Corporate Integrity
-
Upload
the-red-flag-group -
Category
Business
-
view
214 -
download
0
description
Transcript of Corporate Integrity
CorporateIntegrity
101
Scott Lane
CEO of The Red Flag Group
A collection of articles on making
Compliance a Competitive Advantage
Contents
4-7. The UK Bribery Act and Middle East
8-9. Compliance training high on the agenda
10-11. Top roles demand special screen tests
12-13. Business integrity proves profitable
14-15. System can increase profits and cut risk
16-17. Onus on business to step up and comply
18-19. Communicate to enjoy advantage
20-21. Ignoring risk strategy can lead to disaster
22-23. Firms should guard against espionage
24-25. Giving gifts can lead to jail time
26-27. Foster a culture of compliance
28-29. Governance must be wide-ranging
30-31. Training ensures customer satisfaction
32-33. Be wary when using agents abroad
34-36. Agents and consultants
Page 4
The UK Bribery Act and Middle East
There is little doubt in the business world today that Middle East is becoming an increasingly important market for the products and services of companies from around the world. This is particularly true of the cash-rich sovereign wealth funds holders such as Abu Dhabi, Kuwait and Qatar, which have become a stabilizing influence during the most recent financial crisis. Dubai as well is quickly bouncing back from the global recession. The sentiment is that if a company is not selling its products in rapidly growing Middle East, it is missing out on the best action.
However, an anti-corruption legislation with extraterritorial
reach will soon be enacted in the UK which will drastically
affect many companies operating in Middle East, regardless of
whether they were incorporated in the UK or not. As long as they
are carrying on any part of their business in the UK, they will
be caught by the Act. The UK Bribery Act, which received Royal
Assent in April, is expected to come into force in April next year.
Its provisions are in many respects stricter than those of the US
Foreign Corrupt Practices Act (FCPA)–a defacto compliance
standard for companies who operate internationally. Under
this new Act, companies which are carrying out business in
Middle East - where local business practices can contravene
well-accepted international anti-bribery rules – face increased
compliance risk.
Provisions under the UK Bribery Act
The Act introduces new bribery offences into UK law:
A general offence of bribing another person or
receiving a bribe – This will be based on the improper
performance test. There is an expectation that one performs his/
her duties according to a relevant expectation. This expectation
entails performing a function in good faith, impartially, while
importing a position of trust. Performance would be deemed
Page 5
improper if an action (or a failure to act) breaches that
expectation. The offence can be committed by a company, its
employees, agents or subsidiaries.
A discrete offence of bribing a foreign official – This
occurs where a financial or any other advantage is given, directly
or through third parties, to a foreign public official to influence
them in their official capacity to award or retain business
contracts. This offence does not require improper performance to
have taken place nor does the payment need to have been made
“corruptly” as required by the FCPA. This offence can also be
committed by a company, its employees, agents or subsidiaries.
A corporate offence of failing to prevent bribery –
This has generated the most interest, as it is a strict liability
offence for corporations and partnerships who fail to prevent
bribery from occurring.
T he Act states that if a person associated with an organisation
commits bribery to obtain an advantage for the company, then
the organisation is guilty of the offence regardless of whether it
was the organisation’s intent to do so. The company also does
not even need to be aware that bribery has taken place. The only
defence is if a company can show it has adequate procedures in
place that were meant to stop bribery from occurring.
Private Bribery - It has always been an offence under UK
law to bribe a private person and causing the said person to
perform their duties contrary to good faith or impartiality. The
Act simply continues to make the bribing of private persons
illegal.
Relevancy to Middle East
Like the FCPA, the UK Bribery Act includes extraterritorial
provisions that apply to Middle East – just like how it applies
to any other part of the world. Under the Act, the person
committing the bribery offence does not have to be a UK
citizen nor does the activity have to fall within UK jurisdiction,
but only that they maintain a “close connection” with the UK.
Commercial organisations include not only partnerships or
companies incorporated in the UK, but also partnerships and
companies which are incorporated elsewhere but carry on any
part of their business in the UK. The Act does not clearly define
what “carrying on business” means. However, common sense
dictates that it would denote some series of activities designed
to advance an enterprise for financial gain, particularly acts with
an element of repetition.
For example, a company which is based in Middle East but
carries on operations around the world – including a branch in
the UK – will most likely be liable under the act. A finer question
would be whether a Middle East company who owns a UK
subsidiary would be similarly liable. Since the UK subsidiary
would be a separate legal entity, then the question whether the
Middle East parent company would be deemed to
have been carrying on business in the UK would
depend on whether the subsidiary’s activities form
part of the parent’s business operations, and the
degree of ownership and control exerted.
The UK Bribery Act will apply to businesses operating in
Middle East, just like any other business in the world. However,
companies who operate in Middle East face additional risks
of being caught under the Act because of the region’s unique
business culture. Middle East is an area with its own laws,
cultures, and business customs. In turn, these laws, as expected
of developing legal jurisdictions, are typically prescriptive in
nature but lack the precision in wording desired by corporate
compliance and legal departments.
At the same time, control issues arise because the business
customs of the Middle East market in which the international
firm is operating in is likely to be very different from the country
in which the company is headquartered. This is especially so
for companies originating from jurisdictions where there is a
lower perception of corruption such as the US or New Zealand.
Danger zones are not limited to countries where there is
perceived to be greater levels of corruption such as Iran, Yemen,
or Iraq. Even countries like Qatar, UAE, and Israel, which are
respectively ranked 19th, 28th, and 29th on the Transparency
International’s Corruption Perception Index, all have their own
peculiar business-related customs on gift-giving and receiving,
and hospitality through which firms need to navigate.
This disparity in the way business is done between a firm’s
home market and their Middle East operations is an issue
that companies have found increasingly problematic in recent
years with governments around the world cracking down on
corruption. It manifests itself in a number of ways. Typically, the
Middle East branch adopts the attitude that senior management
and compliance at a company’s head office in its home country
T he Act states that if a person associated with an organisation commits bribery to obtain an advantage for the company, then the organisation is guilty of the offence regardless of whether it was the organisation’s intent to do so. The company also does not even need to be aware that bribery has taken place. The only defence is if a company can show it has adequate procedures in place that were meant to stop bribery from occurring.
Page 6
simply do not understand how business has to be done in on the
local level in the foreign Middle East market. Consequentially,
even where companies have top notch compliance programmes
that govern the range of actions corporate employees are
allowed to engage in, they are often ignored because of concerns
that compliance would drive business towards competitors with
more relaxed compliance and ethical standards. This is easiest
when there is no top-down commitment to compliance on the
local level, which means that non-compliance is simply covered
up until regulators are alerted - leading to expensive remediation
measures that could involve hefty fines.
Again, all of this applies equally to other anti-bribery
legislation already in existence around the world, such as the
FCPA, but the introduction of the stricter UK Act means that
companies will now face additional risk for any illicit actions of
employees in problematic Middle East markets – in addition to
liability they now face under the quasi-international FCPA and
the laws of the local Middle East market. Unlike the FCPA, which
requires a company to know (or least ought to have known) of
bribery that has taken place in order for it to be an offence, there
is no such requirement under UK Bribery Act’s general offences.
If the Act comes into effect without any further legislative changes
– and none are expected – it would mean that companies with
such Middle East operations who disregard their corporate code
of conduct will stand to face significant compliance risk.
Finally and as previously mentioned, the UK Bribery Act
prohibits bribery of both private individuals and companies,
in addition to being limited to foreign officials as per defacto
standards set by the FCPA. This means that companies
operating in problematic Middle East countries will now have to
Page 7
cast a wider net in reviewing how it conducts business with its
clients, customers, vendors, suppliers, and other third parties.
Companies will also have to review their relationships with
private companies and individuals in addition to government
officials to minimise all aspects of compliance risk.
Corporate gifts and entertainment
This is perhaps a big concern to companies in Middle East,
where there is an entrenched culture of relationships as part of
the daily operation of businesses. Standards there which may
be considered lavish by UK or US standards may be the norm in
such countries. In countries such as the UAE, Qatar, Oman and
Saudi Arabia, gift giving or providing entertainment forms part
of the relationship building process in the course of business.
