Global Anti-Bribery Guidance

Ensuring that transactions are properly recorded in the books and records counters bribery risks by safeguarding the assets of the company, ensuring they are used properly.

Financial controls are an essential element of the anti-bribery programme.  Bribes, as transfers of advantage or value, often require access to company assets, and related transactions will typically be disguised in the financial records of a company.  Effective financial controls should ensure that company assets are used properly, by requiring appropriate approval processes and that transactions are properly recorded in the books and records.  

Examples of risks countered by financial controls

• Unauthorised use of assets or services offered or given as bribes.
• Expense claims are inflated to create funds to facilitate bribery such as providing gifts, travel and cash payments.
• Rush orders or emergency measures which may otherwise enable a transaction to operate outside the approved financial controls and funds are then generated to make bribes.
• False invoices submitted for services not provided or companies that do not exist.

Financial controls are just one aspect of an internal control system. An internal control system comprises the policies and procedures designed to provide reasonable assurance that operations are effective, financial reporting is reliable, and that the company complies with applicable laws, regulations and its own corporate governance policies.  A weak internal control system has contributed to various instances of corporate bribery.

‘[The company’s] lax internal control environment enabled its subsidiary to pay millions of dollars to a politically-connected front company for the [political party] to win contracts with the government. [The company] then unlawfully mischaracterized those payments in its books and records as consulting fees and other legitimate payments.’

Enforcement Division, SEC, Press Release

Financial controls play various important roles in preventing bribery.

• Ensuring proper access to funds: Controls can prevent unauthorised access to assets that could be used by individuals to facilitate bribery.  They consist of approval processes, checks and balances, well-designed systems for work flows, documentation and accurate books and records.
• Enabling the business to obtain a more detailed understanding of transactions: Financial controls should record detailed information on the nature of a transaction and the rationale for it. A company should be able to use this information to assess if a payment was made for a genuine business purpose and whether the transaction complies with anti-bribery legislation and other applicable regulations.
• Monitoring, auditing and review: The threat of detection by monitoring and audits is a powerful preventive measure. Monitoring also allows management the opportunity to judge where controls are working effectively and where improvements need to be made.
• Deterring bribery: The presence of effective financial controls can act as a deterrent to those contemplating facilitating bribery.
• Evidence for investigations: Controls provide documentary evidence in the case of investigations or court proceedings when enforcing anti-bribery policies and laws.
• Accurate books and records: Internal financial controls will improve the accuracy of books and records. Many instances of bribery have come about as a result of record-keeping failings.

Financial controls should be designed to counter the bribery risks identified through risk assessment exercises. When designing financial controls it is helpful to consider the following four key concepts:

1. Segregation of duties: The segregation of duties ensures that no one individual has access to cash and other company assets. By ensuring no one person has exclusive control over an area of financial operations the risk that company assets can be misused can be limited. For example, if several employees are required to participate throughout the procurement to payment cycle for a new third party vendor, it is harder for an individual to set up a shell company in order to facilitate bribery.
2. Control over assets: Controlling access and use of physical assets to prevent theft, improper use, bribery and corruption.
3. Delegation of authorities: Where a process is be deemed to represent a higher risk to the company, for example if a payment is above a certain agreed threshold, responsibilities should be assigned to those with the appropriate competency.
4. Documentation: A requirement to provide and retain sufficient, appropriate supporting documentation for financial records increases the transparency of transactions. Requiring supporting documentation for financial transactions can mean it is more difficult for company assets to be exploited for illegitimate purposes.

Checks and balances are an important part of financial controls as they ensure accuracy, reduce errors and prevent improper behaviour. The key checks and balances are listed below.

• Assignment of authorities: Designation of the scope of authority.
• Separation of functions: Internal checks should be maintained to ensure that no one employee has responsibility for more than one step in a transaction from completion to review. Operational functions should be kept separate from record keeping functions (recording transactions and reconciling accounts). Purchasing functions should be kept separate from payables functions.
• Counter signatures.
• Financial thresholds for approvals.

Cash controls are vital for addressing bribery risk.

Preventive

• Eliminate cash use wherever possible.
• Restrict access to cash to named personnel.
• Set an upper limit on the value of physical cash held.
• Use company credit cards for the payment of expenses.
• Set limits on individual transaction values.
• Control cash per diems (daily allowances for expenses). Where they are required by a public official, specify the level of per diems in the contract and require receipts from the officials.
• Document expenses and any other cash transactions.
• Control petty cash.
  • Set limits on the types of expenditure that can be paid from petty cash.
  • Include payments from petty cash in company books and records such that there is an accurate document trail of the substance of the transactions.
  • Obtain and file receipts and other supporting documentation for all payments made from petty cash.

Detective

• Regular reconciliations of petty cash balances and physical counts of cash.

• Review of petty cash reconciliations by a senior person.
• Scrutiny of unauthorised or undocumented cash payments.
• Carry out spot checks of petty cash held and the associated records.

Bribery scandals have frequently involved payments out of ‘slush funds’ i.e., funds that have been accumulated in bank accounts from commissions, kickbacks or other receipts and not recorded in official books and records. Consequently, there must be an absolute rule that all transactions are truthfully recorded in the official books and that there are no ‘off-the-books’ accounts. Controls should be implemented that include regular bank account reconciliations and segregation of duties. Independent checks on bank accounts and agents, including communications with the company’s bank are also necessary controls. Controls are also needed in relation to the approval process for discounts, rebates and credit notes outside the sales function. Risks can also arise in relation to ‘shell companies’ and special purpose entities. They may be created specifically for corrupt activities and used to hold slush funds for paying bribes or to receive monies obtained via corruption. Whilst such entities may legitimately hold substantial assets and liabilities of a business, they may be opaque and hide the underlying beneficial ownership. 

