Global Anti-Bribery Guidance

Best practice for companies in the UK and overseas

2. Governance & Commitment

Guidance

2.1 Anti-Bribery Commitment

Formal commitment to a policy of prohibiting bribery is a foundation of the anti-bribery programme

Commitment by the board and senior management to a policy of prohibition of bribery is the bedrock for countering bribery.  The board and senior management should make a public commitment to prohibiting bribery in the company’s operations.  The board should also commit to supporting the implementation of an anti-bribery programme, by providing oversight and assigning a senior manager to implement the programme.  In doing so the board should inform themselves of the risks and appropriate policies and procedures required.

Corporate value statements, and accompanying guidance, should also support the company’s stance, and be publically available to allow wide communication of the company’s commitment.

The commitment is expressed by encoding it in values, tone from the top and resourcing the design and implementation of the anti-bribery programme. The commitment can also be shown by public reporting and engagement.

EXPAND

2.1.1 Corporate Value Statements

When deciding on or reviewing the anti-bribery policy, the board should create, or review, the company’s value statement to ensure it supports the anti-bribery commitment. It is vital that the values emphasise zero tolerance of bribery and corruption and emphasise acting ethically and with integrity.

For examples of values statements related to integrity, click here.

2.1.2 Code of Conduct

Corporate values need to be translated into a code of conduct, supported by accompanying guidance.   The code of conduct should be made public and reviewed and updated regularly.  It also needs to be specified who the guidance applies to (directors, employees and third parties). All directors and employees should be required to attest annually that they have read and understood the code.

The code should be supported by guidance. This may be within the code of conduct or in a separate guidance publication such as business conduct guidelines. Large companies may also produce codes of conduct and guidance for specific audiences such as third parties.

For examples of codes of conduct with statements on ethical commitment, click here.

EXPAND

2.1.3 Board Commitment to the Anti-Bribery Policy

The board should commit to a zero-tolerance policy to bribery. Carrying out this formal process is important as it requires the board to:

  • Understand the legal context
  • Understand the risks
  • Understand the controls needed to mitigate the risks
  • Consider the work and resources needed
  • Consider the oversight responsibilities of the board
  • Set the scope of the anti-bribery commitment

The board should also ensure it understands the definition of bribery and the forms it may take as this will define the scope for developing the programme. The definitions of bribery in laws such as the UK Bribery Act will help the company identify the scope of risks. For guidance on bribery risk assessment click here.

Example Policy 

The company prohibits bribery. It will not tolerate its directors, management, employees or third parties, being involved in bribery, whether by offering, promising, soliciting, demanding, giving or accepting bribes or behaving corruptly in the expectation of a bribe or an advantage. This policy extends to all the company’s business deal­ings and transactions in all countries in which it, or its subsidiaries and associates, operates. The company expects those third parties acting on its behalf to act in accordance with this policy.

This policy is implemented by a detailed anti-bribery programme, which is revised regularly to capture changes in law, stakeholder expectations and changes in the business. 

The company should also explicitly state that it supports employees who resist paying bribes.  It should be made clear that the company is prepared to forego contracts, sales or other business advantages if required.

It is best practice that anti-bribery commitment should also be integrated with other values and with corporate responsibility and sustainability commitments made by the company, to ensure it becomes embedded practice.

EXPAND

2.1.4 Board Commitment to Implementing an Anti-Bribery Programme

The board should give substance to its zero tolerance policy by supporting the implementation of an anti-bribery programme. Best practice includes:

  • A commitment to support the implementation of the programme is made formally with written approval by the board.
  • The endorsement is made public as this will serve to emphasise the importance that the company attaches to implementing its policy.
  • Management should design (or improve) detailed policies and procedures based on recurring risk assessments.
  • The board provide oversight to the anti-bribery programme and a senior manager is given clear responsibility for its implementation.
EXPAND

2.1.5 Public Communication of the Company's Anti-Bribery Commitment

The board should require that the anti-bribery commitment is public, easily accessible and actively publicised so that all relevant parties are aware of the company’s stance on ethics, integrity and countering bribery.