Under the Act, hospitality will only amount to bribery
if it is proved that it was offered to influence the recipient to
act improperly. In addition, the general bribery offence will
be based on the improper performance test. That is, routine
and inexpensive hospitality, as judged by the standards of
a reasonable person in the UK, is unlikely to be considered
improper conduct. Note that the improper performance test
does not apply when a foreign official is involved. Whether a gift
or entertainment is considered excessive however, will be based
upon the discretion of the prosecution.
The Act does have a carve-out in the form of allowances for
local laws which permit certain gifts or payments to be made,
but not for mere adherence to cultural norms or customary
business practices. Reasonable gifts and entertainment, that
are commensurate with the recipient’s seniority and are
within the industry’s norm, are unlikely to attract attention
from UK regulators. It helps if a company has a specific gift
and entertainment budget, with clear control and approval
procedures for expenditure.
Facilitation payments
Unlike the FCPA, the UK Bribery Act makes no distinction
between bribery and facilitation or “grease” payments (i.e. small
payments to public officials designed to ensure the prompt
performance of a duty they are already bound to perform.)
The FCPA’s facilitation carve-out has limited application but
generally allows facilitation payments where they are permitted
under the host country’s laws, and applies only to non-
discretionary actions by a foreign official such as processing
paperwork, providing police protection or mail pickup. The
UK Act makes no exception for such non-discretionary grease
payments.
Whether a case is brought to trial will be up to the discretion
of the prosecutor, and it is not expected that there will be many
cases targeting small facilitating payments made by companies.
Companies which currently allow facilitation payments to be
made, even if only under strict compliance controls, should
examine their policies to see whether they conform to the new Act.
Recommendations
After it came into force in July 2011, the UK Bribery Act has
become the strictest anti-bribery regime in the world, and as such
it may become easier for companies, especially those operating
in Middle East, to be caught by its provisions. Companies should
review their operations, as well as their policies and procedures,
and find out the degree to which they must adapt their business
practices to safeguard themselves from the legislation’s penalties
– which include both substantial fines for companies and prison
sentences of up to 10 years for individuals.
In 2010, the UK Ministry of Justice launched a consultation
exercise on what “adequate procedures” organisations would
have to put in place to defend against the strict liability of the
Act. Since the Act extends to all persons “associated” with an
organisation, this creates significant risk for organisations if they
do not have “adequate procedures” in place to prevent bribery
from occurring. Results from the consultation and legislation
guidance are available in the official website now. .
In the meantime, companies should begin to make sure
they have the following good corporate governance measures
in place:
A senior officer, such as a chief ethics and compliance officer,
appointed to and given authority to implement and monitor
anti-bribery measures.
A structure of top-down responsibility where directors are
responsible for establishing a culture where corruption is
not tolerated, through the design and implementation of an
effective anti-bribery compliance programme.
Statements issued from the company’s senior management
about the expected compliance culture and the consequences
of compliance breaches.
A code of conduct, clearly communicated both internally
and externally. Companies should also have a discrete gift
and entertainment policy for approving gifts and providing
entertainment to clients and customers. There must also be
a valid and effective mechanism for monitoring whether the
policy is being adhered to.
A comprehensive due diligence process used to choose
reputable agents and business partners as many business in
Middle East are carried out through intermediate s and joint
venture partners.
Page 8
Compliance training high on the agenda
With more corporate scandals being investigated by the authorities and a renewed shareholder focus on ethics, directors are requesting more training
Training the board of directors of public and private
corporations in compliance programmes has become
increasingly common over the past several years. The most
significant reason for this movement is the increase of corporate
crimes attached to corporate directors who may become involved
in civil or criminal liability for their unethical acts.
One example in 2007 involved the legality of backdating
stock options. Almost 150 companies were involved in lengthy
and expensive investigations around the legality of options
granting practices.
Page 9
W ith more corporate scandals being investigated by the authorities and a renewed shareholder focus on ethics, directors are requesting more training on their duties and the expectations of their roles. They also want to know that the company has effective training programmes in place for all
employees, not just themselves.
The number of senior executives and board members being
fired or resigning is growing as companies seek to limit further
damage. In some situations, the executives have had to cede their
powers, resign from the board, and have even been indicted by
the United States Securities and Exchange Commission.
With more corporate scandals being investigated by the
authorities and a renewed shareholder focus on ethics, directors
are requesting more training on their duties and the expectations
of their roles. They also want to know that the company has
effective training programmes in place for all employees, not
just themselves. An effective ethics and compliance programme
should include the following:
Simply providing information about the ethics and
compliance programme is not necessarily the same as training.
Such information and data may include the number of
complaints to a compliance hotline, or the result of an internal
investigation. This is not board training.
The board should get training on the company’s code of
conduct. Having the board complete the training not only
provides them with guidelines on what not to do, but it sends
a powerful tone from the top to the rest of the organisation that
ethics and compliance are important.
Training should be challenging, regular and substantial.
Time should be spent on developing a workshop, role play or a
real-life example. Board training should he held at least twice a
year for one to two hours. Any shorter should be a warning sign
that the board is not “learning”, but simply sharing information.
Training should also present a challenge to members of the
board.
Training should be tailored to a risk profile. Boards cannot
be expected to learn about every potential legal issue facing the
company. They need to be trained on only the most significant
legal, ethical and compliance risks, based on the priority of risks
from a risk assessment.
External advice is important. Board training should be led
by the inhouse legal or compliance teams, but supplemented
by leading external experts on compliance matters that relate
directly to the company.
The board should be able to recognise red flags. While
directors are not expected to become legal experts, the minimum
standard is that they can identify red flags in the company,
and know what to do and how to approach management for
investigation and review.
The board should demand that management
take training seriously. The board should set the
risk profile of the organisation and ensure that there
is a risk management process in place. The training
programme put in place should also be effectively
implemented by management.
Boards should know the company’s particular compliance
programme in detail. The board must be able to describe the
company’s programme in detail, and always be ready to answer
questions about the programme and its effectiveness. If a board
member is asked by a regulator to explain the programme and is
unable or ill-equipped to do so, this will show the regulator that
there is limited “tone at the top” – an essential part in any ethics
and compliance programme.
The board should have access to some benchmark data
about the company’s ethics and compliance programme, and
that of its competitors and industry leaders. Being able to show
that your company’s programme is consistent with the industry
and your competitors is a useful tool to show any regulators that
your programme is at “best practice” standards.
The company secretary should be able to prove that the board
has been substantially trained. Copies of the board of directors’
meeting agendas and minutes specifically showing when, where
and for how long training sessions were held should be kept, as
well as copies of the actual training, including PowerPoint files.
Page 10
Top roles demand special screen tests
The more competitive the market – and Middle East is highly competitive – the greater the need for screening employees, partners and alliances
There has been a surge of interest in the world in the
matter of “embellished” resumés, accompanied by a call for a
comprehensive screening of job candidates and even senior
staff.
A senior executive at the InterContinental Hotels Group
recently resigned after being found guilty of misleading the
company about his academic qualifications.
Page 11
Patrick Imbardelli, chief executive of the group’s Asia-Pacific
operations, stepped down after an internal review uncovered
that he had misrepresented his academic record on his CV. He
was due to join the board this month.
The company said he had claimed to have been awarded a
bachelor’s degree from Victoria University in Australia, and a
bachelor’s degree and an MBA from Cornell University in the
United States. It was found that he had attended classes at these
institutions, but not graduated. What does this mean for private
and public companies looking to fill board-of-director positions
and placing people in senior management roles? How does a
board ensure that new hires have represented their skills and
experience truthfully and accurately?
CV Checks Even a simple background check can help
ascertain the overall accuracy of somebody’s CV. These are
fundamental steps and should be mandatory in any hiring
process. Ideally, a comprehensive check should be done before
the person comes on board. These checks are also effective in
warning prospective applicants that CV validation does takes
place, with consequences for those giving false or misleading
information.
Integrity Checks An employee, senior manager or board
member found to have “adjusted” his or her CV risks being
viewed with suspicion throughout his or her career.
