The business intelligence firm, Control Risks, together with the Economist Intelligence Unit undertook a survey earlier this year to examine international attitudes to bribery and corruption and their report was published in September. We are grateful to them for sharing it with us at the Bribery Library. This report is particularly useful to companies around the world which are considering putting in place new anticorruption procedures, possibly for the first time.
The survey canvassed general counsels, senior corporate lawyers and compliance heads in more than 300 companies around the world.
The results confirmed what we have ourselves at the BriberyLibrary long suspected, that it is apparent that international companies have
“disturbing gaps when it comes to dealing with the dangers of bribery and corruption. Indeed, the findings suggest that organisations may not be prepared properly should they be exposed to a corruption scandal. Based on this research it would appear that too many companies still fall short of best practice in their anti-corruption compliance programs…”
Interestingly, of those 300 companies surveyed, 13 organisations thought that there was a 90% to 100% chance that their company would be required to investigate a suspected violation of anti-bribery laws involving an employee in the next two years. A further 60 organisations (19%) thought that it was “somewhat likely” (a 60% to 90% chance) to be investigated but less than one third thought that it was very unlikely. It would be fascinating to see whether that latter one third category has its anticorruption compliance in tip top order.
Pressure to pay 58% of respondents cited “operational” bribes as the main cause for concern. By contrast, only 29% referred to the “classic” corruption risks associated with winning business such as demands for bribes to secure contracts.
Prevention is better than cure
The report goes on to say that in order to assess the extent to which “adequate procedures” were embedded within organisations, respondents were asked to identify which standard anti-corruption measures were in place in their companies. The responses from those surveyed point to significant gaps in their anti-corruption initiatives.
- Only 50% of those surveyed had due diligence procedures in place when selecting local business associates, despite the known risks. International legal practice makes it clear that companies may not claim ignorance of a third party paying bribes on their behalf if they have done nothing to prevent such malpractice in a high risk environment.
- 35% of companies surveyed do not have formal policy statements for bidding bribes. 47% of those questioned do not have policies or statements banning “facilitation payments”. It may seem surprising to some that two and a half years after the Bribery Act came into force that a substantial percentage of companies still do not have a formal anti-bribery policy statement.
- 91% of respondents state that they have no specialised anti-corruption training for employees in high risk areas. Further, 74% of companies have no anti-corruption training programs in general. These statistics support the strong inference that business organisations have been very slow to get to grips with protecting themselves against the risk of a prosecution under section 7 of the Bribery Act, corporate liability – a failure to put in place adequate procedures.
- 64% of those companies surveyed have standard clauses in contracts with subcontractors and consultants, stating that they will not pay bribes on the company’s behalf. Clearly the 36% that have no such contractual clauses are leaving themselves exposed to a number of issues, including ultimately an unlimited fine.
- Only 40% have whistleblowing lines where employees can make confidential reports on concerns relating to corruption.
Suspected violations: would you “self-report”?
When companies come across evidence that an employee may have paid a bribe, they need to decide whether to disclose the incident to the authorities and, if so, when. Every case needs to be assessed on its own merits, subject to expert legal advice. Control Risks report concludes that the appetite for self-reporting is much greater than it has been in previous years, which we are sure that the SFO will regard as a step in the right direction.
- 68% of respondents said that they were more likely to self-report to regulators now, if they came across a suspected bribery case involving an employee than they would have done in the past.
- Just over half of respondents said that if a suspected bribery violation came to their attention, they would report their suspicions to the regulators first – even if the details were uncertain – and would then conduct the investigation. Control Risks offers the view (with which the BriberyLibrary concurs) that it would usually be wiser to conduct the internal investigation first, with a view to gathering the maximum amount of information as quickly as possible, and then report to the authorities once the situation is clear because as soon as companies self-report, they in effect lose control over the investigation, as the pace and structure of the investigation will have to be agreed with the SFO.
- 31% of respondents reported that they would conduct the investigation first and self-report only if the violation were confirmed. A smaller group (15%) said that they would investigate and report the violation only if it were confirmed and likely to come to the attention of law enforcement in any case. This is obviously a judgment call on the company’s part but they are obviously placing their bets against the likelihood that a whistleblower will not come forward and report them to the investigating authorities. Disgruntled employees and contractors by their nature do not stay quiet forever though.
May we say that our friends at Control Risks have done an excellent job in compiling this illuminating report which gives some very useful and somewhat shocking insights into the rather patchy adoption of adequate procedures by companies.
To recap: under Section 7 of the Bribery Act, a company will only have a defence to a prosecution of the company itself where it has put in place adequate procedures. Therefore if individuals associated with the company (whether they are employees, contractors, joint venture partners and so on) commit an offence of bribing another, the company may also be liable if adequate procedures had not been put in place.
Adequate procedures are therefore a form of insurance policy against the risk of one or two “bad apples” within the organisation. Based on these statistics, it seems fairly likely that some companies will learn the hard way about the benefits of putting in place a proper compliance program for anti-corruption risks when they are later investigated and prosecuted. Those companies will be the ones who are named and shamed when they are investigated/prosecuted.
A copy of Control Risks’ report is here.