Cutting out corruption

Failure to take bribery and corruption seriously can be a costly mistake. GC looks at methods employed by legal and compliance teams to keep enforcement regimes at bay.

Once upon a time, in a country far, far away, there was a local tax official. He approached the local manager of a major multinational, offering a reduction in the company’s tax bill in exchange for a bribe. When asked for advice, the general counsel of the multinational forbade the bribe, because to make a payment to the local tax official would be a violation of the Foreign Corrupt Practices Act (FCPA).

But the local manager hired a third party to make the payment, a zero was knocked off the tax liability and all was well. Until a few months later, that is, when the general counsel came to visit, and casually followed up about the tax query. Everyone in the office suddenly looked queasy.

This tale (or something like it), is the sort of bed-time story that keeps GCs and compliance professionals up at night. And for good reason – US FCPA enforcement action penalties have reached the hundreds of millions in some cases, and although the UK’s much-touted Bribery Act has yet to show its teeth, the message of global anti-corruption enforcement has hit home at multinational companies. Compliance spending has surged in recent years, and so has the level of the conversation. ‘I think it’s an improved landscape today from when I entered the oil and gas market in 2007, thanks to increased attention on the importance of compliance,’ says Natalia Shehadeh, chief compliance officer of Swiss-headquartered oil and gas services company Weatherford.

One for the lawyers?

The size and structure of an organisation will influence anti-corruption governance, but lawyers are increasingly invading the space. Compliance professionals often have a legal background and, if compliance is not already within the GC’s sphere, in some cases it might soon be. Illustrating this trend, China National Offshore Oil Corporation’s Leslie Zhang reports that ‘since our new legal director has come into the office, he has been interested in letting the legal department take the lead in creating the code of conduct’. Other entities are bulking up their compliance teams’ powers, entirely apart from legal. But wherever the buck stops, it’s important to have a diversity of skillsets engaged in any compliance operation, including finance, audit, operations, government relations and legal professionals.

Top-down buy-in from across the C-suite is essential. At Weir, although GC Keith Ruddock has oversight, he stresses that compliance must not become a legal silo. ‘Many businesses feel this is something for the lawyers and the compliance people to deal with, but actually I think it’s a fundamental business risk that the business people should take responsibility for – and the compliance and legal teams are there to provide advice and guidance,’ he says.

To get that buy-in throughout the business, the compliance function should be aligned with operations so that resources can be properly positioned. Weatherford’s compliance team is run centrally, but has resources embedded regionally in parallel with the organisation structure, says Natalia Shehadeh: ‘It is critical to our enterprise success that our operations and compliance teams operate in close partnership and proximity to one another.’

Line managers should be trained well enough to field staff queries on a day-to-day basis. But when compliance support is required, a user-friendly and approachable demeanour is invaluable. Transparency International UK’s director of Business Integrity, Peter van Veen, warns against making employees ‘feel like they’ve called the police station’.

Prevention is better than cure

With the SEC opting not to prosecute some corporates for FCPA violations where a robust compliance programme is demonstrably in place (see the Morgan Stanley/Garth Peterson announcement of 2012), most would agree that a rigorous anti-corruption framework – although never impervious to the odd rogue employee – is the only armour an organisation has.

But it can be easy to overprescribe and produce a telephone book-sized manual that is subsequently ignored. Guidance materials should be accessible and quick to use (available in all of the languages used in business operations) and, ultimately, behavioural messaging should be clear and simple and accompanied by a strong tone from the top. ‘“Don’t pay a bribe” is pretty straightforward,’ says van Veen.

But while an anti-corruption framework need not be rocket science, it does need to be comprehensive. So where to start?

A thorough risk assessment is a good place. This requires taking an unflinching look at how business is conducted in countries where the organisation operates – which means involving audit and management right from the start. Findings can then be distilled into a clear set of rules, usually embodied in a code of conduct, with training rolled out across the business. Simple.

Except, of course, it isn’t. The proof of a good anti-corruption policy is how in-sync it is with the business, which is the key differentiator between an effective policy and one that is merely a box-ticking exercise that pays lip service to regulation and ethics, and is not focused on the areas of greatest risk. Peter van Veen is sceptical about the compliance industry that has grown up around the UK Bribery Act, for example. ‘If you really want to pay somebody a lot of money to put everything in place off the shelf, then you can. But I think that’s missing the point somewhat.’

