Corporate compliance is becoming an important part of transparent and responsible corporate management. Compliance can be characterised by the observation of laws, regulations, recognised recommendations and intra-corporate guidelines. Essentially, therefore, compliance stands for risk management and although this should be taken for granted, it is not. Compliance with business ethics, introduction of mission statements and the defining of visions and values will all assist in complementing successful compliance programmes.
Clean business is good business
Recent bribery and data scandals have helped raise both public and business awareness of the importance of corporate compliance. Emphasis on compliance, business ethics and corporate responsibility forces business owners to question how their business can serve the common good.
Corruption investigations are becoming more frequent in the US and elsewhere, in particular, Germany (in 2007 proceedings in Germany doubled compared to 2006). In light of the international fight against corruption, this trend is sure to persist.
“Everyone should know that bribery is a criminal offence and will be prosecuted.”
Oberstaatsanwalt (senior prosecutor) Anton Winkler, spokesman, Staatsanwaltschaft München I (public prosecutor’s office in Munich), May 2008
It is not only large corporate groups that are affected but also small and medium-sized companies. Controlling economic conflicts through effective risk management is becoming a part of a company’s daily business management. It is vital that constant communication exists between all its service providers in its value chain, i.e. with its employees, consultants, suppliers and customers.
Economic and intangible consequences of corruption for companies
Recently, many international corporate groups have received adverse publicity due to either compliance issues or misuse of data. This is in part due to ramified corporate structures which prove hard to control and also due to their businesses operating in countries where corruption is endemic.
In Germany, fines of over €100 million have been imposed on companies and even higher fines have been paid to the US authorities. Internal investigations also incur high costs which again have reached, in one case, several hundred million euros. The corporate value of a company will diminish as stock prices are reduced and reputation will be lost to an extent not immediately measurable in operational, numerical or concrete terms. According to a recent survey, the total damage caused to the German economy, by proven corruption cases alone, is estimated to amount to €6 billion per year.
This amount does not even take into account indirect damage such as that caused by the loss of reputation, business relationships or important employees. Lengthy investigation proceedings will lead to the loss of productive management time, and this must also be considered.
“The amount of intangible damage exceeds the amount of tangible damage by far.”
Dr Annette Kleinfeld, Business Ethics Consultant
Besides high criminal fines, a company could also face substantial operational costs. If an agreement is concluded through bribery, it may well be void and the services received have to be returned - but only by the active company which had granted the bribe. The company which accepted the bribe may generally keep the services received. In the context of high-volume framework agreements, a medium-sized company might quickly face near-insolvency or at least proceedings for damages at the expense of the company granting the bribe.
Besides state sanctions and the loss of reputation, the company may also expose itself to blackmail and damage its own market on account of price distortion as a result of corruption. A company’s ability to plan will also be hindered by the uncertainties surrounding the duration and amount of the “necessary” payments; benefits and expenses will be incalculable. Even where investigations are stopped in the end, business reputation will still be damaged.
Particularities with regard to prevention, solution and redress
Guarantee of independence of compliance officers
The independence of a company’s compliance officer is crucial to both preventing and solving corruption. Inherent solidarity amongst colleagues or former employees and successors may prevent necessary questions from being asked and existing mechanisms from changing. Compliance structures need to be created in accordance with the corporate and management culture for the necessary changes to be made. Although appointments such as appointing resigned directors to the supervisory board may be beneficial from a corporate point of view, they should be avoided as their lack of independence and potentially biased views compared to a supervisory board member brought in from outside may be counter-productive to effective compliance. Compliance departments need to be able to communicate with operational units and the management. It is essential, however, that compliance officers are able to consider the visions and values of the company and not merely see things from a legal point of view.
Reacting to and compensating for corruption in a company is mandatory
Once a company exposes corruption by its own employee, it must take civil action against them. Corporate bodies have an obligation towards the corporation’s shareholders to act. Their discretion is limited to the question of “how” and possibly “how far” to take any action - there is no question as to “whether” appropriate measures should be taken. There is no way to refrain from civil compensation. Bribe money will have to be claimed back and previous bonus payments will be reassessed on the basis of the facts found. Any fines paid by the company may have to be reclaimed from the person affected, even up to the execution limit. In practice, out-of-court settlements are often reached. However, in cases regarding corporations and their directors, such settlements will need to be submitted to the general meeting for approval.
Influence of cross-national business operations on liability cases
In cross-national cases, the international jurisdiction of a German court should, in most cases, be preferred to proceedings abroad. The domestic jurisdiction works effectively and “better” than those countries which rank lower on the Transparency International’s Corruption Perceptions Index (CPI). The CPI lists countries according to the grade of corruption perceived by public servants, politicians and courts. In 2008, Germany ranked 14th of 180 rated countries. Where the question of jurisdiction is concerned, the European Court of Justice (ECJ) accepts different international venues for employment law claims and for claims from tort. Once judgement is achieved, however, it is important to consider whether the affected person’s assets are abroad. Executions abroad, even within the EU, are difficult despite automated recognition and the execution of civil court decisions. Recognition obstacles, which would be considered illegal under German and international law, might quickly lead to new proceedings in the recognising state despite the German judgment.
