I am a big fan of Sherlock Holmes, on radio, television and the movies but particularly in print. Last summer I re-read the Doyle collection and it was like revisiting an old friend. So today, we celebrate the story of the “The Six Napoleons”. In this story, an apparent thief is breaking into private residences and commercial establishments to seemingly smash statuettes of Napoleon. While the slow thinking police think that a rabid Francophobe is terrorizing the Francophiles of London, Holmes sees something very different and indeed much more sinister. It turns out that a very hot, stolen jewel was hidden in one statue of many which were then sold so the jewel thief has to find the correct statuette to find the stolen jewel. Holmes, of course, deduces this and catches the thief.
This leads into the conclusion of my series on the Six Principles of Adequate Procedures under the UK Bribery Act; with Principle 6 – Monitoring and Review. This Principle recognizes that a company should monitor and review its anti-bribery and anti-corruption procedures designed to prevent bribery by persons associated with it and makes improvements where necessary. Indeed the Guidance from the British Ministry of Justice (MOJ) relates that “The bribery risks that a commercial organisation faces may change over time, as may the nature and scale of its activities, so the procedures required to mitigate those risks are also likely to change. Commercial organisations will therefore wish to consider how to monitor and evaluate the effectiveness of their bribery prevention procedures and adapt them where necessary. In addition to regular monitoring, an organisation might want to review its processes in response to other stimuli, for example governmental changes in countries in which they operate, an incident of bribery or negative press reports.”
Generally, I believe there are two strategic reasons to follow Principle 6 of the Guidance. The first is that the only way to know if your compliance program is effective is to test it. The second is that changes in your business model, market conditions, legislation or other external events could increase your anti-bribery and anti-corruption compliance risk well beyond the risks that your compliance regime was intended to manage when it was initially designed and implemented. I find that a compliance assessment is becoming of greater importance to achieve a minimum best practices compliance program. Representatives of the US Department of Justice (DOJ) talk about such a concept in terms of a risk assessment but the precepts are the same. A company needs to assess its program and its effectiveness on a regular basis so that it does not become stale.
The Guidance recognizes that there are a wide range of internal and external review mechanisms available for a company to use when assessing its compliance program. As for ongoing evaluation of effectiveness, the Guidance notes that “systems set up to deter, detect and investigate bribery, and monitor the ethical quality of transactions, such as internal financial control mechanisms, will help provide insight into the effectiveness of procedures designed to prevent bribery.” Some of the specific techniques which can be used include staff surveys, questionnaires and feedback from training. All of these can also provide an important source of information on effectiveness and a means by which employees and other associated persons can inform continuing improvement of anti-bribery policies. Continuous controls monitoring is becoming another tool for companies to use in their ongoing compliance program. Witness the recent statements by the DOJ in its declination to prosecute Morgan Stanley for the acts of its former Managing Director, Garth Peterson.
The Guidance also speaks to more formal periodic reviews and reports for top-level management. I would suggest that an annual risk assessment is one mechanism which should be used by companies. The Guidance further suggests that businesses could also draw on information on other similarly situated company’s best practices, for example relevant trade bodies or regulators might highlight examples of good or bad practice in their publications. Once again the DOJ has provided solid guidance in this area by listing several of the areas in which it believes that a company should assess its anti-bribery and anti-corruption risks. These include: (1) Geography – Where does your Company do business?; (2) Interaction with types and levels of Governments; (3) Industrial Sector of Operations; (4) Involvement with Joint Ventures; (5) Licenses and Permits in Operations; (6) Degree of Government Oversight and (7) Volume and Importance of Goods and Personnel Going Through Customs and Immigration. In addition to using this information to inform your compliance program, your company can also use such information to update its compliance program in today’s ever changing business environment.
Lastly, the Guidance directs that companies should also avail themselves of some form of external verification or assurance of the effectiveness of anti-bribery procedures. The Guidance says that “Some organisations may be able to apply for certified compliance with one of the independently-verified anti-bribery standards maintained by industrial sector associations or multilateral bodies. However, such certification may not necessarily mean that a commercial organisation’s bribery prevention procedures are ‘adequate’ for all purposes where an offence under section 7 of the Bribery Act could be charged.” While there are no universally recognized standards that I am aware, many third parties can come in and protect an independent assessment of a company’s overall compliance program.
So we end our series on the Six Principles of an Adequate Procedures anti-bribery and anti-corruption compliance program with this memorable quote from the Sherlock Holmes story “The Sign of Four”, “How often have I said to you that when you have eliminated the impossible, whatever remains, however improbable, must be the truth?” This would seem to place the exclamation point on Principle 6; if you fairly and adequately assess your compliance program, you can not only determine its effectiveness but also help to enhance your compliance regime going forward.
My book, “Lessons Learned on Compliance and Ethics” is now available on Kindle. To order or for other information click here.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2012