As far as possible, an integrity check should be conducted for
all appointees at manager level and above; mandatory, in-depth
screening should be conducted for president, vice-president
and board of director roles. These should go beyond a simple
resumé check to include an analysis of a candidate’s commercial
integrity. Speaking to previous work colleagues, business
acquaintances or partners should provide sufficient input for an
integrity check.
If there are any doubts about a prospective hire’s integrity,
these can be cleared with the help of trained investigators.
Testing While it is perfectly normal practice, like test-driving
a new car or trying on new clothes in a fitting room, to put a
junior employee on probation, you would not consider doing the
same with a senior executive. But it is perfectly in order to have
senior executives spending time with an experienced ethics and
compliance professional, who will walk them through a series of
hypothetical corporate situations posing ethical challenges and
testing their responses along the way.
This mode of assessing as part of the hiring
process is certainly preferable to trying to assess
someone who has already joined the firm. Testing
processes usually involve discussions about such
issues as:
How should one respond when offered an inducement or
bribe by a supplier?;
How do you conduct business in emerging markets, where
bribery and kickbacks are commonplace?;
How do you identify and handle a conflict of interest among
market players?, and;
How do you deal with anti-competitive conduct and cartel
arrangements?
Background screening and integrity assessments should be
an essential part of the hiring and promoting process. This is
important with new employees, but even more so with those
moving into senior positions. The more competitive the market
– and Middle East is highly competitive – the greater the need
for screening employees, partners and alliances.
B ackground screening and integrity assessments should be an essential part of the hiring and promoting process. This is important with new employees, but even more so with those moving into senior positions. The more competitive the market – and Middle East is highly competitive – the greater the need for screening employees, partners and alliances.
Page 12
Business integrity proves profitable
Whatever the reason that a company starts to look at ethics and responsible business, the key message is that such programmes drive more profit
Many companies are starting to see that ethics and
responsible business can be a key growth driver. Several of them
have started developing more ethical and responsible businesses
through codes of business conduct and training programmes for
their employees. Some have started the process because of a fear
of being involved in a corporate scandal that could destroy their
share price or customer goodwill, others because they feel that
running an ethical and responsible business is a competitive
advantage.
The key message is that such programmes drive more
profit. Over the past few years, too much focus has been on the
proposition that ‘you could go to jail’ for being involved in or
‘turning a blind eye’ to unethical business. However, despite the
Page 13
attempts of many regulators around the world, the number of
business executives going to jail for corporate crime is extremely
small compared to the amount of business being conducted and
the potential for unethical or illegal conduct.
For an ethical leadership or corporate citizenship initiative
to be effective, it must be acknowledged that such activities drive
a company’s business performance and profit. Some leaders do
not yet see the connection.
Five reasons to help drive the message in your organisation
that “ethics can be profitable” are:
Ethical businesses are better at attracting and keeping
customers. The ability to attract customers away from
competitors, as well as prevent your own customers from
defecting is a key aspect for any business. An effective way of
achieving this goal is by creating customer loyalty. In effect,
they help you market your product. Having a business that
operates with a strong ethics and integrity system is essential
in maintaining customers’ goodwill and loyalty. It would be rare
for a customer to act as an ambassador for your product if your
company was seen as having a poor record on ethical business,
environmental stewardship or health and safety.
Ethical businesses demand employee loyalty. In the current
climate, employees have a choice of company to work for. It
is not as simple as deciding a role based on the salary alone.
Job candidates are looking deeper into the operations of the
company, its management, its products and its status in the
community. Running a respected ethical and responsible
business gives your company that added advantage to attract
and retain top talent, thereby reducing your costs, decreasing
your turnover and driving better margins.
Ethical businesses attract institutional investors. The
institutional investor is now extremely astute. They look beyond
the purely financial and operational aspects, and at ongoing
sustainability. This often reflects management’s approach to
building an ethical and sustainable business over the long term.
The last thing institutional investors want to do is to invest in
the “next Enron”, no matter how good the financials may look in
the short or medium term. Many organisations see developing
an ethical, responsible and sustainable business as the key to
attract, and, in many cases, diversify their institutional investor
base. Nowadays, specific funds focus on sustainable investments,
which allow your company to potentially attract a new class of
investor altogether.
Ethics support easy brand extensions. The ability
to expand a brand and motivate an existing customer
to purchase an additional product is one of the most
significant profit drivers for any organisation. When
expanding regionally, a positive reputation assists in getting
local grants and tax breaks, attracting employees more quickly,
and allowing your company to get up and running and gain
customers faster.
Ethical business can minimise cost. Having your business
involved in an ethical scandal could lead to a significant cost
blow-out. Leaving aside the direct costs (namely lawyer’s fees,
investigators, forensic accountants and consultants) the main
costs could be losing customers, suppliers, partners or strategic
investors. Calculate, say, a 5 per cent drop in revenue because
of the fallout and add that to the cost of dealing with the issue
and you have a potentially significant number. These numbers
don’t include the potential effect to your brand and negative
publicity, which often exponentially exceed the direct costs and
loss of customer revenue. Avoiding such scandals by having an
infrastructure around ethics and responsible business is key.
There will always be a group of people that pushes back on
the basis that they are entirely ethical. In addition to reminding
people that “you can go to jail” for many illegal and unethical
acts, focus on the real drivers of business growth, customer
loyalty and increased profits.
E thical businesses are better at attracting and keeping customers. The ability to attract customers away from competitors, as well as prevent your own customers from defecting is a key aspect for any business. An effective way of achieving this goal is by creating customer loyalty. In effect, they help you market your product. Having a business that operates with a strong ethics and integrity system is essential in maintaining customers’ goodwill and loyalty.
Page 14
System can increase profits and cut risk
Good practice for all private companies is to develop even the most basic form of an ethics and compliance programme
Developing an ethics and compliance infrastructure is
essential for any public company, especially those that are listed
on a stock exchange. What about private companies? Is there a
need to develop an ethics and compliance programme when you
are a privately-held organisation?
The answer is “yes” for a number of reasons. Firstly, there
is substantial evidence that creating a system of ethics and
compliance actually produces more profit by attracting more
customers and driving down legal and investigation costs.
Secondly, an ethics and compliance programme is a good risk
management mechanism as it identifies legal and ethical risks in
your business and builds sufficient safeguards to manage those
risks before they become a crisis.
Page 15
The risk of unethical, or illegal, behaviour equally applies
in private organisations as it does in public ones. Issues like
employee fraud, theft of intellectual property and misuse
of confidential information tend to happen more in smaller
companies than they do in large ones, simply because adequate
controls are not in place to stop or detect such activity in private
companies.
Good practice for all private companies is to develop even the
most basic form of an ethics and compliance programme. While
a large-scale programme of the type used by big multinationals
might be seen as over-the-top for a private company, there are
some simple risk mitigation and management systems that can
be put in place quickly and inexpensively.
Employment agreements - Make sure all your employees
have valid employment agreements. These agreements
should have the necessary sections on protecting confidential
information after the employee leaves the company and should
also address intellectual property rights.
Signature policies - Most small private companies have
a rudimentary system of cheque signatories for bank accounts.
Most employee fraud can be avoided if tighter controls are
implemented over the issuing of cheques and the access to bank
accounts. Signature policies should be regularly reviewed and
updated, particularly as employees leave or change roles.
Board membership - Good corporate governance
principles should indicate that the board maintains an
adequate level of non-executive and executive directors. Having
independent non-executive directors aids in building a system
of ethics and compliance into the organisation as it shows that
even executive directors are not immune from “doing the right
thing”. Ethics start at the top, and the right “tone at the top”
is essential to maintaining and communicating an effective
compliance programme.
Audit committee - Good practice for private companies
is to set up an audit committee. While not required by most
local laws, an audit committee, with sufficient numbers of
independent and financially literate members, is useful in
managing the financial reporting and ethical health of a
company. The committee will help run the company’s financial
dealings in an ethical manner. If the private company is looking
to become public at some stage in its development, setting up
the audit committee while being private, and not legally being
required to do so, is a good testing ground.
Code of ethics - Having a code of ethics is a
simple but effective way to convey the manner in
which the organisation wishes to conduct business. A
code for a private company can be short and simple, yet
still covering the major areas of risk for the company.
It should be a guide for employees on how they are expected to
behave while conducting company business.