How important the choice between the application of German or foreign law is can be seen when looking at the limitation period provisions. The limitation periods for an identical claim can differ by international comparison. Furthermore, where it is possible for the person liable for damages to waive the defence of limitation in Germany, this is not always the case abroad (even within the EU).
Stricter civil and criminal fines, application of FCPA, EU guidelines
The German criminal law and catalogue of administrative offences allow for significant fines and imprisonment of up to ten years in order to fight corruption. Public prosecutors utilise the punishments available to them and courts are willing to presume corruption. The mere fact that executive employees, in particular commercial managers, keep slush funds is deemed to be a breach of trust against the company - no actual act of bribery need exist. The prospect of entering into an economically beneficial agreement at a later date, due to the use of such monies, does not compensate for the financial loss of the company. In a civil law context, however, such as when determining the amount of the claim for damages, a profit made as a result of bribery may prevent a claim for damages.
Criminal prosecution does not stop at national and EU frontiers. The US Foreign Corrupt Practices Act (FCPA) 1977 is becoming increasingly important. If in a corruption case a connection to the US is found, the “long arm” of the FCPA applies and will lead to severe penalties for foreign companies. The transfer of monies via US accounts alone may lead to the application of the FCPA. If US authorities investigate a breach of the FCPA, the manager or employee might be arrested upon their entry into the US, be it privately or on business, as soon as they enter the airport.
The government’s draft German criminal law reform provides for a tightening of the anti-corruption law in Germany. Bribing foreign public officials is already a punishable offence under the EU Anti-bribery Law (EUBestG) and under the international law on combating bribery (IntBestG). The EUBestG, however, only applies to the member states of the European Union and the IntBestG only covers active bribery in international business relations. In future, both active and passive bribery of foreign public servants, soldiers and judges shall be a punishable offence, even if they are not EU members (given that German criminal law applies). The condition of “international business relations” no longer applies. In private industry, both active and passive bribery shall be a punishable offence even if it is not aimed at creating a competitive advantage.
Under the proposed law, the elements of the crime are fulfilled as soon as there is a breach of duty towards the principal, such as if a bank employee grants loans without credit assessment against bribe money.
Key risk areas to investigate
The following are the key risk areas for businesses focused on limiting the potential for corrupt activity, together with advice for companies on how to avoid them or minimise their exposure.
Individuals or companies contracted to provide advice and support to marketing and sales in a particular country often have the ability to assist a company with winning a contract with the aid of corrupt payments, with or without the knowledge of the company. To mitigate the risk of corrupt agents, a company should:
- Document a clear and demonstrable business need for an agent, with an explanation of why other means cannot be used to complete the task. This should be subject to the approval of one or more senior executives.
- Document the case for proposed payments in each instance. Set out clear guidelines to assist an objective determination of proportionate payments.
- Carry out a comprehensive due diligence process which should highlight any “red flags” or “warning signs” that may arise in the appointment, management or payment of an agent; for example, if the agent appears to lack the resources or qualifications to perform its role in the transaction. The identification of any red flags should immediately rule out proceeding any further with the appointment process or continued use of the agent.
- Conduct a face-to-face interview with any prospective agent.
- In some cases, ask the company’s senior lawyer and a committee of external experts to review a proposal to appoint or reappoint an agent. In addition it might be appropriate for the board to endorse the committee’s recommendation.
- Ensure that there is a signed standardised contract for no more than two years between the agent and company before any work is undertaken by the agent on the company’s behalf. The contract should require the agent to adhere to the company’s anti-corruption policies and code of conduct and allow the company to make auditing and compliance checks.
- Ensure that, on appointment and at regular intervals during the term of the contract, the agent receives training from the company on its policies.
- Prohibit cash payments, payments to numbered accounts or off-shore accounts, or payments to third parties.
- Make agents responsible to a specified individual or principal contact within the company and require them to submit regular activity reports on how they are undertaking their contracted services.
- If an agent breaches the contract suspend all payments to them and terminate their contract.
- Require agents to indemnify the company for damages arising from their breach of contract, including recovery of all payments already paid under the terms of the contract.
Companies often employ agents to assist them with the development and delivery of packages designed as part of the procurement process, requiring contractors to provide industrial, commercial or other economic benefits to the recipient country as compensation for the main contract to supply particular goods or services (that is, offset agreements). The risks set out for agents assisting the winning of a main contract also apply to agents’ involvement with offset agreements.
