Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Dr. Klaus Moosmayer: Compliance, voluntary self disclosure, and a roundtable at the OECD

Dr. Klaus Moosmayer is the Chief Compliance Officer of Siemens AG (Image courtesy of Siemens)There is still the (dangerous) myth — especially in media and sometimes at enforcement agencies — that compliance has failed when a company reports acts of misconduct.

There is no doubt that an effective compliance system should of course prevent compliance violations. But do we really believe that in big organizations — private and public ones — thousands or even hundred thousands of employees every day obey the laws and the internal company rules?

Big organizations are like cities and their employees are part of a society. Have we ever seen a city without the need to have a police station and a court?

On the contrary, it is even so that companies which invest in compliance systems detect more than corporations turning a blind eye towards their risks. Whistleblowing channels are working and producing “output.” The allegations have to be investigated and — in case confirmed — disciplined and potential control deficiencies remediated. But now it becomes tricky. You have done everything in-house properly, now there is the question of voluntary disclosure towards — in the best case — one, but in international business often many different regulators.

On the occasion of the International Anti-Corruption Day on December 9 last week, the Business and Industry Advisory Committee to the OECD (BIAC) organized a roundtable with the OECD Working Group on Bribery, which is responsible for monitoring the implementation of the OECD Anti-Bribery Convention, one of the most important and powerful tools in the international fight against corruption.

The roundtable focused on two major topics where, in BIAC’s opinion, the OECD can play a key role:

(1) Addressing the demand side of bribery to help establish the necessary confidence for the business community, recognizing that solicitation poses a serious challenge for firms and discourages them from investing in countries where bribe demands are frequent, and

(2) Helping governments put in place a framework that incentivizes companies to build robust compliance programs and to self-report compliance breaches. If companies can be given legal certainty of not being punished for their cooperation, this can lead to major improvements in the fight against corruption.

BIAC calls upon the OECD and its members to forcefully engage themselves and foster international cooperation in these areas, working closely with the private sector. BIAC strongly believes that if we solve the topics raised, especially the issue how to incentivize voluntary self-disclosure, then this could be a major game-changer in the fight against corruption and bribery.

*     *     *

The Business and Industry Advisory Committee to the OECD advocates for open markets, investment, and private-sector led growth. BIAC is the officially recognized voice of the international business community at the OECD. BIAC’s members are the major business organizations in the OECD member countries and a number of OECD observer countries. BIAC’s website is here.


Dr. Klaus Moosmayer is the Chief Compliance Officer of Siemens AG and leads the global Siemens compliance organization. At the end of 2013 he was appointed as Chair of the Anti-Corruption Taskforce of the Business and Industry Advisory Committee to the OECD (BIAC).

Share this post



  1. Dear Dr. Klaus

    This is a great article and I whole-heartedly support the suggestion made by BIAC with respect to addressing the demand side of bribery and corruption.

    However, I have to disagree, or request clarification, on a couple of points that you, or BIAC, have made.

    For one, and with all due respect, I have to disagree with the comparison of a multinational corporation to a city, in regards to the control of bribery and corruption. As a boss of mine reminded me when I questioned him on his planned course of action (early in my career)….”your mistake Pete is that you believe that your workplace is a democracy…Unless I’m asking you to do something unlawful, you are expected to follow my instruction and company policy/rules”.

    The majority of companies should have much better policing and control over [corporate] crime then that of a city. Shareholders and regulators would demand it.

    Could there me a rogue employee? Possibly. But if a company were completely blindsided, then the bribery allegation would most likely end up as a declination or non-prosecution agreement, in the case of a U.S. SEC/DOJ led investigation. In this situation, I don’t think anyone would take the view that compliance has failed.

    I apologize Dr. Klaus, but when I read your city policing analogy I can’t help but be reminded of Sepp Blatter’s excuse for FIFA’s corruption woes (see story here: . Shareholders and regulators expect companies/organizations to focus on the risk. If done properly, the risk analysis, along with the appropriate corporate culture and controls, should eliminate violations that require prosecution.

    With respect to BIAC’s comment # 2 and the request for not being punished for self-reporting breaches, I’m not certain what is being suggested? As stated above there are opportunities, at least in the U.S., for declinations (no punishment) and non-prosecution agreements to be utilized. Is BIAC suggesting a similar system in all jurisdictions?