Whistle-blowing policy - A policy that allows all
employees to report ethics or compliance violations in a non-
threatening way is just as necessary in a small company as it
is in a large one. In many private companies, it is impossible
for employees to feel comfortable to report matters directly to
management due to their close relationships. A simple policy
and anonymous reporting hotline can identify potential issues
quickly and reduce the risk of ethical violations.
Training - Ethics and compliance training is essential for
all employees in any business. Methods like eLearning and
web-based courseware can be accessed by small companies to
train employees on ethics. Continuous training on ethical issues
reduces the potential for violations and should be the centre
point for any ethics programme.
T he risk of unethical, or illegal, behaviour equally applies in private organisations as it does in public ones. Issues like employee fraud, theft of intellectual property and misuse of confidential information tend to happen more in smaller companies than they do in large ones, simply because adequate controls are not in place to stop or detect such activity in private companies.
Page 16
Onus on business to step up and comply
Ensuring that your organisation is ready to deal with the growing anti-corruption compliance focus is essential
In 2009 I was involved in putting together the first Anti-
Corruption Asia Summit being held in Hong Kong next month.
This is the first time that an event has been held in Asia that
places a strong focus on the development of corporate anti-
corruption programmes. It will showcase various sponsors’
products including compliance consulting, integrity due
diligence providers, e-learning solutions and anti-bribery &
Foreign Corrupt Practices ACT (FCPA) specialist law firms.
My firm, The Red Flag Group, sponsors the event with our
related company The Integrity Portal, which conducts integrity
due diligence and analysis for companies.
Page 17
The reason I mention the summit is because it highlights
the staggering pace of change that is happening in ethics and
compliance fields in Asia. Even five years ago we would not have
been able to hold this conference because there was little – if
any – focus on anti-bribery throughout Asia. It was always seen
as an issue, but companies and governments turned a blind eye,
hoping it would go away.
Take for example how China has stepped up its anti-
corruption efforts with the establishment of the National Bureau
of Corruption Prevention (NBCP).
The bureau, which will report directly to the State Council,
or China’s cabinet, aims to monitor the flow of suspicious
assets and suspicious corruption activities by establishing an
information-sharing system among prosecuting organs, courts,
police authorities and banks.
Unlike previous anti-corruption efforts in China, the NBCP
will also guide anti-corruption work in companies, public
undertakings and non-governmental organisations, help trade
associations to establish selfdiscipline systems and mechanisms,
prevent commercial bribery, and extend corruption prevention
work to rural organisations as well as urban communities.
To date, China’s focus has been on the prosecution of its own
party members. More than 90,000 officials were disciplined last
year alone, accounting for 0.14 per cent of the total Communist
Party members.
The country has punished several ministerial-level or higher
officials for “serious corruption” in the past five years, including
the former State Food and Drug Administration head Zheng
Xiaoyu, the former head of the National Bureau of Statistics
Qiu Xiaohua, and the former Shanghai party secretary Chen
Liangyu.
The NBCP will, under the framework of the United Nations
Convention Against Corruption, offer help to developing
countries with corruption prevention and work to win technical
support and other assistance from foreign countries or
international organisations.
This is the first significant change in China’s anti-corruption
efforts and now squarely places the onus on business to step up
and comply with anti-corruption regulations which have been
lacking in China’s business community.
Although foreign-invested corporations in China
have had to comply with their “home country” anti-
corruption legislation (for example, the US Foreign
Corrupt Practices Act) they also need to consider
local Chinese legislation which, with the launch of the
NBCP, will be strongly enforced.
The charter of the bureau includes working with other
anticorruption bodies in other foreign countries to develop
strategies to counter international corruption. This aspect is
particularly important to foreign-invested companies in China.
For example, a US-based company operating in China will
be subject to the US Foreign Corrupt Practices Act and could
be prosecuted for violations taking place in China by the US
Department of Justice.
Under the charter of the NBCP it is expected that discussions,
document sharing and co-operation between the US Department
of Justice and the NBCP would take place. In some cases, the
prosecution by the US Department of Justice may lead to a
further prosecution by the NBCP under local Chinese anti-
bribery legislation and vice versa.
Ensuring that your organisation is ready to deal with the
growing anti-corruption compliance focus is essential. The best
way to test your readiness is to understand how the law affects
your company and to understand the global developments in
this area.
T he country has punished several ministerial-level or higher officials for “serious corruption” in the past five years, including the former State Food and Drug Administration head Zheng Xiaoyu, the former head of the National Bureau of Statistics Qiu Xiaohua, and the former Shanghai party secretary Chen Liangyu.
Page 18
Communicate to enjoy advantage
A good compliance system shows that a company is less likely to be subject to massive downswings in stock prices when a compliance violation occurs
Almost every company has some form of compliance programme.
In some cases, it might be as simple as ensuring that basic company
registry information is filed on time and for others, particularly
listed companies or those that have regulatory requirements, the
programme is much broader and essential to the operation of the
business.
Compliance programmes are an asset to any business. They
not only allow the business to operate in a way that complies with
necessary laws and policies, but they often force the company to
streamline processes and procedures and improve efficiency.
Many companies focus on training staff on their compliance
programmes, making sure that every relevant staff member
understands the rules and procedures. Training is essential for
good compliance, it provides employees with repeated training on
compliance topics and allows the employee to test that knowledge
with some form of quiz or exam.
Page 19
In addition to a training plan, a broader communication plan
should also be considered by the company. A communication plan
for your compliance programme is essential for both internal and
external stakeholders. Such a plan should include communicating
to external stakeholders such as auditors, media, shareholders,
customers, key partners and, in some cases, regulators. Each of these
parties holds a stake in the success of your company’s compliance
programme. Good effective communication of that programme can
build shareholder value.
Auditors are responsible for reviewing the company’s books and
records and making an assessment on the health of the company as it
relates to material risks, particularly financial ones. Communicating
your compliance programme to your auditors is essential to help
them understand your approach at managing and interpreting risks
in compliance failures. Communicating the programme may also
help when compliance issues are being investigated by the company,
and auditors will naturally be interested in also conducting a parallel
investigation so far as it concerns potential financial risks. These
parallel investigations can be very costly to the company. It is essential
to limit any parallel investigation by conducting an investigation to a
level that is established and agreed to by the auditors.
It is important to make your compliance system known to the
media or, at the very least, to ensure the system is media-ready. A
media-ready compliance system is one that has statements ready to
be released when the company is being questioned about a critical
compliance issue that has occurred. A media-ready statement gives
the media a reportable statement on the company’s compliance
system and it may allow the company to portray itself to the media
as having an active compliance system despite the event that may
have taken place to raise the media’s interest in the first place. In
many cases, a well-drafted, media-ready compliance system can
help to deflect attention from the compliance crisis to a company’s
compliance system itself.
Compliance can be a competitive advantage. A good compliance
system shows that a company is less likely to be subject to massive
downswings in stock prices when a compliance violation occurs. Good
compliance systems also reduce risk exposures to the company’s
balance sheets. Many companies market their compliance system on
the investor relations page of their websites. This is a good way of
communicating compliance systems to shareholders and linking the
value of compliance programmes to shareholder value.
Just like communicating to shareholders is
important to building shareholder value, communicating
to customers and key third parties is equally important.
Allowing a customer to feel comfortable that their risk as
a customer is being addressed by the company, and giving
them advance notice on changes that may affect them, is essential.
Changes to your compliance system (for example, by requiring
additional personal information from customers or asking a customer
to complete new annual forms) should be communicated to the
customer before asking for the new requests. Ideally, these changes
should be communicated to the customer in advance, identifying why
the changes are being made and the benefits they have for customers,
such as greater security control.
For those companies that are regulated by industry regulators or
even government regulators, it is often advisable to meet with the
regulators to talk through your compliance system. Having this sort
of dialogue often builds essential relationships with the regulator and
may potentially smooth over things when enforcement issues arise.
In some cases, while not strictly required under the law, regulators
are keen to see that the company is on top of its compliance of the law
that the regulator enforces. Doing so may avoid costly audits.
