Anti-Bribery and Corruption Risk Assessment

Compliance risk assessment is continuing a trend toward priority for companies that have global operations.  The trend toward systematic compliance programs spans across all industries.  The priority, scope, frequency, and level of sophistication of compliance activities are growing in response to the expansion of governmental focus on bribery, fraud, and corruption.

The United States has had laws on the books governing fraud, bribery, and other corrupt practices for many years but is now taking a much more aggressive approach toward enforcement.  Other countries are also expanding their enforcement.  Many, including China, the United Kingdom, and Russia, have adopted new laws addressing bribery and corruption.  The laws of each country must be considered when operating globally.  All have somewhat different requirements, all which must be considered when structuring and operating global compliance programs.

Period risk assessment of corruption and bribery law compliance has now become industry standard.  Companies that have substantial operations must assess corruption and bribery risk on an ongoing basis.  Assessments should be performed in a systematic way based upon prioritization of risks.  The ongoing assessment of risk should also include the adoption of corrective action to address areas that are determined to present significant risk, where existing process or policies are not adequate, or where violations may have already occurred.

Risk assessment also serves a didactic element.  The process itself reinforces attention on the compliance process, the company’s commitment to compliance and the issues involved with the specific area of risk that is being assessed.

Compliance is best viewed as a process rather than a set of policies.  The process is circular and never-ending.  One state is built upon the previous.  The end result resumes the process.  Conceptually at least, the process begins with identification of risk.  Various risk areas can then be assessed, scored, and prioritized based upon the affect on the organization.

Prioritized risk can then be assessed through appropriate means which may include controls, monitoring or auditing.  Depending on the risk involved, external auditing or further assessment may be appropriate.  Deficiencies in controls can be identified and a “gap analysis” can be performed.  This leads to an appropriate corrective action being taken to address any identified gaps.  Corrective actions may include the adoption of policies and procedures, disciplinary actions, self reporting, subject area training, and other appropriate activities given all of the facts and circumstances.

The compliance program establishes the process in which assessment takes place.  The program establishes the ground rules for the assessment and remediation of risk.  The program helps assure that the process sis uniform and systematic.

Some of the elements that should be included in assessing risks under the anti-bribery and corruption laws of various countries will be covered in subsequent posts.
John Fisher is a certified in corporate compliance and ethics (CCEP) and is an attorney with the Ruder Ware law firm.