1. Geoff Nicholas, CMIIA, head of global investigations group, Freshfields Bruckhaus Deringer, and a member of the IIA Heads of Internal Audit Service.
International law firm Freshfields has helped clients worldwide to understand the implications of the law and the steps they can take to protect themselves from liability. Nicholas has led his firm’s response to the act.
“The main concern for businesses and the media before the act came into force was its implications for corporate entertainment and hospitality. People have since understood that, providing that adequate approvals processes are in place, it needn’t be a constraint. But it has led many to review how they deal with hospitality, with companies changing their processes as a result.
“The biggest impact on our clients has concerned their dealings with third parties, intermediaries and agents, especially in new markets where they’re trying to expand. The incidence of bribery in many key emerging markets is relatively high. Whether businesses are making an acquisition, entering a joint venture or engaging a third party, we’ve seen them really ramp up their anti-bribery and corruption due diligence. Most have reviewed their compliance procedures and some have established new ones. Many have also significantly strengthened their internal compliance functions, sometimes creating dedicated compliance teams.
“Another big issue – and one on which there could have been more clarity – is facilitation payments. These relatively small sums, sought by some nations’ government officials as a matter of routine, constitute bribery under the act. While the government and the Serious Fraud Office have stressed that they will make no exemptions, they’ve recognised that such payments will take time to eradicate. They have offered some comfort by stressing that, providing that firms make reasonable efforts to eradicate such payments from within their own businesses, it won’t be a focus of attention. But this itself is confusing: what, for example, are ‘reasonable efforts’? More thought could have been given to explaining what is expected of companies – and more information on what support might be available to those operating in high-risk countries.
“There has been a significant increase in awareness of, and activity against, bribery, but not solely because of the act. Recent high-profile prosecutions and costly resolutions in the US, as well as new legislation in countries such as China and Russia, have all shown that it is being seen as a significant area of risk.
“The necessary modifications won’t be made over night, especially where there needs to be cultural change and when it involves firms operating in global markets. It’s not only about senior management’s understanding of how the act affects the business and the changes that must be made. It’s also about instilling this understanding across the organisation and in the business partners it works with in different markets. When certain practices are ingrained in your day-to-day operations, it can be difficult to turn them off.”
2. Greg Coleman, director of corporate assurance, Imperial Tobacco, and a member of the IIA Heads of Internal Audit Service.
Coleman, who joined the company in January, is responsible for internal audit, risk management processes and the coordination of assurance work performed across the group.
“As expected, the act has placed the bribery topic firmly on our board’s agenda and it has been given a high degree of focus. In common with other organisations, we have done a lot of work in re-emphasising, formalising and embedding the company’s ‘adequate procedures’, including a code of conduct, a whistle-blowing process and a gift and entertainment register.
“We have also spent time rolling out training to make sure that the message is well understood. To some degree, this is just a question of good corporate governance, but it has taken a lot of time and effort. Organisationally, however, not much has changed. We looked at our contracts with suppliers and distributors and amended these, where necessary, to ensure that the obligations placed on us by the act are properly passed
on to them.
“We have also built specific anti-bribery tests into our standard audit scopes and will be conducting reviews of the implementation of adequate procedures on future audits. As well as these enhanced processes, the increase in training and a strengthened audit approach, we are using PwC’s BRisk tool to ensure that we focus our efforts on the areas of greatest risk.
“Looking back, I’d say that official guidance on the act has been lacking. To some degree, we have been forced to rely on comments made by various officials regarding how best to take a pragmatic approach to the legislation.”
3. Anne Hayes, head of development for governance and risk, British Standards Institution.
“In November 2011 the BSI launched BS10500, a standard aimed at helping organisations to show that they have robust anti-bribery systems in place.
“While many organisations have the know-how and desire to address the risks, few have a formal framework to work to. Having such a tool is useful, as it requires you to document all your anti-bribery activities; to train people addressing the issues in the organisation; and to educate everyone throughout the business about their responsibilities and the procedures in place. To do that effectively, you must also have support from the top of the organisation.
