Corporate Integrity

CorporateIntegrity

101

Scott Lane

CEO of The Red Flag Group

A collection of articles on making

Compliance a Competitive Advantage

Contents

4-7. The UK Bribery Act and Middle East

8-9. Compliance training high on the agenda

10-11. Top roles demand special screen tests

12-13. Business integrity proves profitable

14-15. System can increase profits and cut risk

16-17. Onus on business to step up and comply

18-19. Communicate to enjoy advantage

20-21. Ignoring risk strategy can lead to disaster

22-23. Firms should guard against espionage

24-25. Giving gifts can lead to jail time

26-27. Foster a culture of compliance

28-29. Governance must be wide-ranging

30-31. Training ensures customer satisfaction

32-33. Be wary when using agents abroad

34-36. Agents and consultants

The UK Bribery Act and Middle East

There is little doubt in the business world today that Middle East is becoming an increasingly important market for the products and services of companies from around the world. This is particularly true of the cash-rich sovereign wealth funds holders such as Abu Dhabi, Kuwait and Qatar, which have become a stabilizing influence during the most recent financial crisis. Dubai as well is quickly bouncing back from the global recession. The sentiment is that if a company is not selling its products in rapidly growing Middle East, it is missing out on the best action.

However, an anti-corruption legislation with extraterritorial

reach will soon be enacted in the UK which will drastically

affect many companies operating in Middle East, regardless of

whether they were incorporated in the UK or not. As long as they

are carrying on any part of their business in the UK, they will

be caught by the Act. The UK Bribery Act, which received Royal

Assent in April, is expected to come into force in April next year.

Its provisions are in many respects stricter than those of the US

Foreign Corrupt Practices Act (FCPA)–a defacto compliance

standard for companies who operate internationally. Under

this new Act, companies which are carrying out business in

Middle East - where local business practices can contravene

well-accepted international anti-bribery rules – face increased

compliance risk.

Provisions under the UK Bribery Act

The Act introduces new bribery offences into UK law:

A general offence of bribing another person or

receiving a bribe – This will be based on the improper

performance test. There is an expectation that one performs his/

her duties according to a relevant expectation. This expectation

entails performing a function in good faith, impartially, while

importing a position of trust. Performance would be deemed

improper if an action (or a failure to act) breaches that

expectation. The offence can be committed by a company, its

employees, agents or subsidiaries.

A discrete offence of bribing a foreign official – This

occurs where a financial or any other advantage is given, directly

or through third parties, to a foreign public official to influence

them in their official capacity to award or retain business

contracts. This offence does not require improper performance to

have taken place nor does the payment need to have been made

“corruptly” as required by the FCPA. This offence can also be

committed by a company, its employees, agents or subsidiaries.

A corporate offence of failing to prevent bribery –

This has generated the most interest, as it is a strict liability

offence for corporations and partnerships who fail to prevent

bribery from occurring.

T he Act states that if a person associated with an organisation

commits bribery to obtain an advantage for the company, then

the organisation is guilty of the offence regardless of whether it

was the organisation’s intent to do so. The company also does

not even need to be aware that bribery has taken place. The only

defence is if a company can show it has adequate procedures in

place that were meant to stop bribery from occurring.

Private Bribery - It has always been an offence under UK

law to bribe a private person and causing the said person to

perform their duties contrary to good faith or impartiality. The

Act simply continues to make the bribing of private persons

illegal.

Relevancy to Middle East

Like the FCPA, the UK Bribery Act includes extraterritorial

provisions that apply to Middle East – just like how it applies

to any other part of the world. Under the Act, the person

committing the bribery offence does not have to be a UK

citizen nor does the activity have to fall within UK jurisdiction,

but only that they maintain a “close connection” with the UK.

Commercial organisations include not only partnerships or

companies incorporated in the UK, but also partnerships and

companies which are incorporated elsewhere but carry on any

part of their business in the UK. The Act does not clearly define

what “carrying on business” means. However, common sense

dictates that it would denote some series of activities designed

to advance an enterprise for financial gain, particularly acts with

an element of repetition.

For example, a company which is based in Middle East but

carries on operations around the world – including a branch in

the UK – will most likely be liable under the act. A finer question

would be whether a Middle East company who owns a UK

subsidiary would be similarly liable. Since the UK subsidiary

would be a separate legal entity, then the question whether the

Middle East parent company would be deemed to

have been carrying on business in the UK would

depend on whether the subsidiary’s activities form

part of the parent’s business operations, and the

degree of ownership and control exerted.

The UK Bribery Act will apply to businesses operating in

Middle East, just like any other business in the world. However,

companies who operate in Middle East face additional risks

of being caught under the Act because of the region’s unique

business culture. Middle East is an area with its own laws,

cultures, and business customs. In turn, these laws, as expected

of developing legal jurisdictions, are typically prescriptive in

nature but lack the precision in wording desired by corporate

compliance and legal departments.

At the same time, control issues arise because the business

customs of the Middle East market in which the international

firm is operating in is likely to be very different from the country

in which the company is headquartered. This is especially so

for companies originating from jurisdictions where there is a

lower perception of corruption such as the US or New Zealand.

Danger zones are not limited to countries where there is

perceived to be greater levels of corruption such as Iran, Yemen,

or Iraq. Even countries like Qatar, UAE, and Israel, which are

respectively ranked 19th, 28th, and 29th on the Transparency

International’s Corruption Perception Index, all have their own

peculiar business-related customs on gift-giving and receiving,

and hospitality through which firms need to navigate.

This disparity in the way business is done between a firm’s

home market and their Middle East operations is an issue

that companies have found increasingly problematic in recent

years with governments around the world cracking down on

corruption. It manifests itself in a number of ways. Typically, the

Middle East branch adopts the attitude that senior management

and compliance at a company’s head office in its home country

T he Act states that if a person associated with an organisation commits bribery to obtain an advantage for the company, then the organisation is guilty of the offence regardless of whether it was the organisation’s intent to do so. The company also does not even need to be aware that bribery has taken place. The only defence is if a company can show it has adequate procedures in place that were meant to stop bribery from occurring.

simply do not understand how business has to be done in on the

local level in the foreign Middle East market. Consequentially,

even where companies have top notch compliance programmes

that govern the range of actions corporate employees are

allowed to engage in, they are often ignored because of concerns

that compliance would drive business towards competitors with

more relaxed compliance and ethical standards. This is easiest

when there is no top-down commitment to compliance on the

local level, which means that non-compliance is simply covered

up until regulators are alerted - leading to expensive remediation

measures that could involve hefty fines.

Again, all of this applies equally to other anti-bribery

legislation already in existence around the world, such as the

FCPA, but the introduction of the stricter UK Act means that

companies will now face additional risk for any illicit actions of

employees in problematic Middle East markets – in addition to

liability they now face under the quasi-international FCPA and

the laws of the local Middle East market. Unlike the FCPA, which

requires a company to know (or least ought to have known) of

bribery that has taken place in order for it to be an offence, there

is no such requirement under UK Bribery Act’s general offences.

If the Act comes into effect without any further legislative changes

– and none are expected – it would mean that companies with

such Middle East operations who disregard their corporate code

of conduct will stand to face significant compliance risk.

Finally and as previously mentioned, the UK Bribery Act

prohibits bribery of both private individuals and companies,

in addition to being limited to foreign officials as per defacto

standards set by the FCPA. This means that companies

operating in problematic Middle East countries will now have to

cast a wider net in reviewing how it conducts business with its

clients, customers, vendors, suppliers, and other third parties.

Companies will also have to review their relationships with

private companies and individuals in addition to government

officials to minimise all aspects of compliance risk.

Corporate gifts and entertainment

This is perhaps a big concern to companies in Middle East,

where there is an entrenched culture of relationships as part of

the daily operation of businesses. Standards there which may

be considered lavish by UK or US standards may be the norm in

such countries. In countries such as the UAE, Qatar, Oman and

Saudi Arabia, gift giving or providing entertainment forms part

of the relationship building process in the course of business.

