Incidents of bribery have increased, but so has general awareness of anti-bribery compliance among organisations: these were some of the high-level findings of a recent survey conducted by ENSafrica.
Key findings include:
- 24% of organisations have experienced an incident of bribery and/or corruption in the past 24 months (that’s an increase of 4% since 2013), with 5% experiencing five or more incidents within the last 24 months
- just over 90% of organisations surveyed have a policy prohibiting bribes, 52% have an established anti-bribery compliance programme and 43% have conducted a detailed anti-bribery risk assessment of their bribery risks
A total of 88 organisations across Africa, including in Mauritius, participated in the survey. The survey was designed to gauge perceptions regarding an organisation’s anti-corruption compliance commitment to observing local and global requirements and to see how these compliance processes compare to generally accepted anti-corruption compliance best practice.
Other key findings included:
- 68% of those surveyed believe that third-party business partners pose the greatest source of bribery risk to their organisations
- 17% of organisations feel they are highly exposed to bribery in Africa (a drop of 33% compared to 2013), with 71% believing they are moderately exposed to bribery and corruption in Africa
- Angola, the Democratic Republic of Congo, Ghana, Kenya, Mozambique, Nigeria, South Africa and Uganda were highlighted as corruption hotspots
- only 36% of organisations surveyed:
- are confident that they have proportionate procedures to mitigate bribery risks; or
- believe they are well prepared to respond to the threat of an anti-bribery regulatory investigation
- 62% of organisations now conduct due diligence screening on third parties, an increase of 22% from 2013
- only 40% of organisations have a dedicated anti-bribery training programme for their employees and 15% provide anti-bribery training to their business partners
Our survey further found that organisations:
- with an anti-bribery compliance programme,
- with a dedicated anti-bribery policy,
- with top-level commitment,
- who have conducted an anti-bribery risk assessment,
- who conduct anti-bribery due diligence on business partners, and
- who provide their employees and third parties with anti-bribery training
reported fewer incidents of bribery as opposed to those who do not.
Having an effective anti-corruption programme is more important for companies today than ever before. Many companies are now recognising the potential reputational harm, economic costs, fines, penalties and potential criminal prosecution that bribery and corruption pose to their business. For years the United States was the only country that rigorously pursued the payment of bribes outside of its territorial boundaries through the Foreign Corrupt Practices Act of 1977 (FCPA). More recently, the British Government has also become a serious anti-bribery compliance enforcement role player, through the UK Bribery Act of 2010.
In South Africa, the authorities have introduced onerous anti-corruption requirements via regulation 43 of the Companies Act 71 of 2008. Further, section 34 of the country’s Prevention and Combating of Corrupt Activities Act 12 of 2004 (PCCA) also imposes strict reporting requirements on those holding positions of authority. It is imperative that companies understand and comply with these requirements.
The survey covered the following six critical themes, which will be discussed in more detail below:
- proportionate procedures
- tone at the top
- risk assessment
- due diligence
- communication and training
A commercial organisation’s procedures to prevent bribery by persons associated with it should be proportionate to the bribery risks it faces, as well as to the nature, scale and complexity of the organisation’s activities (adapted from the UK Ministry of Justice, Guidance on the Bribery Act 2010).
Fewer organisations feel they are highly exposed to bribery in Africa (17% as opposed to 50% in 2013), which may be attributed to organisations embracing the challenges of anti-bribery compliance and starting to build workable compliance programmes that mitigate bribery risks.
Of the organisations surveyed, just over 90% have a documented policy prohibiting bribes and facilitation payments. 52% of those surveyed have an established anti-bribery compliance programme, with 62% having had a compliance programme for the past three years or more, and 53% having conducted a detailed anti-bribery risk assessment. Organisations with an anti-bribery compliance programme and a dedicated anti-bribery policy reported fewer incidents of bribery as opposed to those without such programmes and policies. 36% of respondents believe they have proportionate procedures to mitigate bribery risks and are well prepared to respond to the threat of an anti-bribery regulatory investigation.
78% of organisations now include anti-bribery clauses in their company’s contracts and agreements with third parties, with 82% having adequate controls in place to identify high-risk or irregular disbursements.
82% of respondents have a dedicated whistle blower or ethics facility for employees to report incidents of bribery, with 52% of incidents having been reported in this way, as opposed to email and verbal reports to management.
Now, more than ever, it is common practice for international business partners to ask organisations to substantiate their internal anti-bribery compliance programmes. It appears that many organisations tend to ignore their anti-bribery compliance commitments until such time as they are requested to provide such confirmation; for example, when participating in offshore business transactions, such as distribution agreements and mergers and acquisitions. Worse still, it seems that many companies often sign their confirmation of anti-bribery compliance when, in fact, they have no anti-bribery compliance infrastructure in place.
