The Guidance is primarily targeted at the financial institutions (FIs) that are often considered as enablers of offences, including corruption.
It is recommended that the development of compliance programmes of FIs is guided by a risk-based approach with programmes having the following elements:
1. Anti-bribery and anti-corruption firm-wide policy.
This policy should:
- cover all employees, managers and shareholders of the FI, members of its administrative, governing, supervisory and control bodies, including the non-executives;
- cover all areas of activity of the FI;
- be driven by the “tone from the top”, i.e. from the senior management;
- be made available and brought to the attention of all employees and, if necessary, of third parties;
- constitute the basis for the development and implementation of anti-corruption standards and procedures;
- provide for liability measures for the failure to comply with the established standards and procedures;
- provide for the liability for improper maintenance of books and records, including the recording of all cases of offer and provision of any benefits to public officials, clients, potential clients, and other third parties, payment of services of third parties, as well as offer and provision of any benefits to FI employees by the aforementioned persons;
- include the provisions on interactions with the public sector: in this context it is recommended using the definition of a public official that would cover as wide a range of persons as possible, including civil servants, local government servants, employees of State-owned and State-controlled enterprises, employees of central banks, public foundations, international organisations, representatives of royal families, members of political parties etc.;
- be constantly updated to take into account the changes in the structure or activities of the FI, detected violations and the like.
2. Roles and responsibilities.
In order to efficiently combat corruption, the paper suggests the following approach to the distribution of responsibilities in the respective area:
- employees and managers should comply with the firm-wide policy and ensure that its requirements are met in all areas of activity of the FI;
- the officer (division) responsible for ensuring compliance with the firm-wide policy should exercise the relevant control and monitoring;
- top management should oversee compliance with the firm-wide policy and ensure that sufficient resources are allocated to it, and receive and analyse the reports on the implementation of the policy and its update;
- employees of the division independent from the officer (division) responsible for ensuring compliance with the firm-wide policy should exercise internal control and audit.
3. Corruption risk assessment.
FIs should regularly conduct assessment of existing and potential corruption risks and define mitigation measures. In conducting risk assessment, it is necessary to take into account such aspects as:
- interaction with third parties;
- specificities of legal regulation in the countries and sectors where the FI operates;
- transactions also with the participation of State-owned and State-controlled enterprises or public officials;
- activities of branches and subsidiaries, including their interactions with third parties;
- acceptance/offering of gifts, hospitality expenses, donations and political donations, employment and internship and corporate sponsorships;
- changes in the activities of the FI that can considerably increase corruption risks;
- implementation of functions by employees associated with high corruption risks;
- potential use of the IF for money laundering.
Based on the outcome of the assessment, it is recommended that FIs review their policies to ensure that it contains the measures to mitigate the residual corruption risks.
The report on risk assessment should be submitted to the attention of the top management of the FI and contain the following information:
- status of implementation of the firm-wide policy, including key indicators of its effectiveness;
- cases of significant violation of standards and procedures by the employees of the FI and/or by the persons associated with them;
- interaction with third parties and clients implying high corruption risks;
- changes in the relevant laws, reports containing information on compliance of the FI’s policies with the current legislation, reports on the outcome of control and supervision measures such as audits etc.
4. Internal reporting channels.
The FIs should also have internal reporting channels for disclosing violations and appoint the persons responsible for receiving and processing this information.
In particular, it is recommended that FIs establish a hotline accessible both for all employees and third parties. The hotline should incorporate different reporting channels, including telephone, email, social networks etc. and provide for the possibility to report anonymously. The FIs should also develop and implement measures for protecting whistleblowers from retaliation.
5. Control of benefits and advantages.
It is recommended that FIs define the procedure for interacting with public officials, intermediaries, suppliers and other third parties in such areas as:
- offering/acceptance of gifts, including monetary rewards, royalties for performances, expenditures on hospitality, including food, entertainment, transfer, accommodation, studies, participation in events and conferences etc. The Guidance stresses that in analysing this area, it is necessary to pay attention to such facts as having a politically exposed person as counterparty, inclusion of excessively expensive items in expenditures on hospitality and the like;
- offering of employment or other form of paid or unpaid working experience (for example, internship) especially with regard to public officials or persons associated with them, which can be considered as a bribe or undue influence, as well as create conflict-of-interest situations;
- offering of donations and charitable contributions that can be potentially used for bribing or money laundering;
- implementation of corporate sponsorship programmes that can be used for exercising undue influence;
- financing political parties and candidates to get undue advantage in business.