A way for the company to show its commitment to its no-bribes policy is to initiate or support anti-corruption initiatives. These can be led by a variety of organisations such as business chambers, NGOs, sector bodies or ad hoc working groups. Examples of global anti-corruption initiatives are the Extractive Industries Transparency Initiative (EITI), the OECD’s Business and Industry Advisory Committee (Policy Group on anti-bribery and corruption) and the UN Global Compact. National examples are the Convention on Business Integrity (Nigeria) and the Coalition against Corruption (Thailand). See also the guidance on public reporting and engagement.

EXPAND

2.1.6 Best Practice: Commitment

  • Formal commitment: The board formally commits to a public anti-bribery policy and to implementation of an anti-bribery programme.
  • ​​​​​​​Corporate values: The values should support the anti-bribery policy and emphasise acting ethically and with integrity.
  • The anti-bribery policy: Zero tolerance of bribery and corruption should be part of the code of conduct and should be supported by a guidance document.
  • Resistance to bribery is supported: The company policy should also explicitly state that it supports employees who resist paying bribes, even if this incurs a disadvantage to the business, such as a loss of sales.  
  • Tone from the top: The board and senior management should demonstrate a sustained anti-bribery commitment through their tone from the top.
  • Oversight: The board should provide active oversight of the implementation of the anti-bribery policy and programme and should ensure adequate resources are provided to carry out the anti-bribery programme.
  • Anti-corruption initiatives: The leadership should initiate or support anti-corruption initiatives.
EXPAND

2.2 Governance

The board of directors provides ethical stewardship of the company. This means defining the corporate values, setting the board’s expectations and then ensuring that the values are carried throughout the company’s activities with tone from the top, management leadership, clear assignment of responsibilities and adequate resources.

Oversight can be carried out directly by the board but more often it is through a board committee such as risk or audit. The committee should provide independent review and this will be achieved by the composition of its members being all or mostly non-executive directors. Many companies have formed compliance committees to provide increased focus on the anti-bribery programme.

Whatever the committee, it should be a means of providing the board with confidence that oversight is being carried out expertly and carefully but should not substitute for the board’s responsibility to provide oversight. The board must receive results of reviews and make its own conclusions.

In a small company the distinction between governance and management roles may need to be modified, with owners or executive directors taking a more hands-on role in the company’s anti-bribery activities.

‘The board’s role is to provide entrepreneurial leadership of the company within a framework of prudent and effective controls which enables risk to be assessed and managed. The board should set the company’s strategic aims, ensure that the necessary financial and human resources are in place for the company to meet its objectives and review management performance. The board should set the company’s values and standards and ensure that its obligations to its shareholders and others are understood and met.’[1]

The UK Corporate Governance Code, Financial Reporting Council

 

EXPAND

2.3 The Control Environment

The role of the board is critical in ensuring the establishment of a control environment in order to ensure the anti-bribery programme is effective.  The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. 

The control environment provides the setting in which the anti-bribery programme operates. Without such an environment, the anti-bribery programme will operate in isolation without an appropriate organisational framework and suitable systems.  It is defined in the COSO Internal Controls Framework as follows:

 

‘The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the entity's people; management's philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the board of directors.[1]

 

[1] Internal control – Executive Summary (The Committee of Sponsoring Organizations 2013)

http://www.coso.org/documents/990025P_Executive_Summary_final_may20_e.pdf

 

EXPAND

2.4 Compliance with Laws

Compliance with all applicable laws and regulations, including relevant anti-corruption laws, is a legal obligation. A formal commitment to compliance with laws signals that the company is absolute about being law-abiding and that this carries throughout its operations. Non-compliance with laws places a company at risk of reputational, administrative, civil and criminal consequences, including internal costs, investigations, prosecutions, fines, loss of contracts and possible debarment from public contracts.

The commitment also serves to focus the company’s attention on the complex task of identifying and staying up to date with relevant laws. A company operating in various jurisdictions, will necessarily be subject to varying anti-bribery laws. These will be local laws in the jurisdictions in which it operates and it may well fall also under the extra-territorial provisions of laws such as the UK Bribery Act.

Realistically it may be easier to set the bar high internally by reference to the UK Bribery Act, the FCPA and China anti-bribery laws and related laws and regulations and monitor local laws to ensure there are no stricter provisions or other developments that might require adjustments.  This will allow a more coherent global approach to ensuring that employees understand what is or is not permitted by the company and that a consistently high ethical standard is maintained in all markets.