Under the Act, hospitality will only amount to bribery

if it is proved that it was offered to influence the recipient to

act improperly. In addition, the general bribery offence will

be based on the improper performance test. That is, routine

and inexpensive hospitality, as judged by the standards of

a reasonable person in the UK, is unlikely to be considered

improper conduct. Note that the improper performance test

does not apply when a foreign official is involved. Whether a gift

or entertainment is considered excessive however, will be based

upon the discretion of the prosecution.

The Act does have a carve-out in the form of allowances for

local laws which permit certain gifts or payments to be made,

but not for mere adherence to cultural norms or customary

business practices. Reasonable gifts and entertainment, that

are commensurate with the recipient’s seniority and are

within the industry’s norm, are unlikely to attract attention

from UK regulators. It helps if a company has a specific gift

and entertainment budget, with clear control and approval

procedures for expenditure.

Facilitation payments

Unlike the FCPA, the UK Bribery Act makes no distinction

between bribery and facilitation or “grease” payments (i.e. small

payments to public officials designed to ensure the prompt

performance of a duty they are already bound to perform.)

The FCPA’s facilitation carve-out has limited application but

generally allows facilitation payments where they are permitted

under the host country’s laws, and applies only to non-

discretionary actions by a foreign official such as processing

paperwork, providing police protection or mail pickup. The

UK Act makes no exception for such non-discretionary grease

payments.

Whether a case is brought to trial will be up to the discretion

of the prosecutor, and it is not expected that there will be many

cases targeting small facilitating payments made by companies.

Companies which currently allow facilitation payments to be

made, even if only under strict compliance controls, should

examine their policies to see whether they conform to the new Act.

Recommendations

After it came into force in July 2011, the UK Bribery Act has

become the strictest anti-bribery regime in the world, and as such

it may become easier for companies, especially those operating

in Middle East, to be caught by its provisions. Companies should

review their operations, as well as their policies and procedures,

and find out the degree to which they must adapt their business

practices to safeguard themselves from the legislation’s penalties

– which include both substantial fines for companies and prison

sentences of up to 10 years for individuals.

In 2010, the UK Ministry of Justice launched a consultation

exercise on what “adequate procedures” organisations would

have to put in place to defend against the strict liability of the

Act. Since the Act extends to all persons “associated” with an

organisation, this creates significant risk for organisations if they

do not have “adequate procedures” in place to prevent bribery

from occurring. Results from the consultation and legislation

guidance are available in the official website now. .

In the meantime, companies should begin to make sure

they have the following good corporate governance measures

in place:

A senior officer, such as a chief ethics and compliance officer,

appointed to and given authority to implement and monitor

anti-bribery measures.

A structure of top-down responsibility where directors are

responsible for establishing a culture where corruption is

not tolerated, through the design and implementation of an

effective anti-bribery compliance programme.

Statements issued from the company’s senior management

about the expected compliance culture and the consequences

of compliance breaches.

A code of conduct, clearly communicated both internally

and externally. Companies should also have a discrete gift

and entertainment policy for approving gifts and providing

entertainment to clients and customers. There must also be

a valid and effective mechanism for monitoring whether the

policy is being adhered to.

A comprehensive due diligence process used to choose

reputable agents and business partners as many business in

Middle East are carried out through intermediate s and joint

venture partners.

Compliance training high on the agenda

With more corporate scandals being investigated by the authorities and a renewed shareholder focus on ethics, directors are requesting more training

Training the board of directors of public and private

corporations in compliance programmes has become

increasingly common over the past several years. The most

significant reason for this movement is the increase of corporate

crimes attached to corporate directors who may become involved

in civil or criminal liability for their unethical acts.

One example in 2007 involved the legality of backdating

stock options. Almost 150 companies were involved in lengthy

and expensive investigations around the legality of options

granting practices.

W ith more corporate scandals being investigated by the authorities and a renewed shareholder focus on ethics, directors are requesting more training on their duties and the expectations of their roles. They also want to know that the company has effective training programmes in place for all

employees, not just themselves.

The number of senior executives and board members being

fired or resigning is growing as companies seek to limit further

damage. In some situations, the executives have had to cede their

powers, resign from the board, and have even been indicted by

the United States Securities and Exchange Commission.

With more corporate scandals being investigated by the

authorities and a renewed shareholder focus on ethics, directors

are requesting more training on their duties and the expectations

of their roles. They also want to know that the company has

effective training programmes in place for all employees, not

just themselves. An effective ethics and compliance programme

should include the following:

Simply providing information about the ethics and

compliance programme is not necessarily the same as training.

Such information and data may include the number of

complaints to a compliance hotline, or the result of an internal

investigation. This is not board training.

The board should get training on the company’s code of

conduct. Having the board complete the training not only

provides them with guidelines on what not to do, but it sends

a powerful tone from the top to the rest of the organisation that

ethics and compliance are important.

Training should be challenging, regular and substantial.

Time should be spent on developing a workshop, role play or a

real-life example. Board training should he held at least twice a

year for one to two hours. Any shorter should be a warning sign

that the board is not “learning”, but simply sharing information.

Training should also present a challenge to members of the

board.

Training should be tailored to a risk profile. Boards cannot

be expected to learn about every potential legal issue facing the

company. They need to be trained on only the most significant

legal, ethical and compliance risks, based on the priority of risks

from a risk assessment.

External advice is important. Board training should be led

by the inhouse legal or compliance teams, but supplemented

by leading external experts on compliance matters that relate

directly to the company.

The board should be able to recognise red flags. While

directors are not expected to become legal experts, the minimum

standard is that they can identify red flags in the company,

and know what to do and how to approach management for

investigation and review.

The board should demand that management

take training seriously. The board should set the

risk profile of the organisation and ensure that there

is a risk management process in place. The training

programme put in place should also be effectively

implemented by management.

Boards should know the company’s particular compliance

programme in detail. The board must be able to describe the

company’s programme in detail, and always be ready to answer

questions about the programme and its effectiveness. If a board

member is asked by a regulator to explain the programme and is

unable or ill-equipped to do so, this will show the regulator that

there is limited “tone at the top” – an essential part in any ethics

and compliance programme.

The board should have access to some benchmark data

about the company’s ethics and compliance programme, and

that of its competitors and industry leaders. Being able to show

that your company’s programme is consistent with the industry

and your competitors is a useful tool to show any regulators that

your programme is at “best practice” standards.

The company secretary should be able to prove that the board

has been substantially trained. Copies of the board of directors’

meeting agendas and minutes specifically showing when, where

and for how long training sessions were held should be kept, as

well as copies of the actual training, including PowerPoint files.

Top roles demand special screen tests

The more competitive the market – and Middle East is highly competitive – the greater the need for screening employees, partners and alliances

There has been a surge of interest in the world in the

matter of “embellished” resumés, accompanied by a call for a

comprehensive screening of job candidates and even senior

staff.

A senior executive at the InterContinental Hotels Group

recently resigned after being found guilty of misleading the

company about his academic qualifications.

Patrick Imbardelli, chief executive of the group’s Asia-Pacific

operations, stepped down after an internal review uncovered

that he had misrepresented his academic record on his CV. He

was due to join the board this month.

The company said he had claimed to have been awarded a

bachelor’s degree from Victoria University in Australia, and a

bachelor’s degree and an MBA from Cornell University in the

United States. It was found that he had attended classes at these

institutions, but not graduated. What does this mean for private

and public companies looking to fill board-of-director positions

and placing people in senior management roles? How does a

board ensure that new hires have represented their skills and

experience truthfully and accurately?

CV Checks Even a simple background check can help

ascertain the overall accuracy of somebody’s CV. These are

fundamental steps and should be mandatory in any hiring

process. Ideally, a comprehensive check should be done before

the person comes on board. These checks are also effective in

warning prospective applicants that CV validation does takes

place, with consequences for those giving false or misleading

information.

Integrity Checks An employee, senior manager or board

member found to have “adjusted” his or her CV risks being

viewed with suspicion throughout his or her career.

As far as possible, an integrity check should be conducted for

all appointees at manager level and above; mandatory, in-depth

screening should be conducted for president, vice-president

and board of director roles. These should go beyond a simple

resumé check to include an analysis of a candidate’s commercial

integrity. Speaking to previous work colleagues, business

acquaintances or partners should provide sufficient input for an

integrity check.

