Point of View

Anti-corruption isn’t Legal’s job. It’s yours.

CXOs must protect their firms— and themselves—with robust risk management

  • Facebook
  • Twitter
  • Linkedin
  • Email

If you don’t understand anti-corruption laws in developing markets you can badly damage your company’s brand. Worse, your executives could land in jail. It doesn’t help to hire more lawyers, though. It’s much wiser to put the focus where it should be—on everyday process operations.

As globalization brings businesses to developing countries, many companies encounter corruption for the first time. Countries with a high Corruption Perception Index—public sector corruption as measured by Transparency International—present unique problems. That’s especially true now that regulators are expanding the definition of bribery and taking aggressive action against companies with poor compliance mechanisms.

Stiff fines and even jail time await executives found guilty of non-compliance with legislation such as the Foreign Corrupt Practices Act (FCPA). With more than 210 FCPA enforcement actions and $10.5 billion in penalties to date, CXOs are realizing that legal can defend the enterprise—but only after the damage is done. Day-to-day anti-corruption efforts fall directly on the CFO’s shoulders.

Take a copy for yourself

Download PDF

Key to ABAC: An effective finance operating model

Enterprises in every industry must demonstrate a strong compliance program on demand. That has turned anticorruption into a high-spend area, with over half that spend directed at developing countries. Regulators now insist that the law covers any form of corruption leading to third-party involvement or benefit. So poorly vetted suppliers and uninformed or rogue employees can cause real trouble for an enterprise. Yet most companies don’t have robust digital technologies in place to help prevent violations.

CFOs often assume that the legal department owns the compliance program. In reality, the controller owns the processes that expose a company to risk—sourcing, procurement, order creation, and billing, for example. Legal must approve contracts, but it doesn’t screen vendors or monitor accounts payable processes that may be vulnerable to corruption. That’s why an effective finance operating model—one that enables companies to manage day-to-day compliance efforts at the business-process level—is critical to anti-corruption efforts.

An integrated approach to anti-corruption

Operating models with a holistic approach to anticorruption perform the best (figure 1). Of course, it’s important for executives to pay attention and enforce global policies, especially in high-risk countries. But operating models can help because they take advantage of local legal process, technology, domain expertise, and analytics. Key elements include:

Ongoing monitoring: Continuous assessment of high, medium, and low risks requires good processes and supporting technologies. Tighter processes and analytics will help screen out high-risk vendors and track behavior to spot potential problems. One global footwear and sports apparel retailer used a partner’s global reach and analytics capabilities to assess vendors in seven high-risk countries. The result: better FCPA compliance, and a governance framework that actively manages 120,000 vendors and mitigates corruption risk in all 150 countries where the firm operates.

Legal’s knowledge of local laws, coupled with finance’s experience with the vendor landscape and process requirements, should inform all anti-corruption policies and procedures. Dashboards, automated workflows, and governance mechanisms can directly support document creation and storage, exceptions handling, and other elements of anti-corruption legal requirements at the process level. Additionally, analytics can provide builtin alerts so you can quickly bring in the appropriate authorities when issues arise.

Technology: Today’s powerful digital technologies can help spot and eliminate potential risks. Companies should adopt workflow-based technology to conduct FCPA risk procedures because these tools send risk assessment surveys in real time. They also make it easier to analyze, score, and aggregate results over geographical and business areas. And with advanced visualization techniques, decision-makers can focus on potential high-risk processes with greater precision.

The combination of robotic automation, language-neutrality tools, and collaborative reasoning analytics can also vastly reduce the manual auditing. Collaborative reasoning tools can scan records and spot exceptions to established business rules. As the software learns what an acceptable deviation is, it can proactively eliminate false positives without human intervention. Another advantage: Robotic automation frees people from repetitive tasks. It does more and makes fewer errors.

Continuous assessment of high, medium, and low risks requires good processes and supporting technologies.

Here’s what we mean. A typical automated process might receive vendor records in Chinese for an FCPA audit. Today’s robots can engage the language neutrality tool to translate and format the file according to the company norm. They can then scan selected fields for red flags, such as bad publicity, legal investigations, overpricing, or lawsuits. The robots alert people to exceptions, scan reports, and send them to the right people for substantive testing to determine if the sample is a true hit or a false positive.

For digital technologies and analytics to have real impact, companies should consider combining them with designthinking methods, Lean principles for end-to-end process redesign, and domain knowledge.

Training: Companies should set up a formal, ongoing training program for all staff to raise awareness of regulatory requirements and anti-corruption efforts. Training is especially important for people who interact directly with vendors and customers, and those dealing with new geographies. This program should include e-learning training modules in multiple languages along with classroom time. Participants should come from finance, sourcing, and HR in high-risk sites. Good modules include real-life practical insights and highlight day-today compliance issues. As regulations change, periodic refresher courses would be necessary. Close cooperation between the legal and operations teams can keep all stakeholders up to date.

This comprehensive approach can vastly reduce the likelihood of severe monetary penalties and protect CXOs from prosecution or being fired by anticorruption regulators.

Prevention takes cooperation

Legalities are only half the anti-corruption equation: CFOs have to craft a delivery model that supports end-to-end processes with anti-corruption policies. Doing so can reduce risk and lower the overall cost of compliance. It can also spare leadership the time-consuming business of trying to win approval from regulators or prevent operations shutdowns if a company is deemed non-compliant.

Smart companies want to get up and running quickly in new and developing markets. They know they must understand the local environment from the outset. Unprepared businesses can find themselves locked out—their market penetration stalled by accusations of corruption that damage the brand and the bottom line.

A common option nowadays is to find a partner with deep local knowledge and domain expertise. This operating-model approach can decrease time-to-market and lower the risk that the new program will have blind spots and process gaps that could lead to non-compliance.

When it comes to anti-corruption efforts, an ounce of operational prevention is worth a pound of cure.

Visit our Compliance risk services

Learn More

Figure 1: The pillars of an integrated anti-corruption approach