This article is drawn from the author’s keynote speech to ACEC Summit 2013, the annual conference of the Association of Consulting Engineering Companies - Canada. It identifies five key elements of a corporate anti-corruption initiative.

What’s At Stake

Earlier this year, Corruption of Foreign Public Officials Act (CFPOA) was strengthened, and its reach extended, by passage of Bill S-14. The RCMP is actively investigating numerous allegations of foreign corrupt practices[1].  Several charges have been laid over alleged violations of the CFPOA in relation to the Padma Bridge project in Bangladesh.

Even before the amendments, CFPOA convictions carried stiff penalties. When Niko Resources pleaded guilty in 2011 to bribing a public official in Bangladesh, it was fined $9.5 million and ordered to implement a comprehensive compliance program. Meanwhile, Griffiths Energy International was fined $10.35 million after pleading guilty in January to an offence related to an oil and gas contract in Chad.

Non-criminal sanctions include debarment from the procurement process (in other words, blacklisting), such as by the World Bank or by Canada’s Department of Public Works and Government Services. Public Works keeps adding to the list of offences that render a company illegible for federal work. In 2010, it added corruption, collusion, bid-rigging and other anti-competitive activity. One year ago, it added: money laundering; criminal organization activities; tax evasion; bribing a foreign public official; and drug offences.

Meanwhile, Quebec has taken a similar approach under the Integrity in Public Contracts Act. Contractors need prior authorisation to bid on contracts worth more than $40 million. And contractors will be disqualified if they, or a controlling shareholder, or director or officer, have or has in the last year been found guilty of any of 36 offences under the federal Criminal Code, 11 offences under the federal Income Tax Act, 12 offences under other federal statutes, and a total of 49 offences under 26 different Quebec provincial laws.

On top of these consequences, corrupt practices, and even allegations of corruption, can be devastating to corporate reputation, your company’s most important asset[2].

What can companies do to remain compliant with the CFPOA and other laws?  How should Canadian businesses continue the fight against corruption and bribery?

The Five Keys

  1. People
  2. Structure
  3. Policy
  4. Process
  5. Culture

To change the behaviour of an organisation, one must act in each of five categories:

People:  The identities of the individuals within the organisation, and their strengths, skills, experiences, values and competencies.

Structure:  The duties and function (including job description) of each individual in the organisation, the supervisory and reporting relationships, and the division of the organisation into work units or teams.

Policy:  The rules governing the operation of the organisation and the conduct of individuals within it.

Process:  The methods (which may or may not be documented) by which individuals perform their functions, communicate with one another, receive and share information, and make decisions. Process also includes the methods used to monitor compliance, and to educate, train and develop individuals.

Culture:  The values, attitudes and style of the organisation, as reflected by its leadership and exhibited by the individuals within it.

The performance of an organisation depends on all five factors. To effect change, one must align all five in the proper direction.

Addressing any one factor, in isolation, is insufficient to effect change or to achieve success. A sound structure may be compromised in the absence of good processes or because the wrong people are in it. Good process and sound policy may be written on paper, but are meaningless if the prevailing culture is antithetical to what is documented.

Sometimes employees will be pressured to pay bribes or kickbacks or to act in a manner they know is wrong. It happens. And the pressure is real.

380 years ago, Galileo was forced to renounce the heliocentric model: forced to declare that everything revolved around the earth, contrary to fact and his belief. In the face of horrible pressure, even great people back down. It’s especially hard to resist pressure when you feel that nobody is backing you up - feel that you’re all alone.

You will never completely remove external pressure to bribe or to engage in corruption. What you can do is give your employees the strength and the support to resist that pressure.

Surrounding them with the right people, establishing a sound structure, adopting proper policies, implementing good process, and maintaining a culture of compliance: these methods, combined, will help your employees to withstand the pressure to act unethically.

  1. People

Selecting the right people is critical. It is no understatement that any attempt to improve compliance will fail if the organisation includes people who actively disregard ethical and legal concerns. Inside the company, there can be no room for any individual whose conduct has been inconsistent with your anti-corruption effort.

One mistake is to tolerate the wrong individual - that is, someone who is a compliance risk - on the ground that he or she brings superior value to the organisation. This is especially true of your agents in foreign countries.

Perhaps that individual is the “go-to guy,” or “go-to woman,” in Moldova, somebody said to be well connected in Chi?inau. One might be tempted to conclude that the legal compliance risk must be balance against the individual’s contribution.

