ACCA - The global body for professional accountants

If businesses are to eliminate corruption and bribery it is vital that they understand and deal with third-party risk, says Michael Boag

This article was first published in the February 2014 China edition of Accounting and Business magazine.

The battle to clamp down on corruption and bribery is gathering pace, if the growing list of probes is anything to go by. From Indonesia and China to Russia and the UK, investigations and prosecutions have been launched against individuals and organisations, both in the private and public sectors. But there is a long way to go, according to Transparency International’s 2012 Putting Corruption Out of Business survey, with more than one in four businesspeople worldwide reporting they have lost out because a competitor paid a bribe. 

The consequences are high for any business. Not only can legal action under legislation like the US Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act result in fines in the hundreds of millions, companies can be debarred from public works and government procurement or face civil legal action, not to mention the incalculable cost of reputation damage and the accompanying loss of business.

While few corporations and their executives set out to win or retain business through bribery, without robust procedures in place there is a significant risk that organisations can inadvertently become involved in corruption. Addressing such risks requires effective compliance programmes that permeate the business and form an integral part of its day-to-day operations. 

Ensuring that policies are accessible to employees and that they understand how these apply to their daily life are fundamental factors in combating corruption. Significant risks exist, in particular relating to third-party relationships – people or organisations, often working in high-risk emerging or frontier markets on an organisation’s behalf. Local agents, distributors, licensees and joint-venture partners may not be employees but increasingly firms are being held liable for their corrupt actions. Indeed, FCPA enforcement actions by both the US Department of Justice and the Securities and Exchange Commission (SEC) show that local agents, distributors and consultants are used to conceal the payment of bribes to government officials in overseas transactions. 

Different challenges

Scrutinising the activities of a third party in a faraway market presents obvious challenges. For example, an agent in sub-Saharan Africa is likely to present a different risk profile than a small supplier in Scandinavia. However, organisations can still mitigate the likelihood of inadvertently becoming involved in corrupt activities. This includes choosing a reputable local partner, and identifying and managing any associated risks. 

The UK Ministry of Justice has specific guidance on due diligence as it applies to the Bribery Act, set out in Principle 4. This states that organisations must apply ‘due diligence procedures, taking a proportionate and risk-based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks’. The Criminal Division of the US Department of Justice (DOJ) and the Enforcement Division of the SEC underlined the importance of due diligence when they published A Resource Guide to the US Foreign Corrupt Practices Act in November 2012. The guide states that ‘Risk-based due diligence is particularly important with third parties and will also be considered by DOJ and SEC in assessing the effectiveness of a company’s compliance program’.

The first step of any due diligence assignment should be a risk assessment. What are the risks with this relationship? The level of corruption in a country is a key factor but other aspects can also have an impact, such as the size or value of the business relationship, the structure of the contract or transactions, the level of government involvement or the industry sector in question. A risk assessment taking into account these factors will steer an organisation towards a depth and rigour of due diligence that is proportionate to the risk. 

Once the risk has been assessed a due diligence investigation proportionate to the risk can begin. For some lower risk relationships this can mean basic searches of sanctions and watch lists, media and political exposure databases. However, organisations looking to do business in countries where corruption is more prevalent should always seek to understand who the beneficial owners of a potential partner are: are they government officials or connected to them? An overly complex and opaque shareholding structure could in itself be a red flag. A wide range of other public record information and local media can also provide information that is valuable in assessing a partner’s reputation, experience and integrity. Do bankruptcy filings show the company has had financial difficulties? Do court records show the company has historic or current disputes with other international partners? Are there local media stories which cover a corruption scandal that implicates your potential partner? Has a local regulator sanctioned it for failing to play by the rules? Do records show it was barred from a government tender for collusion? 

Accessing information

While such information may be available in some countries, in others this may only be retrievable on the ground, through various registers and agencies and sometimes not even then. Given the diversity of privacy and disclosure laws, special care must be taken to ensure that public record information is accessed legally and ethically. 

There are, of course, many instances where open-source information is limited and alone does not provide enough insight into a potential partner. In numerous countries few records are available and media censorship means that there is little scrutiny of the business world. Alternatively, in many cases available information is incomplete, contradictory or clearly tainted by political bias or commercial rivalry. In such cases human intelligence – comment, context and insight from local sources familiar with an industry sector and local market, the political landscape and regulatory environment – can provide valuable perspectives on the background and standing of a potential third party.

The focus on due diligence makes it easy to see how organisations that focus on getting it right tangibly reduce their corruption and bribery risk. Take this recent example. A medical devices company was looking for a new distributor in the Balkans and had identified a potential firm following a regional trade show. Publicly available corporate records and filings showed that the firm’s ownership structure was unclear but a robust due diligence exercise identified that its ultimate beneficial owner was related to a senior government official who played a role in the oversight of tenders for state-run hospitals and research institutes. While the research found no information relating to bribery allegations or that the distributor had leveraged their government connections improperly, it highlighted a potential risk that the medical devices company needed to mitigate. 

In another case, due diligence conducted into a potential joint venture partner identified allegations that an executive at the prospective partner had, while an executive at another firm, been accused of paying a bribe through the son of an African government minister. While no charges had ever been laid, it was confirmed by a range of local sources in the market that the allegation had real merit. A serious corruption red flag had been raised and the firm backed off the joint venture. The decision helped avert the potential of serious reputation damage by becoming involved with a local partner with a less than stellar reputation for integrity.

Proportionate risk-based due diligence helps organisations highlight key red flags that a tick box approach would almost certainly miss. 

Corporates can no longer afford to take a ‘light-touch’ approach to tackling corruption and the heightened scrutiny exhibited by law enforcement, investors, customers and the wider stakeholder community reinforces the importance of addressing third-party risks . However, cutting corners during the due diligence process, in an attempt to save time and expense, could be a false economy. In response, organisations must ensure that they develop a rigorous and ongoing global due-diligence and anti-bribery strategy. 

Counting the cost

In an increasingly global marketplace, where national legislation and the supranational reach of the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act (UKBA) create a highly complex compliance backdrop, organisations must ensure that their due diligence programmes make sense to regulators and enforcement agencies that may one day want to take a closer look. 

The pitfalls of an organisation that gets due diligence wrong and fails to take the risk of third parties seriously are evident. In a recent case, where a fine of more than US$300m was imposed by the US authorities under the FCPA, an energy services company was criticised for having a due diligence programme that the authorities regarded only as a ‘perfunctory exercise’ and that was not ‘adequate to detect, deter or prevent the payment of bribes by agents’. In its wake, authorities elsewhere have also taken an interest, which has seen individuals fined and imprisoned.

Despite the inherent risks of failing to carry out appropriate due diligence, many organisations fall short. One recent report even suggested that only half of all businesses polled vet their external suppliers for UKBA compliance. Across the globe, companies are now waking up to such risks, with the UKBA laying down a clear marker that a company can commit an offence if an ‘associated person’ bribes another person to obtain or retain business on its behalf.

Michael Boag is a London-based managing director of Stroz Friedberg, a digital risk management and investigations company

 

Last updated: 6 May 2014