The importance of an anti-corruption program and the role of the internal auditor in ensuring it is effective
For many years, the Middle East’s lack of integration with the global economy was a constraint on the region’s economic growth. Now an upswing in trade between certain countries in the region and major global economies highlights a growing shift in dynamics. Trade between the MENA region and the United Kingdom, for example, increased by 11 percent in 2013 alone.
This growth is no doubt due to the concerted government efforts to attract foreign capital by positioning their country as an investment hub and growth engine that is powered by favourable factors including a sizeable middle class of 400 million people and strategic initiatives to diversify from oil.
Unfortunately, it’s not all good news: increased international business opportunities bring increased risk. A growing concern for MENA-based organizations is the risk of unwittingly being associated with corrupt practices. The US and UK authorities have been most active in this regard, partially in response to high-profile cases of bribery and corruption threatening to taint prestigious corporations associated with their countries.
Given the increasing trading activity between the region and the UK and US, awareness of the myriad Anti-Bribery and Corruption (ABC) regulations has become vital for MENA firms which want to attract foreign customers and capital. But how can organizations ensure they do not fall foul of ABC regulations and risk substantial fines and reputational damage?
The US Department of Justice has frequently been quoted as saying that a minimum requirement of an effective anti-corruption compliance program is the systemic monitoring of its effectiveness – including anti-corruption compliance audits – to identify any potential issues, and this is where internal auditors can be very effective.
While the regulatory environment is constantly changing and expanding, there are key pieces of legislation that internal auditors should be aware of in order to support the effectiveness of their company’s ABC programs.
International legislation with a substantial reach
There are two leading anti-corruption and anti-bribery legislative acts which set the bar for government agencies everywhere – the US Foreign Corrupt Practices Act (FCPA) of 1977 and the UK Bribery Act (UKBA) of 2010.
Before the more recent UKBA, the FCPA was considered the leading legislation in the fight against corruption, with significant implications for multi-national corporations.
A federal law enacted in 1977, the FCPA prohibits companies from paying bribes to foreign government officials and political figures to put business their way. Enforcement of this legislation has increased dramatically in recent years, and is a feature of the war waged by US authorities against financial crime and international terrorism, the two of which are inexorably linked.
The legislation bans three types of entities from making improper payments: issuers, domestic concerns and foreign nationals and businesses (1). It’s also important to note that a third party or agent acting on behalf of an issuer, domestic concern or foreign national is liable under the same conditions.
In 1998, the FCPA was amended to broaden the jurisdiction over multinationals, which meant that US parent corporations can be held liable for actions carried out by their foreign subsidiaries if this action is authorized, directed, or controlled by the US corporation.
An example of a recent enforcement is the case of a French based oil and gas company, found guilty in 2013 of paying bribes to intermediaries of an Iranian government official to influence valuable contracts. The company agreed to pay US$398 million to settle US Securities and Exchange Commission and criminal charges.
2. UK Bribery Act
The UK Bribery Act of 2010 (UKBA) updated Britain’s anti-corruption and bribery laws and brought them in line with global standards. This progressive piece of legislation put the burden of responsibility squarely on the shoulders of senior executives who, if a transgression is found, can be held personally liable for the corrupt actions of not only their own company but any of their subsidiaries or third party agreements.
The legislation created a new strict liability offence for corporates where persons performing services on behalf of the corporate commit a bribery offence. This meant that corporate entities can be found guilty of the corporate offence of failing to prevent bribery if an ‘associated person’ carries out an act of bribery on their behalf.
Interestingly, prosecution under the UKBA can happen even if corrupt activity did not actually take place, all the enforcement authorities need to prove is that there was intent to unfairly influence the course of business to someone’s advantage.
If it can be shown that there was consent or connivance on their behalf, even if the acquiescence was passive, senior officers can be prosecuted and face up to 10 years in prison or a fine, or both.
Increasing local legislation
In keeping with other emerging economies, local legislation is adapting to international practice and governments are acting to bring about greater transparency and accountability.
The United Arab Emirates was the first government in the region to institute an anti-corruption law, a sign of the government’s commitment to increase its role as a centre for international business by increasing transparency and good governance.
Other Middle Eastern countries have adopted the United Nations Convention against Corruption (UNCAC), although there is still some way to go before implementation of specific anti-corruption policies.
