Effective Risk Assessment: Transparency International UK Publishes Guidelines | Practical Law

Effective Risk Assessment: Transparency International UK Publishes Guidelines | Practical Law

Transparency International UK (TI-UK) recently published a white paper (with the support of Pricewaterhouse Coopers (PwC)) to help companies identify and evaluate bribery and corruption risks and develop bribery risk assesment processes and guidelines. This resource highlights TI-UK's guidance and further explains the importance of developing effective bribery risk assesment processes and guidelines.

Effective Risk Assessment: Transparency International UK Publishes Guidelines

Practical Law Legal Update 4-537-0225 (Approx. 6 pages)

Effective Risk Assessment: Transparency International UK Publishes Guidelines

by Practical Law Commercial
Published on 13 Aug 2013USA (National/Federal)
Transparency International UK (TI-UK) recently published a white paper (with the support of Pricewaterhouse Coopers (PwC)) to help companies identify and evaluate bribery and corruption risks and develop bribery risk assesment processes and guidelines. This resource highlights TI-UK's guidance and further explains the importance of developing effective bribery risk assesment processes and guidelines.
The UK branch of Transparency International (TI-UK), an international organization which combats corruption and promotes transparency in government, business and development assistance, with support from Pricewaterhouse Coopers, published on July 11, 2013, "Diagnosing Bribery Risk," a paper on conducting effective bribery and corruption risk assessment.
While there can be no one-size-fits-all solution to bribery risk assessment, TI-UK stresses ten principles of an effective risk assessment program (see Ten General Principles of Effective Risk Assessment). The principles can be used as a guideline to create an effective risk assessment program. However, companies must conduct their own evaluation considering their particular business and industry to develop their own risk assessment.
Anti-corruption compliance has become an increasingly important area of risk management for companies transacting business internationally. The recent degree of enforcement under the Foreign Corrupt Practices Act (FCPA) is well documented (see Legal Update, FCPA Enforcement: What You Need to Know). Therefore an effective anti-bribery and corruption compliance program should be a high priority for all companies. To formulate an effective compliance program, companies should:
  • Adopt a policy or code of business ethics detailing procedures, standards and guidance for transacting business in foreign countries.
  • Educate employees regarding FCPA compliance.
  • Maintain proper internal accounting controls by keeping accurate and complete records of all payments and expenses.
  • Undertake appropriate due diligence and setting up systems to detect and investigate potential FCPA violations.
  • Develop anonymous whistleblowing mechanisms to encourage the internal reporting of violations.
For a compilation of anti-corruption and bribery resources and form documents, see Practical Law Commercial's Bribery and Corruption Toolkit.

Bribery and Corruption Risk Assessment: One Size Does Not Fit All

According to TI-UK, the importance of having an effective bribery risk assessment program is both:
  • Practical. When assessing penalties for violations, enforcement agencies take into account the degree to which an organization has a meaningful and robust bribery risk assessment program.
  • Moral. Companies should have an effective risk assessment program not only because it is legally required, but also because it is the right thing to do. Instilling a company value that bribery and corruption are inherently wrong and bad for business is a better and more effective approach than developing policies based around avoiding penalties.
While the guidance provided by TI-UK is general in nature, it can be followed by all companies (see Ten General Principles of Effective Risk Assessment). However, companies should adapt these general principles and make their own determination on how relevant a particular risk element is to their company and industry.

Complying With the Laws of Various Jurisdictions

US companies transacting business internationally must comply not only with the FCPA, but also with the laws of the country where they are conducting (or considering conducting) business. Anti-bribery and corruption policies will ideally be broad enough to comply with the laws of all applicable jurisdictions.
For example, one of the most prominent anti-corruption statutes is the UK Bribery Act of 2010 (Bribery Act) (for more information on the Bribery Act, see Practice Note, Bribery Act 2010). While both the FCPA and the Bribery Act define and regulate conduct considered to be bribery, the specific definitions, exceptions and potential penalties are different under each law. For a comparison of the FCPA and the Bribery Act, see Practice Note, Anti-corruption regimes in the UK and US: a comparison of the UK Bribery Act of 2010 and the US Foreign Corrupt Practices Act of 1977. To avoid confusion and increase efficiency, companies should develop bribery risk assessment processes and guidelines that comply with the laws of all applicable jurisdictions.

Ten General Principles of Effective Risk Assessment

TI-UK'S paper provides ten principles for an effective bribery risk assessment program:
  • Full support and commitment from the board of directors and senior management.
  • Involvement of the right people, so that a sufficiently informed and complete overview of the business operations is considered when risk is assessed.
  • Comprehensive accounting of all activities that may create a significant risk for bribery and corruption.
  • Avoiding preconceptions about the effectiveness of controls and the integrity of employees, focusing instead on the risk inherent in each situation.
  • Identification and description of risks with appropriate detail.
  • Evaluation of bribery risks by reference to a realistic assessment of likelihood and impact.
  • Prioritization of risks.
  • Sufficient recordkeeping to demonstrate an appropriate level of risk assessment to law enforcement or other similar bodies.
  • Performing a risk assessment function with regularity.
  • Communication of the processes and guidelines throughout the organization and relevant third-parties.
These ten principles can be used by organizations as guidance when developing their risk assessment mechanisms but are not sufficient to stand alone as a working policy. The paper points out that organizations should create categories of bribery and corruption risk when developing their compliance policies, such as risks posed by different:
  • Countries in which they operate.
  • Industries in which they operate.
  • Transactions they contemplate.
  • Business opportunities they consider.
  • Business partnerships they consider.
While each of these categories may be important, companies should guard against wasting effort by merely categorizing risk and focus instead on developing a risk assessment process that can be implemented across all operations.
For a sample FCPA compliance policy, see Standard Document, Foreign Corrupt Practices Act Anti-Corruption Policy.
For more information on the FCPA, see Practice Note: Foreign Corrupt Practices Act: Overview.
For information on recent FCPA enforcement, see Legal Update, FCPA Enforcement: What You Need to Know.