The policies and procedures you create, implement, and enforce serve several purposes. They can mitigate liability and penalties for your company if someone within your company commits a corruption offense. They can help prevent corruption using internal controls. In addition, they educate employees on best practices, as well as accepted and prohibited actions.
The anti-corruption or bribery polices you put into place and communicate to employees should accomplish the following things:
1. Detail what the policies cover. For example: "This policy exists for all those who work for us to detail and make clear our zero-tolerance policy for corruption and bribery."
2. Detail whom the policy applies to so there are new questions. For example: "This company's policy applies to all employees, whether permanent, fixed term, or temporary, and also applies to contractors, trainees, homeworkers, and agency staff."
3. Detail the company's responsibility, as well as the employees' responsibility.
4. Detail the company's understanding of anti-bribery laws. For example: "Bribery refers to the act of offering, promising, or giving, agreeing to, or receiving something of value to influence an act or decision to gain undue advantage."
5. Make it clear that the company has a zero-tolerance policy for bribery and corruption.
6. Detail rules for accepting gifts, making facilitation payments, compelled giving, etc. You can create sub-sections in your policy for the different types of gifts and payments. Make it clear which one are acceptable, as well as the conditions for them to be acceptable. Also, make it clear which are never acceptable.
7. Detail how to prevent conflict of interest.
8. Detail how business should be conducted so as to avoid bribery
9. How to raise concerns or report corruption. Employees should be assured it is anonymous so they do not fear retaliation. You can offer a hotline number, an online reporting system, or any other method. Just be sure to provide exact instructions and reiterate that it is anonymous. Let them know exactly what to expect if they make a report.
It is important to have procedures in place to help prevent corruption. If an employee is committing bribery or any corruption offense, they may believe it to be in the best interest of the company, but it may also be in their personal best interest. Detailing the policies to all management and employees is not enough. You must put procedures in place to help prevent corruption, but also to catch it.
Let's talk about some procedures and best practices you can implement.
The first one is simply taking the time to know your employees. Management should make it a point to be involved with employees and get to know them. It is also important to be able to recognize potential signs of trouble. Watch for attitude changes in employees, as well as working habits. Remember that bribes can be made to officials, but your employees could also accept gifts or rewards from others in exchange for an inappropriate act. If an employee becomes unhappy or angry with the company or management and feels unappreciated, they be more receptive to unethical acts that could get your business into trouble.
Although we have discussed it before, it is important enough to discuss again. Every employee should be made aware of your company's anti-corruption and bribery policies. They should also know how to report anything suspicious. It is critical that you set up procedures for anonymous reporting to take the fear of retaliation out of making a report. Did you know that over 40% of fraud is detected because a tip was made? The same holds true for corruption and bribery.
Another way you can help to prevent corruption and bribery within your company is to rotate employees to different jobs on a regular basis. If you have a corrupt employee making corrupt payments to a public official or an official at another company, a second employee may catch the corruption when they take over the job. If your employees are highly trained in their positions and you can't rotate positions often or at all, you can also make sure employees are taking their vacations regularly. You can use their vacation time to review their activities. Although it is never good practice to make a show of distrust to your employees, you still want to monitor their performance and activities. Communicating the company's policy of continual monitoring lets employees know what to expect and eliminates feelings of distrust.
Internal controls should also be implemented to protect assets, ensure accurate accounting, and deter corruption and bribery. The segregation of duties is one internal control that you can implement. It makes it so that no one person is responsible for handling one task that involves a risk of bribery or corruption. An example of segregation of duties involving accounts payable might be one person opening envelopes containing payments and another recording the payments into the accounting system. This reduces the risk of transactions not being recorded or being recorded incorrectly.
Listed below are some other internal controls must implement to be FCPA compliant.
- Gift Giving. As stated earlier in this article, your compliance program's policies should detail the conditions under which gift giving is permitted, as well as when it is prohibited. An employee should never give or receive a gift in order to gain or agree to gain inappropriate advantage. Your policy should forbid cash gifts. It should also establish value limits, as well as the frequency. If a gift is high in value, the employee should be required to get authorization. All gifts should be documented with the recipient of the gift and the purpose of the gift.
- Vendors. In order to reduce the risk of a third party accepting a bribe from a vendor, there should be controls put into place. These controls should outline a vendor selection process that includes considering multiple vendors before selecting one. Vendors should be evaluated by price and quality. The vendor selection process should be audited regularly.
- Charitable donations. A company should always make sure that bribes are not being disguised as charitable donations. Any charitable donation should be required to be reviewed by a senior compliance officer before being made.
- Training. As stated earlier, a company's anti-corruption and bribery policy should be communicated to all relevant employees and third parties. Training should be done regularly, and it should be documented. A training program should include examples of corruption and bribery, as well as red flags.