If there are any doubts about a prospective hire’s integrity,

these can be cleared with the help of trained investigators.

Testing While it is perfectly normal practice, like test-driving

a new car or trying on new clothes in a fitting room, to put a

junior employee on probation, you would not consider doing the

same with a senior executive. But it is perfectly in order to have

senior executives spending time with an experienced ethics and

compliance professional, who will walk them through a series of

hypothetical corporate situations posing ethical challenges and

testing their responses along the way.

This mode of assessing as part of the hiring

process is certainly preferable to trying to assess

someone who has already joined the firm. Testing

processes usually involve discussions about such

issues as:

How should one respond when offered an inducement or

bribe by a supplier?;

How do you conduct business in emerging markets, where

bribery and kickbacks are commonplace?;

How do you identify and handle a conflict of interest among

market players?, and;

How do you deal with anti-competitive conduct and cartel

arrangements?

Background screening and integrity assessments should be

an essential part of the hiring and promoting process. This is

important with new employees, but even more so with those

moving into senior positions. The more competitive the market

– and Middle East is highly competitive – the greater the need

for screening employees, partners and alliances.

B ackground screening and integrity assessments should be an essential part of the hiring and promoting process. This is important with new employees, but even more so with those moving into senior positions. The more competitive the market – and Middle East is highly competitive – the greater the need for screening employees, partners and alliances.

Business integrity proves profitable

Whatever the reason that a company starts to look at ethics and responsible business, the key message is that such programmes drive more profit

Many companies are starting to see that ethics and

responsible business can be a key growth driver. Several of them

have started developing more ethical and responsible businesses

through codes of business conduct and training programmes for

their employees. Some have started the process because of a fear

of being involved in a corporate scandal that could destroy their

share price or customer goodwill, others because they feel that

running an ethical and responsible business is a competitive

advantage.

The key message is that such programmes drive more

profit. Over the past few years, too much focus has been on the

proposition that ‘you could go to jail’ for being involved in or

‘turning a blind eye’ to unethical business. However, despite the

attempts of many regulators around the world, the number of

business executives going to jail for corporate crime is extremely

small compared to the amount of business being conducted and

the potential for unethical or illegal conduct.

For an ethical leadership or corporate citizenship initiative

to be effective, it must be acknowledged that such activities drive

a company’s business performance and profit. Some leaders do

not yet see the connection.

Five reasons to help drive the message in your organisation

that “ethics can be profitable” are:

Ethical businesses are better at attracting and keeping

customers. The ability to attract customers away from

competitors, as well as prevent your own customers from

defecting is a key aspect for any business. An effective way of

achieving this goal is by creating customer loyalty. In effect,

they help you market your product. Having a business that

operates with a strong ethics and integrity system is essential

in maintaining customers’ goodwill and loyalty. It would be rare

for a customer to act as an ambassador for your product if your

company was seen as having a poor record on ethical business,

environmental stewardship or health and safety.

Ethical businesses demand employee loyalty. In the current

climate, employees have a choice of company to work for. It

is not as simple as deciding a role based on the salary alone.

Job candidates are looking deeper into the operations of the

company, its management, its products and its status in the

community. Running a respected ethical and responsible

business gives your company that added advantage to attract

and retain top talent, thereby reducing your costs, decreasing

your turnover and driving better margins.

Ethical businesses attract institutional investors. The

institutional investor is now extremely astute. They look beyond

the purely financial and operational aspects, and at ongoing

sustainability. This often reflects management’s approach to

building an ethical and sustainable business over the long term.

The last thing institutional investors want to do is to invest in

the “next Enron”, no matter how good the financials may look in

the short or medium term. Many organisations see developing

an ethical, responsible and sustainable business as the key to

attract, and, in many cases, diversify their institutional investor

base. Nowadays, specific funds focus on sustainable investments,

which allow your company to potentially attract a new class of

investor altogether.

Ethics support easy brand extensions. The ability

to expand a brand and motivate an existing customer

to purchase an additional product is one of the most

significant profit drivers for any organisation. When

expanding regionally, a positive reputation assists in getting

local grants and tax breaks, attracting employees more quickly,

and allowing your company to get up and running and gain

customers faster.

Ethical business can minimise cost. Having your business

involved in an ethical scandal could lead to a significant cost

blow-out. Leaving aside the direct costs (namely lawyer’s fees,

investigators, forensic accountants and consultants) the main

costs could be losing customers, suppliers, partners or strategic

investors. Calculate, say, a 5 per cent drop in revenue because

of the fallout and add that to the cost of dealing with the issue

and you have a potentially significant number. These numbers

don’t include the potential effect to your brand and negative

publicity, which often exponentially exceed the direct costs and

loss of customer revenue. Avoiding such scandals by having an

infrastructure around ethics and responsible business is key.

There will always be a group of people that pushes back on

the basis that they are entirely ethical. In addition to reminding

people that “you can go to jail” for many illegal and unethical

acts, focus on the real drivers of business growth, customer

loyalty and increased profits.

E thical businesses are better at attracting and keeping customers. The ability to attract customers away from competitors, as well as prevent your own customers from defecting is a key aspect for any business. An effective way of achieving this goal is by creating customer loyalty. In effect, they help you market your product. Having a business that operates with a strong ethics and integrity system is essential in maintaining customers’ goodwill and loyalty.

System can increase profits and cut risk

Good practice for all private companies is to develop even the most basic form of an ethics and compliance programme

Developing an ethics and compliance infrastructure is

essential for any public company, especially those that are listed

on a stock exchange. What about private companies? Is there a

need to develop an ethics and compliance programme when you

are a privately-held organisation?

The answer is “yes” for a number of reasons. Firstly, there

is substantial evidence that creating a system of ethics and

compliance actually produces more profit by attracting more

customers and driving down legal and investigation costs.

Secondly, an ethics and compliance programme is a good risk

management mechanism as it identifies legal and ethical risks in

your business and builds sufficient safeguards to manage those

risks before they become a crisis.

The risk of unethical, or illegal, behaviour equally applies

in private organisations as it does in public ones. Issues like

employee fraud, theft of intellectual property and misuse

of confidential information tend to happen more in smaller

companies than they do in large ones, simply because adequate

controls are not in place to stop or detect such activity in private

companies.

Good practice for all private companies is to develop even the

most basic form of an ethics and compliance programme. While

a large-scale programme of the type used by big multinationals

might be seen as over-the-top for a private company, there are

some simple risk mitigation and management systems that can

be put in place quickly and inexpensively.

Employment agreements - Make sure all your employees

have valid employment agreements. These agreements

should have the necessary sections on protecting confidential

information after the employee leaves the company and should

also address intellectual property rights.

Signature policies - Most small private companies have

a rudimentary system of cheque signatories for bank accounts.

Most employee fraud can be avoided if tighter controls are

implemented over the issuing of cheques and the access to bank

accounts. Signature policies should be regularly reviewed and

updated, particularly as employees leave or change roles.

Board membership - Good corporate governance

principles should indicate that the board maintains an

adequate level of non-executive and executive directors. Having

independent non-executive directors aids in building a system

of ethics and compliance into the organisation as it shows that

even executive directors are not immune from “doing the right

thing”. Ethics start at the top, and the right “tone at the top”

is essential to maintaining and communicating an effective

compliance programme.

Audit committee - Good practice for private companies

is to set up an audit committee. While not required by most

local laws, an audit committee, with sufficient numbers of

independent and financially literate members, is useful in

managing the financial reporting and ethical health of a

company. The committee will help run the company’s financial

dealings in an ethical manner. If the private company is looking

to become public at some stage in its development, setting up

the audit committee while being private, and not legally being

required to do so, is a good testing ground.

Code of ethics - Having a code of ethics is a

simple but effective way to convey the manner in

which the organisation wishes to conduct business. A

code for a private company can be short and simple, yet

still covering the major areas of risk for the company.

It should be a guide for employees on how they are expected to

behave while conducting company business.

