Back to overview

Anti-bribery: are your adequate procedures up to scratch? (part 2)

Learn about best practice for due diligence, effective training and communications and monitoring and review to minimise ABC risks.

Viviane Joynes Viviane Joynes

    On 30th September 2020 Viviane Joynes, Managing Director of the EQS Group’s UK business, hosted the second part of a three-part webinar series Bribery Act 10th Anniversary – What we’ve learned so far, in partnership with the Forensic Risk Alliance (FRA). Viviane was joined by Jo Morgan, Director of Ethics and Compliance at BT and Charlie Patrick, Partner at Forensic Risk Alliance (FRA). Together our experts discussed the challenges and best practice regarding the final three of the six adequate procedures – due diligence, training and communications and monitoring and review.

    This article summarises the useful learnings which came out of this discussion.

    Webinar Series: Bribery Act 10th Anniversary – What we’ve learned so far

    Free access to the replays

    Due diligence

    Direct resources to the highest risk: Compliance teams are very often under-resourced and, as Charlie pointed out, it is most likely that very few of a company’s third parties will actually carry a significant ABC risk; therefore screening all partners using a one-size-fits-all approach is disproportionately time and labour-intensive. The best approach is to tailor due diligence to the ABC risk third parties represent.

    Create a two-way street between compliance and the business: Ideally compliance should have the final say when it comes to third parties, but this doesn’t mean operating in isolation. Engaging with the business will help educate and forge mutual understanding. In exceptional circumstances, the business may need to work with a third party despite high levels of risk, in which case compliance can work with them to put mitigation measures in place and ensure that these actions are executed.

    Adapt to different circumstances: There will be instances when short notice suppliers are required and an emergency approval process is necessary. This should however be rare if compliance is training the business on how to onboard new suppliers and why this is important. At the other end of the spectrum are longstanding partners who haven’t yet been through the due diligence process. They don’t get a pass and of course the level of urgency depends on their risk rating.

    Training and communications

    Training should reflect the risk assessment: Surprisingly two thirds of our webinar participants said that this was not the case in their companies. When training doesn’t reflect the risk assessment, the real risks specific to the business may not be being addressed, potentially creating more risk.

    Face-to-Face training wins over online: While online training has its place, Jo is fan of in-person training with thought-provoking and challenging scenarios that are interesting and relevant, either as real-life examples from daily operations or from enforcement actions from the industry. A great opportunity for Q&A, engagement and really checking whether people have understood. These can be delivered virtually but the principle remains. Avoid anodyne and generic online training with pictures of shady businessmen handing over a bag of cash!

    Effective communication is vital for any speak-up programme: the key role of communication for a speak-up programme is to build trust. As well as letting employees know about the channels, also try to let them know about outcomes (while maintaining confidentiality). This shows that the company values people speaking up, takes action and maintains whistleblower confidentiality. The employee survey is also a good opportunity to test staff on when they would be prepared to speak up by adding short scenarios to questions. This gives you a better idea of the speak-up culture that really exists in the organisation and what steps you can take to improve it.

    Monitoring and review

    1st and 2nd level tests deliver most value: Charlie pointed out that 1st level testing offers the business real time feedback, and 2nd level testing is a good way to show the business the controls that are in place and how compliance is supporting and adding value to the business. 3rd level testing which is carried out by internal or external auditors will always be more of a lagging indicator.

    Automate where possible: Testing can be extremely labour-intensive so any effective automation of 1st and 2nd level testing is advantageous.

    Dashboards – effort must be proportional to the result: Everyone loves a dashboard however, often the resources needed to get the right inputs into dashboards are out of proportion to the value they deliver. Dashboards only make sense when they produce meaningful data and insights that should always tie back to the risks identified. While dashboards are very useful, Jo warned not to let them substitute having proper conversations with business units to identify where risks might be emerging.

    Click here to listen to this webinar. You can also click here to listen to Part 1 on adequate procedures which took place on 17th September 2020, or read the overview here.

     

    All compliance solutions in one place

    The EQS Compliance COCKPIT combines the most important compliance workflows in one integrated platform.

    Viviane Joynes
    Viviane Joynes

    Managing Director – EQS Group | Viviane is Managing Director of EQS Group’s UK Business. She has extensive experience of advising UK and European companies on their corporate governance, compliance and IR practices. Prior to joining EQS her roles included heading up the IR Services at Capita Asset Services (now Link Asset Services) and being Managing Partner of a corporate governance and communications consultancy.

    Contact