Building an Effective Antibribery and Corruption Framework

Sumit Makhija | July 2019

Bribery and corruption have traditionally been seen as the cost of doing business in many developing nations, including India. Delays in enforcement action with respect to the Prevention of Corruption Act (PoCA), 1988 and absence of a specific provision in the previous anti-corruption legislation of India (to bring corporates under its purview) have prevented Indian companies from reporting bribery instances and creating robust antibribery programmes. The increased globalisation of businesses, strong enforcement of cross-border legislation pertaining to bribery (such as the US Foreign Corrupt Practices Act and the UK Bribery Act), and the Indian government’s commitment to fight corruption have led to several measures in this area. These measures include enabling digitisation, relooking at tax structures, centralising procurement for certain critical government departments, and amending the PoCA (with a view to combat bribery and corruption).

While these measures help reinforce an ethical business environment in the country, they need to be supplemented by the Indian business’ efforts to create anti-bribery and corruption programmes to weed out corruption at the organisational level.

BUILDING A ROBUST COMPLIANCE PROGRAMME

An effective anti-bribery management system/programme (ABMS) requires organisations to assess external and internal factors that are relevant for creating a corruption-free organisation and assess the ability (in terms of their current organisational level skills, policies, and mechanisms) to achieve the objectives of their system. The programme includes policies and procedures needed as well as key stakeholders who would be responsible for implementation. A necessary aspect of the ABMS is regular scrutiny of control measures and periodic audits to identify ever evolving areas of risk and ensuring compliance with ever-changing legislation and regulatory environment.

Organisations and compliance officers can consider the recently introduced ISO 37001:2016 standard as a guideline to help build a robust ABMS. The standard specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing, and improving an ABMS. Focusing on the risk of bribery by the organisation and business associates (acting on the organisation’s behalf or for their benefit), the standard ensures that both direct and indirect instances of bribery (e.g., a bribe offered or accepted through or by a third party) are treated equally. This is also a requirement under the Prevention of Corruption (Amendment) Act, 2018.

The standard proposes some key components that should form part of an effective ABMS. These include elements such as an anti-bribery policy and the appointment of an anti-bribery Compliance function with appropriate competence, authority, and independence to set objectives. The standard explicitly assigns roles to the board of directors, top management, and the Compliance function.

Board of directors – Responsible for oversight, including approving antibribery policy and reviewing information about its operation
Management – Responsible for implementation, communication of the policy, integration of the system in the organisation’s processes, and deployment of adequate resources
Anti-bribery compliance function – Responsible for oversight of design and implementation of the ABMS and offering advice and feedback to the board and top management about its functioning

Other best practices for building an ABMS are mentioned below:

Establish an anti-bribery policy, including a gifts policy. The gifts policy needs to be labelled separately. It should also prescribe documentation of aspects and the value of permissible gifts, as well as a register to record gifts received and sent.
Appoint an independent anti-bribery compliance function with appropriate competence, authority, and independence. Organisations typically share resources between the ABMS and other functions that can be challenging as members may not be independent and may find it difficult to prioritise their commitment towards the ABMS.
Undertake bribery risk assessment on a periodic basis (for example, every year). Such an assessment can include relooking at the bribery and corruption risks in the business ecosystem, in the light of developments such as new legislation and new business models, including cross border trade.
Conduct adequate due diligence, including pre-employment and third-party due diligence in case of business relationships to protect against bribery risks by/on behalf of the organisation. This due diligence should also extend to monitoring political and charitable donations, and making the public disclosure of payments.
Establish a whistleblowing mechanism and commissioning independent investigations into complaints. It is also a good practice to address bribery and corruption risks. Developing an anonymous whistle-blower mechanism helps encourage the reporting of suspicious activities as the mechanism protects whistle blowers from the threat of retaliation.
The standard calls for a segregation of duties to serve as a control measure to ensure that a single person cannot both initiate and approve a payment. Similarly, developing a transparent and competitive tender process to award contracts, where possible and reasonable, is a good measure to ensure fairness and reduce the risk of bribery. The standard also discourages the use of cash and requires organisations to implement effective cash control/restriction methods. Rotating auditors and conducting independent investigations are also important for organisations to continuously evaluate and strengthen the ABMS.

Finally, organisations should have adequate provisions to ensure ongoing training/coaching and awareness campaigns for personnel and business partners. Encouraging a zero-tolerance culture by setting a clear tone at the top is also an important way to curb bribery and corruption in business.

Following these best practices guided by the ISO 37001:2016 standard could help organisations establish bribery and corruption prevention mechanisms. These mechanisms have a strong foundation but are agile enough to keep pace with frequent changes in the business and regulatory environments.

About Author

Sumit Makhija

Sumit Makhija is a Partner and leads anti-bribery and corruption services within Deloitte’s Forensic practice in India. He is a Fellow member of the Institute of Chartered Accountants of India and a Certified Fraud Examiner from the Association of Certified Fraud Examiners, USA. He also serves a Director on the India Chapter of Association of Certified Fraud Examiners.