Compliance Officers have long been preoccupied by their potential exposure to legal liability; worries seemingly justified by recent cases of prosecutions – and convictions – of compliance officers.
The ISO 37001 standard declares: “This document specifies the implementation by the organization of policies and procedures and controls which are reasonable and proportionate”. Two lines later it states, “this document can help the organization implement reasonable and proportionate measures designed to prevent, detect and respond to bribery”.
The publication of the ISO Standard 37001 and its certifiability has caused a debate as to whether the standard offers legal protection or not in the event an act of corruption is discovered at a company. As corruption is an offense that can result in the corporation’s criminal prosecution, companies want to know what kind of legal protection comes with an ISO 37001 certification.
The last decade has seen a surge of collective actions at the initiative of civil society, professional federations or international organizations. Many have benefited from the support of the Siemens Integrity Initiative which has demonstrated the usefulness of such actions in the fight against corruption at the local level.
The multiplication of national guidelines published on the issue of anti-corruption compliance over the past few years has some compliance officers shaking their heads with perplexity.
The issue of whether results-based bonuses might be an invitation for salespeople to engage in bribery always fuels passionate discussions. Some consider that a high bonus vis-a-vis a fixed salary in countries of weak governance could lead salespeople to conclude contracts at any price. Others consider that working in countries of weak governance is more complex and difficult and that successful salespeople should be rewarded with significant bonuses.
US Deputy Attorney General Sally Yates stated in a September 9th, 2015 memo that not only will she be targeting companies, but that she will also pursue individuals who represent the “flesh and blood” of corrupt activities; after all, bribes are always paid by individuals.
I would like to address the organization of a compliance system and, in particular, the controls in place that ensure its appropriate implementation. I will use examples witnessed within certified companies who met the evolving challenges of anti-corruption compliance.
As the President of the ETHIC Intelligence Certification Committee, I would like to share some of the common principles I have noticed in the compliance programs of companies we have certified.
Beyond the formal requirements issued by various jurisdictions, the following are three essential points that allow for an effective program capable of preventing corruption and of ensuring efficient controls of its implementation.
I have explained why a successful monitoring process restores confidence among the prosecuting authority, the clients and the staff. I have also explained why I consider a monitor to be a kind of orchestra conductor; able to draw on the strengths of the different stakeholders while retaining an utmost respect for the company’s identity.
A successful compliance monitor is someone who can re-instill the confidence lost by all parties following an allegation or an accusation of corporate corruption. It is a delicate role, which requires experience, flexibility and the ability to include all relevant stakeholders in the process; in many ways, the skills required of a good compliance monitor resemble those required of an exceptional orchestra conductor.
I had in-depth discussions on corporate monitoring with prosecutors, monitors and compliance officers of companies that had been under monitoring, as well as with lawyers and auditors who had participated in the process.
From these, I was able to identify what I consider to be the hallmarks of a successful monitoring exercise.
In 2016, ETHIC Intelligence celebrated its 10th anniversary of certifying corporate anti-corruption compliance programs. 2016 was also marked by the publication of the ISO Standard 37001 on “Anti-Bribery Management Systems”. Corporate anti-corruption compliance programs and their effective implementation have become standard business practices.
Should a compliance officer be completely independent of company/corporate operations or should he play an active role in the operations team?
Having dedicated previous chapters to the importance of the tone at the top and of training in the fight against corruption, I would now like to turn my attention to the anti-corruption compliance program itself: its organization, pillars and implementation.
Anti-corruption training needs to include an educational component on all the potential risks of corruption, as well as a description of the company’s anti-corruption compliance program and procedures, but, above all, it should be an opportunity for employees to exchange with compliance managers. It should encourage employees to express their concerns and foster a group discussion on possible ways to address the risks identified.
Convincing employees of the necessity of an anti-corruption compliance program and of its implementation is challenging because it is often viewed as just another level of administrative procedures: third party due diligence, gifts and invitations policy, etc.
Every national guideline currently issued on anti-corruption compliance contains a section on the importance of training. Every company committed to anti-corruption compliance develops comprehensive training programs. But the investment is high and calls for careful consideration of the expected return on investment.
I previously mentioned the four pillars of any effective anti-corruption compliance program. Their effectiveness has been demonstrated in the domain of industrial accidents and can be readily transposed for corruption prevention: tone at the top, training for relevant personnel, tools adapted to risk and controls of the implementation.
Philippe Montigny is the founder of ETHIC Intelligence, a leading anti-corruption certification agency that has been certifying companies since 2006. He is currently the Chairman of the Technical and Impartiality committees and has over 20 years of experience in anti-corruption compliance, beginning at the Office of the OECD Secretary-General, for which he was involved in the ministerial negotiations that led to the OECD Anti-Bribery Convention in 1997. Philippe Montigny was also a co-drafter of the compliance management system standard (ISO 19600) published in 2014 and of the anti-bribery management system standard (ISO 37001) published in 2016 and served as ISO liaison officer between the two.