6. Assessment of third parties.
It is recommended that FIs undertake assessment procedures with regard to:
- intermediaries, i.e. third parties acting on behalf of the FI to find, introduce, obtain, or maintain business or any other commercial advantage or obtain government approvals or action: their assessment should include analysis of officially proclaimed purposes of activity (as related to the services provided) and scope of the engagement (from the point of view of the actual capacity of such intermediaries), payment conditions, qualifications, relations with public officials or possible interaction with them on behalf of the FI etc.;
- non-intermediaries, i.e. third parties acting on their own behalf and providing goods, works and services directly to the FI: in spite of the fact that the risks of this interaction are lower than in the case of intermediaries, the FI can decide to conduct similar assessment in their respect.
The paper highlights that the following “red flags” can be detected, in particular, throughout the assessment of third parties:
- complete absence or lack of relevant experience of the third party;
- lack of evident commercial advantage for the third party, included in the cost of services;
- negative episodes in the record of the third party/reputational problems (for example, prior liability for corruption offences or failure to comply with the principles of business integrity);
- links to the State (for instance, the third party is suggested by a public official);
- close business, family or other personal relations of the top management of the third party with public officials or other persons having discretionary power to take decisions with regard to the relevant activities of the FI etc.
7. Assessment of customers.
The Guidance states that besides third parties, corruption risk assessment should be conducted with regard to the clients of the company also with a view to preventing and detecting the facts of:
- deliberate omission of evident “red flags” in the client’s activities;
- involvement of employees of the FI in illicit activities of the client;
- money laundering;
- reputational damage.
It is advisable to focus the assessment on such aspects as:
- objectives and structure of the transaction support mechanisms that allow the FI to monitor the expenditures of the contractors;
- character and structure of transactions;
- reputation of clients from the point of view of corruption and bribery risks, as well as their compliance with the business ethics norms;
- jurisdictions and sectors where potential clients operate;
- distribution of income by clients;
- involvement of contractors by clients (for example, local agents, intermediaries, representatives and subcontractors), structure of payment for their services, their reputation etc.;
- links with public bodies and organisations.
In the event that increased corruption risks are detected, the paper recommends informing final decision-makers accordingly through relevant governance committees, such as transaction review committees, reputational risk committees, or credit approval committees, so that they have a holistic view of the risks associated with a particular deal-related activity, both at inception and through the lifecycle of the transaction.
8. Mergers and acquisitions, investments and joint ventures.
Corruption risks can be associated, in particular, with such processes as mergers, acquisition, partnership or acquisition of a significant stake in another entity, establishment of a joint venture, and considerable investment in shares by an FI-managed/controlled fund.
In order to detect and mitigate these risks, it is recommended that FIs:
- conduct a comprehensive due diligence procedure with respect to third parties, including managers, and with regard to partners in case of establishment of joint ventures;
- include anti-corruption reservations in contracts to provide for the safeguards of respect of relevant laws, the obligation to implement and improve compliance programmes etc.;
- ensure risk assessment-based monitoring after acquiring the company.
This comprehensive due diligence procedure should be conducted, where possible, before the expected date of conclusion of the merger/acquisition transaction, and before the investment in case of investments in shares.
9. Anti-corruption training and awareness.
The Guidance stresses that FIs should organise anti-corruption training, as a minimum, for the members of the governing bodies and top managers, as well as for the employees whose activities are associated with increased corruption risks, for instance, those who interact with third parties. Employees should be trained before assuming their positions/being employed and afterwards on a regular basis.
Anti-corruption training can also be organised for the third parties associated with increased corruption risks.
It is recommended that training concludes with a test to assess the level of comprehension by the attendees of the topics covered.
10. Control and monitoring.
According to the Guidance, FIs should implement control and monitoring mechanisms of compliance with the firm-wide policy as a part of the general control system.
*The Guidance has been developed with the support of the UK Finance ABC Panel, Basel Institute on Governance, the World Economic Forum Partnership Against Corruption Initiative and others.