 

Communication of the policy

It is usual for companies to state publicly a policy to comply or be consistent with laws and regulations in all the countries in which the company operates. The code of conduct should state the company’s policy to comply with applicable laws and set out the expectation that employees and associated third parties will comply with laws and regulations related to the company’s activities. It should be made clear to board members, relevant employees and intermediaries that they should make it their business to understand what relevant laws provide, the risks and sanctions that apply and that they should seek guidance from management and legal if unsure. They should be alerted to the extra-territorial reach of the UK Bribery Act, the FCPA and other anti-bribery laws. A process for ensuring compliance with laws and regulations also brings the benefit that the company will know the rights and protection to which it is entitled.

 

The risks of non-compliance

Non-compliance with laws places a company at risk of reputational, administrative, civil and criminal consequences, including internal costs, investigations, prosecutions, fines, loss of contracts and possible debarment from public contracts. Officers and employees of the company may face fines and imprisonment if convicted of an offence.

 

The challenge of monitoring laws

The challenge for companies is that monitoring and complying with laws is an extensive and continuing task. Bribery and corruption laws vary across jurisdictions, changes must be tracked and as well as specific bribery laws there are related laws. These include, amongst others, laws covering anti-money laundering, proceeds of crime, asset recovery, financial services, public procurement and debarment, lobbying, transparency, market regulation, competition, data security, privacy and whistleblowing.

Companies may rely on professional firms for monitoring laws but should also look to their legal functions, central and local, to keep informed of changes.

EXPAND

2.4.1 Best Practice: Compliance with Laws

  • Commitment: Public commitment to be compliant with laws and regulations.
  • Code of conduct: The code sets out the policy for compliance with laws and require that directors and employees and third parties will comply with laws and regulations related to the company’s activities.
  • Procedure: A systematic approach is applied with a procedure for identifying and monitoring laws and implementing necessary actions to ensure compliance.
  • Responsibility: Responsibility is assigned clearly for ensuring that the company monitors and is compliant with laws and regulations.
  • Professional advisers: Consider using professional legal advisers to help in monitoring and ensuring compliance with laws.
  • Review: The board and senior management should be briefed regularly on requirements of laws and implications of proposed changes in anti-corruption and related laws.

2.5 Organisational Structure & Responsibilities

Organisational planning is a strategic component of the anti-bribery programme

Corporate organisational structures can be complex and formats may vary across the operations.  This presents a challenge in ensuring that the anti-bribery programme is embedded across an organisation. 

2.5.1 Aligning to the Organisational Structure

The organisational structure of a company will be the product of diverse factors; its business strategy, history, culture, management style, locations and markets. Other organisational factors are the number of subsidiaries and controlled entities, types of country and business units and the use of outsourcing and third parties. For instance, compliance may be combined with other roles. The aim must be for the anti-bribery programme to be implemented in a systematic way whatever the size or structure of the company.

Embedding the programme

When designing the anti-bribery programme and planning its implementation, consideration should be given to how the programme can be embedded in the processes of the company within the organisational framework. Human resources will have an important role here as implementation will touch on many human resources areas including assigned responsibilities, job descriptions, reporting lines, inter-departmental working, dedicated compliance and ethics officers, appraisal and recognition and disciplinary procedures.

Centralised and decentralised considerations

The company structure can pose challenges for implementing the anti-bribery programme. A centralised business may send out strong consistent messages but at a risk that the programme will be rigid and not reflect the needs of local operations resulting in a loss of local commitment. A decentralised structure can bring local input in to the design of the programme and create buy-in from employees and managers – but policies and messages from the centre may be weakened or distorted. Powerful or autonomous subsidiaries, business units or functions operate may resist oversight and management from the centre. For these reasons, the board, CEO and the chief compliance officer (CCO) must drive the anti-bribery programme across the business, negotiate buy-in where necessary, and require adjustment of organisational structures which block the effective implementation of the programme.

Accountability

Good governance requires that top management are accountable to the board and there should be direct access to the board by the chief compliance officer or equivalent manager. There should also be clear allocation of accountabilities and responsibilities so managers and employees know what their role is, what is expected of them and they are assessed on this.

