FOREWORD Combating corruption in
international business is now widely recognized as an essential step in maintaining a
sound international trading system and assuring the viability of democratic political
systems and market economies. This requires a comprehensive program, directed at
bribepayers as well as bribetakers. Corporate codes of conduct are a key part of such a
program.
In the U.S., corporate codes of conduct have been used for many years as a way to
achieve compliance with legal and ethical rules. The bribery scandals of the 1970s, and
the enactment of the Foreign Corrupt Practices Act (FCPA) in 1977, resulted in the
adoption of anti-bribery codes by many U.S. companies. Thus there is now almost two
decades of U.S. experience with anti-bribery codes. On the international level, the
International Chamber of Commerce (ICC) in Paris published Rules of Conduct to Combat
Extortion and Bribery in 1977. A number of non-U.S. companies have adopted codes modeled
on the ICC Rules. Many other companies were reluctant to adopt anti-bribery codes because
they believed that their competitors would continue to pay bribes.
Since the beginning of the 1990s there has been a worldwide epidemic of corruption
scandals, including Japan, South Korea and India, Italy, Spain and Belgium, Brazil,
Venezuela and Colombia, to mention only the most prominent cases. This has stimulated
interest in controlling corruption on a previously unprecedented level.
Transparency International (TI) was organized in Berlin in May 1993, as a
non-governmental organization to combat corruption in international business transactions.
TI is building coalitions, including business, civic and other groups, which support the
development of effective integrity systems. TI has established national chapters in over
four dozen countries.
In March 1996, following a year-long study, the ICC revised and strengthened its Rules
of Conduct to Combat Extortion and Bribery. The ICC is launching a follow-up program under
which its national committees in 62 countries will encourage their member companies to
adopt codes based on the new ICC Rules. The important role which corporate compliance
programs can play has also been recognized by the Federation of German Industry (BDI)
which issued corporate guidelines in 1995, as well as by Hong Kong's Independent
Commission Against Corruption.
TI's U.S. Chapter has undertaken this study of the best practices developed by American
companies as a contribution to the dialogue on what companies can do to control
corruption. The study was chaired by Howard Aibel, who served as general counsel of ITT
for more than two decades and is now a partner in LeBoeuf, Lamb, Greene & MacRae, in
New York. We hope that this study will be a useful resource to corporations and business
organizations around the world.
In the first section of the study, Howard Aibel discusses the reasons why it is in the
best interest of corporations around the world to adopt codes of conduct. The second
section, written by Jay Singh of Coopers & Lybrand, discusses the steps required to
integrate an anti-bribery policy with a company's overall risk-control strategy. The third
section, written by Scott Gilbert, General Electric's Counsel-Litigation and Legal Policy,
and a former federal prosecutor, describes the key elements for an effective anti-bribery
compliance program. The fourth section "Model Corporate Codes of Business
Conduct," consists of excerpts of key provisions from corporate policies selected by
Don Zarin of Dechert Price & Rhoads, in Washington, D.C., a leading authority on the
FCPA. The new ICC rules included among the Model Codes. The final section consists of
eight case studies prepared by Don Zarin, dealing with the application of the FCPA to
hypothetical, but nonetheless realistic, business situations. These case studies are
reprinted from Don Zarin's book, Doing Business Under the Foreign Corrupt Practices Act
published by the Practising Law Institute (1995). Many of the issues presented in those
case studies are likely to arise in the administration of codes of conduct of companies
that are not subject to the FCPA..
Combating corruption in international business transactions is an extremely difficult
undertaking. It will require private sector initiatives, as well as actions by national
governments and by international agencies. While no single remedy will be decisive,
different remedies reinforce each other. The experience of Hong Kong has demonstrated that
the synergetic effect of interacting measures can successfully clean up an extremely
corrupt system.
Corporate compliance programs are a key part of a comprehensive anti-corruption
strategy. They are important in influencing corporate conduct. In addition, they enhance
the effectiveness of government actions. The use of corporate codes of conduct in the U.S.
has clearly increased compliance with the FCPA. The threat of criminal penalties has
strengthened corporate compliance efforts. The adoption of codes of conduct has also been
encouraged by the provisions of the U.S. Sentencing Guidelines which provide heavier
penalties for companies without compliance programs.
Similar synergetic effects can be achieved in the field of government procurement. By
making the use of corporate codes of conduct a condition of eligibility for bidders,
procurement agencies will improve the integrity of the procurement process and also
encourage wider use of corporate codes.
