A company's ability to nip a potential anti-corruption violation in the bud is only as good as its ability to detect it. Although many organizations are now well-versed in the necessary components of an anti-corruption compliance program—e.g., sufficient resources, strong tone from the top, training in local languages, and risk-based third party due diligence—simply ticking off those boxes does not translate into an effective early warning system. Organizations can improve their chances of spotting corruption issues early, and lessen the pain of costly investigations, if they keep in mind the following guidance and incorporate it into their compliance programs.

“Shadow” Reporting Lines Can Mask Corruption Risk Many companies offer their employees both formal and informal mechanisms to report anti-corruption concerns on the premise that the more ways employees can raise those concerns, the more likely they will.

Formal mechanisms, like integrity hotlines, are usually accompanied by controls: incoming complaints are documented, assigned to appropriate people to investigate, and assessed by appropriate people using appropriate standards. More informal mechanisms, such as personnel reporting concerns directly to their managers, may not have these controls. Managers may not be required to document corruption issues reported to them and may not be trained on how to respond to or escalate them. Worse, managers may have financial incentives to hide corruption problems brought to them. This dynamic can create a “shadow” reporting network that ultimately obscures potential corruption risks from those best positioned to address them appropriately. By contrast, a more effective program would ensure that managers are properly trained and incentivized to escalate the concerns reported to them.

In-Person Training Creates A Two-Way Street As more companies move toward web-based anti-corruption training tools, they should keep in mind a critical benefit of in-person training: it is an opportunity for two-way sharing of information. The trainer, often an in-house attorney or compliance officer, educates employees on corruption laws, company policies and how to spot corruption risks. The employees, in turn, ask questions and share anecdotes that inform the trainer about the kinds of corruption risks employees face in their day-to-day activities, and may reveal that employees have not handled those risks appropriately or do not understand the content of the training. Over-reliance on web-based training can deprive an organization of this critical opportunity to learn about the real-life scenarios that employees—particularly in high risk business units—are confronting on the ground.

Has Compliance Kept Pace with Business Growth? When companies experience explosive growth, compliance resources sometimes can lag behind. That problem can be particularly acute for companies that rapidly expand into emerging markets or place greater reliance on third parties to pursue business leads in corruption-prone locations. A compliance function cannot effectively spot corruption problems if it does not have visibility into high-risk business practices or lacks the requisite number of skilled compliance personnel to respond to issues when they arise. Resourcing compliance ultimately requires a commitment from senior leadership to spend the money necessary to build up an anti-corruption compliance program that matches the corruption risks attendant to business growth.

There Is No Shortcut For Risk-Based Monitoring There is no substitute for monitoring to probe whether employees actually follow anti-corruption policies and procedures. Monitoring does not mean that a company must turn over every stone. Instead, it requires an understanding of where corruption risks are greatest, and then thoughtful planning to test those risk areas. Effective monitoring can include a targeted review of employee expense reports, sampling of contracts and invoices from high-risk third parties, and periodic checks of vendor lists to look for one-time vendors. These routine checks become part of the “muscle memory” of the organization and help detect corruption risks before they balloon into more substantial problems.

More Eyes and Ears Make For A Better Early Detection System Anti-corruption compliance programs work best when every employee is a stakeholder, even in functions not traditionally seen as playing a compliance role. That means business personnel— who often create corruption risk—understand the risks they confront and buy in to the fact that compliant business is better long term. Finance and accounting personnel do their part to spot corruption red flags in expense reimbursements and third party invoices. Procurement provides assistance detecting corruption risk in the vendor selection process. Internal auditors include potential corruption risk areas in their audit plans. Senior management and Board members exercise their oversight roles and hold people accountable when corruption occurs. Each of these stakeholders function as the eyes and ears of the organization to detect and address potential corruption risk early. If they are well-trained and understand the role they play, they can dramatically improve an organization's early detection system.

As with all things worthwhile, an anti-corruption compliance program capable of detecting problems early requires hard work. It also requires the participation of every employee across an entire organization in identifying risks and raising concerns when they arise. But the investment of time and resources will pay off—saving costly investigations and reputational injury—if an organization can spot corruption problems itself rather than learning about them through a whistleblower or government subpoena.

Erin R. Schrantz and Matthew D. Cipolla are partners in Jenner & Block's Investigations, Compliance and Defense Practice and the firm's Monitorship Practice. Reena Sikdar is an associate in the firm's Litigation Department.