Communicating your compliance system to third parties can
be a great advantage to building value with stakeholders. Failing
to communicate externally and remaining silent often raises
more questions than are necessary and does not instil comfort in
stakeholders that compliance is being taken seriously.
A communication plan for your compliance programme is essential for both internal and external stakeholders. Such a plan should include communicating to external stakeholders such as auditors, media, shareholders, customers, key partners and, in some cases, regulators. Each of these parties holds a stake in the success of your company’s compliance programme. Good effective communication of that programme can build shareholder value.
Page 20
Ignoring risk strategy can lead to disaster
One of the most important functions of the board in a modern corporation is to oversee risk management
A catastrophic failure of risk management by some of
the world’s leading banks and financial institutions directly
contributed to the global financial meltdown and the failure
of some institutions. This happened despite those institutions
having risk departments that are the envy of other companies.
If this is true, why did these departments fail? Why were
these risks not identified? Were the risks too remote to consider
likely? Did the risk department miscalculate the effect of the risk
eventuating? Were the risks ever communicated up the chain to
management? Did management react appropriately?
These are the questions that should be asked right now across
almost every business engaged in international commerce, and
nowhere will the questions be directed more frequently than at
boards of directors of corporations of every shape and size.
Page 21
After all, one of the most important functions of the board
in modern corporations is to oversee risk management. This
is something that is often overlooked. A non-existent risk
department – or, worse, one that is ineffective – can directly
contribute to the downfall of a company. Yet, if you ask the
average senior manager what they think of their risk department,
you often hear them described as “an overhead” or “a necessary
evil”. In some cases, the manager will say: “I think that is part
of finance.”
If risk management is one of the four pillars of the role of the
board, then every company must have someone responsible for
executing risk strategy. There are three key aspects to any risk
department.
You actually have one. Every company should have someone
looking at risk management. Even if the company is small, a
plan should be prepared similar to a sales plan, marketing plan
or financial plan. It should be prepared and be presented to the
board regularly for review and approval. The recommendations
in the plan should be adopted. Identifying risks and never getting
around to doing anything about them is not risk management.
Position in the company and reporting. Risk management
is one of the most essential roles of the board. Yet risk
management is often pushed too low in the organisation’s
structure. Occasionally, it reports to finance, sometimes to
legal, sometimes it is buried within operations. Someone senior
in the organisation must be responsible for risk management.
That person must report direct to the CEO or preferably to the
risk committee of the board. Having a risk department that is
unheard is worse than not having one in the first place. Risk
management is a very complex role and it should be given that
exposure by a reporting structure that reflects its importance.
Experience and talent. The risk department should be
staffed with experienced people who not only understand the
risk function but also have an acute understanding across many
areas of the business. This understanding should not be limited
to the company’s products and services; it needs to extend to
a solid understanding of finance, operations, country risk,
macroeconomics and microeconomics, plus a host of issues
such as union involvement, weather, trading cycles, etc. Many
risk managers have excellent skills in risk identification and
presenting these risks in a colourful, graphical and slick way.
I f risk management had been looked at by some banks and financial companies as
a key role and had been staffed with experts with direct reporting lines to the CEO or the board, there would have been a good chance that common-sense risk principles would have minimised the collapse of some companies and the loss to staff and shareholders.
But, unfortunately, some lack the true business
experience and judgment essential in knowing how
to provide valuable advice to the company on limiting
exposure arising from a risk event.
To overcome these issues, it is essential that the
head of risk management is a senior manager. Preferably, the
person should be someone who has worked for the company
in many roles over many years, understands the company
and its culture, and has a very good understanding of a range
of business. Preferably, the person might be the next CEO or
someone in line to join the management team.
Too many times, companies fail because risks are either
not identified (because risk managers are too busy managing
spreadsheets and using online tools) or because, once identified,
the head of risk management is not senior enough to have a
voice that can be heard quickly by the CEO and have the respect
to be regarded as a significant enough voice. In some cases, risk
management is seen as an operational part of the company and
therefore not worthy of reporting to the CEO.
If risk management had been looked at by some banks and
financial companies as a key role and had been staffed with
experts with direct reporting lines to the CEO or the board,
there would have been a good chance that common-sense
risk principles would have minimised the collapse of some
companies and the loss to staff and shareholders.
Page 22
Firms should guard against espionage
Corporate espionage is a tricky issue. One man’s market research can be another’s corporate espionage. As a rule of thumb in business, you always want to find out what your competitors are doing, and they will want to know what you are up to.
Hilton chain of hotels for allegedly stealing its most sensitive
corporate secrets to start its own luxury brand. According to
reports, it was alleged that before two former senior Starwood
executives left their company to join the rival chain late last year,
they e-mailed and sent more than 100,000 electronic and paper
documents to their future employers.
Business intelligence can be accomplished in different
ways, and companies routinely tread a fine line between purely
legitimate means through open source material to outright theft.
One case made the headlines recently. Starwood Hotels,
operator of the successful W brand of luxury hotels, sued the rival
Page 23
I n the case of senior staff defections to rivals, discretely identify other staff members who
are likely to join their former colleagues and, if they are found to be stealing the company’s trade secrets, terminate their employment immediately. At the same time, there is a need to communicate to the rest of the firm what is happening.
The documents, Starwood maintained in its lawsuit filed in
New York in April, consisted of the blueprints for the launch of
a new luxury hotel brand – setting out how to negotiate with
developers, train employees and market the brand. There were
also strategic development plans, marketing and demographic
studies training manuals for its entire luxury brand line, and the
names and contract details of property owners around the world
who could be interested in signing hotel management contracts.
Hilton allegedly took this information and launched its own
luxury hotel concept in March. The lawsuit claims that Hilton
was able to fast track and bypass many of the time consuming
research and development legwork that hotels normally do,
saved tens of millions of dollars and avoided the trial and error
normally associated with the opening of a new chain of hotels.
In the lawsuit, Starwood is seeking monetary damages, and a
court order that Hilton cancel the rollout of its recently launched
luxury hotel chain. Hilton said the lawsuit was “without merit
and will vigorously defend itself”. In today’s evolved economy,
where an estimated 70 per cent of the market value of United
States firms reside in their trade secrets and intellectual
property, it is vital that companies understand how to safeguard
their confidential information. One of the more obvious things
to do is to prevent data breaches when employees leave.
Companies should separate confidential trade secrets and
client information from other less essential data. Clearly identify
them as such, and establish a well documented procedure for
staff to access this information.
Develop a culture of compliance with these rules. Limit
access to computers with USB ports because a lot of information
can be stolen.
Proactive monitoring of employee computers and
telecommunications usage. If the regulatory framework allows,
employers could install keystroke logging or packet sniffing
software onto computers, which respectively record the
keystroke activities of computer users, and collect information
on data transfers initiated by the user. Where that may be
inapplicable, companies should at the very least monitor voice
calls and e-mail traffic. Taking into account the sensitivity of
such a scheme, which could notify employees of this type of
workplace surveillance, they should request consent. Where
express consent is not available, they could limit monitoring
voice communication to only those that are of a business nature.
In the case of senior staff defections to rivals, discretely
identify other staff members who are likely to join their former
colleagues and, if they are found to be stealing the company’s
trade secrets, terminate their employment immediately. At the
same time, there is a need to communicate to the rest of the firm
what is happening.
Review employment contracts to make sure they contain
the necessary provisions to prevent department executives from
soliciting clients or staff members for a set time, and make sure
they comply with local labour regulations.
Employee screening will help companies ferret out security
risks both for incumbents and new applicants. They could include
comprehensive background and credit investigations, polygraph
and integrity tests to uncover information that could reflect
whether they are likely to steal sensitive corporate information.
Companies must also be more careful when conducting
competitive market research so they aren’t misinterpreted by
their rivals.
Page 24
Giving gifts can lead to jail time
It doesn’t happen very often, but the latest cautionary tale to come out of Hong Kong’s venerable graft-buster reads like a gag in a Stephen Chow Sing-chi comedy. In March, the director of a local construction company, 37-year-old Chin Tat-yung, was jailed for two months for bribing police officers.
process to implement these contracts, his company required
certain approvals from the police.
Between January and September 2007, the police had given
more than 50 approvals for Chin’s company. So come the Mid-
Autumn Festival, Chin probably thought he had better solidify
his relationships with the police and thank his good friends for
the past nine months of approvals.