2.5.2 Assigning Responsibilities

 

2.5.2.1    Chief Executive Officer

Responsibility for ensuring the corporate integrity culture and implementation of the anti-bribery programme should be placed unequivocally on the CEO. The CEO should be accountable to the board and should ensure that responsibilities are assigned across the company for implementing the programme.  The CEO should provide tone from the top and it should be the aim of the CEO and senior management to embed the programme in the company such that every manager and employee accepts a personal commitment to the programme and its effective implementation.

 

2.5.2.2     Chief Compliance Officer (CCO)

The CCO is responsible for the day-to-day operation of compliance. In large companies, functional responsibility for the programme is commonly assigned to a CCO but can often be placed in legal and occasionally in internal audit or risk management. The CCO must consider how to build the right team to launch and implement the anti-bribery programme.  In a large company, the CCO will be responsible for a network of compliance officers, located throughout the business.  In small companies the compliance function may be only part of the job of a human resources professional, a legal officer or finance manager.

The CCO should have responsibility for leading the design and implementation of all aspects of the anti-bribery programme. The CCO will be the face of the company’s commitment to integrity and important in providing tone from the top. Clearly, the CCO must be a person of evident integrity and command the respect of employees.

The CCO’s responsibilities may include the design and provision of anti-bribery communications and training though this may be led by the communications and human resources functions for general communications and training of which the anti-bribery messages will only be part. Specialised or tailored training should be the responsibility of compliance or legal functions. The compliance function should provide reports to management and the board on the implementation of the programme, results of risk assessment, emerging practices, issues and concerns, and recommendations for improvements or additional resources.

The reporting line for the CCO is a significant decision for the board. Best practice is for the Officer to report directly into the board or a board committee such as an integrity, audit, risk or compliance committee. The Officer should make regular written reports and presentations to the board meetings and this could be at least every quarter.

 

2.5.2.3     Legal function

Along with the CCO, the legal function has a key role in implementing the anti-bribery programme. Legal advises the board on the legal context for bribery and related laws and regulations, and on any emerging laws. The function should be responsible for ensuring that the company has procedures in place for monitoring relevant laws in the jurisdictions in which it operates and for ensuring that the company is compliant with them. It should also ensure that the programme meets the requirements of data and privacy laws in its due diligence.

 

2.5.2.4     Other functions

The anti-bribery team, which may be part of a wider compliance function, should work closely with other functions in ensuring that the no-bribes policy and the anti-bribery control objectives are met. The anti-bribery roles of some support functions are described briefly below:

  • Ethics Officer: The role may sometimes be combined with that of the CCO. The ethics officer’s role will be to develop, communicate the company’s commitments to ethics and values and build an ethical culture across the company. Activities will include communications and publications, contributing to training on ethics, anti-corruption and conflicts of interest. The ethics officer may also act as an adviser and counsellor to employees on ethical concerns.
  • Human resources: The human resources function has a critical and central role in the design of the anti-bribery programme including organisational and personnel planning. The role of human resources is a core element of the anti-bribery programme. Click here for full guidance on the role of Human Resources.
  • Internal audit: The internal audits are part of the internal financial controls but the role of the internal audit function extends beyond audits as it can provide advice on the design and monitoring of the anti-bribery programme, act as a source of advice for employees, and function as a speak up channel.
  • Security and investigation: The security function supports the work of compliance. It will comprise security officers and investigators who will work with compliance on investigation of allegations and confirmed case of bribery. In large companies, the work may include covert security.
  • Corporate affairs:  The corporate affairs function will usually be responsible for corporate communications and also internal communications. Corporate affairs, working with other support functions should develop an incident response plan and then manage the communications should an incident occur. At a continuing operational level, corporate affairs or the communications function if separate, should manage internal and external communications on the programme, including public reporting. Corporate affairs may also manage functions which are risk areas for bribery such as charitable contributions, community investments, corporate and business sponsorships, public affairs and political engagement.

2.5.3 Best Practice: Organisational Structure and Responsibilities

  • Provide leadership: The CEO should be given overall responsibility for compliance with the no-bribes policy implementation of the anti-bribery programme.
  • Assign senior manager responsibility: A manager is appointed by the CEPO to implement the anti-bribery programme – this will likely be the CCO.
  • Plan the implementation: Systematic design how the programme should be integrated across the company’s activities and the organisational framework.
  • Assign clear responsibilities: Responsibility for the anti-bribery programme should be assigned across the company, with precisely defined roles and job descriptions.