The problem with such balancing is obvious. Legal and ethical compliance either is absolute, or is not. Absolutes do not get balanced against other factors.

Should your company ever decide that somebody’s business value is worth tolerating diminished legal compliance, then you have already abandoned the goal of lawful and ethical conduct.

Because agents, sub-contractors and suppliers pose great compliance risk, they must be formally vetted before they are engaged. Many compliance-sensitive companies and organisations require potential suppliers to undergo background vetting before the suppliers are permitted to provide goods or services.

A typical background vetting process will:

  • identify the individuals who ultimately own and control the subcontractor;
  • identify the individuals who manage and direct the subcontractor’s operations;
  • satisfy the purchaser that the sub-contractor will act in an ethical and lawful manner;
  • confirm that nothing in the subcontractor’s past or in its present practices, of those of individuals associated with the subcontractor, could be injurious to your company’s interests or reputation; and,
  • disclose any legal proceedings, investigations, charges or convictions involving the subcontractor or individuals associated with it.

You should also make subcontractors and suppliers submit to formal verification or audit of the background information the suppliers have provided.

  1. Structure

Next, structure. Specific people within the company such be assigned operational responsibility for the compliance program. They also need the resources and authority to do so.

Further, compliance won’t occur if it’s seen as somebody else’s responsibility. Everybody has to feel invested in the problem, and to feel accountable for lawful and ethical behaviour.

Last, but most important, is support and leadership from the top. The board of directors and the CEO must buy into the compliance program, approve it, and oversee its implementation.

  1. Policy

Third, policy, starting with standards and procedures to prevent and detect criminal conduct.

You should adopt a code of ethical conduct for employees and a code of ethical conduct for suppliers. A code of conduct is not an admission of ethical lapse. On the contrary, a code of conduct is now widely understood to be a best practice.

Because the operations of suppliers are also an area of legal-compliance concern, you should adopt a separate, and similar, code of ethical conduct for suppliers. The behaviour required by the codes of conduct should include compliance with all applicable laws.

  1. Processes

Fourth, processes. These should include a risk assessment, a compliance plan to address the risk, regular communication with employees, and training, so they know expectations and how to meet them.

Compliance training should be mandatory and wide-ranging. Training must be part of the formal on-boarding (post-hire) process for all new employees. Refresher training in all topics should be mandatory, and provided at least annually.

The processes must also include monitoring and auditing to detect criminal conduct - including compliance audits of your agents and sub-contractors.

Sound process also requires clear discipline for misconduct, including zero tolerance for law breaking.

Some companies only half get it. In the event of a public ethical lapse, they will take swift action, often terminations, to let customers and regulators know how strongly the company feels. However, the issue isn’t just public relations. Imposing consequences is about more than sending an external message. It has an internal effect, too. Meaningful consequences are essential in order to change behaviour, to eliminate non-compliance and to reduce risk.

In other words, corrective action is not a communications exercise. It is formative of the team.

As a final note on discipline and corrective action, recall that equally important are positive incentives for employees who act lawfully and ethically.

  1. Culture

Last, culture. Start by setting a tone of legal and ethical compliance. The culture must always be, “do your lawful, ethical best.”  Not, “do what it takes.”

Bob Haldeman, former chief of staff to President Nixon, was sent to prison in 1977, but later became remorseful for his role in Watergate. In his book, The Ends of Power, he said this about culture:

“I put on too much pressure, and in the process laid the groundwork for the mental attitude that ‘the job must be done’ which badly disserved the cause when Watergate struck.

“By then, our whole crew was so strongly indoctrinated in the principle that there were to be results, not alibis, that they simply once again swung into action … doing what they felt was expected of them.”[3]

The culture to avoid is the sort embodied by Niccolò Machiavelli’s advice that the end justifies the means. Do not blindly reward bottom line results; instead, reward results achieved properly.

Machiavelli also urged his prince, “to guard yourself against flattery … by making men understand that telling you the truth will not offend you.” In the compliance context, that’s good advice. You must maintain a culture where employees are not afraid to speak the truth, to flag unlawful or unethical behaviour, to blow the whistle.

In fact, your company should maintain a whistleblower policy that encourages employees to step forward, that protects them from reprisals, and that permits anonymous tips and disclosure.

Consistent with a whistleblowing culture is a culture that avoids wilful blindness toward compliance risks. Sometimes there’s a sign that the situation doesn’t look or smell or feel right. The U.S. Securities and Exchange Commission calls this a “red flag” - a signal of potential corruption.

What are some of these hazard signs?