The process for the appointment and reappointment of agents on the main contract must also be followed for agents providing support for the development and delivery of offset agreements. Due diligence should be conducted on all offset agreements.
In most countries, facilitation payments or payments of small amounts to government officials to secure or expedite a routine government action, often to avoid bureaucratic delays or inaction if payment is not made, are illegal. But in some, particularly developing countries, where the risk of corruption can be high, they are commonplace and often accepted as a necessary supplement to the low incomes of junior officials. They may be part of an organised system with a percentage going to superiors.
Some companies allow such payments as they accept that employees may need to make them. These payments must be made subject to certain conditions such as an obligation to report all such payments to the company’s compliance unit and only to make them with the approval of the company’s lawyers.
The better approach would be for companies to explicitly forbid facilitation payments as a matter of global corporate policy, but recognise that it may not be possible to eliminate such payments immediately in some countries. All such payments that continue must be recorded and reported to senior executives and to the board of directors.
Gifts and hospitality
Gifts and hospitality risk being construed as bribes where the value or extent of either is construed as disproportionate and if they impose an obligation, or place undue influence, on the recipient. In this situation, a company should:
- Put together clear rules about monetary limits on gifts and hospitality and define where it is appropriate to give or receive either.
- Set out clearly the levels of senior management approval required with documented justification of any exceptions to the monetary limits.
- Register all gifts and hospitality above a certain threshold; the registers should be subject to regular internal audits.
- Incorporate mechanisms for recording and monitoring the cumulative benefits provided to individuals and organisations.
- Where there are special laws and regulations in different countries, require adherence to these and provide clear guidance in each location.
Mergers & acquisitions, joint ventures, finance
Counterparties, business partners and potential acquirers may well have a very different perspective towards business ethics and related risks, particularly if they are exposed to the far-reaching US jurisdiction. It is at this stage that company policies and procedures relating to the above risks will be tested the most. When entering new business relationships, a company should:
- Undertake ethical due diligence alongside financial and other due diligence procedures, to determine conformity with its code of ethics and to identify risks and where changes in policy and practice are required.
- Require adoption by relevant third parties of its code of ethics and relevant policies and procedures.
- Ensure there is effective communication on standards and guidance and training materials available, with access to key mechanisms such as employee ethics helplines.
General anti-corruption provisions
As a first step, general precautions for the implementation of basic organisational principles will help to avoid corruption offences in the first instance or at least prevent them occurring in the future. By observing the following principles, corruption-prone internal concentrations of power can be alleviated.
- Four-eye-principle: important decisions must always be made by two people (counter-signature).
- Separation of positions: no employee should occupy a variety of important positions.
- Job rotation: for all relevant areas of responsibility, employees should change regularly (avoidance of rigid structures).
- Teamwork: several employees in equivalent positions should work on a project.
- Need-to-know principle: each employee should only have the information they need to duly exercise their tasks (avoidance of over-entitlement).
Particularities of an anti-corruption programme
Introducing an anti-corruption programme is more effective than just taking general precautions. German companies, however, still have a lot of catching up to do and are falling behind in the international fight against corruption. While 53 per cent of North American and 27 per cent of Western European companies have an anti-corruption programme, only 15 per cent of German companies have one. However, once an anti-corruption programme is established, 83 per cent of the German companies find it to be effective. The elements of such a programme are:
Assessment of the company and its markets
- Self-evaluation of corruption risks: analysis of risk areas, in particular high risk countries in which the company does business (as outlined in the annual Corruption Perceptions Index by Transparency International), risk departments (a classic example would be sales departments) and risk processes (processes in the context of contract negotiations and retrieval of payments should always be questioned).
Prevention of corruption offences
- A “Code of Conduct” as a guideline provides directives for all employees (stating Dos and Don’ts) with clear precepts and procedures to be universally observed and leads to deviation from these procedures being stigmatised.
- A Mission Statement is a public commitment by the management to law-abidance by employees. Both the Code of Conduct and the Mission Statement are valuable marketing instruments.
- Internal processes have to be modified and dialogue created between operational units, the management and the compliance department.
- Training serves to increase the employees’ awareness of misconduct and communicate potential problems.
- Anti-corruption programmes have to be communicated and corresponding declarations made by the contractual partners so that it is clear, both externally and internally, that corruption will neither be tolerated inside the company nor with business partners.
Promotion of corruption detection
- Setting up a control and assessment system to enable immediate and independent investigations in cases where violations have been identified.
- Setting up a whistle-blowing-system: this allows for anonymous reporting of violations of the law such as by setting up a hotline or anonymous contact point, increases the effectiveness of the anti-corruption programme and creates a win-win-situation for the informant and the company and ultimately serves as a deterrent.