Payments for transactions should be in the country of operation of the country of location of the responsible business unit. Payment in another jurisdiction may be an indicator of improper activity and potential money laundering. Controls should be implemented during the process of on-boarding of third parties, including identification of the location of the relevant bank account. 

Controls should be implemented in relation to the use, movement, write-off or deaccession of assets and inventory. There should be a procedure for approval and tracking of assets. Documented checks should be carried out to ensure that the procedure is working.  The use of an automated system will help in this.

Accurate accounting and record keeping is of the utmost importance to the anti-bribery programme as it allows checks to be made that proper procedures are followed. It can also provide documentary evidence in the case of investigations or court proceedings undertaken to enforce anti-bribery policies and laws.

Books and records controls

• Books should be maintained on a current basis.
• Transactions should be recorded chronologically and supported by original documents which can be cross-referenced in relation to each stage of the workflow or transaction.
• Ideally, there should be a comprehensive automated filing system although, in practice, companies may find this hard to achieve as it can be difficult to consolidate a mix of automated systems but also because of the scale of the task of maintaining comprehensive records.
• The aim should be that an audit trail of each transaction from origin to completion is provided.
• Ensuring compliance with anti-bribery rules follows largely the same process as that used for combating fraud.
• Initiating the transaction, the physical handling of goods and of cash, authorising or receiving payments and recording the transaction in the books of account should be performed by different employees. This procedure is normally described as segregation of duties.
• Spot checks on the internal accounting control process should be part of the supervisory function in the purchasing, sales, stores, production and accounting departments. 

Master file data integrity

Controls should be implemented in relation to allowing changes in vendor master file details and detection controls requiring review of changes in bank accounts as well as the use of off-shore vehicles.

Third parties: contractual provisions, rights and monitoring

The company’s controls will only be as good as those of its third parties. Third party contracts should require that adequate anti-bribery controls are in place and that the company has the right to inspect books and records, and to carry out inspections and audits including spot checks. The company should carry out due diligence and monitoring of high risk third parties including checks on the design and implementation of their anti-bribery programmes. For detailed guidance, see the TI-UK publication Managing Third Party Risk. 

An emerging area is the use of forensic software systems to monitor financial transactions and red flag unusual transactions, for example, an unduly high number of purchase orders placed by an employee just below an approval level requiring a counter signature. Electronic dashboards can provide the management with information on the progress of contracts as well as analytical tools for reviewing and highlighting trends in high-risk transactions such as expenses claims.

7.4.9.1      Continuous monitoring

Responsibility for financial controls monitoring should be implemented at all levels of the company. For example, supervisors and managers should scrutinise expenses payments and reconcile transactions such as by checking that orders have been recorded as received. Training should emphasise the need for all employees and particularly those involved in high-risk transactions, to be alert to signs of fraud, bribery or other corruption and to know what to do in such situations.  Employees and third parties should be encouraged and assisted to suggest improvements to financial controls.

7.4.9.2      Spot checks and observation

Spot checks of the internal accounting control process should be applied in the purchasing, sales, stores, production, and accounting departments. When dealing with high-risk operations such as the use of agents or remote business units, it might be necessary to place an employee in agent’s office or the business unit to monitor and observe practices.

7.4.9.3     Internal audit

Internal audit is both an internal financial control and an essential part of a company's monitoring and improvement process. Usually, an internal auditor reports directly to a board audit committee and internal audit reports are also reviewed by senior management. The role of internal auditors is to conduct operational as well as financial audits. Internal audit forms part of the anti-bribery programme as its purpose is to examine risks, assess the effectiveness of financial controls, contribute to improvement and detect bribery. Some points to consider are:

• As with anti-bribery risk assessments and due diligence, the focus of the auditor’s efforts should be on high-risk areas.
• The frequency of internal audits will be shaped by the relevant risks. Some areas may be subject to annual reviews whilst others, such as training provision, may be less frequent, perhaps every three years. The available resources will also be a factor in how the audits are scheduled. A rolling programme of audits will spread the demand on budget and people resources.

Transaction testing: Transaction testing checks should be carried out to ensure that controls are working correctly. These should focus on the high-risk transactions for bribery identified during the risk assessment process. For a list of some key elements of transaction testing, click here.

Support functions and professional advisers: Internal audit reviews can be supported by both internal and external providers. Internal functions that may offer such assistance include supply chain, excellence and quality management. The external provision includes the appointment of external auditors, reviews by anti-bribery professional advisers and external independent assurance. 

• There are appropriate controls such as segregation of duties and these are applied.
• Extraction and reconciliation of accounting data with careful analysis to determine that there is adequate supporting documentation.
• Checking that financial transactions are properly accounted for and that bribes are not hidden by misallocating to account codes or by being incorrectly described.
• Analytical tests on data and then an examination of samples (this includes a review of supporting documentation) of:
  • High-risk payments to distributors, subcontractors, and/or consultants.
  • High-risk transactions paid for using cash.
  • Checks for movement of funds to off-the books accounts.
• Where compliance letters are collected annually from staff most at risk to bribery, the internal auditor may be used to collect such returns and to investigate any exceptions reported.
• Detailed scrutiny of books and records including electronic data and analysis of accounts in sufficient detail, for example:
  • Expense transactions are recorded in a way that enables the substance of the transaction to be identified, including nature of product or service, price, provider and beneficiary of payments.
  • Sales transactions are recorded in such a way that the substance of the transaction can be identified, including the goods or services sold, the customer and the price.
  • Payments for high-risk expense types (includes visas, customs, taxes, government certificates, licences, bonuses, commissions, gifts, entertainment, travel, donations, marketing).
  • Employee expense reports for high-risk transactions.
  • High-risk revenue side transactions including price setting, discounts, credit notes and free of charge goods.