The OECD has just published an excellent analysis of the 427 enforcement actions undertaken by the signatories to the 1999 Anti-Bribery Convention which may help. The results of the survey are of course coloured by the fact that it is based on enforcement action rather than the ‘known unknown’ of actual bribery and corruption. It is also reflective of predominantly U.S. enforcement policy — the U.S. having been by far the most aggressive enforcer.
That said, enforcement officials, as with businesses, follow success. The vulnerabilities in controls which they have seen in the past are most likely the ones they will look for in the future. Sectoral, geographic and organizational indicators will illuminate their way. After all, no prosecutor gets nominated to the bench, hired by a global law firm, or elected to public office following a series of ambitious but failed prosecutions.
So what then are some key themes that we learn from the report and how should that impact your thought processes?
Compliance starts from the top, non-compliance from the ranks.
Perhaps the most alarming statistic to emerge from the review was that in 12% of all enforcement actions, CEOs were aware of and endorsed corrupt activity. Jack Stanley, the former Kellogg Brown Root CEO, is the poster boy for this kind of activity. But this trend is deeper and wider — 41% of all cases involved corporate managers.
It is a universal truism that all systems and controls are vulnerable to human weakness. The key message to take from this is that you must know who you are hiring — trust by all means, but verify too — and don’t stop verifying. The board has a crucial role here in maintaining corporate ethics.
It’s all about heads of state and ministers.
Well, no actually. While heads of state and government ministers appeared in 5% of cases and received approximately 12% of all bribes promised, offered or given, the real beneficiaries appear to be officials of state-owned enterprises. They appeared in 27% of cases but received 80% of the value of all bribes.
So look beyond the leaders to those who can actively influence procurement decisions.
It’s a third world phenomenon based on cultural mores.
43% of all cases involved public officials from developed economies where, theoretically at least, the giving of a gift as a mark of respect, subservience and friendship have long since been eclipsed by ethics, corporate governance and policy.
The cultural argument was always a bad one. The reality is that some people exploit power, whether they are a U.S. governor, a Greek hospital official or the head of procurement for the Indian army. Focus on where your vulnerability lies rather than preconceived notions about geographic risk. If your largest contracts are for IT development for the English National Health Service make sure that’s where you have the most developed controls.
We don’t buy contracts so we don’t need to worry.
While buying contracts remains the largest single driver for enforcement activity, nearly a third relates to operational management issues whether they be customs clearance, favorable tax treatment, licensing, travel visas or other intersections between state officials and commercial enterprises. No doubt when the Walmart prosecution is finally resolved this data point will be reinforced.
Intersections between state power and operational business are a fertile ground for facilitation payments and whilst there is not qualitative data to support this, our experience is that this is predominantly a developing world phenomenon.
So whether you are building super stores in Mexico City or building factories in Guangdong that need water permits, make sure you understand the operational, regulatory and legal requirements before you start and build time to obtain them into your business plan to avoid the necessity for short cuts.
We’ve got our intermediaries covered.
It remains the case that 75% of bribes are paid by intermediaries. In 6% of cases these are lawyers as the case of Jeffrey Tesler testifies. Intermediaries create vulnerability in both securing contracts and in business operational risk — again see Walmart. Like Tesler, professionals who start out honest don’t always remain so.
No-one is going to find out so a paper policy will do.
427 enforcement actions does not sound like a lot in 15 years. But 366 were in the period between 2007 and 2013. 390 cases are currently under investigation. Conviction and agreed resolution through deferred or non-prosecution agreements are exceptionally high so this phenomenon is not going to disappear. Rather there are some emerging trends which will drive enforcement activity.
Until now only 2% of all enforcement actions have been the result of whistle-blowers’ reports. The award of up to 30% of fines imposed on corporations and individuals to whistle-blowers under the Dodd Frank Act will dramatically increase this number. What was, “why should I tell?” has become “if I tell I am financially secure for life”. Corporates exposed to U.S. enforcement activity can no longer rely, if they ever could, on employee or third party indifference or confidentiality — even when those parties may be complicit in criminal activity themselves.
Second, merger and acquisition activity will drive discovery and reporting of criminal conduct. 31% of all cases in which enforcement action has been taken were the result of self-reporting. In 30% of these, or 10% of all cases, corrupt activity was discovered in the context of merger and acquisition activity. Corporations are alive to successor liability and the consequences of tainted revenue streams and operational procedures. More than ever before due diligence is focused on these issues which will result in greater discovery.
Back to the risk model. . . . .
So what does the OECD study tell us? Well, I think it tells us to dust off pre-conceptions, think about true vulnerabilities, and to build our businesses and risk models around the actuality. Aside from the matter of Convention obligations, the revenue take for governments in fines and disgorgements will keep this show on the road for many years to come.
Bill Waite is a contributing editor of the FCPA Blog. He’s one of the founders of The Risk Advisory Group, established in 1997 with the objective of building Europe’s leading independent risk management consultancy. He serves as the group’s CEO and general counsel. He formerly practiced as a criminal barrister before joining the U.K. Serious Fraud Office in 1991 as a prosecutor. He can be contacted here.