Whistle-blowing policy - A policy that allows all

employees to report ethics or compliance violations in a non-

threatening way is just as necessary in a small company as it

is in a large one. In many private companies, it is impossible

for employees to feel comfortable to report matters directly to

management due to their close relationships. A simple policy

and anonymous reporting hotline can identify potential issues

quickly and reduce the risk of ethical violations.

Training - Ethics and compliance training is essential for

all employees in any business. Methods like eLearning and

web-based courseware can be accessed by small companies to

train employees on ethics. Continuous training on ethical issues

reduces the potential for violations and should be the centre

point for any ethics programme.

T he risk of unethical, or illegal, behaviour equally applies in private organisations as it does in public ones. Issues like employee fraud, theft of intellectual property and misuse of confidential information tend to happen more in smaller companies than they do in large ones, simply because adequate controls are not in place to stop or detect such activity in private companies.

Onus on business to step up and comply

Ensuring that your organisation is ready to deal with the growing anti-corruption compliance focus is essential

In 2009 I was involved in putting together the first Anti-

Corruption Asia Summit being held in Hong Kong next month.

This is the first time that an event has been held in Asia that

places a strong focus on the development of corporate anti-

corruption programmes. It will showcase various sponsors’

products including compliance consulting, integrity due

diligence providers, e-learning solutions and anti-bribery &

Foreign Corrupt Practices ACT (FCPA) specialist law firms.

My firm, The Red Flag Group, sponsors the event with our

related company The Integrity Portal, which conducts integrity

due diligence and analysis for companies.

The reason I mention the summit is because it highlights

the staggering pace of change that is happening in ethics and

compliance fields in Asia. Even five years ago we would not have

been able to hold this conference because there was little – if

any – focus on anti-bribery throughout Asia. It was always seen

as an issue, but companies and governments turned a blind eye,

hoping it would go away.

Take for example how China has stepped up its anti-

corruption efforts with the establishment of the National Bureau

of Corruption Prevention (NBCP).

The bureau, which will report directly to the State Council,

or China’s cabinet, aims to monitor the flow of suspicious

assets and suspicious corruption activities by establishing an

information-sharing system among prosecuting organs, courts,

police authorities and banks.

Unlike previous anti-corruption efforts in China, the NBCP

will also guide anti-corruption work in companies, public

undertakings and non-governmental organisations, help trade

associations to establish selfdiscipline systems and mechanisms,

prevent commercial bribery, and extend corruption prevention

work to rural organisations as well as urban communities.

To date, China’s focus has been on the prosecution of its own

party members. More than 90,000 officials were disciplined last

year alone, accounting for 0.14 per cent of the total Communist

Party members.

The country has punished several ministerial-level or higher

officials for “serious corruption” in the past five years, including

the former State Food and Drug Administration head Zheng

Xiaoyu, the former head of the National Bureau of Statistics

Qiu Xiaohua, and the former Shanghai party secretary Chen

Liangyu.

The NBCP will, under the framework of the United Nations

Convention Against Corruption, offer help to developing

countries with corruption prevention and work to win technical

support and other assistance from foreign countries or

international organisations.

This is the first significant change in China’s anti-corruption

efforts and now squarely places the onus on business to step up

and comply with anti-corruption regulations which have been

lacking in China’s business community.

Although foreign-invested corporations in China

have had to comply with their “home country” anti-

corruption legislation (for example, the US Foreign

Corrupt Practices Act) they also need to consider

local Chinese legislation which, with the launch of the

NBCP, will be strongly enforced.

The charter of the bureau includes working with other

anticorruption bodies in other foreign countries to develop

strategies to counter international corruption. This aspect is

particularly important to foreign-invested companies in China.

For example, a US-based company operating in China will

be subject to the US Foreign Corrupt Practices Act and could

be prosecuted for violations taking place in China by the US

Department of Justice.

Under the charter of the NBCP it is expected that discussions,

document sharing and co-operation between the US Department

of Justice and the NBCP would take place. In some cases, the

prosecution by the US Department of Justice may lead to a

further prosecution by the NBCP under local Chinese anti-

bribery legislation and vice versa.

Ensuring that your organisation is ready to deal with the

growing anti-corruption compliance focus is essential. The best

way to test your readiness is to understand how the law affects

your company and to understand the global developments in

this area.

T he country has punished several ministerial-level or higher officials for “serious corruption” in the past five years, including the former State Food and Drug Administration head Zheng Xiaoyu, the former head of the National Bureau of Statistics Qiu Xiaohua, and the former Shanghai party secretary Chen Liangyu.

Communicate to enjoy advantage

A good compliance system shows that a company is less likely to be subject to massive downswings in stock prices when a compliance violation occurs

Almost every company has some form of compliance programme.

In some cases, it might be as simple as ensuring that basic company

registry information is filed on time and for others, particularly

listed companies or those that have regulatory requirements, the

programme is much broader and essential to the operation of the

business.

Compliance programmes are an asset to any business. They

not only allow the business to operate in a way that complies with

necessary laws and policies, but they often force the company to

streamline processes and procedures and improve efficiency.

Many companies focus on training staff on their compliance

programmes, making sure that every relevant staff member

understands the rules and procedures. Training is essential for

good compliance, it provides employees with repeated training on

compliance topics and allows the employee to test that knowledge

with some form of quiz or exam.

In addition to a training plan, a broader communication plan

should also be considered by the company. A communication plan

for your compliance programme is essential for both internal and

external stakeholders. Such a plan should include communicating

to external stakeholders such as auditors, media, shareholders,

customers, key partners and, in some cases, regulators. Each of these

parties holds a stake in the success of your company’s compliance

programme. Good effective communication of that programme can

build shareholder value.

Auditors are responsible for reviewing the company’s books and

records and making an assessment on the health of the company as it

relates to material risks, particularly financial ones. Communicating

your compliance programme to your auditors is essential to help

them understand your approach at managing and interpreting risks

in compliance failures. Communicating the programme may also

help when compliance issues are being investigated by the company,

and auditors will naturally be interested in also conducting a parallel

investigation so far as it concerns potential financial risks. These

parallel investigations can be very costly to the company. It is essential

to limit any parallel investigation by conducting an investigation to a

level that is established and agreed to by the auditors.

It is important to make your compliance system known to the

media or, at the very least, to ensure the system is media-ready. A

media-ready compliance system is one that has statements ready to

be released when the company is being questioned about a critical

compliance issue that has occurred. A media-ready statement gives

the media a reportable statement on the company’s compliance

system and it may allow the company to portray itself to the media

as having an active compliance system despite the event that may

have taken place to raise the media’s interest in the first place. In

many cases, a well-drafted, media-ready compliance system can

help to deflect attention from the compliance crisis to a company’s

compliance system itself.

Compliance can be a competitive advantage. A good compliance

system shows that a company is less likely to be subject to massive

downswings in stock prices when a compliance violation occurs. Good

compliance systems also reduce risk exposures to the company’s

balance sheets. Many companies market their compliance system on

the investor relations page of their websites. This is a good way of

communicating compliance systems to shareholders and linking the

value of compliance programmes to shareholder value.

Just like communicating to shareholders is

important to building shareholder value, communicating

to customers and key third parties is equally important.

Allowing a customer to feel comfortable that their risk as

a customer is being addressed by the company, and giving

them advance notice on changes that may affect them, is essential.

Changes to your compliance system (for example, by requiring

additional personal information from customers or asking a customer

to complete new annual forms) should be communicated to the

customer before asking for the new requests. Ideally, these changes

should be communicated to the customer in advance, identifying why

the changes are being made and the benefits they have for customers,

such as greater security control.

For those companies that are regulated by industry regulators or

even government regulators, it is often advisable to meet with the

regulators to talk through your compliance system. Having this sort

of dialogue often builds essential relationships with the regulator and

may potentially smooth over things when enforcement issues arise.

In some cases, while not strictly required under the law, regulators

are keen to see that the company is on top of its compliance of the law

that the regulator enforces. Doing so may avoid costly audits.

Communicating your compliance system to third parties can

be a great advantage to building value with stakeholders. Failing

to communicate externally and remaining silent often raises

more questions than are necessary and does not instil comfort in

stakeholders that compliance is being taken seriously.