Progress on the international anti-corruption agenda is being made on many fronts. The
Council of the OECD has taken a strong position on ending tax deductibility of bribes paid
to foreign officials; the OECD is also making progress on proposals to criminalize bribery
of foreign officials. The new Inter-American Convention Against Corruption will make
transnational bribery a crime in the Western hemisphere. Additional measures to curb
corruption are being considered by the World Trade Organization and by the World Bank.
Actions by the ICC and by TI to promote wider use of corporate codes are an important part
of a worldwide effort.
Fritz F. Heimann
Chairman, TI-U.S.A.
June 4, 1996
The Corporate Interest In Combating Corruption By Howard Aibel
In the pages which follow can be found examples of corporate codes, policies and
practices which are published here as examples of the kind of self-imposed restraints
which leading corporations have adopted to govern the activities of their enterprises in
export market. The common goal is to end corruption of government officials and other
customers as a factor in the process of purchasing goods or services. Why, one might ask,
would aggressive entrepreneurial businesses forego using a frequently effective tool -- a
bribe -- to secure business? Is there not a responsibility to the enterprise, its
stockholders and employees not to lose business to competitors who have no qualms about
paying bribes?
In fact, the best interests of the enterprise, its stockholders and its employees are
far better served, even in the short run, by resisting the temptation to use corrupt means
to get the order. The use of bribes changes the competitive dynamic which is the vital
force driving the enterprise into the future. Instead of competing by providing superior
goods and services at competitive prices, competition turns on who offers the biggest
bribe. Not only do bribes add to the cost without adding value to the customer, procuring
business in this way can lead a management to avoid the arduous work of innovation and
cost reduction. Bribes may "sell" obsolete and high priced goods or services in
a developing market, but the enterprise may lose its competitive edge in all markets as a
result.
Toleration of bribery inevitably undermines management control. Because there is a need
to prevent disclosure, secrecy and masking book entries are required. How does management
really know whether the clandestine expenditures were really made for the asserted
purpose? Does some of the money stick to the fingers of the intermediary, or worse yet, to
the fingers of the enterprises' own employees?
Consider as well the corrosive effect on discipline in the organization resulting from
the blackmail potential created by illicit payments: a manager feels that an unjustified
promotion must be provided, or that a nonperforming employee cannot be discharged because
the employee has knowledge that corrupt payments were made to secure business. Moreover,
it is unrealistic for companies to attempt to operate on a double standard; that is paying
bribes in countries where corruption is common and competing honestly at home and other
countries where bribery is not considered the norm. Managers administering so called
"slush" funds may find it difficult to resist the temptation to use such funds
whenever, in their unmonitored and uncontrolled judgment, doing so may help with orders in
home markets. Indeed, the corruption scandals of the last five years show that it is often
difficult to differentiate between states that are "honest" and those that are
"corrupt." The recent news accounts of bribes paid in Italy, Japan, France and
England are sufficient demonstration of this proposition. Experience with corporate
compliance programs in the U.S. has demonstrated that they are effective only when there
is a clear and consistent message. Mixed messages -- corruption in some places is
acceptable but not in others -- undermine the effectiveness of the program.
Undoubtedly the most serious adverse impact on the enterprise is caused by public
disclosure of corruption. Damage worldwide to a reputation for integrity and ethical
behavior, developed through decades of good corporate conduct, is a serious consequence
which must be anticipated. Moreover, such disclosure could result in significant risk of
loss of the enterprises' property in the country involved. Public disclosure of bribes
will trigger enforcement of previously rarely if ever enforced civil and penal provisions
punishing corruption. This could result in penalties being imposed on individuals as well
as the enterprise. Charges that bribes had been paid can put at risk the completion of
projects and payment for work already performed. Experience teaches that threats to the
physical security of personnel at the contract site are far from remote possibilities.
Realistically, the opportunities to continue to do business in the future in the country
involved would not appear to be too promising.
In the past five years, public concern over corruption has increased. There is much
less toleration of bribery in the nineties than before. The major reason why toleration of
corruption has decreased is the much greater freedom of the press. As political systems
have opened up and democratic institutions have expanded, investigative journalists no
longer regard high level corruption to be "off limits." Similarly, French judges
and Italian magistrates after decades of not doing so have recently gone after even the
highest and most prominent political and business leaders. The corruption scandals of the
nineties are different from those of the seventies, which mainly resulted from U.S.
investigations following Watergate. Importantly, the scandals of the nineties are the
result of local investigations. The corporate governance movement has spread from the U.S.
to Western Europe. "Whistleblowers" are no longer a species solely indigenous to
America. Thus, the risk of getting caught has increased and so have the penalties.
