The unprecedented level of cooperation among international enforcement authorities requires clients to adopt a coordinated, multinational approach to business ethics and anticorruption. Standards have changed in recent years. A compliance failure could result in costly investigations, litigation and significant civil and criminal sanctions.

Risk assessment

With changing standards for compliance and heightened penalties for non-compliance, companies need to assess their potential business ethics and anti-corruption risks. A compliance programme will then be structured to address and mitigate the specific risks presented by a particular company’s business operations. Companies often have limited compliance resources and so risk assessments provide the necessary information to deploy those resources strategically for maximum effect.

Compliance and integrity programmes

Any compliance programme must be comprehensive, flexible and deployed throughout the organisation in order to be effective. Regulators have plainly stated that more is needed than mere “paper” programmes. Policies and procedures are only the first step. Companies should seek to create a broader culture of ethical behaviour to mitigate the risks posed by bribery and corruption.

When structuring or reviewing a compliance programme, companies should consider bringing together, in particular, management of corruption and fraud, competition, sanctions and human rights risks. Compliance professionals should be properly integrated with the Legal, Risk, HR, Corporate Communication and Internal Audit departments. Compliance, with support from Legal and Internal Audit, should actively evaluate the risk of non-compliance and how that risk is managed by the company. Significant exposures and control issues, whether relating to particular jurisdictions or types of work, should be reported to senior management and the board.

Governance

Leadership and strategic supervision are key factors of a successful compliance programme. Directors are subject to fiduciary duties and ought to demonstrate a robust commitment to ethical conduct. The Board may delegate the implementation and day-to-day running of their company’s compliance programme but they should consider how they can appropriately monitor its effectiveness on a periodic basis. There have been recent examples of regulatory authorities (in the UK, US and beyond) criticising the passive stance taken by directors when limited information has been provided to them; it is clear that higher standards are being applied and directors must actively challenge the compliance team and demand more information if they feel it is necessary. A failure to do so could in itself amount to a breach of their duties owed to the company and its shareholders. Directors are also responsible for ensuring that a company’s compliance function is adequately resourced and should be aware that as the business evolves, more resources may be required to meet a developing risk profile.

Training

Training is one of the first lines of defence against corruption. In order to limit the incidence of corruption, companies should ensure that their employees are able to identify and report potential misconduct. Training should be practical, clear and tailored to the particular industry roles. It is important that training is not seen as a ‘tickbox’ exercise but rather that it is engaging and ensures that employees can spot issues at an early stage.

Third party due diligence

It is useful to re-evaluate the company’s supply chain. This is because under the Bribery Act 2010 companies may become liable for bribery acts committed by their associated persons. Accordingly, due diligence on third parties prior to the entering of any new contractual arrangement is recommended, coupled with best practice record keeping procedures and contractual provisions which are sufficiently strong to put any third party on notice that bribery and corruption is not tolerated by the company.

Investigations and litigation

Investigations in the business ethics and anti-corruption sphere often span several jurisdictions. A single review of one jurisdiction can give rise to consequences, including litigation, in others. Issues of data privacy laws and the protection of privilege can also complicate the course of investigations. An analysis of all relevant legal and forensic issues should be carried out at the outset of any internal or external investigation and on an ongoing basis as the investigation develops to ensure safeguarding of employees’ rights as well as the company’s compliance with all its obligations and in order to seek to put the company and relevant individuals in the best position vis a vis any regulatory consequences or litigation (civil or criminal).

Fraud and corruption issues are increasingly a focus of international disputes (both litigation and arbitration) and require careful planning and a considered strategy.