Restoring Your Organization's Reputation after Financial Fraud
Anti bribery and-corruption_the_good_the_bad_and_the_ugly
1. Author: Michael Rasmussen
mkras@Corp-Integrity.com
+1.888.365.4560
ANTIBRIBERY AND CORRUPTION: THE GOOD,
THE BAD, AND THE UGLY
The
Good,
the
Bad,
and
the
Ugly
of
ABC ................................ 2
Starting
with
the
Ugly:
The
Growing
Burden
of
ABC
Laws
and
Regulations....................................... 2
Next,
the
Bad:
Ignorance
Is
no
Excuse .............................................................................................. 3
The
Good:
A
Strong
Compliance
Program
Ready
to
Defend
the
Organization ................................... 3
Meeting
Anticorruption
Obligations....................................... 4
Transaction
Monitoring:
The
Cornerstone
of
a
Strong
Antibribery
and
Corruption
Program...................................... 6
Oversight
Systems:
Bringing
Order
to
Compliance............................................................................ 7
Tuesday, October 2, 2012 www.Corp-Integrity.com Page 1 of 8
3. Author: Michael Rasmussen
mkras@Corp-Integrity.com
+1.888.365.4560
will be over $100 million, on average.
Next, the Bad: Ignorance Is no Excuse
Growing documentation of enforcement actions shows us the organization and
executives cannot claim ignorance. It is imperative that the organization understands
whom it is doing business with and the transactions being done. Organizations need
strong internal controls to look for suspicious transactions and to ensure the
organization is doing business with right organizations and not the wrong ones.
In the Nature Sunshine FCPA action, the government charged the COO (CEO at time of
investigation) and CFO with violating FCPAʼs books and records clause and did not
have adequate control over and internal control provisions. This was in response to
bribes paid by a Brazilian company subsidiary to customs officials to import
unregistered products into Brazil. The SECʼs investigation determined neither the COO
nor CFO had any involvement in or knowledge of the improper cash payments in Brazil.
However, the SEC found they violated the FCPAʼs internal control provisions in their
capacities as control persons under Section 20(a). The SEC based its argument on the
theory that the COO and CFO failed to supervise the companyʼs internal controls and
oversight of process to keep accurate books and records.
The Good: A Strong Compliance Program Ready to Defend the Organization
In April 2012 a landmark FCPA decision was announced. For the first time on record the
government did not prosecute an organization for violation of FCPA: The company,
Morgan Stanley, had a strong compliance program including a system of internal
controls meant to ensure accountability for its assets and to prevent bribery and
corruption. The Department of Justice stated:
“Morgan Stanleyʼs internal policies, which were updated regularly to reflect
regulatory developments and specific risks, prohibited bribery and addressed
corruption risks associated with the giving of gifts, business entertainment, travel,
lodging, meals, charitable contributions and employment. Morgan Stanley
frequently trained its employees on its internal policies, the FCPA and other
anticorruption laws. . . . Morgan Stanleyʼs compliance personnel regularly
monitored transactions, randomly audited particular employees,
transactions and business units, and tested to identify illicit payments.
Moreover, Morgan Stanley conducted extensive due diligence on all new
business partners and imposed stringent controls on payments made to business
partners.” 1
1
http://www.justice.gov/opa/pr/2012/April/12-crm-534.html
Tuesday, October 2, 2012 www.Corp-Integrity.com Page 3 of 8
5. Author: Michael Rasmussen
mkras@Corp-Integrity.com
+1.888.365.4560
preventive and detective controls be established in accordance with the risk.
• Keep information current: These are not point-in-time efforts that happen once.
Business transactions and relationships evolve and require ongoing monitoring to
look for issues that point to bribery and corruption.
• Compliance oversight: The organization needs someone responsible for
oversight of antibribery and corruption compliance processes and activities, with
the authority to report to the audit committee of the board.
