A few days ago Ernst & Young published their latest report “European Fraud Survey 2011” . If you haven’t read it, it is salutary reading, and probably in fact essential reading for business leaders and compliance managers who are trying to decide whether they should invest their organisation’s time and money in developing a new, up-to-date, robust anti-bribery compliance programme. If justification for investing in your organisation’s defences and safeguards against a damaging and costly prosecution were ever needed, here it is in this report.

The Survey used researchers who spoke to a total of 2,365 people in 25 European countries in both developed and developing economies.

I will cite a few of the report’s findings:

• Almost 1 in 5 of company employees, regardless of grade, consider it to be acceptable to pay bribes to win or retain business. (That could amount to an awful lot of prosecutions, if they actually behave like this).
• 59% of those interviewed expect management to cut corners in order to achieve targets and half of management agrees.
• Two thirds said that bribery and corruption are widespread in their country and according to 40% of them has become worse during the economic downturn.
• Only 56% are aware that their company has an anti-corruption policy.
• 53% think that bribery and corruption are too widespread to be tackled.
• More than one third of all respondents are willing to offer cash payments, gifts or entertainment to win business.
• Less than one third of respondents believe that their company had increased its efforts to combat fraud.
• Only half say that employees in their company comply with its code on anti-bribery and anti-corruption.
• Less than half of German correspondents believe that there is a commercial advantage to ethical behaviour.
• 43% could not identify who they should contact within their company if they had concerns about impropriety.
• 75% believe that there is a commercial advantage to ethical behaviour.

 Ernst & Young’s conclusions are nothing short of damning:

1. “Management is failing to set a strong tone at the top of many organisations and, in many cases, is prepared to do whatever it takes to succeed ”

 You may recall that this is the 2^nd principle which was set out in the British Government’s recent  “Guidance about procedures which relevant commercial organisations can put into place to prevent persons associated with them from bribing (section 9 of the Bribery Act 2010)” .  You may also recall an earlier post by one of my colleagues, Rose Parlane, on the Guidance, on 30^th March 2011.

It should also be recalled that if the company or an associated person commits an offence under the Bribery Act, the individuals and the company itself and any directors or officers of the company who knew of or connived in the offence may be liable to prosecution.

 2.    “A persistently high level of employees are willing to behave unethically”.

The message seems to be that this is because employees are desperate to land new business in the current difficult economic environment, and are willing to take risks. Well that’s human nature I suppose, but I wonder if they aren’t really aware of the stringency and tough penalties of international anti-corruption laws such as the Bribery Act and the FCPA. This may be a direct result of the failures reported by E&Y in their third conclusion, below.

 3.    “Companies are not doing enough to implement and communicate anti-fraud and anti-corruption measures”.

Communication is the 5^th principle in the Guidance. This takes the form of developing policies and procedures and then incorporating them into all your contractual relationships and then training all those people who are “associated persons” under the Act i.e. those performing services on behalf of the organisation. This would be not just employees, although they are a major and obvious category, but also consultants, contractors, joint venture partners, distributors and so on (see older posts on this blog site with “associated persons” as a tag line).

I fully concur with E&Y’s several key recommendations on how organisations can respond to these problems but the one  I would most highlight, and which organisations seem, in my experience, to be most reluctant to get to grips with is the need to conduct at the outset a fraud, bribery and corruption risk assessment and to then to take a risk-focused approach to who should be trained, on what, in which manner and how often. My experience to date has been that in order to comply with the new Bribery Act companies want to start training their staff as soon as possible, and to begin with their UK based staff. This focus on the UK first appears to be due to the belief that UK prosecutors would focus on the UK operations, but this is in my view a mistaken belief. I believe UK prosecutors who decided to commence an investigation would probably start with the view that in all likelihood the UK operations and business would be low risk, so, on the contrary, they would ask the company for details of their foreign operations, evidence of their internal risk assessment report, details of the training in any high risk countries, and a copy of due diligence reports in those countries on associated persons. 

To put in place policies and procedures and to undertake training without carrying out a detailed risk assessment would be to miss the point of the risk-based approach to implementing a compliance programme, and without that risk assessment, the prosecutors may well decide that the company hadn’t taken seriously its obligations to prevent bribery and corruption. They could take the view that the compliance programme was merely a paper tiger and that it has no teeth, and that therefore it would not constitute a defence to the section 7 corporate liability offence.

Some organisations appear to think that the cost of internal risk assessments is unnecessary as they think they know their own risks, and what’s more they don’t want to spend the money in these economically lean times, but of course, as noted above, it seems to be the leanness of the current times which is leading people to being unethical, cutting corners, committing offences and trying to boost their organisation’s incomes. So protecting your organisation now is more important and imperative than ever.

The game changer will be when the UK Serious Fraud Office starts to prosecute British and foreign companies under the new Act. This won’t start for a while yet as it will only be for offences committed on or after 1^st July 2011 (offences committed up to 30^th June will be under the existing hotch-potch of law), so there will be a time lag of a few months at least before prosecutions commence. Once a few companies and directors have been dragged into the dock, other companies will start to realise the need and benefits of undertaking compliance programmes properly.  

In the concluding words of E&Y’s report, with which I completely agree:

“It may not be easy to embed the necessary changes to internal corporate culture required to mitigate the challenges posed by unethical conduct. Our survey has indicated that companies struggle to ensure that what they have in place on paper is actually reflected in the underlying behaviour of their staff.

It is only through a concerted, risk-focused effort that targets areas of potential exposure that firms will be able to meet the expectations of regulators and, ultimately, their shareholders”