In Australia, just a few compliance best practices for a corporation have been published. The Australian Trade Commission has a useful one called “Anti-Bribery & Corruption: A handbook for Australians doing business offshore.” A corporation might embrace a variety of international criteria for compliance best practices. These are some of them: AS3806-2006 Australian Standards Compliance Programs; Anti-Bribery Management Systems Standard ISO37001 (2016); Bribery Act 2010 Guidance from the UK Ministry of Justice; Internal Controls, Ethics, and Compliance: Good Practice Guidance from the Organisation for Economic Co-operation and Development (OECD) (2010); and Corporate Governance at the OECD; Risk Management and Corporate Governance at the OECD (2014). Please contact Robert Wyld at Johnson Winter & Slattery for more information on this response.
There is no such thing as a one-size-fits-all best practice. Each organization is expected to undertake a risk assessment and develop a system adapted to its particular corporate and risk profile based on the results. In major corporations, such a system will often have the following components: written standards, policies, and procedures (e.g., code of conduct, anti-corruption policies and procedures, gifts, hospitality, and expenses policies and procedures, whistleblowing); communication with employees and management, as well as training; audits and controls (defence lines); and Internal regulation. The most important criteria are sufficiency and effectiveness: “paper programs” will fail the exam. Belgian enterprises can rely on the Anti-corruption Guide for Belgian Enterprises Overseas provided by the Belgian government in addition to a plethora of international standards.
Companies subject to the Sapin II Act should follow the AFA’s rules in accordance to their size and the type of the risks they identify in their risk map. The majority of the AFA’s rules are based on worldwide best practices and are released after consultation with relevant actors. Companies who are not covered by the Sapin II Act are also encouraged to build up a compliance program that fulfills the Sapin II Act’s standards in order to avoid corruption (even if implementation is not mandatory). Professional groups in France, such as the Association Française des Marchés Financiers, have also published best practices for banks and financial institutions to examine and handle corruption risks in their operations. These guidelines, according to the AFA, “bring French legislation up to the highest standard in this field” and “are at least as strict as the FCPA Resource Guide, the UKBA Guidance, and the World Bank’s Anti-Corruption Guidelines.”
There is no one-size-fits-all approach to fighting corruption. Company-specific compliance measures are always required. The size of the company, the industry in which it works, previous suspected cases, and its national or international direction are all important variables. However, there is a standard set of preventative actions that all businesses should follow. To begin, a risk analysis should be conducted to identify high-risk business areas. Appropriate procedures, such as the double-checking concept, should be introduced in the company’s organization based on this risk analysis. A special focus should be placed on ensuring that the business culture is anti-corruption. Employee training, anti-corruption rules, and the implementation of an internal sanctions system should all be part of a company’s anti-corruption strategy. Regular checks and spot checks should be conducted to ensure the effectiveness of anti-corruption measures. It’s also a good idea for businesses to keep track of the compliance measures they’ve implemented. If there is corruption notwithstanding the compliance program, the documentation may be sufficient to exonerate the organization.
Companies should take the following strategies to develop a strong anti-bribery and anti-corruption environment: Put in place or revise current anti-corruption rules that are clear and thorough. Ensure that all employees are trained on these policies and are aware of their responsibilities under them, as well as how to recognize and respond to suspected bribery or corruption. At the appropriate level within the organization (e.g., compliance or board level), discuss and review the effectiveness of these policies and procedures. Appoint a compliance manager to be in charge of executing the policies on a day-to-day basis, evaluating their use and effectiveness, and amending them as needed. To guarantee transparency, keep a written record of any gifts or entertainment provided or received. Vendors, third-party service providers, and other businesses with which they do business should be aware of the company’s zero-tolerance policy on bribery and corruption.