There is probably not a reader of these materials who would not say that the making of
corrupt payments is contrary to his or her personal code of ethics. What needs doing in
the market place is the putting into practice of these ethical principles. The fight
against corruption involves much higher stakes than whether a company gets an order or
whether any particular company or government official gets caught. If corruption cannot be
curbed effectively, the expansion of market economies and of democratic institutions will
be threatened. As President Henkel of the Federation of German Industry has recently put
the proposition so eloquently: "The private sector has an immense interest in solving
this problem, because corruption not only increases the costs and hinders competitiveness
of companies, but corruption can undermine our market economy system and finally even our
society."
There is now widespread recognition by international government organizations, by
national government and by civic and professional groups that major efforts to combat
corruption are needed. Business organizations and corporations should work in support of
such efforts. Business must be a part of the solution so as not to be considered a major
cause of the problem.
Integrating Anti-Bribery Compliance into Corporate Control
Strategy By Jay Singh
Before discussing the specifics of a corporate anti-corruption compliance program, it
is important to first lay out the context and environment which make such programs
successful. The most effective anti-corruption compliance programs are integrated into an
overall business risk management and control framework. An isolated approach, involving a
separate infrastructure is likely to be both more costly and less effective that an
initiative integrated into an overall business risk management structure. Within a large
company, the competition for CEO and senior management attention is intense, and it is
important that anti-corruption controls not be perceived as peripheral measures that can
be delegated to subordinates.
The Integrated Approach
One integrated framework for business risk management which has emerged as a standard
in the U.S. and as a guide to the development of similar standards in other countries is
the study published by the Committee of Sponsoring Organizations of the Treadway
Commission, commonly known as COSO. Entitled "Internal Control -- Integrated
Framework," it offers a common business risk and control language, an integrated
approach to managing and controlling risks, and a framework and standard against which
organizations can measure the effectiveness of their internal controls.
The cornerstone of the new approach embodied in COSO is CEO ownership of the
organization's control functions. While traditional controls focused on accounting and
financial controls, with responsibility assigned to the Controller or the DFO supported by
the Legal and Internal Audit Departments, COSO makes the CEO the owner of controls. In
addition, risk assessment and control functions are embedded in core business process, and
all employees share responsibilities for them.
COSO identifies five interrelated components of control:
1.Control Environment: The core of any business it its people -- their
individual attributes, including integrity, ethical values and competence -- and the
environment in which they operate. Unless the Board, CEO, and senior management set the
"tone at the top" and foster an environment that discourages corruption, no
anti-corruption compliance program is likely to succeed. To create the proper control
environment, senior management should:
Communicate mission, purpose, shared values, and objectives of the organization. When
these are not clearly communicated and reinforced, employees lose clarity and focus and
may inadvertently make the wrong trade-offs and decisions. To reinforce the importance of
the anti-corruption program, senior management should demonstrate its commitment by taking
the steps outlined on page 9 below.
Establish clear boundaries of acceptable behavior. Employees need to feel empowered,
yet organizations have to place specific boundaries and limits. Members of Senior
Management need to exemplify the core values of the organization in their daily actions
and interactions. In addition, the organization must issue a clear written statement of
policy that articulates the corporation's anti-corruption commitment in the contexts in
which the issue may arise. The components of a statement of policy are described on pages
9-10 below:
Select and develop the best people. It is management's responsibility to ensure the
competence of its people and organize, develop and motivate them to achieve corporate
goals and objectives. Human resource policies, such as, hiring, training, performance
appraisals, incentives and compensation, career path planning, etc., play an important
role. Performance reporting, promotion and compensation should be specifically linked to
risk management and control, including compliance objectives of control.
Establish accountability at all levels of the organization for risk controls. Internal
control is everyone's job; each employee must understand his/her role in the integrated
process and be held accountable for it. Clearly, roles and responsibilities for an
anti-corruption compliance program must be built into process objectives and measurements
and must be considered in developing business strategies and business risk assessment.
Create an environment that encourages the free flow of information and concerns
throughout the organization. There should be upward, downward, and horizontal
dissemination of information about opportunities, risks, and controls throughout the
organization. Airing of issues and concerns should be encouraged and vehicles provided to
employees for voicing them without fear of retribution. Without such an environment,
employees will be reluctant to report possible violations or concerns, so important to the
success of any anti-corruption program. See page 15 below:
2. Risk Assessment: Every entity faces a variety of risks from
external and internal sources that must be assessed. A precondition to risk assessment is
establishment of objectives, linked at different levels and internally consistent. Risk
assessment is the identification and analysis of relevant risks to the achievement of
objectives, forming a basis for determining how risks should be managed. Thus, identified
risks should be prioritized based on the likelihood of their occurrence and the resulting
consequences in terms of economic loss, business interruption, and loss of business
reputation.