A communication plan for your compliance programme is essential for both internal and external stakeholders. Such a plan should include communicating to external stakeholders such as auditors, media, shareholders, customers, key partners and, in some cases, regulators. Each of these parties holds a stake in the success of your company’s compliance programme. Good effective communication of that programme can build shareholder value.

Ignoring risk strategy can lead to disaster

One of the most important functions of the board in a modern corporation is to oversee risk management

A catastrophic failure of risk management by some of

the world’s leading banks and financial institutions directly

contributed to the global financial meltdown and the failure

of some institutions. This happened despite those institutions

having risk departments that are the envy of other companies.

If this is true, why did these departments fail? Why were

these risks not identified? Were the risks too remote to consider

likely? Did the risk department miscalculate the effect of the risk

eventuating? Were the risks ever communicated up the chain to

management? Did management react appropriately?

These are the questions that should be asked right now across

almost every business engaged in international commerce, and

nowhere will the questions be directed more frequently than at

boards of directors of corporations of every shape and size.

After all, one of the most important functions of the board

in modern corporations is to oversee risk management. This

is something that is often overlooked. A non-existent risk

department – or, worse, one that is ineffective – can directly

contribute to the downfall of a company. Yet, if you ask the

average senior manager what they think of their risk department,

you often hear them described as “an overhead” or “a necessary

evil”. In some cases, the manager will say: “I think that is part

of finance.”

If risk management is one of the four pillars of the role of the

board, then every company must have someone responsible for

executing risk strategy. There are three key aspects to any risk

department.

You actually have one. Every company should have someone

looking at risk management. Even if the company is small, a

plan should be prepared similar to a sales plan, marketing plan

or financial plan. It should be prepared and be presented to the

board regularly for review and approval. The recommendations

in the plan should be adopted. Identifying risks and never getting

around to doing anything about them is not risk management.

Position in the company and reporting. Risk management

is one of the most essential roles of the board. Yet risk

management is often pushed too low in the organisation’s

structure. Occasionally, it reports to finance, sometimes to

legal, sometimes it is buried within operations. Someone senior

in the organisation must be responsible for risk management.

That person must report direct to the CEO or preferably to the

risk committee of the board. Having a risk department that is

unheard is worse than not having one in the first place. Risk

management is a very complex role and it should be given that

exposure by a reporting structure that reflects its importance.

Experience and talent. The risk department should be

staffed with experienced people who not only understand the

risk function but also have an acute understanding across many

areas of the business. This understanding should not be limited

to the company’s products and services; it needs to extend to

a solid understanding of finance, operations, country risk,

macroeconomics and microeconomics, plus a host of issues

such as union involvement, weather, trading cycles, etc. Many

risk managers have excellent skills in risk identification and

presenting these risks in a colourful, graphical and slick way.

I f risk management had been looked at by some banks and financial companies as

a key role and had been staffed with experts with direct reporting lines to the CEO or the board, there would have been a good chance that common-sense risk principles would have minimised the collapse of some companies and the loss to staff and shareholders.

But, unfortunately, some lack the true business

experience and judgment essential in knowing how

to provide valuable advice to the company on limiting

exposure arising from a risk event.

To overcome these issues, it is essential that the

head of risk management is a senior manager. Preferably, the

person should be someone who has worked for the company

in many roles over many years, understands the company

and its culture, and has a very good understanding of a range

of business. Preferably, the person might be the next CEO or

someone in line to join the management team.

Too many times, companies fail because risks are either

not identified (because risk managers are too busy managing

spreadsheets and using online tools) or because, once identified,

the head of risk management is not senior enough to have a

voice that can be heard quickly by the CEO and have the respect

to be regarded as a significant enough voice. In some cases, risk

management is seen as an operational part of the company and

therefore not worthy of reporting to the CEO.

If risk management had been looked at by some banks and

financial companies as a key role and had been staffed with

experts with direct reporting lines to the CEO or the board,

there would have been a good chance that common-sense

risk principles would have minimised the collapse of some

companies and the loss to staff and shareholders.

Firms should guard against espionage

Corporate espionage is a tricky issue. One man’s market research can be another’s corporate espionage. As a rule of thumb in business, you always want to find out what your competitors are doing, and they will want to know what you are up to.

Hilton chain of hotels for allegedly stealing its most sensitive

corporate secrets to start its own luxury brand. According to

reports, it was alleged that before two former senior Starwood

executives left their company to join the rival chain late last year,

they e-mailed and sent more than 100,000 electronic and paper

documents to their future employers.

Business intelligence can be accomplished in different

ways, and companies routinely tread a fine line between purely

legitimate means through open source material to outright theft.

One case made the headlines recently. Starwood Hotels,

operator of the successful W brand of luxury hotels, sued the rival

I n the case of senior staff defections to rivals, discretely identify other staff members who

are likely to join their former colleagues and, if they are found to be stealing the company’s trade secrets, terminate their employment immediately. At the same time, there is a need to communicate to the rest of the firm what is happening.

The documents, Starwood maintained in its lawsuit filed in

New York in April, consisted of the blueprints for the launch of

a new luxury hotel brand – setting out how to negotiate with

developers, train employees and market the brand. There were

also strategic development plans, marketing and demographic

studies training manuals for its entire luxury brand line, and the

names and contract details of property owners around the world

who could be interested in signing hotel management contracts.

Hilton allegedly took this information and launched its own

luxury hotel concept in March. The lawsuit claims that Hilton

was able to fast track and bypass many of the time consuming

research and development legwork that hotels normally do,

saved tens of millions of dollars and avoided the trial and error

normally associated with the opening of a new chain of hotels.

In the lawsuit, Starwood is seeking monetary damages, and a

court order that Hilton cancel the rollout of its recently launched

luxury hotel chain. Hilton said the lawsuit was “without merit

and will vigorously defend itself”. In today’s evolved economy,

where an estimated 70 per cent of the market value of United

States firms reside in their trade secrets and intellectual

property, it is vital that companies understand how to safeguard

their confidential information. One of the more obvious things

to do is to prevent data breaches when employees leave.

Companies should separate confidential trade secrets and

client information from other less essential data. Clearly identify

them as such, and establish a well documented procedure for

staff to access this information.

Develop a culture of compliance with these rules. Limit

access to computers with USB ports because a lot of information

can be stolen.

Proactive monitoring of employee computers and

telecommunications usage. If the regulatory framework allows,

employers could install keystroke logging or packet sniffing

software onto computers, which respectively record the

keystroke activities of computer users, and collect information

on data transfers initiated by the user. Where that may be

inapplicable, companies should at the very least monitor voice

calls and e-mail traffic. Taking into account the sensitivity of

such a scheme, which could notify employees of this type of

workplace surveillance, they should request consent. Where

express consent is not available, they could limit monitoring

voice communication to only those that are of a business nature.

In the case of senior staff defections to rivals, discretely

identify other staff members who are likely to join their former

colleagues and, if they are found to be stealing the company’s

trade secrets, terminate their employment immediately. At the

same time, there is a need to communicate to the rest of the firm

what is happening.

Review employment contracts to make sure they contain

the necessary provisions to prevent department executives from

soliciting clients or staff members for a set time, and make sure

they comply with local labour regulations.

Employee screening will help companies ferret out security

risks both for incumbents and new applicants. They could include

comprehensive background and credit investigations, polygraph

and integrity tests to uncover information that could reflect

whether they are likely to steal sensitive corporate information.

Companies must also be more careful when conducting

competitive market research so they aren’t misinterpreted by

their rivals.

Giving gifts can lead to jail time

It doesn’t happen very often, but the latest cautionary tale to come out of Hong Kong’s venerable graft-buster reads like a gag in a Stephen Chow Sing-chi comedy. In March, the director of a local construction company, 37-year-old Chin Tat-yung, was jailed for two months for bribing police officers.

process to implement these contracts, his company required

certain approvals from the police.

Between January and September 2007, the police had given

more than 50 approvals for Chin’s company. So come the Mid-

Autumn Festival, Chin probably thought he had better solidify

his relationships with the police and thank his good friends for

the past nine months of approvals.

