When did HR absolve themselves of responsibility for people issues? Prior to the commencement of the Bribery Act in 2010, when I was being instructed on an investigation into employee misbehaviour, such instructions would usually come via the HR team. But since the Bribery Act, everything seems to have changed.
Now I'm sure that HR teams up and down the country didn't choose to absolve themselves of responsibility for one of the most significant categories of employee misbehaviour. I'm sure they didn't just conclude that bribery was in the 'too difficult' or 'too important' box for them to handle.
But, for whatever reason, when the finance team decided it should be within their own team's remit, there were few in HR who pushed back. As a result, I suspect that is about to come back and bite some on the derriere.
To be fair, the approach that most companies took to mitigate their bribery risk was really quite basic; they simply put a policy in place and required that everyone undertake a dull elearning course so that the company could show they had ticked the box.
Unfortunately for them, the Serious Fraud Office (SFO), who effectively acts as both regulator and prosecutor, is making it clear that a tick-box exercise simply isn't enough for a company to avail itself of the defence that it undertook 'adequate procedures' to prevent bribery.
From talking about the need for a risk–based approach at the outset, the SFO has moved to a position where it is suggesting that risk assessments should be carried out on all relevant business decisions. And if that's what is required, and the company finds it can't avail itself of the defence at the point it needs to, you can be sure that heads will roll.
Fundamentally of course, bribery is a people issue. Whether such behaviour is driven by a bonus scheme, pressure on sales people, or the culture of the company, these are all things that sit firmly in HR's remit. Given that people issues, and bribery in particular, are complex problems, they require both sophisticated and holistic approaches in response.
So here's another way of thinking about it. Is there any chance that your reward strategy could actually be driving risky behaviours? How does the company's culture either support or discourage bribery? And if these HR issues could have an impact on the likelihood an employee might be driven to bribe in the course of his work, should you be carrying out a risk assessment in respect of them? And if you've already done that, should you now be thinking about what you could be doing to mitigate the risks posed? How many of you are?
But just in case none of that strikes a chord with you, here's a final thought to leave you with… if you haven't carried out a risk assessment in respect of the policies I've identified above, and if you have done nothing to mitigate against those risks, when the company is looking down the barrel of an SFO investigation, who'll be the one who finds them self in the firing line?