Accordingly, once the objectives of an anti-corruption program have been set at the
corporate level, they must be translated and linked to objectives at other levels of the
organization (i.e., by business line, by organizational entity, by geography, etc.). Risks
to the achievement of the program objectives at each level must be identified, sourced,
measured, and prioritized.
3. Control Activities: During the risk assessment process, significant
controllable compliance risks will be identified that may be unacceptable at the existing
level. Steps must be taken either to strengthen controls already in place or design and
implement new controls to reduce risks to acceptable levels. Control activities occur
throughout the organization and include a range of activities as diverse as approvals,
authorizations, verifications, reviews of operating performance, segregation of duties,
etc. A critical element of an anti-corruption program is a set of detailed controls to
govern the appointment of sales representatives. Examples of such controls are given on
pages 11-13 below.
4. Information and Communication: Pertinent information must be
Identified, captured and communicated in a form and timeframe that enables people to carry
out their anti-corruption responsibilities.
Education and training must be provided to teach personnel about their
responsibilities.
A reporting mechanism should be available for employees to communicate concerns without
fear of retribution.
Information systems are needed to produce reports containing operational, financial and
compliance-related information that make it possible to run and control the business.
Information about the risks within the markets served by the business must be
disseminated.
Finally, effective communication by external parties, such as customers, suppliers,
regulators and shareholders, must occur.
5. Monitoring: Anti-corruption control systems need to be monitored --
a process that assesses the quality of the system's performance over time. This is
accomplished through ongoing monitoring activities, separate evaluations or a combination
of the two. Ongoing monitoring occurs in the course of operations through regular
management and supervisory activities and other actions personnel take in performing their
duties. The scope and frequency of separate evaluations, such as audits or internal
investigation activities, will depend primarily on an assessment of risks and the
effectiveness of ongoing monitoring procedures. Internal control deficiencies should be
reported upstream, with serious matters reported to top management and the board. Once
deficiencies are identified, remedial acts must be taken.
The Building Blocks of An Anti-Corruption Program
The specific elements of an anti-corruption compliance program, designed to be
integrated into an integrated control environment, are described in the pages that follow.
Examples of actual compliance programs are provided in the appendix. They all have the
following common themes:
- - The Board and CEO must create a control environment that places high priority on
compliance by fostering a "zero defect" mentality with respect to compliance.
- - Compliance requirements must be identified and communicated to business units so that
they can be included in the company's overall risk assessment process.
- - Process owners should be assigned for compliance programs with Responsibility for
ensuring the ongoing effectiveness of the risk Management process and the performance of
risk controls in reducing identified compliance risks to an acceptable level.
- - Compliance should be monitored through ongoing and periodic Monitoring activities that
is, through management and supervisory Actions and through internal and external
compliance audit programs.
awareness of local laws that may apply to the approval/retention process
3. Qualification of the third party
- - resources and expertise: financial resources, personnel, experience - reputation -
location
4. Screening
A process should be implemented to ensure that the third party is qualified and can be
expected to abide by the anti-bribery policy
-written recommendation from sales manager documenting commercial need for appointment;
duties; goals; verification of qualifications
- written application by third party
- names under which applicant has conducted business;
- names of owners, partners; shareholders;
- principal officers;
- relationship between any owner or employee of the applicant and any government official;
- affiliated organizations;
- description of organization;
- description of people who will be working on behalf of the company;
- background information;
- branch offices
- qualifications of sales persons
- financial references (bank, clients, etc.);
- general references (other firms, including applicant's relationships with such firms);
- financial data (2 years' financial statements);
- litigation history;
- Reputation check from references and other sources;
- Discussion with the third party about the company's commitment to the anti-corruption
policy and the necessity of complying with it.
5. Approval by senior management
6. Written agreement
A written agreement should be signed with the third party representative, before the
representative undertakes any work for the company. The written agreement generally should
contain the following elements:
- Explicit prohibition against illegal payments
- Provision for immediate termination I the event of breach
- Limited term to assess performance
- Explicit representations by third party that no owner; partner; officer; director or
employee is or will become an official of any government of a country in which the
representative is selling company products without explicit approval of the company
- Agreement to abide by the company's anti-money laundering policy.