  2. I agree wholeheartedly with the points that Klaus has made. Discovering that a bribe has been paid — rather than revealing the failure of or a deficiency in a company's bribery related policies and procedures — often demonstrates, in my experience, precisely the opposite. The test of a company's commitment to combat bribery tends to play out from that point forward in the steps the company takes on the remediation front. Having a major and sustainable impact on the incidence of bribery requires a more holistic approach than has characterized most governmental anti-bribery efforts. There are times, to be sure, when the bribe giver — whether a company or an individual — deserves to be punished. If the ultimate goal, however, is to reduce the incidence of bribery around the world, it seems to me high time for governments — including the legislators who have drafted and approved anti-bribery legislation, from which individual prosecutors must take their marching orders — to realize that it takes two to tango. Rather than focus solely upon the bribe giver, it seems to me time, in other words, for governments to pay more attention to the demand side of the bribery equation than they have paid in the past. In many countries, demands for bribes stem from a variety of conditions that can be changed, including impunity for those who demand bribes and failure to pay government functionaries, particularly at the mid and lower levels, a living wage. The unduly constrained nature of past efforts to reduce bribery also can be seen in the response one gets in approaching governments in developed countries for assistance in tamping down foreign bribery demands. The response typically consists of "my job is to prosecute the bribe giver, not engage on a government-to-government level to reduce demands for bribery, large and small." It's time, it seems to me, for governments to look for opportunities actually to partner with companies as companies seek to operate in markets in which demands for bribes occur with distressing regularity.

  3. Ensuring ethical behavior of and within a company is not for free. Companies need to (and should) invest a tangible sum of money into crime prevention, company ethics, and compliance in general. It would be good to see regulators give such companies preference in bids and tenders, based on objective and transparent evaluations, just like they do for technical and commercial criteria within their projects. Companies having effective compliance programs in place, and taking credible, serious steps not only to prevent wrongdoings but to investigate, stop and report possible wrongdoing, companies that, in addition, have shown efforts to support law enforcement agencies in such circumstances, should much more than so far be rewarded as more credibly granting clean business than companies that don't. That way the markets could make a strong contribution to clean business everywhere and every time. So far, a company that is successful in hiding away past or ongoing ethics issues, is treated equal to any other that invests heavily in prevention, detection and response to such issues. Maybe something the OECD could take up in future, since most public tenders laws do not require proof of ensuring ethical conduct as obligatory for the selection of a supplier.

  4. Dear colleagues, I am glad that the article has started a good discussion, and I have received a lot of feedback via other channels – so the topic seems to be of interest and relevance. I want to follow up on the comment by Pete. With all due respect, I reject the FIFA comparison. From what we know about this case, it is about responsibility and – potential – misconduct of several members of the Executive Committee who are under investigation. This has nothing to do with the issue BIAC has raised. And I agree that companies have to focus on risks (this is what a good system does all the time) but even the best risk assessment will never 100% prevent misconduct in a big organization – on the contrary it leads us to "white spots" where surprisingly no cases or incidents are reported. And yes, BIAC believes that OECD could set standards for voluntary self disclosure – OECD is a policy making international institution and has especially the task to support its member countries to level the playing field in the fight against corruption.

  5. Response to Dr. Klaus Moosmayer from Pete

    Dear Dr. Moosmayer,

    Apologies if the comment offended. However, I was not suggesting that a comparison could be drawn between FIFA's alleged corruption allegations and the issues being raised by BIAC. My point was, that, as business executives managing a very complex and sensitive area, we need to be careful about the comparisons and words we use (you have drawn attention to my poor choice).

    My takeaway from the first four paragraphs of your article was that cities, even with their police and courts, don’t catch and prosecute all the criminals, so why would we expect big business to accomplish what law enforcement can’t (several of my work colleagues were left with the same impression when reading the article).

    As stated in my previous comment, shareholders and boards, of some of the best companies in the world (I place Siemens in this category), demand infinitely better performance when it comes to the enforcement of laws and rules, than what one might expect in your average city. In fact (and I’m sure I’m preaching to the choir), the question as to whether “compliance has failed”, when misconduct is detected, is asked by the ethics committees of the best performing companies long before the media focuses their attention on the issue.