• Established policies and procedures: Organizations must have documented
and up-to-date policies and procedures that address bribery and corruption. The
code of conduct is the governing policy that addresses gifts, hospitality,
entertainment, expenses, customer travel, political contributions, charitable
donations and sponsorships and facilitation payments.
• Effective training and communication: Written policies are not enough —
individuals need to know what is expected of them. Organizations must
implement training programs on the organizationʼs policies and practices for
employees and business partners at risk of bribery, corruption and fraud.
• Implement communication and reporting processes: The organization must
have communication channels where employees can get questions on policies
answered to avoid noncompliance issues. The organization must also have a
hotline reporting system for individuals to report suspected misconduct.
• Assessment and monitoring: The organization must have regular compliance
assessment and monitoring activities to ensure policies, procedures and controls
are in place and working.
• Investigations: Investigation processes must quickly identify (e.g., hotline,
surveys, management reports, exit interviews) potential incidents and quickly and
effectively investigate and resolve issues.
• Internal accounting controls: Organizations must keep detailed books, records
and accounts that accurately reflect transactions and disposition of assets that
could be implicated in bribery and corruption issues.
• Manage change to the business: Organizations must monitor the business
environment for changes that impact its anticorruption program or introduce
greater risk of corruption.
Compliance must be an active and living part of the organization to prevent and detect
corruption, bribery and fraud in international business. It is a continuous and ongoing
process that must be monitored, maintained and nurtured. The challenge is establishing
corruption prevention and detection activities that move the organization from a reactive
fire-fighting mode to one that proactively manages, monitors, prevents and detects
corruption and compliance related risks.
Tuesday, October 2, 2012 www.Corp-Integrity.com Page 5 of 8
7. Author: Michael Rasmussen
mkras@Corp-Integrity.com
+1.888.365.4560
• Internal accounting controls keep accurate records, and accurately reflect
transactions and disposition of assets.
Policies, training, audits and assessments are still needed. Transaction monitoring
makes all of them an ongoing reality. In this way, the organization is prepared to defend
itself in an enforcement action and demonstrate to law enforcement and regulators it is
doing everything possible to prevent bribery and corruption.
Oversight Systems: Bringing Order to Compliance
Oversight Systems is a solution provider in the compliance market that Corporate
Integrity has researched and evaluated. Through a purpose-built continuous transaction
analysis, Oversight Systems eases the anticorruption compliance burden by delivering
operational effectiveness, human and financial efficiency and agility to compliance
processes. Its solution monitors transactions and the personnel that perform them, and
detects and prevents bribery, corruption and other types of fraud.
While other vendors help with policy communication and training for ABC compliance,
Oversight Systems is one of the few that take compliance to the transaction level to
ensure bribery and corruption does not happen in course of business transactions.
Specifically, Oversight Systems accomplishes:
Data analytics: Oversight Systems monitors for bribery and corruption by
monitoring accounting and ERP data to identify trends and anomalies.
Exception management: The ability to review and analyze transactions flagged
as suspicious and grant exceptions when needed.
Real-time detection: Oversight Systems can monitor transactions, activity, and
business relationships in real-time to help prevent issues from happening.
Continuous monitoring: By reviewing every transaction in the system the
organization can look at transactions individually and in aggregate. This can detect
bribery and corruption activity that may have flown under the radar initially.
Limit exposure: Continuous monitoring can prevent bribery and corruption or limit
scope and duration to reduce exposure to the organization.
Business relationship monitoring: Through integration with third-party content
sources such as politically exposed person (PEP) screening and watch lists, the
organization can feel confident it is doing business with people that are not known
to be susceptible to corruption.
Breadth of analytic capabilities: Oversight Systems has one of the most
expansive analytic engines for analyzing business transactions. It covers Boolean
logic, chaining, recurrence, format outliers, similarity, clustering and consolidation,
Tuesday, October 2, 2012 www.Corp-Integrity.com Page 7 of 8