- Setting up a monitoring system not only for controlling employees but also for continuous assessment of the effectiveness of measures against corruption in the company.
Response and sanctions after detection of corruption
- Communicating a clear and consistent sanction system to the entire company increases acceptance and sensitises employees.
- Subsequent sanctioning increases the company’s credibility, improves its reputation and serves as a permanent deterrent.
- Continuous adjustment to new findings ensures an efficient anti-corruption programme is maintained and cultivated.
Business ethics: a necessary part of compliance programmes
Managers and employers do not usually take compliance risks voluntarily or deliberately. An individual will not usually arrive at the office in the morning intending to cause damage to their contractual partners or employees for their own or company’s benefit.
Visions and true values (such as integrity, fairness, respect, strength, hope, trust, solidarity and peace) need to be defined and their application within a business context discussed. Examples such as Enron have shown that compliance systems alone will not suffice.
Ethical values strengthen compliance programmes
Recent studies show that ethical values and common moral conceptions not only strengthen the effectiveness of compliance programmes but also help to promote positive behaviour. Moral values have a greater influence on behaviour than control or sanction mechanisms and the effects are shown in areas where there are no legal provisions or regulations.
The most effective and efficient protection against business crime for companies is, therefore, steps to reinforce a company’s integrity. By ensuring that employees are attentive and responsible, the risk of a company falling victim to criminal offences is reduced.
Increasingly, the law requires the monitoring of ethical misconduct risks (eg, the Control and Transparency in Business Act – KonTraG). In order to extensively identify risk areas in a company and develop preventive measures on all levels, it is necessary to combine compliance and anti corruption programmes with value management systems. While values provide long-term security, orientation and a sense of identification with the company, rules and regulations help strengthen confidence in critical situations. The introduction of value based compliance management encourages employees to be lawful, rational and moral.
Dr. Kleinfeld CEC – Corporate Excellence Consultancy
The Hamburg consultancy company, Dr. Kleinfeld CEC, specialises in introducing and implementing value based compliance management systems. In its advice, this corporate member of Transparency International combines academic and practical experience on company integrity. The implementation of Compliance & Values comprises the development of ethically substantiated concepts and codes of conduct, the introduction of company-wide value and compliance management systems as well as the translation of these topics into the CSR engagement of a company. Furthermore, the company is vastly experienced in both training and in the communication of these topics.
The owner and founder, Dr Annette Kleinfeld, is one of the first freelance consultants for business ethics in Germany. She is the acknowledged expert for economic and company ethics and holds a doctorate degree in philosophy. She has made significant contributions to the development of the ISO standard on corporate responsibility (ISO 26000) of organisations in Germany. She is also managing partner of ZfW Compliance Monitor GmbH, which implements monitoring and audits for ethics and values management systems. We have asked her the following questions and would like to thank Dr Kleinfeld for her input.
Why are values important in a company?
“In every company, collectively shared values determine the employees’ actions and behaviour. They give, wittingly or unwittingly, an understanding of what is right or wrong and are part of the company culture. Companies that actively want to prevent misconduct support this by enshrining ethical values such as law-abidance, integrity, fairness and respect in their company culture.”
How do you enshrine ethical values in a company?
“In order to enshrine ethical values in a company, culture changing measures are necessary. Ideally, a company gains knowledge on existing integrity-relevant cultural assumptions and uses them as a basis to establish the measures to be taken. Written guidelines, statements and principles are developed and implemented company-wide. It is important to sensitise and train the management and employees from areas crucial to the company’s integrity from the beginning.”
How can the effectivity of business ethics be measured?
“Special monitoring and audits provide conclusions on how appropriate and effective prevention measures are. Many companies tend to over-regulate, which can be counterproductive. By using special analysing methods it can be determined if and to what extent company values show effects and how they coin company culture. Both business ethics and compliance should determine a company’s DNA. Employees need to know how to act (compliance) and why they act that way (values). In this way companies find out what is accepted and where more or less action is required. A good and normally easily accessible indicator is the amount of queries or reports with regard to misconduct made after the respective programmes have been introduced. This is referred to as the “control paradox”: companies which use compliance and business ethics programmes detect more cases of misconduct more frequently than other companies. A high number of reports is to be seen as a positive thing as they show that employees are engaging in the subject and where improvement is needed. Quick reactions and transparent solutions support the likelihood of misconduct being reported and strengthen the company's integrity.”
Which are the factors of success in value-based compliance management systems?
“Authenticity and credibility to the inside and the outside are decisive for the success of value-based compliance management systems. All management levels need to uniformly support this system and the ethical value orientation and set an example by following it unconditionally. Implementation in all corporate areas needs to be ensured continuously. Misconduct must be persecuted and sanctioned consequently. Furthermore, constant communication and training as well as an evaluation and continuous enhancement are imperative.”