To address active and passive bribery threats, companies may follow International Standardisation Organisation (ISO) Standard 37001 on anti-bribery management systems. This tool’s implementation necessitates a number of steps. Furthermore, ISO 37001 can simply be coupled with ISO 19600 as a fundamental foundation as a specific “technical” standard. Other forms of soft law regulation should be examined as well. The Swiss Code of Best Practice for Corporate Governance (www.economiesuisse.ch/sites/default/files/publications/economiesuisse swisscode e web 2.pdf) is one example of such guidance. Soft law regulation should be incorporated into a company’s internal directives and guidelines, and the corporation must ensure that personnel follow these internal instructions and standards. While applying these standards does not establish a safe harbor or guarantee immunity from criminal culpability, it is an efficient preventative tool to supplement existing anti-corruption measures and increase a company’s protection against anti-corruption charges.
The Ministry of Justice provided guidance on what constitutes having suitable processes in place to avoid bribery in its advise on the Bribery Act. The following are the six concepts indicated in the guidance: Appropriate procedures: A business organization’s anti-bribery processes should be proportionate to the bribery risks it faces, taking into account the type, scope, and complexity of its operations. They must also be understandable, practical, accessible, and well-implemented and enforced. Top-level commitment: A company’s top-level management must be dedicated to eliminating bribery by its employees and should develop a culture where bribery is never tolerated. Risk assessment: Businesses should conduct regular, documented evaluations of the nature and scope of their exposure to potential bribery threats from both external and internal sources. Persons performing services for or on behalf of the company should be subjected to due diligence in a proportionate and risk-based manner. Others individuals should conduct similar checks on those with whom they interact. Communication and training: The organization should make sure that its anti-bribery rules and procedures are well-understood across the board. Internal and external communication, as well as training, should be used to accomplish this. Monitoring and review: Procedures for preventing bribery should be reviewed on a regular basis and adjusted as needed. The substance of the procedures, as well as the actual acts conducted, are more essential than their simple existence. It will be important to demonstrate that these processes have been trained and that the appropriate persons have access to them. There have been instances where documented procedures have failed to insulate a corporation from suspicions of corruption. If a corporation operates in an area where there is a significant danger of corruption, its compliance must reflect this. Bribery detection training, reporting, and prevention are all part of compliance. The reporting component is critical since it is only through reporting that the evolution of bribery methods can be discovered.
Adopt stringent and unambiguous anti-corruption policies that are suited to the company’s operations, and guarantee that they are followed and enforced from the top to the bottom of the organization. Encourage reporting of crimes if they have been witnessed by providing whistleblower protection, examining each accusation, and rewarding such disclosures. Punishment should be given in the instance of wholly false reports, as this will deter frivolous and “personal vendetta”-related reporting. External monitoring, such as external auditors, can be used to audit both incoming and exiting accounts and guarantee that the company’s money follows a clear and clean financial path. If there is a disparity, forensic accountants should be called in to look into it. Transparency is achieved by making accounting records fully and publicly available. Bribery and corruption would be discouraged instantly as such offenses would be easy to detect if the records were open to the public.
The Department of Justice and the Securities and Exchange Commission recognize that an effective corporate compliance program must be adapted to each company’s unique objectives, risks, and problems, but it must include the following elements: Senior and middle management should demonstrate a commitment to a “culture of compliance” and a clear anti-corruption policy. Criminal behavior will not be permitted, and employees should be aware of this. A documented code of conduct, as well as compliance standards and processes, should be in place at the organization. The organization should have a compliance unit that is self-contained and sufficiently resourced. One or more senior executives should be in charge of the compliance program, with sufficient autonomy, power, and resources, including suitable financing and competent employees. The company’s risk should be assessed and the compliance program customized to those risks. The organization should teach employees on its compliance procedures and provide ongoing guidance on those standards. For compliance violations, the organization should have clear disciplinary procedures in place, as well as positive incentives to encourage compliant behavior. The corporation should conduct due diligence on third parties and keep track of their interactions, including payments to them. The organization should have a system in place for reporting infractions in a private manner, as well as a protocol for conducting internal inquiries. DOJ, FCPA Corporate Enforcement Policy, March 2019; DOJ and SEC, “A Resource Guide to the US Foreign Corrupt Practices Act,” at 57–62 (2012, updated 2015); DOJ, Evaluation of Corporate Compliance Programs, April 2019).