Over the past two decades, there has been substantial progress by companies in developing anti-corruption programs. While such programs reflect a growing commitment by companies to combat corruption, it is widely recognized that the adoption of policies and programs is not enough.
Compliance verification efforts — both internal and external to assess that a company has an effective program for preventing and detecting corruption in its business operations — is essential. Without verification of anti-corruption compliance programs, and a corporation’s reporting on its programs, stakeholders cannot differentiate between serious efforts to prohibit corruption and programs that are primarily designed to be a paper tiger.
The numerous news reports of actual and alleged corporate malfeasance have seriously damaged confidence in companies’ ability to self-regulate. The investor community, potential business partners, and companies themselves are seeking assurance that corporate anti-corruption programs are effective in deterring, detecting, and remediating corruption.
To address this concern, Transparency International-USA (TI-USA) is releasing today a report, Verification of Anti-Corruption Compliance Programs, which distills concrete, implementable lessons for companies in evaluating their anti-corruption programs. The report and the recommendations contained therein are intended to strengthen the quality of corporate anti-corruption programs and improve public credibility regarding their effectiveness.
To inform the report and its recommendations, TI-USA conducted original research in five practice areas related to verification, utilized an expert advisory committee, and conducted consultations with companies, anti-corruption practitioners, and investor groups. The five areas TI-USA examined were: 1) public reporting by companies; 2) verification reviews performed by accountants, lawyers, and consulting firms; 3) certification of compliance programs; 4) compliance reviews undertaken by government-mandated monitors; and 5) certification efforts in social and environmental areas.
The major recommendations contained in the report include the following:
Internal review and understanding internal capacity: The most critical part of verifying corporate anti-corruption compliance is a company’s own internal review. In conducting internal reviews, companies must determine the extent to which they can rely on in-house resources and the extent to which they need to supplement those resources with external resources.
Risk-based approach: A risk-based approach is essential in defining both the appropriate scope of compliance programs and of verification. It is not easy or practical to carry out verification in one company-wide sweep, visit every location, interview every employee, or test every transaction. Therefore, it is important that business units with the highest risk of corruption are prioritized.
Independent external reviews: In addition to internal reviews, companies should undertake independent external reviews on a regularly planned basis. The scope of the engagement and the frequency of review will depend largely on the risk profile of a company. Companies with high risk profiles should consider conducting external reviews of their high risk businesses every three years. In general, external reviews help a company to take a fresh look at an existing program, to learn about weak spots and areas for improvement, or to benchmark its program against other companies.
Perform verification in the field, particularly operations in high-risk locations: Reviewing for program effectiveness in high risk locations cannot be done solely from the corporate center. Procedures for high risk locations should generally include site visits, data mining, interviews, targeted testing of compliance sensitive transactions, analysis of interactions with third parties, and an assessment of relevant internal controls.
Public disclosure: Companies should make public disclosures about their anti-corruption program, including program implementation and verification, to increase transparency and public trust. The level of public disclosure and reporting should be sufficient to provide adequate assurance that the company understands and effectively manages the corruption risks of the businesses in which it is engaged.
Develop broader agreement on the standards for certification: Certifying organizations, companies, investor groups, and non-governmental organizations should develop broader agreement on the standards for certification to help promote greater transparency of the scope of the review. It is also important to clearly define the scope of review on which a certificate is based.
With the publication of the report, TI-USA hopes to raise the standards of practice. The report serves as a resource for companies that seek to take a pro-active, leading role in fighting corruption. In light of heightened public scrutiny of corporate conduct and governance, companies have a vested interest in restoring public confidence in their ability to self-regulate.
Shruti J. Shah is a contributing editor of the FCPA Blog. She’s a Senior Policy Director at Transparency International-USA, responsible for the promotion of TI-USA’s anti-corruption law and regulation policy agenda. She can be contacted here.