A new anti-corruption ISO

The publication of the new ISO international standard on anti-bribery programmes comes as a timely reminder of the best practice measures that organisations should be taking to combat bribery, both internally and their third party community – agents, lobbyists, suppliers, distributors and other business associates.

The ISO is intended to support and reinforce systems companies may already have put in place and to clarify ways in which they can be implemented most efficiently and effectively.

The importance of anti-bribery risk assessments

Once again, the anti-bribery risk assessment is right up there as a key early task in any organisation’s anti-corruption programme.

It’s been a while now since the UK Bribery Act 2010 shook the corporate world up, extending as it did UK law to include the corporate (and extra-territorially applicable) offence of ‘failing to prevent bribery’ and exposing directors and senior executives to prison terms of up to ten years should they be convicted of offences under the Act.

When the Act came into force five years ago – wow, how time flies! – in-house lawyers and compliance officers were sent scurrying away to dust off anti-bribery compliance policies and introduce complementary ones in grey areas such gifts and hospitality, at a time when worried executives were gagging to know whether they could accept their usual invitation to champagne jollies at Wimbledon or Pimms’ parties at Henley.

Anti-corruption conference leaflets thudded on every legal department doormat offering (yet-to-be-developed!) ‘expertise’ on what companies should do to benefit from the defence that their organisation had put in place ‘adequate procedures’ to mitigate the risk of bribery. (We still don’t know definitively, by the way, but the latest ISO is a helpful step along the road)

One of the first measures companies were advised to take was a risk assessment, an exercise designed to identify where the organisation was exposed to bribery risk and what the scale of the problem was – typically accompanied by a set of recommendations for action.

Many rushed to do so. This writer and no doubt hundreds other lawyers and advisers were occupied full-time it seemed in drawing up questionnaires, sending out online employee surveys, conducting interviews with executives across the globe, and sending back to boards detailed reports or just summary heatmaps, colour charts highlighting global operations according geographical, transactional and other categories of corruption risk.

Then, more recently, things seemed to settle down. Those companies galvanised into action in 2010/11 had got on with it and done it: tone from the top wheeled out, risks duly assessed, policies and procedures put in place or refreshed, speak-up lines installed.

And those that at the time thought the regulators wouldn’t target them probably focused on ‘more pressing’ priorities, waiting to see if the Act actually had teeth.

Then there were those who were full of good intentions but because of other plans or lack of budget just didn’t get around to it.

At times it appeared as if the world had moved on.

Make no mistake, it hasn’t. The new ISO comes as a timely reminder that the bribery and corruption monster never sleeps!

The need to repeat and refresh risk assessments

The ISO specifically reminds us that risk assessments are not just a one-off exercise: they must be repeated at regular intervals and conducted whenever appropriate to respond to significant changes in the business.

The excellent guidance on risk assessment and analysis, Transparency International/PWC’s ‘Diagnosing Bribery Risk’, is among other informed commentaries and guidelines which stress the importance of revisiting and repeating risk assessments as part of an organisation’s ongoing anti-bribery programme.

We are easily lulled into a sense of false security when tasks have been accomplished and nothing happens for a while.

Do not let this happen in your organisation. Keep anti-corruption risk high on the agenda. Revisit and re-assess it regularly – and make sure your findings are reported and acted upon!

Paul Rew

Copyright McDougall Rew © 2016