Prosecutor (“NFP”) since the adoption, in December 2016, of the “Law regarding transparency, the fight against corruption and the modernization of economic life”, better known as the “Loi Sapin II”. The CJIP and the Paris Court’s decision became binding and public on November 24, 2017 after a 10 day opt-out period left to the Bank.
Why mapping corruption risk is important
It is important for three reasons:
The first reason is because compliance is efficient only if it is tailored to the organization’s specific corruption risk.
If corruption risks are not evaluated sufficiently, underestimated or overestimated, a compliance program will not be effective.
If underestimated, corruption risks will not be properly mitigated.
A lot has been written and said during the past year about protecting whistleblowers. International legal instruments require countries to protect people prepared to report wrongdoing within their organizations; however, we have yet to see any significant increase in either the number of whistleblowers coming forward or in the quality of their reports.
In 2015, new anti-corruption legislation came into force which required all public agencies in Ukraine to develop risk-based anti-corruption programs. To support this work, the National Agency on Corruption Prevention, which is responsible for the training and implementation of the state’s anti-corruption policy, approved a methodology for carrying out corruption risk assessments as well as recommendations for the development of these programmes. At the end of 2017, using this methodology, the Ministry of Defence (MoD) established a corruption risk assessment committee, which identifies spheres with the biggest risks. Dr. Soloviov was a member of the committee and lists the highest risk areas in defense processes.
40 years after the publication of the FCPA and 20 years after the signature of the OECD Anti-Bribery Convention, 2017 saw several developments in the fight against corruption.
And if these developments, although relatively isolated for the time being, were to become more commonplace I could, we all could, dream of a world where corruption disappears. My dream for 2018 is that the three following wishes become reality:-
The intensification of investigations and criminal prosecutions of executives from large companies as well as of politicians and high level public servants in Brazil this past year is particularly significant.
I remember the satisfaction of the signatory countries’ representatives when, 20 years ago, an agreement was reached at the OECD on Combating Bribery of Foreign Public Officials in International Business Transactions. Finally, there was a legal instrument to combat this insidious practice. Yet the text was only signed by a few states and countries’ willingness to prosecute its companies for acts of corruption committed overseas - acts which resulted in contracts and profits at home - was, except for the United States, largely absent.
When I first started working with companies on corruption prevention 20 years ago, their primary concern was related to the issue of passive corruption: how could they ensure that no staff member would accept a bribe, for example, from a supplier or even a client, in exchange for special treatment? If an employee accepts a bribe from a supplier, it is not to benefit the company; instead, passive bribery impacts negatively on a business’ profitability and hampers its competitiveness, making it one of the organization’s main sources of concern. Which is why companies focused primarily on passive as opposed to active corruption for a time.
After an almost decade-long campaign by anti-corruption groups demanding that France act against corrupt foreign leaders suspected of stashing their “ill-gotten gains” in Europe, the trial of Teodorin Obiang Nguema, son of Equatorial Guinea’s President, Teodoro Obiang Nguema Mbasogo, got underway in Paris in 2017 and resulted in his conviction in October. Equatorial Guinea is a resource-rich country that also has some of the most widespread poverty in the world.
A National Anti-Corruption System was created on July 18, 2016 based on constitutional amendments passed by Congress in 2015.
The secondary legislation which followed these amendments included four new laws and amendments to three existing laws which were passed by Congress in 2016, notably the General Law of Administrative Responsibilities and the Law of the National Anti-Corruption System (among others).
The Post Group, a private company since 2010, employs 250 000 people 20% of whom work outside France across five continents. The Post has four principle activities: mail, package and express delivery, banking and digital services. In 2016, annual turnover reached 23.3 billion euros.
In April 2011, The Post Group implemented a system of ethical business procedures based on a code of conduct, the administration of an oath by all staff, a secure email-based whistleblowing system, an Ethics Committee, and awareness raising activities (training, communications).
Although incidents of passive corruption often originate within the purchasing department, it is not an activity exclusive to this branch. Passive corruption can also occur with employees responsible for product specifications, or managers occasionally needing to use emergency or exceptional purchasing procedures.
For small to medium-sized enterprises that need to implement an anti-corruption compliance policy the ISO 37001 is a useful, easy-to-use and affordable reference.
Organisational whistleblowing, allowing employees and often suppliers, and in some cases even the general public to speak up, when they see something that they think is not right, is a global mega trend. It allows organisations to prevent wrongdoings from occurring in the first place, by having a way to anonymously or not report on a suspected wrongdoing. It also demonstrates an organisation´s dedication to high ethical standards and is increasingly a tool that organisations have to have in place to comply with the law, for example the French anti-corruption law, Sapin 2, to take a current example.