Overcoming Corruption Vulnerability: Pitfalls to Avoid in Business Expansion
Liz Burton is a Content Author at High Speed Training: a UK-based online learning provider that offer business-related training courses, including Anti-Bribery and Anti-Money Laundering (AML) and Financial Crime. Liz has authored many courses and regularly produces business-related content for High Speed Training’s blog, the Hub.
Businesses have their work cut out for them when preventing corruption from polluting their practices. Many will manage to uphold their anti-corruption policies internally and preserve a positive, integrity-focussed team. But often the threat comes from the outside; from people whose mind-set the company has no influence over, yet with whom they’d like to do business.
Just like preventing oneself from catching a cold by taking measures to strengthen your immune system and preventing contamination, which sometimes isn’t enough if people around you have poor hygiene habits, often businesses’ preventative measures are not quite sufficient in preventing third parties’ unethical practices from impacting on the company.
When dealing with third parties in business affairs, it’s vital that businesses take steps to avoid accidentally stumbling into a pit of corruption from which they can’t escape.
Although it doesn’t guarantee that instances of corruption will be wholly prevented or promptly tackled, the UK has demonstrated commitment to combatting corruption with the introduction of the Bribery Act 2010. The same can’t be said about most countries, unfortunately, which means engaging with third parties, particularly those outside of the UK, is a significant risk factor for British businesses.
To further complicate matters, the Bribery Act places tremendous pressure on principal organisations regarding accountability. As Neil Swift, from Peters & Peters Solicitors, stated in a discussion on third-party fraud and corruption risks:
“With the introduction of the Bribery Act 2010 in the UK, which came into force in July 2011, one of the greatest risks UK companies now face are the corrupt acts of third parties for which the company could now be held liable regardless of knowledge.”
Businesses need to keep a tight lid on corrupt business practices and actively conduct thorough due diligence when engaging in business with third parties from overseas.
How Widespread is Corruption Overseas?
The Corruption Perceptions Index (CPI) 2015, published by Transparency International, scores countries on a scale of 0 to 100, 0 being highly corrupt and 100 being very clean. Anything below 50 is considered a serious corruption problem.
53% of G20 countries scored less than 50 on the scale, and the scores show that corruption is considered a serious issue in just about every continent around the globe. Aside from EU and Western Europe, every continent scored on average lower than 50. If companies are looking to expand their business into said continents, they should keep this at the forefront of their minds.
Scores on individual countries can be viewed in the report. For example, the UK scores a respectable yet improvable 81, while many countries overseas fall below this. China, a country with which many organisations may do business, scored 37.
These statistics aren’t here to tell us to completely avoid dealing with businesses from countries with low CPI scores, however. Ultimately, as Transparency International emphasises, not one single country, anywhere in the world, is corruption-free.
What these facts do help highlight is how wary companies should be when expanding into new markets.
Indeed, according to Kroll (the leading global provider of risk solutions): “Global business expansion and increasing number of third party relationships [are] at the root of bribery and corruption risks in 2016.”
Kroll and Compliance Week’s 2015 Anti-Bribery and Corruption (ABC) Benchmarking Report offers interesting insights into the risks perceived by global compliance executives regarding business expansion.
A survey of senior-level compliance professionals revealed the following statistics:
- Over 50% anticipate that bribery and corruption risks posed to their company will increase.
- 72% of those who expect risks to increase say it’s because their business will be expanding into new, unfamiliar markets.
- 65% of all those surveyed stated their businesses are likely to increase the number of their third-party relationships in future.
Clearly, expansion is widely perceived as a risk. And further cause for concern is whether or not anti-bribery and corruption measures are being actively applied when instigating business relations with third parties, and how confident compliance executives feel in said controls.
- 52% stated they are not confident in their financial controls to catch potential books-and-records violations of the Foreign Corrupt Practices Act (FCPA).
- 66% stated they automate their anti-corruption program in some way.
- Most automated tasks are training-related; only 26% automate the vetting of third parties.
And perhaps most worrying of all:
- 48% stated that they never train third parties on anti-bribery and corruption.
Evidence of efficiency is present despite these concerning statistics, with 58% of compliance professionals rating their due diligence procedures as either ‘effective’ or ‘very effective’. 92% stated that they did conduct some form of due diligence, but the type and comprehensiveness varied.
With over half of those surveyed expressing a lack of confidence in their prevention methods and almost half stating that they simply don’t even train third parties on anti-bribery and corruption, it’s clear that more businesses need to make the effort to implement better global anti-bribery and corruption programs and up the comprehensiveness of their due diligence procedures.
How Can Businesses Improve Due Diligence Conducted on Third Parties?
There is ultimately no blanket method for ensuring third parties are compliant with anti-bribery and corruption procedures and are safe to do business with. But due diligence is essential and required by the Bribery Act 2010 for preventing corruption risks, no matter what sort of third party a company decides to work with.
The Managing Director of Kroll stated that “Due diligence is really one of the keys to any type of compliance program, whether related to human trafficking, conflict minerals, anti-bribery and corruption, or anti-money laundering.”
Good practice for due diligence should include:
- Carry out a risk assessment to determine the level of due diligence required.
All this requires is simply considering what aspects of the third party may be a potential risk factor. For example, what is the scope of work they perform? Is the third party operating in a country ranked poorly by the CPI? Will it interact with government entities or is it owned by them? What commercial terms are they requesting?
As highlighted by Peter S. Spivack in a discussion on third-party fraud and corruption risks, a few vital factors to consider include:
- Geographic risk – what country is the third party operating in?
- Sectoral risk – what industry is the third party involved in? (For example, the extractive industry ranks high amongst all those involved in corruption.)
- Transaction risk – e.g. does the third party represent the company in a public tender?
