The UN Global Compact published “A Guide for Anti-Corruption Risk Assessment” in 2013 that many companies worldwide adopted. With a further push from the DOJ and other agencies toward risk-based compliance, risk assessment models became a cornerstone of modern programs. However, since the pandemic emerged in early 2020, corruption risk models have become less reliable predictors of corruption. Here’s why.
Assessing corruption risk starts with determining the likely degree of interaction with government officials. If a transaction or project doesn’t require interaction, corruption risk is essentially nil. As interactions increase, corruption risk increases, either proportionately or exponentially, depending on the risk assessment model.
Organizations became adept at quantifying the likely degree of interactions with government officials. Risk experts (usually compliance professionals) used historical data from the same or similar transactions and projects in the same or similar countries. The models — also using other risk factors such as country histories, industry data, third-party involvement — produced corruption risk assessments that organizations relied on to design many of their compliance practices.
Since Covid-19, however, predicting the likely degree of interaction with government officials has become difficult and sometimes impossible. The pandemic forced governments and agencies to change when and how they interact with users. Governments may close their windows with little or no notice because agency workers are sick or scattered or don’t know what to do. Sometimes services are offered virtually or by appointment only. In many countries, requirements for doing business have become a moving target. The result is that government functions are less predictable and more ad hoc, with frequent changes, sometimes even daily.
It isn’t possible yet to quantify the degree to which actual interactions with government officials have changed. But there are clues. Policy experts and diplomats have advised governments to open cross-border back channels to help manage pandemic-related crises. When governments resort to covert back channels to get things done, corporations are probably employing similar unorthodox strategies.
In the new ad hoc regulatory environment, compliance officers have lost their best tool to evaluate interactions — historical data. Before Covid-19, interactions usually followed predictable patterns; company planners knew which government agencies and officers to meet with and when. Deviations from those familiar patterns were corruption red flags. Now, with so many ad hoc interactions, comparisons with prior patterns have become essentially meaningless.
Despite that, knowing other corruption risk factors is still valuable. A country’s history of corruption will always be relevant, along with corruption risks in particular industries. And there’s still a central role for due diligence that can flag politically exposed persons and potentially corrupt third parties and government officials.
Companies can somewhat mitigate the ad hoc environment’s uncertainty when interactions involve compliance-trained employees. But ad hoc interactions involving third parties are harder to evaluate. In a sense, the pandemic has provided perfect cover for agents and corrupt officials to meet and make illegal arrangements.
How should companies and their compliance officers respond? There’s no easy answer. Budgets are limited, and compliance personnel are already in short supply.
Still, compliance officers can use existing safeguards and internal controls. They can require government interactions to be pre-approved, logged, and reported. They can prioritize their review of spending requests related to interactions with government officials. In some cases, they can restrict the company’s use of agents and impose additional restrictions when the company retains them.
In training sessions, compliance officers can warn that ad hoc interactions with government officials create more opportunities for graft. And that despite massive disruptions and new, unorthodox ways of doing business, the company’s tolerance for graft is still zero.