According to the press release issued by the Independent

Commission Against Corruption (ICAC), Chin was found guilty

of offering 15 boxes of moon cakes to police officers while having

dealings with them. That’s right – moon cakes. Not brown paper

bags stuffed with cash, but the boxes of high cholesterol, overly

sweet Chinese pastries that everyone buys for the Mid-Autumn

Festival. Chin’s company, Brilliant Ray, was a contractor

working on roadwork projects in Hong Kong. As part of the

T his case highlights this common practice in Asia of giving moon cakes and other customary items as gifts to business associates. While this case pushed it into a category which suggested that bribery had taken place, in everyday practice there is a fine line between common gift giving and commercial (or government) bribery.

It probably didn’t even cross his mind that giving moon

cakes might be inappropriate. After all, it was the Mid-Autumn

Festival when it is customary to give friends and business

associates moon cakes.

Also, 15 boxes of moon cakes, assuming they were the less

expensive variety, would have cost about HK$1,800 – the price

of a decent meal in a good restaurant. So, 11 days before the

festival, he called up his good friends at the police and asked

if he could visit the station. When he arrived, he gave a police

constable the 15 boxes and a customary greeting of “Happy Mid-

Autumn Festival” and thought nothing more of it.

Chin was then charged with one count of offering an

advantage to prescribed officers in contravention of the

Prevention of Bribery Ordinance, to which he pleaded guilty. In

sentencing, the magistrate said that just because Chin did not

realise the gifts would constitute a bribe was not an excuse that

would spare him from being locked up in jail.

This case is important in the anti-corruption and compliance

scene because it involves giving a gift of relatively inconsequential

value. Almost every company in Hong Kong sends moon cakes

to important clients, suppliers or other parties without giving as

much as a single thought as to how it could be interpreted. Its

significance is compounded because a jail sentence was given to

the accused person and no account was made for the fact that

he was ignorant that such activity might be interpreted as being

against the law. If you don’t want to spend time in a jail cell,

but still want to respect local customs of gift giving at culturally

significant times, here are some suggestions:

Customary events Giving clients or suppliers moon cakes is

a perfectly acceptable gift at Mid-Autumn Festival as they are

customary and generally inexpensive. However, some simple

rules should be considered in order to avoid any infringement of

local or international laws.

The lack of a quid pro quo In this case, although it was

Mid-Autumn Festival, the fact that the gift was given after the

receiving officers had granted a number of relevant approvals

did not help Chin’s defence. The lack of a quid pro quo, a Latin

term which means that an item or service has been traded in

return for something of value, is essential in being able to argue

that – by design – the gift was not a bribe of any kind.

Size of the gift Always make sure the size of the gift is

reasonable. Giving someone a box of four moon cakes is

generally alright because the custom in most offices is

to cut them into small pieces and share them around.

Caution should be exercised when a large number of moon cakes

are given to one person or entity.

Quality of the gift Always ensure that gifts are middle of the

range – nothing too lavish and certainly nothing high-end. The

quality of the gift should be commensurate with the recipient’s

position, stature and seniority.

This case highlights this common practice in Asia of giving

moon cakes and other customary items as gifts to business

associates. While this case pushed it into a category which

suggested that bribery had taken place, in everyday practice

there is a fine line between common gift giving and commercial

(or government) bribery. Whenever you or your organisation

considers sending a gift to business partners, keep in mind the

guidelines I have outlined above.

Another useful tip that I would like to mention is to examine

your company’s gift giving practices. It is a good idea to

implement procedures to ensure that if people in your company

send moon cakes or other types of gifts to people, they don’t

breach the anti-bribery laws, both in the country where the gift

is being given or where the business may be registered.

Foster a culture of compliance

Developing a culture of compliance is not easy. It is about understanding the behaviour that makes up a corporate culture and how to adjust to improve the culture.

Having a strong compliance culture often leads to a

reduction in the amount of internal controls required to ensure

performance because the employees and stakeholders simply

do the right thing. An organisation which has a defective

compliance culture will often require greater internal controls

to steer people in the direction of doing the right thing, and in

these cases employees often manage to subvert even the most

rigorous systems and processes.

One of the components of a company’s culture is how it

deals with ethical issues. This includes adherence to corporate

values, the existence and development of internal controls,

and the implementation of accountability. It forms something

that is generally recognised as a culture of compliance in an

organisation.

H aving a strong compliance culture often leads to a reduction in the amount of internal controls required to ensure performance because the employees and stakeholders simply do the right thing. An organisation which has a defective compliance culture will often require greater internal controls to steer people in the direction of doing the right thing, and in these cases employees often manage to subvert even the most rigorous systems and processes.

Making an assessment of whether the corporate culture is a

business advantage or whether it is an inhibitor of growth is very

difficult. This often involves some degree of soul searching and

a good hard look at the innate qualities of the chief executive.

Some of the questions that can be asked include:

Openness Is there an open board culture that promotes

active thinking, robust discussion, and, where appropriate, the

challenging of management reports?

Tone at the top Does the chief executive regularly challenge

the management team to act in accordance with a positive

compliance culture, is that challenge communicated throughout

the company regularly and is it enforced?

Tone at the middle Does the message from the chief executive

and the senior ranks take effect in middle management? Does

middle management follow these directions? If not, is it because

the message is not getting through, or did it get distorted in the

transmission process?

Lack of conflict Do all employees and management regularly

disclose conflicts of interest? Do they ensure that they always act

in the best interests of the organisation as a whole, even if this

means that they suffer personally as a result?

Understanding Has the company articulated the attributes of

the culture it is striving to achieve, and has it sought to identify

the gaps between that and what exists?

Vision Does the organisation have a long-term vision of

sustainability of the company and its key stakeholders? Or is the

organisation only focused on short-term goals of the market or

its chief executive?

Walk the talk What percentage of staff believes that

managers do what they say? Can employees point to an example

in the past 12 months where a senior executive has taken a

position consistent with the organisation’s ethical compliance

standards, one which they took to considerable disadvantage to

themselves? Can they point to an occasion where the company

made a decision to walk away from a deal if there was a high risk

of illegal behaviour, corruption or fraud?

Honesty Do the managers and leaders of the organisation

preach different and inconsistent messages to different

departments? Do they have one message for legal, compliance

and the board, which promotes ethical and compliant conduct,

and another for sales, which promotes getting the business at

any cost?

Failures Are employees at all levels treated the same for their

successes and failures?

Documentation Do the organisation’s codes and the words

and actions of senior management align with that of the culture?

Feedback Does the organisation seek continual feedback

from its employees and stakeholders and act on that feedback?

What percentage of staff at all levels believe they can raise issues

without fear of retribution? Has the organisation implemented

a confidential hotline to help with communication of issues,

complaints and allegations? Is it effective?

Governance must be wide-ranging

The phrase “corporate governance” can mean different things to different people. Some use it to describe the very broad set of skills, standards and regulations needed to run a successful company and meet all external reporting requirements. Basically, this is in line with the Australasian Compliance Institute’s definition of governance as the system by which organisations are directed and controlled. That involves the allocation of rights and responsibilities across all constituencies, including the board, management, staff, shareholders and other stakeholders.

themselves against a standard that is effectively unrelated to

internationally accepted best practice and does not represent the

ideals that a board of directors should pursue. The result is that

office holders can misdirect their efforts and, in certain cases,

even misunderstand what they are charged with overseeing.

Others, though, take corporate governance as referring more

to the set of internal rules and self-imposed policies used simply

to run departments, set budgets and achieve performance

targets.

Sadly, across Middle East, too many companies seem to have

adopted the latter definition. That means they are matching

W hen organisations take this narrow view of corporate governance, it can lead to a blurring of lines between directors and senior management. Each group becomes unclear of its role, they start to cover the same territory, and vital areas are overlooked. The almost inevitable outcome, if the organisation hits financial difficulties or commits a breach of compliance, is a round of finger pointing and laboured attempts to cover up the cracks.

