Learn what top-level commitment looks like, how to ensure your procedures are proportionate and how to optimise your risk assessment processes.
2020 marks the 10th anniversary of the Bribery Act 2010, and now more than ever UK and international entities need to ensure that their anti-bribery and corruption (ABC) programmes are fit for purpose. On 17th September 2020, Viviane Joynes, Managing Director of the EQS Group’s UK business, was joined by Joanne Morgan, Director of Ethics and Compliance at BT and Charlie Patrick, Partner at Forensic Risk Alliance (FRA), for the first part of a three-part anti-bribery and corruption webinar series to discuss best practice when it comes to adequate procedures. This first webinar looked at three of the adequate procedures: top-level commitment, proportionate procedures and risk assessments.
Here is a summary of the main discussion points.
Anti-bribery – Top-level commitment
- Board-level ethics and compliance expertise as well as ExCo support are crucial – Both Jo and Charlie emphasised the importance of having at least one or two people on the Board who really understand ethics and compliance risks and landscape, and can support and push the Executive Committee if necessary. As important is getting the ExCo on board as ultimately, they will be the ones providing the resources to execute a robust compliance programme.
- Make friends! – As we all know there are often resource constraints on compliance and ABC programmes which doesn’t necessarily reflect a lack of top-level commitment but simply economic circumstances (particularly relevant during the COVID-19 pandemic). Several strategies were suggested: having ethics and compliance champions across the business that can be your eyes and ears. Also try to get others on board with the mission. Make friends with the legal team and finance. Finance, in particular, see the whole business, can spot issues for you and even help secure extra resource.
- Communicate at the point of risk – Avoid limiting communication from the CEO on ethics and compliance topics to a once a year ‘state of the nation’ address. To increase the effectiveness of the ‘tone from the top’, weave their messages into existing communications ideally at the point of risk, for example gifts around Christmas or Chinese New Year. The message will resonate more with employees when they are reading something about which they care. This also means that you need to be friends with the communications team.
Anti-bribery – Proportionate procedures
- Ensure your policies and procedures relate to your actual business – Policies and procedures should be based on a robust risk assessment that includes understanding past issues and the experiences of the ethics and compliance team in the business. Are there gaps in your policies and procedures that need to be addressed? Where possible, aim to make them more relevant to employees, provide concrete examples in the policies from the business or industry.
- Have a robust policy framework – Policies that exist in isolation with owners across the business with no coordination leads to policy conflict and employee confusion. A policy framework will ensure that policies are kept up to date and don’t conflict and override one another. According to Charlie, many organisations may use a Code of Conduct as the overall reference and hang other policies off that.
- Writing engaging policies is a real skill – Stating the obvious, in order for policies to serve their purpose, they need to be read and understood by employees. Jo made the point that they need to be short, principles-based and in plain language. Essentially, anyone in the business should be able to pick up a policy and understand it. This also means avoiding legalistic jargon and paying particular attention to translations of policies (where relevant), ensuring that they are consistent. If you spot good writers on your organisation (that write about any topic), try to get them involved! Writing engaging policies is no easy task.
- Be prepared – As Charlie mentioned, someone at the SFO once said ‘the first thing we will ask for is the company’s risk assessment’. Questions you’ll need to answer include: was there a consistent methodology, were all parts of the business involved, what was out of scope and why, how often was a full risk assessment undertaken? Essentially, prosecutors are trying to understand whether the risk assessment has been taken seriously, and what attempts have been made to mitigate risk.
- Really understand your business – ‘really’ is the key word here. According to Jo, only by really understanding the business can you be asking the right questions that are specific enough to identify previously unearthed risks. This also links to the experience of the team undertaking the risk assessment. Do they understand what has happened in other companies and the potential implications for your organisation? After the desktop research of what business we’re in and where etc, do the team understand where the real interactions are and where they need to focus?
- Engage the business and share findings – Ultimately, you need the business to see the value in the risk assessment so that they support the process and cooperate. You and your team understanding the business and asking the right questions will help gain their respect. Where relevant you can also share findings of the risk assessment with business units that can also help them to progress; validation is important to getting the risk owners to engage with mitigation steps that need to be taken. For example, Jo mentioned letting them know about the total commissions paid and how this is affecting their margin. For those in the business who are still reluctant to engage, sometimes you simply need to say that it’s law and they need do it!