B. Compensation
Excessive compensation is one of the principal mechanisms that can be used to fund
bribery. Standards should be established that require compensation to be established in
light of specific criteria such as services to be provided; past performance; competence
and resources to be utilized; complexity of the transaction; prevailing rates in the
relevant market. Typically, commission rate schedules should be established for given
markets, and any deviations from such standards should be permitted only upon
authorization of senior management. A sliding scale for commission rates is appropriate --
reducing the percentage payable as the value of the order increases. For example, a 5%
commission on a $1 million order may be appropriate; a 5% commission on a $4 billion order
should raise red flags.
Method and place of payment. Permit only forms of payment that leave a record that the
payment has been deposited into a bank account held in the name of the third party
representative. Payment by cash and bearer instruments should be prohibited. Acceptable
forms of payment include check payable to the third party representative and wire transfer
to a bank account bearing the third party representative name. Payment should only be made
in the country where the products or services were sold or in the country of the third
party representative's headquarters. Exceptions to these requirements should be permitted
only upon approval by senior management and counsel, together with a written statement
providing a bona fide justification for the exception.
C. Monitoring: Red flags
Evidence suggesting that the third party might not adhere to the policy should be
vigorously investigated at any stage. Examples of red flags include the following:
- Unusual payment requests;
- Unethical practices, e.g. preparing false documents, false answers to questions;
- Press reports suggesting unethical behavior;
- Comments that hint of bribery;
- Apparent lack of commitment to policies;
- Termination of agreement by other clients;
- Unfavorable reference checks;
- Requests to keep relationship secret;
- Unusually favorable payment terms;
- Lack of concern about product quality, training, warranty;
- Request to split payments into small amounts;
- Request to make payments in a different currency than appropriate for the agreed upon
address for such payments;
IV. Internal Controls and Recordkeeping
A. Policies and procedures for approving expenses should require:
That there was independent approval at a higher level that at which the expense was
incurred
- Limits should be established for gifts, entertainment, and business courtesies to and
from clients, vendors, government officials, and former U.S. government employees
- "High risk" expenses/payments, e.g., ambiguous situations and possible
exceptions, should require prior top management approval
- Above a specified amount (say $15), no expenses should be approved without complete
back-up documentation, e.g., invoices, receipts, contracts, etc.
That the area processing the payment/reimbursement (such as the Accounting or Accounts
Payable department), must verify that proper approval and documentation exits
That there is adequate segregation of duties between the authorization, approval, and
payment/reimbursement processes
That there is provision in the company's general ledger to segregate facilitating
payments and "business courtesy" expenses
B. The company's Accounting Policy should have explicit
prohibitions against false or "masking" entries
Records and documentation for payments/reimbursements must be maintained in accordance
with a records retention and archival Policy which is consistent with IRS and other
applicable laws and regulations, e.g., The Annunzio-Wylie Anti-Money Laundering Act.
Accountability for enforcing these policies and procedures must be Established at
various levels of the organization (departments, divisions, locations, subsidiaries,
corporate, etc.)
V. Training and Education
A. Who
- New employees should receive training in the policy upon entry into the company;
training should be refreshed annually.
- Third party representatives should receive training in the key elements of the
policy.
B. What
The most effective teaching tools are those that confront the trainees with realistic
situations, such as the case studies prepared by Don Zarin (See Tab "Case
Studies," below.)
VI. Reporting Mechanism for Concerns about Violations
A. How
The Company should encourage or require employees to report any possible violations of
the Company anti-bribery policy and should provide a variety of mechanism for such
concerns to be reported. Examples include:
- A "hotline" or "helpline": a toll-free number for employees to
report a possible violation of policy or to get advice concerning the application of the
policy to specific fact patterns. Employees should be permitted the option of reporting
anonymously.
- An Ethics Office or Ombudsman to whom employees may raise their concerns.
B. Non-retribution
The Company should prohibit retaliation against any employee who reports a violation of
the policy.
VII. Audit
Periodically, auditors, either internal or external, should determine whether each
element of the compliance program is functioning. Auditors will interview employees and
third party representatives, examine "due diligence" files, agreements and other
documents associated with third party relationships, and examine accounts pertaining to
compensation paid to the third parties. Weaknesses or deficiencies noted should be
corrected.
VIII. Investigations and Remedial Action
Upon the discovery of a "red flag" or possible violation of the anti-bribery
policy, an investigation should be undertaken under the supervision of counsel, to
determine if any violation has occurred. If a violation is discovered, appropriate
remedial action, including disciplinary action and enhancement of procedures, should be
undertaken. If the investigation reveals a violation of law, counsel should consult with
senior management to determine whether disclosure to law enforcement authorities is
warranted.