- Human Resources. The HR department should conduct thorough background checks on new employees. It is critical to know if an employee is related to a public official and to make sure new employees receive compliance training.
Although in-person training should be done initially, you can re-communicate and continue training by using things such as online compliance training, micro learning, and online quizzes. You can use different formats to keep training interactive. Just be sure to document ongoing training.
Employees should be gently reminded to stay current on their training. They should know how often they need to be re-trained and understand the importance of it. However, some leeway should be given so that they can do it at their convenience. By using online training, both the compliance offer and HR can keep track of which employees are current - and which ones need that gentle nudge.
You must be ready to enforce policies or retrain employees if your policies are being misunderstood or ignored. Employees need to know these policies are not optional. In addition, there should be clear consequences if a policy is not adhered to.
That said, one way to reduce policies being ignored or misunderstood is to be as clear as possible as to why the policies exist. There are bound to be some employees who think a policy is not needed, goes too far, or gets in the way of their job. Make sure your employees understand why the policies exist, as well as to why continual training is needed.
If you change any of your policies, make sure you communicate and train your employees on the new policies. Laws and regulations change regularly, making policies outdated. Risks can also change that make new policies or updated policies a necessity. It is of the utmost importance to keep your employees in the loop. Provide regular communication and training to help prevent instances of wilful or non-wilful corruption or bribery.
Internal Financial Controls
The FCPA makes companies liable for the things they do, such as paying bribes. However, they also make companies responsible for things they do not do, such as keeping accurate records and books. The FCPA's accounting provision makes it so that companies must have internal controls in place. Not having these controls in place is a violation of the law.
The FCPA's accounting provision requires that security issuers of both U.S. companies and non-U.S. companies that are publicly traded in the United States maintain internal controls so that all transactions are authorized by management, access to assets is only with authorization, and the accounting records reflect assets.
Accounting controls help to make sure that company money is not used for bribery. In short, it means that those within your company who have the power to approve expenses are independent and have the authority. Approval for expenses is only given based on documentation that supports the need for the expense. All financial employees should be trained to spot red flags in the accounting process. In addition, regular monitoring, auditing, and testing must be done.
Detailed below are the most important internal controls your company needs to be FCPA compliant.
1. Accounts Payable controls should be put into place to make sure types and amounts of products and services invoiced are legitimate. They should also correspond to the description, prices, and amounts listed in the contract and any other documentation. All payments should be authorized against invoices. Invoice numbers should be monitored to catch duplicate invoices.
2. Payroll duties should be segregated, meaning different employees should be responsible for data entry, authorizations, and payments. If a change needs to be made to a payroll file, the change should be approved by someone who is not the person making the change. In addition, supporting documentation must be included. Payment reports should be regularly evaluated to make sure that only current employees are receiving pay checks from the company.
3. Petty Cash. There should be policies in place for petty cash. These policies should clearly outline the appropriate uses for petty cash, as well as authorization to use petty cash. In addition, any policies should make sure that access to petty cash is limited to only certain employees, and the use of petty cash must be authorized. The policies should also cover reimbursement. A company should regularly perform reconciliations for petty cash and review how it was used.
4. There also needs to be policies that dictate how the company manages claims, such as returned goods or complaints about a service. The policies should be clear on a consistent method for handling problems such as these. It should be required that all claims must be supported by documentation, approved by someone not involved in the transaction, then reported accurately and properly.
5. Policies should also dictate expense reimbursement rules. Reimbursement should always require approval from management and documentation that backs up the expense. Expenses of employees should be entered in an expense report in a timely manner after the expense has occurred. A company should record the identities of those receiving reimbursement, the purpose of the expense, and the required authorizations that were received. In addition, a company should pay extra close attention to expenses submitted by non-employees.
Some of the controls discussed above might just be normal business common sense to some companies. However, it is also important to recognize that implementing these internal controls and having the required documentation on-hand are not only complying with FCPA regulations, but also mitigating your company's liability if a corruption offense is committed by someone within your company.
- Prevalence and Laws of Anti-Corruption and Bribery in the UK
- How to Conduct a Risk Assessment in Anti-Bribery and Corruption Prevention
- United States Laws of Anti-Corruption and Bribery
- Monitoring Anti-Corruption and Bribery Compliance Program
- Bribery and Corruption Industry Considerations
- How to Write a Business Email
- Tips and Methods of Filing Bankruptcy For Your Business
- How to Build a Credit Identity for a Business
- Business Tips for Proper E-mail Etiquette
- How to Perform Online Business Marketing for Your Small Business
- How to Effectively Confront Difficult Employee Behavior as a Manager
- Business Owners Operational Liabilities and Insurance Needs
- How to Proofread and Edit Your Business Writing
- The Fundamentals of Accounting
- Important Business Guides: Job Interview Etiquette