Never has the need for anti-corruption compliance programs for American companies been greater than it is today. This is not only for large multi-national companies, but for small to medium-sized businesses, particularly those doing business abroad and in high-risk countries.
The position of a compliance officer and the roll out of an integrity compliance program with the objective to educate, prevent, detect, and remediate corruption, collusion, and fraud may be viewed as the exclusive domain of large businesses. But small and medium-sized businesses must address compliance in a way that is appropriate to both the size and risk profile of the business in order to fairly and lawfully compete in an inter-connected marketplace, obtain financing, and avoid the costs and consequences of corruption. Although the specific implementation of a compliance program will look different for each small and medium-sized business, certain core principles should be part of any integrity compliance program.
There are any number of resources that describe the hallmarks or guidelines for an effective compliance program. When we consult with businesses, we generally focus on seven bedrock categories. We will discuss three in this Alert and the others in a future installment.
- Risk Assessment. Preventing corruption effectively and proportionately requires an understanding of the risks a company may face, which may differ significantly based upon the company’s size, products or services, geographic markets, government interaction, distribution channels and other identifiable factors. A thorough risk assessment will lead to an effective program.
- Management Buy-in and Tone at the Top. There is no substitute for the board of directors and senior management’s commitment to integrity and to the creation of a culture of compliance – and it comes at no cost. Company management must unambiguously prohibit unethical conduct, articulate clear standards of integrity, communicate and promote those standards throughout the organization, and uphold them rigorously and consistently. Appropriate incentives should be included to encourage the observance of the Code of Conduct and related policies and procedures at every level. When infractions are alleged or identified, the company must have a thorough and consistent policy of investigation. If violations are found, appropriate disciplinary measures must be consistently applied from the boardroom to the back office, and the corrective action for violations must be consistent, regardless of what level within the organization it occurs.
- Code of Conduct, Policies, and Procedures. Such an unambiguous prohibition on unethical conduct must be clearly reflected in a Code of Conduct. An unwritten “do the right thing” corporate culture will not suffice for a company of any size in today’s environment. The functional aspects of the Code must be included in written policies and procedures that are concise, practical, and accessible to all employees. Those policies will reflect the values being set at the top of the company and expressed in its Code of Conduct. Such policies must include: internal controls; due diligence in hiring; third-party due diligence; travel, entertainment, and meal expenses and receipt and giving of gifts; documentation; and disciplinary procedures, among others.
Stay tuned for the remaining four categories in next month's alert.