2.6 Examples

2.6.1 Business Integrity Values Statements

Axiata

Uncompromising Integrity: Always doing the right thing and fulfilling promises made to earn the trust of our stakeholders. We are committed to upholding the highest standards of lawful and ethical conduct, and in demonstrating honesty, fairness and accountability in all of our dealings.

Source

 

BP

Respect: We respect the world in which we operate. It begins with compliance with laws and regulations. We hold ourselves to the highest ethical standards and behave in ways that earn the trust of others.

Source

 

Diageo

We're proud of what we do - we act sensitively with the highest standards of integrity and social responsibility. We enjoy and benefit from diversity.

Source

 

Tata

Integrity: We will be fair, honest, transparent and ethical in our conduct; everything we do must stand the test of public scrutiny.

Source

 

Unilever

Always working with integrity: Doing business with integrity has always been at the heart of our corporate responsibility commitments. Integrity defines how we behave, wherever we are. It guides us to do the right thing for the long-term success of Unilever.’

Source

[As at 6 March 2017]

2.6.2 Codes of Conduct with Statements of Ethical Commitment

H&M

At H&M, we make it a rule to act with integrity at all times. Our business principles commit us to comply with all rules and regulations in each country where we operate and to not accept any form of corruption.

 

We implement this commitment through our Code of Ethics, which has been in place since 2003. The Code of Ethics states a zero tolerance policy on corruption and demands compliance with all relevant laws and our own business principles. It states, among other things, that business partners should not provide any kind of gifts or favours to H&M employees. In the same way, H&M employees must not ask for or accept any personal advantage from a business partner.

Source

Accessed 27 February 2017.

 

Intel

A Culture of Uncompromising Integrity

Since the company began, uncompromising integrity and professionalism have been the cornerstones of Intel's business. In all that we do, Intel supports and upholds a set of core values and principles. Our future growth depends on each of us understanding these values and principles and continuously demonstrating the uncompromising integrity that is the foundation of our company.

The Code of Conduct sets the standard for how we work together to develop and deliver product, how we protect the value of Intel and its subsidiaries (collectively known as ‘Intel’), and how we work with customers, suppliers, distributors and others. All of us at Intel must abide by the Code, our Employment Guidelines, and other applicable policies when conducting Intel-related business.

Bribery and Anti-Corruption

Intel strictly prohibits all forms of bribery. Intel’s policy is to comply with all anti-corruption laws and to accurately reflect all transactions in Intel’s books and records. We must never offer or accept bribes or kickbacks and must not participate in or facilitate corrupt activity of any kind. Many countries’ laws define facilitation payments made to government officials as bribes. We do not make facilitation payments on behalf of Intel to any government official. Intel’s prohibition against offering, promising or paying bribes also applies to third parties who provide services or act on Intel’s behalf, such as suppliers, agents, contractors, consultants and distributors. We must never engage a third party whom we believe may attempt to offer a bribe in connection with company business. Our anti-corruption expectations for third parties are set out in our Third Party Anti-Corruption Policy and Gifts, Meals, Entertainment and Travel (“GMET”) Policy for Third Parties. When doing business with governments, consult with Legal to be certain you are aware of any special rules or laws that apply. Obtain the required approvals in our Worldwide Business Gifts, Meals, Entertainment, and Travel Policy (“GMET Policy”) before providing anything of value to a Government Official.

Intel Code of Conduct, January 2017.

 

Vodafone

Ethics: Our Code of Conduct explains what is expected of everyone working for and with Vodafone, including employees, contractors, subsidiaries, joint ventures and suppliers. It also sets out Vodafone’s responsibilities to our people, partners and shareholders. Available in 14 languages, the Code requires employees to act ethically, comply with legal requirements, apply our Business Principles and speak up if they suspect any breaches of the Code. It is designed to be a one-stop shop to help employees understand all our key policies and it is clearly linked with working in The Vodafone Way. We regularly review the Code to ensure it remains relevant to our business and will next update it in 2015/16. We are also members of the Institute of Business Ethics and Transparency International and use this to benchmark our ethics and compliance programmes against best practice.

Sustainability Report 2014/2015, p. 131

Source

Accessed 6 March 2017.

CONTINUE READING