According to the press release issued by the Independent
Commission Against Corruption (ICAC), Chin was found guilty
of offering 15 boxes of moon cakes to police officers while having
dealings with them. That’s right – moon cakes. Not brown paper
bags stuffed with cash, but the boxes of high cholesterol, overly
sweet Chinese pastries that everyone buys for the Mid-Autumn
Festival. Chin’s company, Brilliant Ray, was a contractor
working on roadwork projects in Hong Kong. As part of the
Page 25
T his case highlights this common practice in Asia of giving moon cakes and other customary items as gifts to business associates. While this case pushed it into a category which suggested that bribery had taken place, in everyday practice there is a fine line between common gift giving and commercial (or government) bribery.
It probably didn’t even cross his mind that giving moon
cakes might be inappropriate. After all, it was the Mid-Autumn
Festival when it is customary to give friends and business
associates moon cakes.
Also, 15 boxes of moon cakes, assuming they were the less
expensive variety, would have cost about HK$1,800 – the price
of a decent meal in a good restaurant. So, 11 days before the
festival, he called up his good friends at the police and asked
if he could visit the station. When he arrived, he gave a police
constable the 15 boxes and a customary greeting of “Happy Mid-
Autumn Festival” and thought nothing more of it.
Chin was then charged with one count of offering an
advantage to prescribed officers in contravention of the
Prevention of Bribery Ordinance, to which he pleaded guilty. In
sentencing, the magistrate said that just because Chin did not
realise the gifts would constitute a bribe was not an excuse that
would spare him from being locked up in jail.
This case is important in the anti-corruption and compliance
scene because it involves giving a gift of relatively inconsequential
value. Almost every company in Hong Kong sends moon cakes
to important clients, suppliers or other parties without giving as
much as a single thought as to how it could be interpreted. Its
significance is compounded because a jail sentence was given to
the accused person and no account was made for the fact that
he was ignorant that such activity might be interpreted as being
against the law. If you don’t want to spend time in a jail cell,
but still want to respect local customs of gift giving at culturally
significant times, here are some suggestions:
Customary events Giving clients or suppliers moon cakes is
a perfectly acceptable gift at Mid-Autumn Festival as they are
customary and generally inexpensive. However, some simple
rules should be considered in order to avoid any infringement of
local or international laws.
The lack of a quid pro quo In this case, although it was
Mid-Autumn Festival, the fact that the gift was given after the
receiving officers had granted a number of relevant approvals
did not help Chin’s defence. The lack of a quid pro quo, a Latin
term which means that an item or service has been traded in
return for something of value, is essential in being able to argue
that – by design – the gift was not a bribe of any kind.
Size of the gift Always make sure the size of the gift is
reasonable. Giving someone a box of four moon cakes is
generally alright because the custom in most offices is
to cut them into small pieces and share them around.
Caution should be exercised when a large number of moon cakes
are given to one person or entity.
Quality of the gift Always ensure that gifts are middle of the
range – nothing too lavish and certainly nothing high-end. The
quality of the gift should be commensurate with the recipient’s
position, stature and seniority.
This case highlights this common practice in Asia of giving
moon cakes and other customary items as gifts to business
associates. While this case pushed it into a category which
suggested that bribery had taken place, in everyday practice
there is a fine line between common gift giving and commercial
(or government) bribery. Whenever you or your organisation
considers sending a gift to business partners, keep in mind the
guidelines I have outlined above.
Another useful tip that I would like to mention is to examine
your company’s gift giving practices. It is a good idea to
implement procedures to ensure that if people in your company
send moon cakes or other types of gifts to people, they don’t
breach the anti-bribery laws, both in the country where the gift
is being given or where the business may be registered.
Page 26
Foster a culture of compliance
Developing a culture of compliance is not easy. It is about understanding the behaviour that makes up a corporate culture and how to adjust to improve the culture.
Having a strong compliance culture often leads to a
reduction in the amount of internal controls required to ensure
performance because the employees and stakeholders simply
do the right thing. An organisation which has a defective
compliance culture will often require greater internal controls
to steer people in the direction of doing the right thing, and in
these cases employees often manage to subvert even the most
rigorous systems and processes.
One of the components of a company’s culture is how it
deals with ethical issues. This includes adherence to corporate
values, the existence and development of internal controls,
and the implementation of accountability. It forms something
that is generally recognised as a culture of compliance in an
organisation.
Page 27
H aving a strong compliance culture often leads to a reduction in the amount of internal controls required to ensure performance because the employees and stakeholders simply do the right thing. An organisation which has a defective compliance culture will often require greater internal controls to steer people in the direction of doing the right thing, and in these cases employees often manage to subvert even the most rigorous systems and processes.
Making an assessment of whether the corporate culture is a
business advantage or whether it is an inhibitor of growth is very
difficult. This often involves some degree of soul searching and
a good hard look at the innate qualities of the chief executive.
Some of the questions that can be asked include:
Openness Is there an open board culture that promotes
active thinking, robust discussion, and, where appropriate, the
challenging of management reports?
Tone at the top Does the chief executive regularly challenge
the management team to act in accordance with a positive
compliance culture, is that challenge communicated throughout
the company regularly and is it enforced?
Tone at the middle Does the message from the chief executive
and the senior ranks take effect in middle management? Does
middle management follow these directions? If not, is it because
the message is not getting through, or did it get distorted in the
transmission process?
Lack of conflict Do all employees and management regularly
disclose conflicts of interest? Do they ensure that they always act
in the best interests of the organisation as a whole, even if this
means that they suffer personally as a result?
Understanding Has the company articulated the attributes of
the culture it is striving to achieve, and has it sought to identify
the gaps between that and what exists?
Vision Does the organisation have a long-term vision of
sustainability of the company and its key stakeholders? Or is the
organisation only focused on short-term goals of the market or
its chief executive?
Walk the talk What percentage of staff believes that
managers do what they say? Can employees point to an example
in the past 12 months where a senior executive has taken a
position consistent with the organisation’s ethical compliance
standards, one which they took to considerable disadvantage to
themselves? Can they point to an occasion where the company
made a decision to walk away from a deal if there was a high risk
of illegal behaviour, corruption or fraud?
Honesty Do the managers and leaders of the organisation
preach different and inconsistent messages to different
departments? Do they have one message for legal, compliance
and the board, which promotes ethical and compliant conduct,
and another for sales, which promotes getting the business at
any cost?
Failures Are employees at all levels treated the same for their
successes and failures?
Documentation Do the organisation’s codes and the words
and actions of senior management align with that of the culture?
Feedback Does the organisation seek continual feedback
from its employees and stakeholders and act on that feedback?
What percentage of staff at all levels believe they can raise issues
without fear of retribution? Has the organisation implemented
a confidential hotline to help with communication of issues,
complaints and allegations? Is it effective?
Page 28
Governance must be wide-ranging
The phrase “corporate governance” can mean different things to different people. Some use it to describe the very broad set of skills, standards and regulations needed to run a successful company and meet all external reporting requirements. Basically, this is in line with the Australasian Compliance Institute’s definition of governance as the system by which organisations are directed and controlled. That involves the allocation of rights and responsibilities across all constituencies, including the board, management, staff, shareholders and other stakeholders.
themselves against a standard that is effectively unrelated to
internationally accepted best practice and does not represent the
ideals that a board of directors should pursue. The result is that
office holders can misdirect their efforts and, in certain cases,
even misunderstand what they are charged with overseeing.
Others, though, take corporate governance as referring more
to the set of internal rules and self-imposed policies used simply
to run departments, set budgets and achieve performance
targets.
Sadly, across Middle East, too many companies seem to have
adopted the latter definition. That means they are matching
Page 29
W hen organisations take this narrow view of corporate governance, it can lead to a blurring of lines between directors and senior management. Each group becomes unclear of its role, they start to cover the same territory, and vital areas are overlooked. The almost inevitable outcome, if the organisation hits financial difficulties or commits a breach of compliance, is a round of finger pointing and laboured attempts to cover up the cracks.