Saudi Arabia last year initiated a crackdown on corruption through the newly created National Authority for Combating Corruption. In Qatar, a new anti-corruption committee has been created, monitoring enforcement of the ABC provisions in the criminal procedures law, and in Bahrain, the Prime Minister called for new measures to combat economic crime and the establishment of an anti-corruption agency.
This local legislative activity is all part of a significant worldwide trend of amplified anti-corruption activity. At the same time enforcement of ABC regulations have been stepped up, generating several billion dollars in fines worldwide.
As Simple as ABC? Building A Successful Anti-Corruption Program
- Risk assessment – to understand the extent of the organizational exposure
- Program design – to effectively outline procedures and controls that adequately respond to the risk identified through the assessment.
- Definition and implementation of policies – clearly defined goals and objectives with equally clear lines of communication.
- Building and operation of controls – helps effective management of the program and ensure achievement of objectives.
- Training and education of the workforce – often overlooked, the training and sensitization of staff members to activities that may be potentially harmful to the organization is key.
- Monitoring and evaluation – analysing and testing of key points of the program is crucial if the program is to succeed.
- Review, realignment and reporting of the policy – essential within such a dynamic regulatory environment
The internal audit function can add particular value by identifying potential risks and providing assurance that policies and procedures are effective.
The role of the internal auditor
With the intensified regulatory environment, an upsurge in enforcement activity and the increasing rhetoric from politicians and authorities about ‘rooting out corruption’, it is no longer possible to have a ‘tick-box’ compliance program, left to the responsibility of one or two people within your organization.
There are a number of ways that the expertise of the internal auditor can take a new level. In fact, it is internal auditors who often make the difference between a standard anti-corruption and a truly effective best practice program.
• Help to choose a strategic approach
Where input from internal audit is perhaps the most valuable is in the planning and strategic design of the anti-corruption approach. It is here that internal audit can help executive management to save valuable time and money by helping to identify and prioritize the areas of risk that need attention.
Given the volume of information that can pass through an organization on a daily basis, all of which needs classified, screened and reviewed, it is simply not possible to scrutinize every transaction and client record to the same level of detail. A risk-based approach is the only answer, and an internal auditor can assist in these strategic choices, which depend on the risk appetite of the organization and its business strategy.
A proactive approach to anti-corruption – one that follows a motivated and justified risk-based approach – will put the regulator’s mind at ease and will provide the strongest defence against compliance breaches.
• Report suspicious activity
With their insight into all processes of the organization, auditors are well placed to pick up discrepancies and suspicious activity. But remember: while an auditor should possess sufficient knowledge to recognize evidence of fraud, it is not their primary responsibility to uncover fraud and corruption. Instead, they need to be able to raise a flag when they come across something that may or may not be suspicious but is outside of the norm, and then report this to the designated staff within the organization for further investigation without needing to show proof of wrongdoing.
• Don’t lose objectivity
Internal audits have a powerful deterrent effect and signal a commitment to anticorruption from senior management to both external and internal stakeholders. A robust internal audit function is able to monitor an anti-corruption program as well as any remediation efforts necessary to plug holes in the process. To stay objective, however, it’s important that internal audit remain independent from the implementation of remediation efforts, otherwise their ability to properly review and assess may be compromised.
It is the detail that an audit provides that may make the difference between success and failure. As recent cases show, it is often the organization that has a long standing compliance program in place, but has become complacent in its enforcement, that is at risk of falling foul of authorities. Their crime is not the absence of a compliance policy but the absence of effective controls and monitoring systems of their existing policy.
While it is impossible to be all-seeing and all-knowing, executives must be able to prove is that they not only put ‘adequate procedures’ in place, but also took steps to understand their exposure to risk and to know their customers, suppliers and partners.
In effect, being proactive rather than passive is key to a successful anticorruption program, and this is perhaps the biggest contribution that an internal auditor can make. The more that is done at the start of the planning and formulation of an anti-corruption program, the better off an organization will be. After all, what internal auditors do best is to provide independent, objective assurance that adds value to an organisation’s operations. What better way to support good organisational reputation and long-term stability than steering clear of corruption and bribery while providing good service to your customers?
(1) Issuers are companies that have securities registered in the U.S. or are required to file reports with the Securities and Exchange Commission; domestic concerns refer to any nationals and residents of the US and local business entities while foreign nationals and businesses are non US residents and businesses located outside of the US.
PAWAN HEGDE is Managing Director, Governance, Risk and Compliance for Thomson Reuters in the Middle East, Africa & Russia.