“Since the launch of BS10500 we’ve seen interest from companies of all sizes, but particularly large supply-chain organisations that are active subcontractors. These businesses are under considerable pressure from UK and international regulatory bodies, as well as from internal and external stakeholders, to demonstrate that they have in place appropriate measures to prevent bribery. As such, and especially since the release of the Bribery Act 2010, it’s an issue that has risen up the corporate agenda.
“The BSI recently held an event where firms discussed the value of implementing BS10500 as they consolidate their anti-bribery measures. The overriding message was that implementing such a standard was a great chance to ensure that they had robust formal processes, systems and practices in place against bribery. The act of implementing it enabled them to identify any areas of risk in their client systems and then take appropriate action.”
4. John Burbidge-King, founder and CEO, Interchange Solutions.
Burbidge-King is a member of the UK Fraud Advisory Panel and the UK Defence Business Ethics Forum. He submitted evidence to Parliament’s joint committee on the draft bribery bill.
“Given that the act has been in place for a year, I would have expected some kind of announcement about the number of prosecutions to date, but there has been none. Bribery cases will take time to come to court, as the act was not retrospective and such cases are complex, particularly if they involve foreign entities. But I think that this vacuum has given companies a false sense of optimism that investigating bribery is now less important.
“Efforts have increased across the Pond. Yet firms that may be subject to the Foreign Corrupt Practices Act 1977 by virtue of trading in dollars or having a presence in the US have been lulled by UK inaction into a false and dangerous sense of security.
“Overall, though, we’ve seen that some firms have kept up the pressure while others, especially when seeking out new markets, are less cautious than they were a year ago. We have clients that have sought integrity undertakings and references on all associated persons, including professional advisers such as lawyers and accountants.
“It will be difficult for organisations to gauge the success of any anti-bribery measures they have implemented until they’re tested, either by the rebuttal of an allegation or an acquittal in court. The real test for a company that has not implemented anti-bribery measures before is whether doing so has positively contributed to how it does business, particularly in higher-risk markets. Has the process of examining what has to be done and incorporating that into business strategy and process facilitated a more risk-aware approach?
“It will be interesting to note the impact of assurance systems such as BS10500. Its implementation will lead not only to better risk management but also to more transparency and a clearer process for internal audit. This should prove to be a positive differentiator in the supply chain and, once the standard takes off, when tendering for public contracts. It will, to some extent, increase confidence in contractors and buyers – and it has the reach to be international.”
5. David Johnson CMIIA, acting head of internal audit, Department for International Development (DFID), and a member of the IIA Heads of Internal Audit Service.
“Promoting sustainable development and eliminating world poverty are key aims of the DFID. As a strong promoter of good governance and opposer of corruption, the DFID welcomed the act and the increased scrutiny, support and guidance we anticipated it would bring.
“We needed to make sure we were ready for its impacts on the delivery of our work in insecure environments and on the safety of our staff there. To prepare, we considered our risk exposure and adopted preventive controls by consulting our country offices and benchmarking our processes against the Ministry of Justice’s ‘adequate procedure’ principles.
“The act has helped us to increase awareness within the DFID, deliver on our mandate to drive out corruption in our programmes and spread the anti-bribery culture. For example, we have introduced initiatives to help us gain assurance on the people we work with and ensure they are aware of their responsibilities under the act. This includes installing new due diligence procedures, providing an e-learning course and piloting stronger methods for identifying risks in partner bodies that use our funds. These initiatives help to safeguard DFID money and reduce the risk of reputational harm.
“Management is primarily accountable for the risk, but my team has a clear mandate to support the business by aiding the identification and assessment of bribery risk; providing assurance on the adequacy of policies and procedures; and championing good practice. So we conducted a review and recommended improvements, which have since been implemented.
“We have strengthened our audit assignments via a range of initiatives, including the facilitation of fraud risk workshops, which include material on the act; sharing best practice through a departmental newsletter; and providing guidance and links to the Ministry of Justice’s ‘Quick start guide’ (www.justice.gov.uk/legislation/bribery).”
Looking for more?
An IIA Heads of Internal Audit Service forum entitled “Corruption – is it on the internal audit radar?” will be held in Dublin in October. Email firstname.lastname@example.org for details.