Tone at the top
The top-level management of a commercial organisation (be it a board of directors, the owners or any other equivalent body or person) should be committed to preventing bribery by persons associated with it (adapted from the UK Ministry of Justice, Guidance on the Bribery Act 2010).
Our survey revealed that 89% of organisations have buy-in from top management (top-level commitment) into their anti-bribery compliance programmes. Companies with top-level commitment reported fewer incidents of bribery as opposed to those without. 56% have compliance officers who have direct reporting lines to the CEO, with 79% having anti-bribery as an agenda item at board or ethics and compliance committee meetings.
A successful anti-bribery compliance programme must start with a clear commitment from top management, and it is impossible to effectively implement such a programme without the CEO’s support and commitment. Equally important, employees must be able to see that the CEO is beyond reproach at a personal level.
A commercial organisation should assess the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. This assessment should be periodic, informed and documented (adapted from the UK Ministry of Justice, Guidance on the Bribery Act 2010).
43% of organisations have conducted a detailed anti-bribery risk assessment of their bribery risks in the past 24 months, and 29% intend to do so in the near future. Those that had conducted an anti-bribery risk assessment reported fewer incidents of bribery as opposed to those that have not.
Geographically, respondents listed Angola, the Democratic Republic of Congo, Ghana, Kenya, Mozambique, Nigeria, South Africa and Uganda as corruption hotspots.
The risk assessment is a critical building block in anti-bribery compliance and will identify inadequate controls and procedures, high-risk markets and risky business partners. This will guide the company in its approach when entering certain jurisdictions or in its decisions to avoid certain markets or business partners. Ultimately, the risk assessment will prepare the company to operate in challenging environments, knowing that it has identified key risks and processes, and that controls are in place to mitigate bribery. Only once a company has assessed potential bribery risks can it start thinking about designing its compliance programme.
A commercial organisation should apply due diligence procedures by taking a proportionate and risk-based approach in respect of those who perform or will perform services for, or on behalf of, the organisation, in order to mitigate identified bribery risks (adapted from the UK Ministry of Justice, Guidance on the Bribery Act 2010).
Our survey found that 62% of organisations now conduct due diligence screening on third parties, an increase of 22% from 2013, with 38% conducting no anti-bribery due diligence of third-party business partners. This is a concern, given that the respondents highlighted that third-party business partners pose the greatest source of bribery risk to organisations (68%). Companies that conduct anti-bribery due diligence on business partners reported fewer incidents of bribery as opposed to those that do not. 80% of organisations reported conducting background screening on new employees.
Communication and training
Commercial organisations should seek to ensure that their bribery prevention policies and procedures are embedded and understood throughout their organisations through internal and external communication (including training), which is proportionate to the risks they face (adapted from the UK Ministry of Justice, Guidance on the Bribery Act 2010).
Only 40% of organisations have dedicated anti-bribery training for their employees. Of these, 79% provide their employees with this training on an annual basis. Only 15% of organisations provide anti-bribery training to their third parties, a drop of 10% from 2013. This is a concern, as organisations should be increasing their anti-bribery training efforts in respect of third parties.
57% of organisations reported that they make their anti-bribery policy available to third parties in standard contracts and agreements, with 37% providing access through the company website.
Most organisations surveyed communicate their whistle blower facility to their employees during induction training and bi-annual or annual staff training sessions. 39% of organisations without a whistle blower facility believe that they do not need one, while 31% of participants indicated that they were in the process of developing such a facility.
Our survey found that organisations that provide their employees and third parties with anti-bribery training experience less incidents of bribery as opposed to those that do not.
In order for an anti-bribery compliance programme to be effective, it is critical that it is communicated to all employees and third parties and that they know and understand their company’s policies and procedures, as well as the substantial personal and corporate sanctions for non-compliance.
Commercial organisations should monitor and review procedures designed to prevent bribery by persons associated with it and make improvements where necessary (adapted from the UK Ministry of Justice, Guidance on the Bribery Act 2010).
51% of organisations reported updating their anti-bribery programme annually, with 31% making use of external consultants to implement their programme.
Our survey further found that organisations feared they would be most severely impacted by reputational damage, financial loss, share price and staff retention and recruitment (in that order) if corruption was discovered within their organisation.
Anti-bribery compliance requires a much more robust approach than developing a simple stand-alone policy. Over and above this, organisations need to develop anti-bribery processes, procedures and controls and implement these throughout their business. High-risk areas may include:
- business partners
- books and records
- JVs/mergers and acquisitions
Organisations should understand that bribery remains a constant threat and they need to ensure that their anti-bribery controls and procedures are in good working order. Ongoing monitoring and tweaking of anti-bribery controls and procedures is essential and will help to remediate risks before they spread.
Roy Gillespie and Andisiwe Jele work in ENSafrica’s forensics department