- Business partnership risk – is the company entering a joint venture or other business partnership?
Companies should consider creating a checklist to help identify areas that could affect the level of risk the third party poses, and this checklist should be consulted whenever the company is considering working with a third party. For some excellent examples of factors to have on a due diligence checklist, read The Master List of Third Party Corruption Red Flags.
2. Have the third party fill in a questionnaire on their anti-corruption systems.
Businesses should ask the third party company questions such as who in the company is required to undergo anti-corruption training, whether or not they have a policy relating to bribes, and what kind of reporting systems are in place.
If there appears to be a lack of detailed, consistent, or even credible answers, then businesses can pull out of business dealings safe in the knowledge that they have made the correct judgement.
An excellent example of a due diligence questionnaire for third parties (which can be adapted) can be found here.
3. Training the third party on anti-bribery and corruption.
If a company decides to go into business with a third party, first and foremost it should share its own anti-corruption and bribery policy, and any other related policies, with the third party. This allows the third party to familiarise themselves with the principal organisation’s required commitment and no-tolerance mentality.
The third party should then undergo anti-bribery and corruption training, so that they are educated and meet required standards. This also shows that the business has taken the necessary steps to prevent corruption, so if an incident of corruption does occur it is possible to show that thorough due diligence was conducted, reducing the risk that the company will be held liable.
Furthermore, training is essential because third parties, particularly in other countries, may have attitudes and laws regarding corruption which differ from the ones required by the UKBA or other legislation. As highlighted on the FCPA blog:
- Third parties are often not familiar with relevant compliance standards and laws as those of the principal organisation.
- They are unlikely to be influenced by ethical culture.
- Because they identify less with the company and its stakeholders, third parties are less concerned about posing a risk to companies than the principal organisation’s employees are.
Therefore, educating third parties on the necessary legal requirements of anti-bribery and corruption will help them recognise that they must be compliant if a business relationship is to continue.
4. Vetting and auditing
Gathering information and verifying that the company is reliable and trustworthy is one of the most vital aspects of a due diligence process. Taking time on a thorough process is needed. Time invested in the vetting process could save a great deal of time and money in the future by avoiding engaging in a contract with a company liable to act without integrity or transparency.
Six key areas that should be covered are:
- Beneficial ownership – Businesses should determine which individual or legal entity owns, controls, and is entitled to the company, and identify all principle shareholders. This can be done by requesting the company registration documentation and having it independently verified.
- Financial background and payment of contract – It is critical to ensure that financial statements are consistent. This can be done by requesting the company’s most recent financial reports/statements from a reputable accountant.
- Competency of the third party – If a company cannot properly provide the services they offer, particularly if they associate with government officials, then the risk of them delivering this service through other, illicit means, e.g. corrupt payments, will be high.
- Public records resources – Businesses should check the public domain or publically available resources, e.g. the Serious Fraud Office, to see whether there exists any adverse news or history of unethical business practices, corruption, or criminal activity associated with the company.
- Reputation – Where possible, businesses should look to acquire references from those who have worked with the company in the past. Interviews with political, business, and social associates can all offer alternative sources for references.
- Approach to ethics and compliance – During the whole due diligence process, note should be taken of whether the third party was open or resistant to the due diligence process. Businesses should gauge and consider their attitude towards ABC and ethical business practices as a whole.
Businesses should consider in particular:
- Past social relationships and connections with government officials.
- Any unusual payment patterns or financial arrangements.
- Whether fees appear commensurate with the services provided.
- Whether or not the company has committed to financial transparency and disclosure of expenses, corporate licensing, other accounting, etc.
- Visiting the business’ address.
- Methods and location of payment; the account to which payments will be made and the type of payment (cheque, cash, etc.).
- Using terms such as ‘investigation’, ‘allegations’, ‘indictment’, ‘crime’, ‘kickbacks’, ‘customer review’, and similar during your search for public records.
For further advice on conducting due diligence, read the guide released by the International Chamber of Commerce designed to help enterprises assess and manage corruption risks when engaging in business with third parties.
It is also important to ensure that the person in charge of the vetting process has the necessary expertise and knows what level of due diligence is needed, otherwise findings may be insufficient and not fulfil the necessary legal requirements. The following should be considered to help assign or source the best individual for the task:
- Does the individual have a credible investigative background?
- What standards must be met?
- By how many years will the vetting need to go back?
- How thorough does the investigation need to be (based on the risk assessment)?
Using an automated system may be a preferred option, particularly for those who have a high volume of due diligence cases. Automated vetting completed through systematic due diligence software ensures consistency and efficiency.
5. Ongoing monitoring
However the due diligence process is conducted, it’s important to recognise that the process does not stop once a contract has been entered into: third parties can and will continue to pose a risk to businesses.
Due diligence systems should, as highlighted by Swift, “include continued monitoring of the performance of the third party, with regular contact, reviews, and visits supported by audits, with up-to-date due diligence, and a continued review of the business need against the potential risks.”
Businesses should consider continued monitoring of the following to guide their third party partners:
- Maintain continuous contact with the third party and have regular contract management meetings.
- Supervise the activities they carry out on the principal company’s behalf.
- Regularly visit the business site.
- Carry out frequent audits.
- View documents detailing the services provided, prior to payment being made to them, so to determine if there is anything unusual about the transaction and whether it’s commensurate.
- When contracts are for prolonged periods, update the due diligence procedure.
- Continually review the business’ need for the third party against potential corruption risks.
Remember: third party companies represent the businesses that they work with, and in many countries the main company can be held accountable for any corrupt activities they engage in, whether they knew about it or not. It’s entirely within the best interest of businesses to expend resources that ensure anti-bribery and corruption is upheld at every stage.