When organisations take this narrow view of corporate
governance, it can lead to a blurring of lines between directors
and senior management. Each group becomes unclear of its
role, they start to cover the same territory, and vital areas are
overlooked. The almost inevitable outcome, if the organisation
hits financial difficulties or commits a breach of compliance, is a
round of finger pointing and laboured attempts to cover up the
cracks.
The global financial crisis has thrown up plenty of instances
of companies failing to apply the highest standards of corporate
governance. Even so, when the errors of their ways have become
apparent, the answer for most boards has been to put the blame
on risk management. It remains to be seen whether reforms
there are all that is needed.
However, what shareholders should be asking – bearing
in mind that they have the ability to vote on the composition
of the board – is whether directors have fulfilled their broader
oversight duties and run the company according to the highest
independent measures.
To determine this, it is worth considering the following
questions:
Competence – Is there a process for ensuring board
competence and independence and how often is this reviewed?
Are directors coached, developed, continually assessed and kept
closely in touch with the company’s day-to-day operations and
challenges? Focus – Are there board committees to oversee
compliance, ethics and risk, and acknowledged experts in
strategy, finance and operations?
Process – Does the board have clearly defined and
documented processes to guide its operation? Do these
cover issues such as remuneration, attendance, individual
performance, public relations, conditions for re-election or
termination, disclosure of possible conflicts of interest and the
management of dissenting views?
Delegations – Are there clear instructions to management
grades defining their authority, responsibility, accountability
and reporting obligations? Has the board implemented signature
policies and signing off requirements that allow them to delegate
certain activities while maintaining control and accountability?
Performance of executives – Does the company
have a clear system to measure performance against realistic
expectations and goals? Is there a transparent method to send
directions from the board to senior management? Are there
effective, integrated systems to manage and report compliance,
ethics, governance and risk issues?
Escalations – Is there a reliable mechanism to make the
board aware of all matters that may fall outside the scope of
authority delegated to management?
Communications and training – Are the roles of
board directors and other executives clearly articulated? Does
every member of staff understand where and how corporate
governance issues affect their role?
Page 30
Training ensures customer satisfaction
Customer focused
Staff training programme is designed according to that of the
Commonwealth Bank
Employees are required to attend the two-week training
programme that focuses on introducing the company’s
culture and regulations
The aim is to provide a work-life balance for all employees
by arranging work-related training and lifestyle workshops
Financial planners are required to work according to a stringent
set of rules and regulations to ensure that their customers’
investments are safe and the services provided are professional.
To guarantee that employees provide certified and standardised
services to clients, AMTD Financial Planning, an affiliate of Hong
Kong’s Cheung Kong Group and Australia’s Commonwealth Bank,
has set up a comprehensive internal staff training programme
since its establishment in 2003.
“Financial planning is no longer a personal thing,” said
Alan Tsang Hing-lun, the group’s director and chief executive.
“People need professional help and that’s what we provide to our
customers.”
Page 31
I t goes on to introduce compliance requirements including collection of personal
data and provision of risk assessments to customers. Employees are then required to study and familiarise themselves with the company’s distinctive computer system.
The company aims at formulating the most suitable financial
plans for its customers with free, professional and objective financial
planning and product advice. To do this, employees at AMTD need
to be well-trained and understand every area of the business.
To ensure that all employees are equipped with different skills
to provide the best services to customers, and maintain the group’s
reputation as one of the leading financial planning companies in
Hong Kong, employees, who are usually qualified professionals,
have to attend a mandatory two-week training programme when
they join the company.
The comprehensive programme includes training on financial
planning, the operations of the company, how to manage a financial
plan and compliance training.
“The programme structure is based on that from the
Commonwealth Bank,” Tsang said. “We put a lot of focus on
upholding the training quality and the services provided by our
trained employees.”
The programme starts with basic information on the operations
of the company, different laws and regulations that employees
have to meet at work, licence requirements and the steps required
to compose a written financial plan, which is provided to all
customers of the company.
It goes on to introduce compliance requirements including
collection of personal data and provision of risk assessments to
customers. Employees are then required to study and familiarise
themselves with the company’s distinctive computer system.
“Our computer system is different since appointments with
customers are allocated by the system to each employee, and all
meetings and process of portfolio construction are recorded in the
system to protect our customers’ interests and keep employees
from cutting corners,” Tsang said.
New employees have to go through sessions that introduce the
various products of the company under the four main financial
planning services the company provides: investment management
planning, mortgage management, protection management and
cash management planning.
Other than completing the initial internal training programme,
employees are required to attend continuing training workshops
that mainly cover updates on the products, compliance and laws.
“Almost all our employees are investment advisers qualified
by the Securities and Futures Commission and qualified insurance
agents, and some of them are certified financial planners,” Tsang
said.
“But we still provide intensive training to them because we
believe training can help them understand our operations and
mission, and provide the finest services and advice to our customers
while upholding our reputation,” he said.
Employees, from associate financial planners to directors
who oversee multiple teams and help in setting policies for the
company, are required to attend different on-the-job training
sessions catering for their needs.
The internal staff training programme and on-the-job training
have been popular among employees.
“They learn what is the best financial planning and we hope
that they contribute to the company by enhancing the quality of
their work after these courses,” Tsang said.
While working to uphold the company’s brand name in the
industry, AMTD trains its employees to be cautious in their daily
work as it involves the savings of its customers who are building up
their retirement plans.
Page 32
Be wary when using agents abroad
Firms expanding into a new market often employ local agents or consultants to help them navigate through unfamiliar terrain. These appointees are expected to offer advice and insight into how things are done locally, provide access to key decision makers and help to secure initial deals.
with the understanding these favours will be reciprocated,
however regulators and international auditors may not take the
same view. Therefore, it is important for companies operating
through agents or consultants to conduct thorough due diligence
procedures to find out exactly whom they are employing.
However, the practices commonly used by such agents may
not meet international standards of business ethics. What passes
for “normal” in countries such as the UAE, Saudi and Oman
may seem little short of bribery to a potential overseas investor
or partner. Local agents may see nothing wrong in lavishing
meals on government officials and offering gifts to individuals,
Page 33
A ny application form should ask for information about the management and the beneficial owners of the applicant’s company. It should require bank and credit references and comments from former or existing clients. It should give details of any previous relationships with the hiring company or its main competitors. And any significant relationships with serving or former public officials should be mentioned.
This can begin by asking possible appointees to fill in a well-
designed application form and making sure to interview them
in person. Specifically, any application form should ask for
information about the management and the beneficial owners
of the applicant’s company. It should require bank and credit
references and comments from former or existing clients.
It should give details of any previous relationships with the
hiring company or its main competitors. And any significant
relationships with serving or former public officials should be
mentioned. This information should then be carefully double-
checked, with nothing taken for granted or automatically
accepted at face value.
During the due diligence process, it pays to look for telltale
signs that may put the company at risk if something is not nipped
in the bud. For instance, you should not employ someone who
has close family ties with government officials responsible for a
project your company is pursuing.
Other warning signs include:
Payments in cash, via a third party, or to a numbered
bank account
Cash payments often suggest that the agent is trying to
prevent others from establishing a clear audit trail. Requests
to be paid via a foreign bank account also raise concerns about
transparency and may contravene foreign exchange regulations.
Intermediaries who volunteer their services at an
opportune time
If negotiations run into trouble, it sometimes happens
that a new agent appears on the scene with ways tobreak the
deadlock. The timing should arouse suspicion since the person
in question may have got a tip-off from another party to the
negotiation, who is hoping to engineer a bribe. Also, beware of
recommendationsfrom an official who is party to the negotiations
about any particular agent. The suggested intermediary may be
intended to act as a conduit for bribes to change hands.
Anonymous agents
Requests for anonymity suggest there is something the agent
has to hide or the possibility that he is acting for more than one
party. For example, an agent could be hoping to advise more than
one company putting in bids for the same government project.
Regardless of which client won, the “independent adviser”
would stand to benefit, provided no one revealed identities and
exposed what he was up People asking to be paid up front.
An agent who knows what he is about to do is illegal or skirts
the edge of the law knows reputable companies may renege on
an agreement once they discover irregularities. Asking for large
amounts of money in advance may reduce this risk for the agent,
and for any other beneficiary of dubious practice. However, it
should raise a clear warning for any company asked to pay “up
front”.
