Anti-corruption compliance is not as hard as it looks. In fact, by taking a step back, compliance professionals can gain insights.
At the direction of compliance professionals, companies like to develop and adopt compliance policies and procedures. Compliance policies and procedures give the board, senior managers and the CCO a feeling of comfort. They are gaining a measure of control over something they have identified as a significant risk – bribery of foreign officials.
Some of these policies and procedures are important; some are not as important. In the scheme of things, policies and procedures sometimes give a company a false sense of comfort, especially if the program is a “paper” compliance program with no follow up.
One area CCOs focus on is gifts, meals, entertainment and travel expenses. Often, they spend too much time on these expenses and the surrounding policies and procedures.
The FCPA Guidance suggested that companies were spending too much time on these expenses and not enough on more serious risks. DOJ and the SEC made a good point. Companies should reallocate their programs to make sure resources and attention are devoted to serious risks, not payments for gifts, meals and entertainment.
I am not suggesting that gifts, meals, and entertainment expenses should be ignored. To the contrary, they should be monitored and controlled just like any other financial expenditure – with appropriate justifications and thresholds for heightened scrutiny.
In fact, I recommend that companies change their focus from such expenses and develop a broad focus – who has authorized access to money and for what expenses?
In some respects, the focus on money is the same focus on internal fraud risk. It is important to understand that company officials who want to bribe foreign officials have to gain unauthorized access to funds, just like those officials who want to steal from a company’s funds.
When the focus becomes authorized access to money, the risks become more apparent: (1) unauthorized payments to internal officials and employees for a variety of purposes, including gifts, meals, entertainment and travel expenses; (2) unauthorized payments to third parties, including vendors/suppliers, agents and distributors.
Within these two categories, bribery risks increase when financial controls are not in place to verify the purpose of the payment and that the products or services were actually provided.
For example, third parties submit invoices for services and payments have to be matched up to an authorized contract and for legitimate services. If the third party does not provide adequate justification for services, the company should withhold payment until such information is provided.
This is an example of how a financial control can reduce the risk of bribery.
In the case of fraud, companies assess the existence of financial controls as a way to minimize the ability of individuals to gain unauthorized access to funds. Similarly, companies focus on these risks when considering whether an employee, can take money from the company and use it to bribe foreign official.
Often, bribery schemes involve relatively sophisticated schemes involving inflated invoices, unauthorized access to money and use of shell companies and bank accounts. With the assistance of third party agents and distributors, bribery schemes usually incorporate third party financial controls to circumvent a company’s internal controls.
Instead of spending inordinate amounts of time on policies and procedures relating to anti-corruption issues (e.g. hiring relatives of foreign officials, charitable contributions, or gifts, meals, entertainment expenses), companies should spend more time and effort on the broader issue of financial controls to tighten access to money and verify the proper use of their funds.