    In summary, it is my opinion that we, as a business community, should be giving examples of how we are striving for the best in our compliance programs (not average or passing grade); therefore, we deserve a little more credit when minor discretions (e.g. rogue employees) are discovered. If we choose poor examples to convey our message, we might end up sounding like that individual at FIFA, whom I referenced in my previous comment.

    One comparison that BIAC might want to draw in its discussion with OECD is the similarity between ABC management systems and safety management systems. Some of the best companies and organizations in the world, which have goals of zero fatalities and zero accidents, have not achieved their goals in a sustained manner. As with ABC management systems, many accidents can be attributed to misguided human behavior and not necessarily a failure in the safety management system. Regardless, when accidents occur at these companies, even minor accidents, the worst critics are senior management and the board, not the media and regulators.

    I would also like to point out that I think it will be extremely difficult to arrive at a common set of voluntary self-disclosure standards. For example, how would the OECD arrive at a common standard for evaluating the effectiveness of an effective ABC management system, assuming that a company would argue that it has an effective system, thus warranting little or no punishment?

    If one is to look at effectiveness, one has to evaluate the three major elements of design/structure, execution and performance. There are numerous companies that can throw a nice, colorful, 10 volume ABC management system in front of you, but have they effectively executed it at all worldwide operations and are they monitoring performance? It’s not an effective system if a company has substantially failed in phases 2 and 3.

  6. Pete, good discussion and we are certainly not "far away" from each other in many material points. But I see significant differences between an Anti-Bribery Compliance System and a safety management system. The latter is very much focused on "technical Compliance" and I would be very careful, for the reasons already described, to tell the Board that we will come to a "zero harm" in the area of anti-corruption, antitrust, anti-fraud etc. Compliance by relying on the implementation of technical standards. This is maybe what the new ISO standards regarding Compliance are suggesting (or marketing) but not what we see in reality taking into consideration the human factor.

  7. Thanks Klaus!

    I agree, we are not far away, even on the issue of the similarities/differences between ABC and safety management systems.

    For example, I don’t tell my Board that we will reach zero fraud/corruption incidents or zero fatalities, but I do tell them that that is the goal…zero. What else could I tell them? For example, I can’t tell the Board, shareholders and the community that we hope to have fewer than 5 fatalities this year, nor can I tell them that we hope to have fewer than 5 incidents of bribery and fraud. If I did that, the headlines the next day could read…… ”XYZ Company Plans to Kill Five Employees and Bribe Five Foreign Officials this Year”.

    As you know, at any high performing company, the aim is zero (Siemens is a case in point –

    Like ABC systems, safety management systems (these days) are not just about “technical compliance”. It’s very much about changing the hearts and minds of people (changing people’s behaviors), which is what is required in ABC management systems. Companies like DuPont have been doing it for decades (with respect to safety) and they still have not achieved the goal (aim) of zero harm, on a sustainable basis.

    In having an aim of zero non-compliance (ABC) or zero accidents (Safety), the company starts to adopt a culture of continuous improvement and urgency. They don’t accept average performance.

    As you said, the new ISO standard (ABC) won’t help an organization establish an effective ABC management system on its own. It will establish the design/structure of the system, but it will require the right corporate culture to ensure better than average execution and performance.

    So, at the end of the day, which companies should get leniency from regulators when self reporting? Is it the companies that have put in place systems that barely meet the new ISO ABC standard, and performing at the same level as your average city police department?

    Or, is it a company that has a culture of continuous improvement and can demonstrate it through evidence and their actions? Is it a company that is more strategic, through activities like: collective action; engagement with regulatory authorities (e.g. DOJ Opinion Releases); enhanced education of suppliers and contractors; education of JV partners, even when the company is a minority; and, a continuous reduction in non-compliances and elimination of serious non-compliances (e.g. senior executives involved in acts of corruption and fraud).

    I suggest that the later would be granted greater leniency. Moreover, I think it’s pretty easy to spot these companies, versus the companies that use smoke and mirrors to impress.

Comments are closed for this article!