Page 34
Agents and consultants
A common practice for companies which are expanding into an unfamiliar market, e.g. Middle East, but one which holds the promise of growth, is to employ local partners. They are typically employed to offer their insight into how things are done, and for their access to key decision makers. Such agents, properly employed, can be a rich resource, and can help a company win important new business.
based corporations. They operate under the watchful eye of
the country’s Department of Justice, and the Securities and
Exchange Commission – both of which hold US companies
responsible for the actions of their foreign business partners.
However, problems arise when the ethical or business
practices of these representatives fall short of international
standards. This is a problem for many expanding global
business everywhere, but particularly worrisome for US-
Page 35
So far, I discussed what are some of the red flags to look out
for when a company chooses a local agent or consultant who
could help smooth entry into a foreign market. I would like to
conclude that discussion by highlighting a few more issues that
firms could understand.
Agreement A key statement that should feature
prominently in the agreement signed is that the appointed agent
or consultant understands and agrees to abide by the appointing
firm’s anti-corruption rules and regulations. On annual basis,
require them to sign statements that updates them on new
rules and regulations that have been implemented in response
to the changing regulatory landscape. Where applicable, the
agent should also agree not to only to abide by the rules of the
jurisdiction in which it is operating, but also that of the employing
firm’s home country. Finally, the agreement should also give
the right for the company appointing the agent to inspect the
its financial records relating to the contract. Agents which have
been found to have infringed the terms of the agreement should
be terminated promptly.
Remuneration Payments made to agents or consultants
should represent no more than the appropriate amount they
should reasonably receive for the services rendered. The
reasoning behind this is to avoid surplus funds being passed
on as bribes. One way to do this is to define the commission
paid not as a percentage of the total value of the contract, as
is the usual practice, but as an absolute sum. This should be
A standard application form for agents and consultants should ask for information on the management and beneficial owners of the applicant’s company. It should request bank and credit references, references from other clients, details of any previous relationship with the company or its competitors, and relationships with serving or former public officials.
It is therefore of paramount importance that companies
operating through either agents or consultants understand
who they are employing. One of the most powerful ways to
addresses this is to conduct due diligence enquiries through
a well-designed application form for agents and consultants.
A standard application form for agents and consultants
should ask for information on the management and beneficial
owners of the applicant’s company. It should request bank and
credit references, references from other clients, details of any
previous relationship with the company or its competitors, and
relationships with serving or former public officials. This should
be double-checked thoroughly, with nothing taken for granted.
The warning signs to look out for include:
Agents with close family relationships to key officials.
For obvious reasons, if the official in question is
responsible for a project under review that the company
wants to win, then the agent should not be hired.
Payments in cash, via a third party, or to a numbered bank
account, since cash payments signal that the agent does not
want other to establish an audit trail. In many cases which have
appeared in courts, agents ask to be paid via a Swiss or other
foreign bank account. Not only does this raise concerns about
transparency, but it may also contravene foreign exchange
regulation in country where the contracting company is based.
Intermediaries which volunteer their services at an opportune
time, just when a company runs into trouble in negotiations.
This raises suspicious that the intermediary in question was
tipped off from an official hoping for a bribe. A similar warning
sign is an agent recommended by officials with whom the
company is negotiating with, since there is a possibility that
what the official is in fact trying to do is to nominate someone
who they can trust to act as a conduit for bribes to change hands.
Anonymous agents, since a request for anonymity raises the
suspicion that the agent is seeking to hide something. It may
also be possible that they are acting for more than one party.
For example, an agent may wish to remain anonymous because
they are also working for the company’s competitors who are
bidding on the same government project. The agent then stood
to gain regardless of which of its clients won the contract, but
would be fired by both companies if its identity was revealed.
Agents who ask to be paid up front. If an agent knows that what
they are about to do is illegal, they understand that there is a
chance that the employer will renege on the agreement even after
it is signed. Asking for large amounts of money in advance reduces
the risk to the agent, and to the final beneficiary of the bribe. It
also raises both the financial and legal risks for the employer.
Page 36
commensurate with the qualifications of the agent, and hours
spent on the project.
Political Influence In many cases, companies employ
agents (or form a joint venture with a more committed partner)
in order to access their political connections. This can be a two-
edge sword. For example, if a dispute arises between the foreign
firm and the local agent or partner, the latter could use their
influence to strengthen their position or even force some kind
of expropriation. A regime change, whether it be at a regional or
a local level, could also turn an agent into a liability overnight.
Finally, there is the possibility that, among those important
political connections, lie people with criminal interests. The
important thing to remember when appointing third party
agents for their contacts is to ensure that they use their influence
transparently and honestly.
Finally, one similar case involving the United Nations Oil for
Food Programme (“the Programme”) which served to illustrate
the dangers of appointing agents and/or consultants happened
in 2007 when the U.S. Securities and Exchange Commission
(“SEC”) sued a U.S. listed company and its certain subsidiaries
for bribery of government officials in Middle East.
According to the complaint, the U.S. company authorized its
Dubai subsidiary to be the contracting party for the transactions
of the Programme. And the Dubai subsidiary retained a
consulting firm, which was headed by a well-connected Iraqi
citizen, to act as its agent. It is not mentioned why the acquirers
decided to do this, but one can reasonably assume it was on the
grounds that they thought that the consulting firm understood
the Iran market well, and therefore were fit to act as their agent.
One of the duties of the agent was to help the Dubai
subsidiary to secure contracts with Iran. In light of the agent’s
advice, the Dubai subsidiary agreed the agent to pay kickback on
the Dubai subsidiary’s behalf to Iraqi officials and increase the
agent’s commissions accordingly. When the Dubai subsidiary
submitted its contract to the U.N., it inflated its contract price
to cover the extra kickback payment. In total, the agent paid
approximately $647,110 improper payments on behalf of the
Dubai subsidiary. It was noted that the kickbacks were managed
to be bypassed the U.N. escrow account and were instead paid
by a third party to Iraqi-controlled accounts in countries such
as Jordan.
Additionally, the SEC also alleged that the Dubai and Abu
Dhabi subsidiaries of the U.S. company made numerous illicit
payments characterized as “consulting fees” where no bona fide
consultancy services were actually performed to secure orders
on certain projects in the Middle East. Basically, the “consulting
fees” were made to a variety of recipients who could influence
their customers to choose the U.S. company’s products to
their particular projects. The improper consultancy payments
totalled approximately $977,000. The total amount of sales
revenue associated with these payments was approximately
$12.2 million.
While I am not privy to the specific details of the case, it
was said that the U.S. company finally paid $22 million to settle
charges by SEC. Certainly a better appreciation of the dangers
of appointing agents and consultants, such as by doing the
proper due-diligence checks, could have revealed character red
flags. This might have been all that was needed to prevent the
embarrassment and damage to reputation as well as financial
loss that are associated with having bribery taking place in an
organisation.
The important thing to
remember when appointing third
party agents for their contacts is to
ensure that they use their influence
transparently and honestly.
Scott, CEO of The Red Flag Group, has over 15 years experience in Legal, Compliance, Internal Audit, Export Control, Ethics and
Corporate Governance, providing counseling and advice to senior management throughout the world in the development of legal
and compliance practices. Scott worked as a Senior Director and General Counsel in various MNCs in Australia, the UK and Hong
Kong and has significant experience in complex compliance issues.
Scott has worked in several industries ranging from Insurance to High Technology. He has led Corruption Investigations in over 20
countries. He has spoken at conferences on compliance in the US, the UK, Australia, Hong Kong, Singapore, China, India, United
Arab Emirates, and is an avid writer having written over 50 articles published in leading newspapers and journals.
The Red Flag Group is a leading independent corporate governance and compliance firm providing thought leadership at all levels to
global enterprises. We have eight offices and offer our integrated services across the globe. We assist companies in developing and
maintaining efficient and effective corporate governance and compliance programmes and have a proven track record in providing
integrity due diligence investigations in over 150 countries. We also enable corporates to manage compliance risks globally through
our bespoke web-based technology solutions, known as the ComplianceDesktop® Technology Platform.
About The Author