Dominic Sheils, compliance officer at Swiss-headquartered agribusiness Syngenta, emphasises the importance of a thorough understanding of the attitude to compliance throughout the organisation. ‘You have the tone at the top, the mood in the middle, and the banter at the bottom. Whilst the tone at the top is normally pretty well understood, you need to know what’s going on within your organisation at the bottom and in the middle. More often than not, the guys at head office are going to be told that everything is fine and hunky dory. Businesses in the regions tend to focus on reporting good things to head office,’ he says.

‘A good network in itself might be entirely proper, but both cultures must be sensitive to where the risks may lie.’

Do what I say… not what you think I say

Crucially, staff need to feel that company anti-corruption policies are there to support them – not just to discipline them if they get it wrong. Support must be implicit in business practices, and motivation and incentives must be in-keeping with rhetoric from head office. ‘The risk is that when you’ve got tough, aggressive targets and your pay is partly dependent on those targets, then walking away from the deal is going to hurt you. If you miss out on promotion, the signal is very clear that it is not in your interest to walk away from the deal,’ says Peter van Veen. An unintended consequence of poorly aligned messaging can be employees adopting a double think approach to corruption, where they hear one message, but believe the company means another.

Unequivocal statements from management can go a long way to solve this issue, says Mark Jenkinson. He is now at Azimuth Group but was Asia Pacific head of legal at Petroleum Geo-Services (PGS) at the time he spoke to GC. ‘An example in our industry might be where a vessel is in port waiting to get out. It is not unusual for the harbour master (a public official) to prevent the vessel’s departure in the expectation of receipt of a small cash gift or box of cigarettes in return for a timely release. There used to be the sense that the captains of the vessels would have been in fear of their jobs if they didn’t make this payment… That’s really changed in recent years. The top-down buy-in is advertised on our intranet, saying we will support you in your decision to not make such payments, irrespective of any negative financial consequences to which such decisions may give rise. This gives employees on the front line the confidence to act ethically and not do certain things without fearing for their jobs.’

All aboard the train(ing)

When it comes to training itself, a mix of formats is best for grabbing attention. On page 27 of this issue we look at Pernod Ricard’s irreverent, cutting-edge approach to online anti-corruption training, but the face-to-face element is vital, too. Role play can be an effective tool for staff to try out their responses to uncomfortable requests for bribes, says van Veen. ‘That is quite essential – that they’re able to safely have a chance to interact and rehearse in their own minds how they’re going to react to certain situations.’

Dominic Sheils describes the story-based approach Syngenta adopts to engage employees in anti-corruption compliance, utilising a mix of hypothetical, real-life, and current affairs examples. Managers are required to lead a regular compliance training session for their teams and direct reports, using materials prepared by the compliance function. ‘We’re based here in Basel, Switzerland; FIFA’s just 50 miles down the road in Zurich. So, in some of these recent training sessions there have been discussions about football and the alleged corruption in that area. We’re happy to have those discussions because, at the end of the day, it’s getting people talking about compliance and the right things to do if faced with a similar set of allegations. And what we all then agree is: we don’t want this happening to Syngenta.’

Doing your diligence

Due diligence is a key defence against corruption in business transactions, and can be expanded to include ethical due diligence, particularly when engaging third party agents or organisations (a major source of risk). At China National Offshore Oil Corporation (CNOOC), the process includes background checks on the performance of any Special Purpose Vehicles (SPVs) used by third-party agents, and on any shareholders controlling the SPVs. The company ensures that the consultancy agreement is market standard (for example, above-market compensation could be a red flag), includes anti-bribery clauses, and ensures the right to audit and supervise payments and expenses, with accompanying indemnity in case of breach. Another warning signal could be an insistence on using local law as the governing law for the contract, and so the company will insist on using the law of a neutral country, and international arbitration in any disputes. Flexibility in business relationships is ensured by the exercise of discretion in awarding exclusive rights to operate in any given country.

image of roll of money exchanging between two hands

But proper oversight of the relationship extends beyond due diligence to ongoing management and compliance testing. For example, in Asia, says Jenkinson, PGS conducts due diligence on each agent every two years, on top of annual re-certifications of ethics representations on their contracts. It can be a resource-intensive process, especially when the need to train third parties is factored in. Dominic Sheils describes Syngenta’s Anti-Bribery Corruption Due Diligence project (‘ABCDD’), which issues a questionnaire and a specially-developed ethics guide to third parties, so that expectations are clear and agreed from the very start of the relationship.

