The ABC's of Using Compliance Technology to Fight Bribery and Corruption

Regulators and organizations around the world are investing substantial resources to combat anti-bribery and corruption (ABC) law violations, one of the most common forms of business misconduct.

And with good reason. When individuals cross the line from above-board business conduct to back-channel dealings such as cross-border bribery or kick-back schemes, companies and individuals face significant financial penalties, reputational harm, regulatory sanctions and criminal charges.

Regulators are stepping up their ABC enforcement efforts and have published guidance to help firms address questionable behavior before it becomes more problematic. For instance, they note: “The larger or more extravagant the gift, the more likely it was given with an improper purpose.”

Naturally, corporate officers and executives are held liable if there is evidence of willful intent or gross negligence. But they are also being found at fault for failing to prevent and report corruption.

As part of their settlement orders, regulators typically require defendants to ensure that tighter compliance controls are put in place to prevent a recurrence of the misconduct. As well, under a new Department of Justice program, companies are being credited for timely ABC red flag self-reporting and implementation of stronger compliance controls, reducing fines by 50 percent.

The absence of precisely defined business courtesy and hospitality guidelines leaves room for interpretation, especially when dealing with high-risk countries that have their own rules and regulations. Many violations are simply a consequence of employees being unaware of policies that apply to persons with whom they are interacting, including counterparts across borders.

In 2016, the International Organization for Standardization (ISO) introduced its Anti-bribery Management System (ABMS), ISO 37001. The new standard was developed in partnership by dozens of global entities to help prevent, detect and address bribery. A move is afoot to mandate the standard, in which case companies will need far more rigorous ABC policies, procedures and controls.

ABC violations typically entail collusion among perpetrators across enterprise bounds, such as an employee working with a third-party attempting to induce a transaction. For instance, regulators recently ordered a hedge fund in a multi-million-dollar bribery scheme to implement new deterrents, and to retain an independent auditor to oversee the changes to its compliance program.

The company implemented new software that features user-definable processing rules that enable compliance officers and supervisors to configure variables such as gifting thresholds, the roles of individuals, the explanation and size of the gift. Preapproval requests are now instantly routed to a predefined list of approvers, with alerts before requests exceed allowable limits.

A growing number of companies are implementing conduct risk management software to prevent ABC violations while demonstrating to regulators that a company is serious about monitoring its supervised persons. Software makes it easier for staff and supervisors to align business courtesies with a company's written policies and procedures. Supervisors can not only set limits, but track activities over time to prevent improprieties based upon patterns and trends. This obviates one of the most important areas of oversight: aggregate expenses spent on a single company or individual over time.

As well, staff can see how much headroom they have when mobile devices are enabled. In lieu of more time-consuming phone or verbal preapproval requests, automated solutions can be configured to the organization to surveil data and activities centrally and consistently. Software can help firms operationalize ABC best practices while flagging potentially problematic behaviors.

Benefits of ABC Conduct Risk Management Automation

• ABC monitoring can be done consistently and cost-efficiently;
• Business processing logic can be tailored to each client environment;
• Approvals can be easily obtained, documented and archived;
• Low value gift processing can be automated to free up resources; and
• Reporting and compliance management are streamlined and simplified.

Software enables users to auto-approve, escalate or deny requests with multiple approval paths based on parameters defined by the organization, such as gift type, giver, recipient and monetary value. Approvals can be simplified with consistent mutual limits for giving and receiving, and more discretion for low-value business gifts to help companies cost-effectively triage their compliance resources.

Moreover, by implementing conduct risk technology, managers can impose a “compliance by committee” standard: No deals are made without the knowledge of multiple responsible parties. This eliminates shadowy back-of-the napkin transactions because information is efficiently and easily shared.

Previously, manual-intensive processes not only siphoned resources from the organization but obviated the ability to identify red flags and trends, especially across the firewall. A firm could have an ABC or outside business activity (OBA) policy in place, but without an automated solution to support it, fail to make important associations in relationships and activities over time.

With today's technology, employees can log in to a secure portal, choose the type of action that needs pre-approval, and submit requests in multiple currencies. The system maintains a database of all individuals and action, maintaining a set of compliance program rules to monitor lifetime thresholds.

By virtue of open application programming interfaces (APIs), some systems integrate with other enterprise risk management (ERM) systems, as well as expense management and credit card data feeds. The ability to receive and compare estimated to actual data closes a common loophole when planned activities, such as guests at an event, changes unexpectedly, materially impacting threshold limits.

Mobile access also plays a role in this regard, enabling employees to take photos of receipts on-the-go, and submit them with the push of a button. Intuitive solutions encourage staff to report more frequently and accurately—a benefit for both the compliance and finance departments.

Regulators don't expect companies to “boil the ocean” when fighting malfeasance: it is virtually impossible to eradicate the risk of human misbehavior in even the most well-run organizations.

But while regulators don't expect perfection, they do expect preparation. Companies should ensure they have written ABC policies and procedures in place; technology to facilitate compliance; and ongoing staff certifications and training. Should the new ISO 37001 ABC standard become mandated, organizations will turn to technology to an even greater degree to help ensure compliance.

Organizations must have controls in place to prevent corruption, and must never ignore red flags that illicit activities may have taken place. Innovative software solutions empower companies to proactively combat ABC law violations, to reduce the financial impact in case they are cited for a breach, and to demonstrate that they are aware that these forms of conduct risk are real and growing.

As chief executive officer of MyComplianceOffice (www.mycomplianceoffice.com), Brian Fahey has been delivering complex technology solutions to meet critical business objectives within the investment management industry for nearly 25 years. His focus over the last decade has been building cost-effective Risk and Compliance IT solutions for the investment industry that can adapt to rapidly changing business and regulatory environments.