In February this year, the Serious Fraud Office obtained its first successful conviction against a company under section 7 of the Bribery Act 2010.
Sweett Group PLC pleaded guilty to a charge that it had failed to prevent an act of bribery by a subsidiary company that was intended to secure and retain a contract. It was ordered to pay £2.25 million in fines, confiscations and costs. The case is a reminder of why anti-bribery and corruption needs to be firmly at the top of the corporate agenda.
Yet despite the risk represented by a failure to comply with global regulatory standards, research conducted by Hogan Lovells indicates that implementing comprehensive compliance programs on a worldwide basis remains a key challenge for compliance teams.
Lack of understanding
While many companies have anti-bribery and corruption policies in place, 66% of Chief Compliance Officers (CCOs) say that their organisation is better at developing guidelines than enforcing them, and more than half say that many people in their organisation do not know what their procedures and policies are.
A fundamental "backbone" of a robust compliance policy is encouraging employees to report concerns and seek advice. This allows an organisation to identify and understand its compliance risks and incidents, and take steps to remedy them. But the research shows that around 40% of companies do not have a whistleblowing hotline, even though offering such a helpline is one way a company can demonstrate that it takes compliance seriously.
These figures suggest that, in addition to having policies expressly designed to deal with bribery and corruption risk, companies also need to make sure that policies are rolled out across an organisation in a way that ensures that staff are both familiar with them and understand why they are important.
So what would an effective approach to the issue include? At a fairly basic level, a company's approach to reporting should ensure that employees understand:
- The situations that could give rise to risk for the business and how these should be escalated;
- How to report concerns; and
- The organisation's internal whistleblowing scheme, with guidelines on when it applies and how to use it.
In addition, there should be training for staff on the company's risk management, whistleblowing and reporting programmes and the legal team should be able to access external legal advice where necessary.
However, a policy and training programme that simply included those matters would be a fairly "light touch" approach to the bribery and corruption issue.
As such, it is unlikely to be suitable for an organisation that has a higher risk profile, for example because of the sector or geographic location in which it operates, its level of interaction with government at national or local level, or the need to use third parties to provide services.
Such organisations are likely to want to adopt a more comprehensive or advanced approach to reporting concerns and seeking advice. Such a programme could include:
- More detailed and specific examples of business incidents and risks and explanations of how these should be escalated, recorded, investigated and managed. These procedures should be regularly reviewed and overseen by senior management.
- User-friendly and confidential reporting and feedback channels which are clearly established and have an appropriate range of tiers for the size of the organisation. These channels should be supported and encouraged by all levels of management.
- Whistleblowing schemes that are publicised and encouraged by management. The scheme could be handled by an external specialist company, offer the facility to report anonymously (where this is permitted by national law) and be open to third parties in the context of a contractual or commercial relationship. Effective whistleblowing schemes are likely to include a commitment to keeping the identity of whistleblowers and the details of any report confidential, written guidelines setting out the thresholds for "blowing the whistle" and an outline of the investigation procedures that will be applied.
- Compulsory training for staff on risk management, reporting and whistleblowing as part of the induction process and at regular intervals after that. Such training should be tailored to specific roles within the organisation and encourage staff to consider, discuss and report any concerns they may have. Ideally the training will be designed to be interactive, engaging and memorable, so that the required behaviours are understood and applied consistently. Tailoring training to individual markets will enable staff to apply the training to real-life situations. Training could also incorporate testing to check whether staff have understood and are able to apply the policies.
- Finally, company-wide policies should explain when and how external legal advice should be sought and/ or other external channels which could be of help, such as an Employee Assistance Programme.
The role of HR
A company's human resources team should be at the forefront of applying a company's anti-bribery and corruption policy; HR teams should work closely with their counterparts in the compliance team and be familiar with the company's code of conduct and compliance procedures.
One area of tension where the HR team's involvement may be helpful is the potential conflict between compliance and business pressures to achieve targets – 59% of CCO's say that employees' fear of losing their jobs if they do not achieve sales targets is one of the biggest challenges when seeking to reduce the risk of bribery and corruption.
HR and compliance teams can work together to set anti-bribery and corruption policies in context so as to minimize the tension between these competing factors.