Zero tolerance

Whatever the business standards practised on the ground, the standard applied by the company must be zero tolerance globally, even if this results in inconvenience for employees. But standing firm can pay off, says Arijit Chakraborty, general counsel of Zurich’s Global Life and General Insurance businesses in Singapore. He retells a story he heard from an executive of another company: ‘Whenever [an employee] entered into a certain country, there was a cultural norm of the immigration officer expecting a bribe before they would stamp your passport. But this company had a firm policy of no bribery. Its employees would stand in line for three hours or more until they finally got their passport stamped. Over a period of time, the immigration officers realised that and eventually let the employees of the company enter into the country smoothly, without being asking for a bribe.’ Such facilitation payments may be excused in truly exceptional circumstances if the individuals concerned genuinely face a real personal safety risk if they do not pay, adds Weir’s Keith Ruddock, with the important caveat that any payments must be reported and recorded to ensure compliance with the ‘books and records’ requirements.

‘The message of global anti-corruption enforcement has hit home at multinational companies.’

Cultural differences in business practices can be a major barrier to achieving global adherence to codes of conduct. ‘Setting up a compliance helpline and encouraging employees to ask questions and report concerns will certainly raise awareness of a compliance programme, but care must be taken,’ says Sheils. ‘Reporting bribery concerns could be seen as career-limiting, and in some cultures it may not be ‘the done thing’ (or indeed permitted by the law) to raise concerns about co-workers, particularly anonymously or to head office,’ he explains, citing Syngenta’s ‘speak up’ culture.

You say tomato, I say corruption

There may also be fundamental cultural dissonance when it comes to recognising corruption. In the Middle East, for example, many businesses do not have a code of conduct and dialogue around anti-corruption remains relatively unsophisticated. The concept of ‘wasta’ (similar to ‘personal influence’), which underpins business dealings in the region, is open to abuse from the point of view of a western regulatory regime. UAE-based Olof Arnman, legal and commercial manager for the eastern hemisphere at Grey Wolf Oilfield Services, says: ‘When you explain things like, “you cannot use your contacts to pay a bribe for a business advantage,” then the first question that comes up in a compliance seminar here is: “But what if a person just has a really good influence and a good network?” A good network in itself might be entirely proper, but both cultures must be sensitive to where the risks may lie, and in the absence of a developed regulatory compliance framework on the ground, company policy is the frontline defence against corruption.

Even in countries perceived to have a high intolerance of corruption, national customs can pose a challenge to the bribery-conscious, particularly in the areas of gift-giving, hospitality and entertainment. In Japan, for example, offence can be caused if a gift is not reciprocated. ‘I think the area where one needs to be very careful is whether you cross the line into creating a sense of obligation,’ says Keith Ruddock, describing Weir’s detailed gift-giving and entertainment policies, which include tiered levels of sign-off, even for charitable donations. However, to return to Japan, where importance is placed on the giving, and not the value of the gift itself, we see that nuanced cultural understanding is at the heart of navigating the fine line between insult and illegality, and cascading the message appropriately. That message may be better received than employees expect. As Ruddock points out, cultural difference is an oft-used excuse for unethical behaviour. He quotes another general counsel when he says, ‘nowhere in the world is bribery done openly.’ While it might appear endemic, it is never acceptable.

Inevitably, the unevenness of local enforcement means that businesses are likely to prioritise anti-corruption efforts where sanctions are most likely. Some countries trumpet robust anti-bribery laws, but pursue them erratically, perhaps even as a tool for exerting political pressure on opponents. But a sudden focus on corruption is always a possibility – witness the recent spate of high-profile prosecutions in China – and many countries are ramping up enforcement regimes. The reality is that the thoroughness and extraterritorial scope of the FCPA and the Bribery Act mean that they are often the benchmarks for corporate policy, in what Dominic Sheils dubs the ‘highest common denominator’ approach.

Explaining to a worker in country X that they have to follow US or UK law might be tricky, but, as Weatherford’s Natalia Shehadeh points out, ‘taking the corruption risk seriously is the right thing for the security and sustainability of all businesses, no matter where they operate.’