Anti-bribery and corruption policies – what should they include?

Many Australian companies do not pay sufficient attention to the bribery and corruption risks of operating offshore, an industry expert has warned.

Construction giant Leighton Holdings conceded today that it had no specific anti-bribery and corruption policy for its international subsidiary. That same subsidiary is accused of paying bribes to help secure contracts in southern Iraq. Its operations are currently being investigated by the Australian Federal Police as well as the Iraqi Oil Ministry.

The head of Deloitte’s forensic practice, Frank O’Toole, says many Australian companies are still not sufficiently alert to the corruption and bribery risks of operating overseas. However, he says Australian companies are “10 times more aware than two years ago” because of a number of high-profile bribery cases that have been covered in the press, as well as new anti-bribery legislation.

In early 2010, the Commonwealth Criminal Code was amended to include much larger penalties for bribery. The government is also currently considering whether to remove a defence for facilitation payments, bringing Australian law into line with the UK Bribery Act.

The Organisation for Economic Co-operation and Development has observed that Australia has been slow to embrace enforcement. A 2009 OECD report criticised Australia for lacking legal sanctions against the bribery of foreign and domestic officials that are “effective, proportionate and dissuasive” in light of the scale and resources of many Australian companies in the global marketplace. Transparency International, an advocacy group, has also called for bigger Australian penalties.

“The penalties were quite soft in the early days,” says O’Toole. “For organisations, particularly in high-growth opportunities in China and south-east Asia, managing a risk such as this when it hasn’t been on the radar [for legislators] isn’t top of mind.”

Clear corporate policies regarding bribery and corruption are an important first step for companies seeking to address the operational and reputational risks. O’Toole says a good bribery policy needs three components: prevention, detection and response.

“Prevention sounds obvious, but it’s important,” he says. You need education and training. You need people to understand the expectations of the organisation. Internal controls, assessments or risk – these sort of things prevent bribery and corruption occurring in the first place.”

Detection requires companies to run red-flag analysis over their transactional data to find unusual payments. O’Toole says payments made without a clear purpose are a good giveaway. The last component is a clear response mechanism for bribes: for example, whistle-blower hotlines and other reporting mechanisms.

“An organisation can’t be half-hearted with this – they must have a zero-tolerance approach,” says O’Toole. “Therefore when incidents do arise, they must respond robustly and consistently.”

O’Toole says organisations often respond differently depending on the part of the world the bribe was reported in, or depending on to whom it was offered. This creates confusion, and undermines the effectiveness of the organisation’s response.

As for whether anti-bribery policies adequately distinguish between bribery and routine gift-giving, O’Toole says it is possible to be quite prescriptive while taking into account cultural nuances.

“The legislation itself out of the United States and the United Kingdom provides guidance on this,” he says. “But you need your own expectations and benchmarks around what is accepted.”

Bribery guidelines should take into account the deftness with which bribes are often sought.

“Quite often we see things like a gift to a university. So on the surface it looks quite legitimate, however, the board of chancellors who govern the university could have a member who is also on the board of a major company, and has influence over a tender. This is a very common way bribes and influence is sought.”

O’Toole cautions that successfully managing corruption risk goes beyond policy.

“The policy is a starting tool, it’s a framework… but it really is only the first step.”

He says it’s also important to know the risks of the geographies organisations are operating in.

“For example, in south-east Asia, the use of Asian consultants in business or distribution channels is very high risk. Knowing that before and whilst operating in those locations is very important.”

This due diligence should extend beyond geography. Australian businesses should also be aware of who they chose to partner with when expanding overseas.

“A lot of operations for Australian companies involve alliance or joint ventures, and much of the grief Australian organisations face for bribery and corruption comes through third-party channels. You need to know who you’re doing business with.

“Not only is this the right thing to do, but legislation specifically reaches out to third parties, and holds [the Australian company] responsible.”

O’Toole says the other thing companies can do, on top of a clear policy, is to maintain appropriate reporting and support channels. “If I’m involved in an eastern European country, and while involved with a major project sale, am approached for a bribe, I need to know who to talk to and where to go. That’s where support from the company is important. All too often the default position is ‘That’s how we do business here’.”

“It does happen,” says O’Toole. “We’re a big forensic practise, and that is partly because there is a lot of offshore opportunity, which brings with it offshore risk.

“Organisations do need to act now on this, to do more enforcement in Australia. There’ll be changes to enforcement framework which will ramp up our attention to this matter, the United Kingdom will enforce their act with enthusiasm, and United States will continue to do what they have been for 30 years. If it’s happening, you need to deal with it.”