  • An agent or supplier seeking a fee higher than the market rate for that service in that country.
  • An agent budgeting for significant expenses, or claiming unreceipted expenses.
  • An agent talking about making political or charitable donations.
  • An agent that refuses to be audited.

The US SEC lists additional red flags, including an agent who works for you and for the government at the same time, and a country where corruption is pervasive.

Overall, you must maintain a culture where red flags are addressed, not ignored.

To recap:  People. Structure. Policy. Process. Culture.

It Takes Two to Bribe

Now some companies ask, with justification: “Why only us? All the focus on the companies doing business abroad. Why no focus on the foreign officials who shake us down and demand the bribes?”

As Theresa Tedesco has written, all the attention gets paid to the supply side of the bribery market, while the demand side is ignored[4]. That’s an excellent point. There is a double standard. The solution, however, is not to relax the rules on business. The solution is to be firmer with developing nations that benefit from infrastructure and aid. Canadian businesses should demand of politicians that our Government, and the international bodies it supports, insist that the developing world enforce anti-corruption laws or risk losing aid.

Canada’s Role in the World

In closing, allow me to share a story from my own experience[5].

While he lived, Muammar Gaddafi was a brutal despot. His regime systematically tortured political prisoners, caused the disappearance of political opponents, engaged in massacre, supressed free speech and a free press, and trampled the rule of law. As a symbol of his values, Gaddafi gave haven to Abdel Baset al-Megrahi, the Lockerbie bomber, a convicted mass murderer of 270 innocents on Pan Am flight 103. Gaddafi offered al-Megrahi a hero’s welcome, even embraced him in a bear hug.

With full knowledge of Gaddafi’s despotism and human rights abuse, Canadian companies, several significant Canadian companies, chose to do business with the Libyan regime.

In September 2009, it happened that Gaddafi needed to refuel in Newfoundland after visiting the United Nations. The Government of Canada issued a statement condemning Gaddafi’s support for the Lockerbie bomber, and pledging to raise the issue when he stopped to refuel. As a result of the statement, Gaddafi decided to refuel somewhere else, not in Canada. But that wasn’t the end of it.

Soon after, we began to hear from companies in Libya that the regime was harassing them, interfering with their operations. And these Canadian companies wanted the Government to help.

Only they didn’t want the Government to stick up for them. They didn’t want Canada to say, “Cease and desist; you can’t treat Canadians that way.” Instead, they wanted an apology. They wanted the Government of Canada to apologise to Gaddafi.

The outside world knew him as Colonel Gaddafi, but apparently in Libya he was “Brother Gaddafi.” And so these big Canadian corporations lobbied us, repeatedly, asking that the Government of Canada, “Please say ‘sorry’ to Brother Gaddafi. ‘Sorry for mentioning the Lockerbie bomber. Sorry for pointing out that you support terrorism.’”

I spoke directly to one CEO, who told me that Brother Gaddafi had been deeply insulted. This loss of face was not seen favourably in the Arab world. My reply was that blowing up airplanes was not seen favourably by decent people the world over. I asked whether his company wanted Canada to water down its opposition to terrorism. Not water it down, he said; just explain it was all a misunderstanding.

“Brother Gaddafi” never got his apology, obviously. And those companies didn’t get a sympathetic reception from the federal government. If you choose to do business with a rattlesnake, you can’t complain when you get bitten.

Personally, I was stunned at what some Canadian businesses had become - not just doing business with a human rights abuser and funder of terrorism, but becoming his mouthpiece.

How does my story, about consorting with a repressive regime, relate to bribery and corruption? They’re both about the ends to which businesses will go to make money, and about Canada’s reputation abroad.

Most Canadians feel good about our international contribution: Liberating Europe at the end of World War II; UN peacekeeping; welcoming immigrants and refugees. By and large, Canada is a force for good. Young Canadians wear the maple leaf on their backpacks with pride, knowing that our contribution is making the world a better place.

During the Gaddafi incident, as I saw the leadership of key Canadian corporations fetching water for a murderous lunatic, I wondered:  Are these companies living up to the image that young Canadians have of our international engagement, or are they putting a lie to it?

And what of Canadian businesses today? Is your international activity a credit to Canada? Is it a contribution of which Canadians would be proud? Are you living Canada’s values?

Canada’s corporate leadership possesses the strength, the wherewithal, and the rectitude to do just that.  Our businesses are up to the challenge:  To compete in the world, and to succeed, while remaining true to yourself and true to our values.