When organisations take this narrow view of corporate

governance, it can lead to a blurring of lines between directors

and senior management. Each group becomes unclear of its

role, they start to cover the same territory, and vital areas are

overlooked. The almost inevitable outcome, if the organisation

hits financial difficulties or commits a breach of compliance, is a

round of finger pointing and laboured attempts to cover up the

cracks.

The global financial crisis has thrown up plenty of instances

of companies failing to apply the highest standards of corporate

governance. Even so, when the errors of their ways have become

apparent, the answer for most boards has been to put the blame

on risk management. It remains to be seen whether reforms

there are all that is needed.

However, what shareholders should be asking – bearing

in mind that they have the ability to vote on the composition

of the board – is whether directors have fulfilled their broader

oversight duties and run the company according to the highest

independent measures.

To determine this, it is worth considering the following

questions:

Competence – Is there a process for ensuring board

competence and independence and how often is this reviewed?

Are directors coached, developed, continually assessed and kept

closely in touch with the company’s day-to-day operations and

challenges? Focus – Are there board committees to oversee

compliance, ethics and risk, and acknowledged experts in

strategy, finance and operations?

Process – Does the board have clearly defined and

documented processes to guide its operation? Do these

cover issues such as remuneration, attendance, individual

performance, public relations, conditions for re-election or

termination, disclosure of possible conflicts of interest and the

management of dissenting views?

Delegations – Are there clear instructions to management

grades defining their authority, responsibility, accountability

and reporting obligations? Has the board implemented signature

policies and signing off requirements that allow them to delegate

certain activities while maintaining control and accountability?

Performance of executives – Does the company

have a clear system to measure performance against realistic

expectations and goals? Is there a transparent method to send

directions from the board to senior management? Are there

effective, integrated systems to manage and report compliance,

ethics, governance and risk issues?

Escalations – Is there a reliable mechanism to make the

board aware of all matters that may fall outside the scope of

authority delegated to management?

Communications and training – Are the roles of

board directors and other executives clearly articulated? Does

every member of staff understand where and how corporate

governance issues affect their role?

Training ensures customer satisfaction

Customer focused

Staff training programme is designed according to that of the

Commonwealth Bank

Employees are required to attend the two-week training

programme that focuses on introducing the company’s

culture and regulations

The aim is to provide a work-life balance for all employees

by arranging work-related training and lifestyle workshops

Financial planners are required to work according to a stringent

set of rules and regulations to ensure that their customers’

investments are safe and the services provided are professional.

To guarantee that employees provide certified and standardised

services to clients, AMTD Financial Planning, an affiliate of Hong

Kong’s Cheung Kong Group and Australia’s Commonwealth Bank,

has set up a comprehensive internal staff training programme

since its establishment in 2003.

“Financial planning is no longer a personal thing,” said

Alan Tsang Hing-lun, the group’s director and chief executive.

“People need professional help and that’s what we provide to our

customers.”

I t goes on to introduce compliance requirements including collection of personal

data and provision of risk assessments to customers. Employees are then required to study and familiarise themselves with the company’s distinctive computer system.

The company aims at formulating the most suitable financial

plans for its customers with free, professional and objective financial

planning and product advice. To do this, employees at AMTD need

to be well-trained and understand every area of the business.

To ensure that all employees are equipped with different skills

to provide the best services to customers, and maintain the group’s

reputation as one of the leading financial planning companies in

Hong Kong, employees, who are usually qualified professionals,

have to attend a mandatory two-week training programme when

they join the company.

The comprehensive programme includes training on financial

planning, the operations of the company, how to manage a financial

plan and compliance training.

“The programme structure is based on that from the

Commonwealth Bank,” Tsang said. “We put a lot of focus on

upholding the training quality and the services provided by our

trained employees.”

The programme starts with basic information on the operations

of the company, different laws and regulations that employees

have to meet at work, licence requirements and the steps required

to compose a written financial plan, which is provided to all

customers of the company.

It goes on to introduce compliance requirements including

collection of personal data and provision of risk assessments to

customers. Employees are then required to study and familiarise

themselves with the company’s distinctive computer system.

“Our computer system is different since appointments with

customers are allocated by the system to each employee, and all

meetings and process of portfolio construction are recorded in the

system to protect our customers’ interests and keep employees

from cutting corners,” Tsang said.

New employees have to go through sessions that introduce the

various products of the company under the four main financial

planning services the company provides: investment management

planning, mortgage management, protection management and

cash management planning.

Other than completing the initial internal training programme,

employees are required to attend continuing training workshops

that mainly cover updates on the products, compliance and laws.

“Almost all our employees are investment advisers qualified

by the Securities and Futures Commission and qualified insurance

agents, and some of them are certified financial planners,” Tsang

said.

“But we still provide intensive training to them because we

believe training can help them understand our operations and

mission, and provide the finest services and advice to our customers

while upholding our reputation,” he said.

Employees, from associate financial planners to directors

who oversee multiple teams and help in setting policies for the

company, are required to attend different on-the-job training

sessions catering for their needs.

The internal staff training programme and on-the-job training

have been popular among employees.

“They learn what is the best financial planning and we hope

that they contribute to the company by enhancing the quality of

their work after these courses,” Tsang said.

While working to uphold the company’s brand name in the

industry, AMTD trains its employees to be cautious in their daily

work as it involves the savings of its customers who are building up

their retirement plans.

Be wary when using agents abroad

Firms expanding into a new market often employ local agents or consultants to help them navigate through unfamiliar terrain. These appointees are expected to offer advice and insight into how things are done locally, provide access to key decision makers and help to secure initial deals.

with the understanding these favours will be reciprocated,

however regulators and international auditors may not take the

same view. Therefore, it is important for companies operating

through agents or consultants to conduct thorough due diligence

procedures to find out exactly whom they are employing.

However, the practices commonly used by such agents may

not meet international standards of business ethics. What passes

for “normal” in countries such as the UAE, Saudi and Oman

may seem little short of bribery to a potential overseas investor

or partner. Local agents may see nothing wrong in lavishing

meals on government officials and offering gifts to individuals,

A ny application form should ask for information about the management and the beneficial owners of the applicant’s company. It should require bank and credit references and comments from former or existing clients. It should give details of any previous relationships with the hiring company or its main competitors. And any significant relationships with serving or former public officials should be mentioned.

This can begin by asking possible appointees to fill in a well-

designed application form and making sure to interview them

in person. Specifically, any application form should ask for

information about the management and the beneficial owners

of the applicant’s company. It should require bank and credit

references and comments from former or existing clients.

It should give details of any previous relationships with the

hiring company or its main competitors. And any significant

relationships with serving or former public officials should be

mentioned. This information should then be carefully double-

checked, with nothing taken for granted or automatically

accepted at face value.

During the due diligence process, it pays to look for telltale

signs that may put the company at risk if something is not nipped

in the bud. For instance, you should not employ someone who

has close family ties with government officials responsible for a

project your company is pursuing.

Other warning signs include:

Payments in cash, via a third party, or to a numbered

bank account

Cash payments often suggest that the agent is trying to

prevent others from establishing a clear audit trail. Requests

to be paid via a foreign bank account also raise concerns about

transparency and may contravene foreign exchange regulations.

Intermediaries who volunteer their services at an

opportune time

If negotiations run into trouble, it sometimes happens

that a new agent appears on the scene with ways tobreak the

deadlock. The timing should arouse suspicion since the person

in question may have got a tip-off from another party to the

negotiation, who is hoping to engineer a bribe. Also, beware of

recommendationsfrom an official who is party to the negotiations

about any particular agent. The suggested intermediary may be

intended to act as a conduit for bribes to change hands.

Anonymous agents

Requests for anonymity suggest there is something the agent

has to hide or the possibility that he is acting for more than one

party. For example, an agent could be hoping to advise more than

one company putting in bids for the same government project.

Regardless of which client won, the “independent adviser”

would stand to benefit, provided no one revealed identities and

exposed what he was up People asking to be paid up front.

An agent who knows what he is about to do is illegal or skirts

the edge of the law knows reputable companies may renege on

an agreement once they discover irregularities. Asking for large

amounts of money in advance may reduce this risk for the agent,

and for any other beneficiary of dubious practice. However, it

should raise a clear warning for any company asked to pay “up

front”.

Agents and consultants

A common practice for companies which are expanding into an unfamiliar market, e.g. Middle East, but one which holds the promise of growth, is to employ local partners. They are typically employed to offer their insight into how things are done, and for their access to key decision makers. Such agents, properly employed, can be a rich resource, and can help a company win important new business.

based corporations. They operate under the watchful eye of

the country’s Department of Justice, and the Securities and

Exchange Commission – both of which hold US companies

responsible for the actions of their foreign business partners.

However, problems arise when the ethical or business

practices of these representatives fall short of international

standards. This is a problem for many expanding global

business everywhere, but particularly worrisome for US-

So far, I discussed what are some of the red flags to look out

for when a company chooses a local agent or consultant who

could help smooth entry into a foreign market. I would like to

conclude that discussion by highlighting a few more issues that

firms could understand.

Agreement A key statement that should feature

prominently in the agreement signed is that the appointed agent

or consultant understands and agrees to abide by the appointing

firm’s anti-corruption rules and regulations. On annual basis,

require them to sign statements that updates them on new

rules and regulations that have been implemented in response

to the changing regulatory landscape. Where applicable, the

agent should also agree not to only to abide by the rules of the

jurisdiction in which it is operating, but also that of the employing

firm’s home country. Finally, the agreement should also give

the right for the company appointing the agent to inspect the

its financial records relating to the contract. Agents which have

been found to have infringed the terms of the agreement should

be terminated promptly.

Remuneration Payments made to agents or consultants

should represent no more than the appropriate amount they

should reasonably receive for the services rendered. The

reasoning behind this is to avoid surplus funds being passed

on as bribes. One way to do this is to define the commission

paid not as a percentage of the total value of the contract, as

is the usual practice, but as an absolute sum. This should be

A standard application form for agents and consultants should ask for information on the management and beneficial owners of the applicant’s company. It should request bank and credit references, references from other clients, details of any previous relationship with the company or its competitors, and relationships with serving or former public officials.

It is therefore of paramount importance that companies

operating through either agents or consultants understand

who they are employing. One of the most powerful ways to

addresses this is to conduct due diligence enquiries through

a well-designed application form for agents and consultants.

A standard application form for agents and consultants

should ask for information on the management and beneficial

owners of the applicant’s company. It should request bank and

credit references, references from other clients, details of any

previous relationship with the company or its competitors, and

relationships with serving or former public officials. This should

be double-checked thoroughly, with nothing taken for granted.

The warning signs to look out for include:

Agents with close family relationships to key officials.

For obvious reasons, if the official in question is

responsible for a project under review that the company

wants to win, then the agent should not be hired.

Payments in cash, via a third party, or to a numbered bank

account, since cash payments signal that the agent does not

want other to establish an audit trail. In many cases which have

appeared in courts, agents ask to be paid via a Swiss or other

foreign bank account. Not only does this raise concerns about

transparency, but it may also contravene foreign exchange

regulation in country where the contracting company is based.

Intermediaries which volunteer their services at an opportune

time, just when a company runs into trouble in negotiations.

This raises suspicious that the intermediary in question was

tipped off from an official hoping for a bribe. A similar warning

sign is an agent recommended by officials with whom the

company is negotiating with, since there is a possibility that

what the official is in fact trying to do is to nominate someone

who they can trust to act as a conduit for bribes to change hands.

Anonymous agents, since a request for anonymity raises the

suspicion that the agent is seeking to hide something. It may

also be possible that they are acting for more than one party.

For example, an agent may wish to remain anonymous because

they are also working for the company’s competitors who are

bidding on the same government project. The agent then stood

to gain regardless of which of its clients won the contract, but

would be fired by both companies if its identity was revealed.

Agents who ask to be paid up front. If an agent knows that what

they are about to do is illegal, they understand that there is a

chance that the employer will renege on the agreement even after

it is signed. Asking for large amounts of money in advance reduces

the risk to the agent, and to the final beneficiary of the bribe. It

also raises both the financial and legal risks for the employer.

commensurate with the qualifications of the agent, and hours

spent on the project.

Political Influence In many cases, companies employ

agents (or form a joint venture with a more committed partner)

in order to access their political connections. This can be a two-

edge sword. For example, if a dispute arises between the foreign

firm and the local agent or partner, the latter could use their

influence to strengthen their position or even force some kind

of expropriation. A regime change, whether it be at a regional or

a local level, could also turn an agent into a liability overnight.

Finally, there is the possibility that, among those important

political connections, lie people with criminal interests. The

important thing to remember when appointing third party

agents for their contacts is to ensure that they use their influence

transparently and honestly.

Finally, one similar case involving the United Nations Oil for

Food Programme (“the Programme”) which served to illustrate

the dangers of appointing agents and/or consultants happened

in 2007 when the U.S. Securities and Exchange Commission

(“SEC”) sued a U.S. listed company and its certain subsidiaries

for bribery of government officials in Middle East.

According to the complaint, the U.S. company authorized its

Dubai subsidiary to be the contracting party for the transactions

of the Programme. And the Dubai subsidiary retained a

consulting firm, which was headed by a well-connected Iraqi

citizen, to act as its agent. It is not mentioned why the acquirers

decided to do this, but one can reasonably assume it was on the

grounds that they thought that the consulting firm understood

the Iran market well, and therefore were fit to act as their agent.

One of the duties of the agent was to help the Dubai

subsidiary to secure contracts with Iran. In light of the agent’s

advice, the Dubai subsidiary agreed the agent to pay kickback on

the Dubai subsidiary’s behalf to Iraqi officials and increase the

agent’s commissions accordingly. When the Dubai subsidiary

submitted its contract to the U.N., it inflated its contract price

to cover the extra kickback payment. In total, the agent paid

approximately $647,110 improper payments on behalf of the

Dubai subsidiary. It was noted that the kickbacks were managed

to be bypassed the U.N. escrow account and were instead paid

by a third party to Iraqi-controlled accounts in countries such

as Jordan.

Additionally, the SEC also alleged that the Dubai and Abu

Dhabi subsidiaries of the U.S. company made numerous illicit

payments characterized as “consulting fees” where no bona fide

consultancy services were actually performed to secure orders

on certain projects in the Middle East. Basically, the “consulting

fees” were made to a variety of recipients who could influence

their customers to choose the U.S. company’s products to

their particular projects. The improper consultancy payments

totalled approximately $977,000. The total amount of sales

revenue associated with these payments was approximately

$12.2 million.

While I am not privy to the specific details of the case, it

was said that the U.S. company finally paid $22 million to settle

charges by SEC. Certainly a better appreciation of the dangers

of appointing agents and consultants, such as by doing the

proper due-diligence checks, could have revealed character red

flags. This might have been all that was needed to prevent the

embarrassment and damage to reputation as well as financial

loss that are associated with having bribery taking place in an

organisation.

The important thing to

remember when appointing third

party agents for their contacts is to

ensure that they use their influence

transparently and honestly.

Scott, CEO of The Red Flag Group, has over 15 years experience in Legal, Compliance, Internal Audit, Export Control, Ethics and

Corporate Governance, providing counseling and advice to senior management throughout the world in the development of legal

and compliance practices. Scott worked as a Senior Director and General Counsel in various MNCs in Australia, the UK and Hong

Kong and has significant experience in complex compliance issues.

Scott has worked in several industries ranging from Insurance to High Technology. He has led Corruption Investigations in over 20

countries. He has spoken at conferences on compliance in the US, the UK, Australia, Hong Kong, Singapore, China, India, United

Arab Emirates, and is an avid writer having written over 50 articles published in leading newspapers and journals.

The Red Flag Group is a leading independent corporate governance and compliance firm providing thought leadership at all levels to

global enterprises. We have eight offices and offer our integrated services across the globe. We assist companies in developing and

maintaining efficient and effective corporate governance and compliance programmes and have a proven track record in providing

integrity due diligence investigations in over 150 countries. We also enable corporates to manage compliance risks globally through

our bespoke web-based technology solutions, known as the ComplianceDesktop® Technology Platform.

About The Author

Corporate Integrity

Business

Transcript of Corporate Integrity