With the enforcement of the UK Anti-bribery Act this year, many companies from various industry verticals are looking at managing compliance to this regulation more efficiently. Preventive approach and investment in technology solutions allows companies to be on top of the act’s requirements and ensure the mandates are followed consistently throughout the enterprise.Download a Solution Brief
With governments all over the world becoming less tolerant to bribery, the global regulations landscape witnesses additions in the form of anti-bribery and anti-corruption acts and legislations such as the UK anti-bribery act and the Foreign Corruption Practices Act(FCPA). These acts comprise of extremely detailed and intricate sections that describe offence types, clauses, applications, penalties, and other related fragments of the act. Penalties resulting from violations of these acts are enormous and stakes involved are extremely high. However, many companies are not aware of the exact scenarios or actions that may cause such serious offences. Their ignorance of the full-fledged implications of the act leaves them unprepared to manage the practical consequences. Often the internal departments are not well-equipped to identify, track and control malpractices effectively and avoid or manage violations of such acts.
Understanding the UK Anti-bribery Act
The UK Anti-bribery Act came into force on 1 July 2011. The act amends and reforms the UK criminal law and provides a modern legal framework to fight bribery in the UK and globally. Described as ‘the toughest anti-corruption legislation in the world’, the act replaces and annuls England's laws governing bribery and corruption, establishes four offences and creates a modern and more effective anti-bribery framework. The act includes the following four offences:
- Active bribery - promising or giving a financial or other advantage
- Passive bribery - agreeing to receive or accepting a financial or other advantage
- Bribery of foreign public officials
- Failure of commercial organizations to prevent bribery by an associated person (corporate offence)
The scope of the law is extra-territorial. Under the Anti-bribery Act, a relevant person or company can be prosecuted for the above crimes even if the crimes are committed abroad. The act applies to UK citizens, residents and companies established under UK law. In addition, non-UK companies can be held liable for a failure to prevent bribery if they conduct business in the UK. Companies can be liable for bribery committed for their benefit by their employees or other associated persons. A company or corporate entity is culpable for board-level complicity in bribery, including bribery through intermediaries. There is also personal liability for senior company officers that turn a blind eye to such board-level bribery1
The penalties for violating the act are a maximum of 10 years' imprisonment, along with an unlimited fine, and the potential confiscation of property under the Proceeds of Crime Act 2002, as well as the disqualification of directors under the Company Directors Disqualification Act 19862.
The UK Anti-bribery Act and FCPA
|UK Anti-bribery Act||FCPA|
|Enforcement time||Came into force on 1 July 2011||Signed into the United States’ law in 1977, amended in 1998|
|Enforcement authority||The Parliament of the United Kingdom (with the Royal Assent)||
|Jurisdiction||The scope of the law is extra-territorial and applies to bribery within Britain as well as abroad.||The scope includes a U.S. person, certain foreign issuers of securities, foreign firms and persons who take any act in furtherance of a corrupt payment while in the United States.|
|Exceptions||Makes no exceptions||Makes exception for small ‘facilitation payments’ to speed up routine business such as customs checks or visas|
|Compliance defense||Allows a company to avoid the harshest penalties if the wrongdoer is a junior employee and the firm otherwise has a strict anti-bribery policy which is clear to all employees and effectively administered||Little guidance on compliance and officials could be jailed because a staff member at a foreign subsidiary bribed an official without their knowledge|
Proactive approach to risk and compliance management of UK Anti-bribery Act
With the enforcement of the UK Anti-bribery Act this year, many companies from various industry verticals are looking at managing compliance to this regulation more efficiently. Preventive approach and investment in technology solutions that allow companies to be on top of the act’s requirements and ensure the mandates are followed consistently throughout the enterprise spell the emerging trends. Considering the stakes, high penalties and other severe repercussions that the all-encompassing act’s violations can expose businesses to, being proactive and investing in control is proving to be an extremely cost-effective and sustainable option to prevent violations.
Detection methods for economic crimes
Corruption can be detected in cash payments, travel and entertainment expenses, off-the-book funds, use of intermediaries (distributors, agents, vendors), illegitimate payments characterized as legitimate (consulting, legal, accounting fees), charitable donations, non-cash considerations (employment, use of the corporate jet, other benefits).
In 2009, PwC conducted a survey on global economic crime. The respondents of the survey had experienced economic crimes in 2009 and in 2005 and 2007.
The 2009 PwC global economic crime survey classifies detection methods into three categories:
- Corporate controls comprise internal audit, fraud risk management, suspicious transaction reporting, corporate security, rotation of personnel.
- Controls related to corporate culture include external and internal tip-off and whistle-blowing system.
- There are controls beyond the influence of management where economic crimes are detected by accident, by law of enforcement, or by other detection methods.
The survey results indicate internal audit function was the most successful control in detecting economic crimes. Whistle-blowers may become more prevalent given the new incentives under the Dodd-Frank Act.
Risk indicators of economic crimes including bribery and corruption
Some of the risk indicators are:
- Operations or business in high risk countries
- Business with state-owned or controlled entities
- Payment of excessive commissions
- Unusual compensation arrangements
- Use of mandated third parties (such as agents, distributors)
- Cash payments required to entities or individuals
- Re-directed payments
- Required gifts and donations
- Non-cash consideration
Key components of effective compliance with the UK Anti-bribery Act
A vast range of stipulations and their implications for organizations are related to many aspects of business and operations that need close control and monitoring.
Educating the staff: The act enforces certain restrictions on employee conduct in a number of situations while dealing with government clients and stakeholders as part of the anti-bribery provision. If the staff members are not aware of these provisions and restrictions, they are likely to violate these out of ignorance. Therefore, training the employees on the complete spectrum of violations along with examples and scenarios related to their work-profile and creating awareness is the first step towards compliance with the act.
Tracking the expense reports: As a preventive measure, companies need to track the expense reports of their employees and detect any extraordinarily large expenses or transactions. These expenses must be treated as signals and handled appropriately internally to prevent any incident of corruption and bribery before it occurs. Relevant executives and other personnel must be informed about such reports immediately and necessary corrective action must be taken.
Monitoring the business with partners in foreign countries: All transactions conducted through partners, resellers and representatives in foreign countries must be monitored meticulously at every step. Miscellaneous expenses, invoices, and other transactions need to be scrutinized for large inexplicable sums and relevant personnel must be alerted at once. Expenses that involve costly gifts, business lunches or dinners at expensive places are required to be examined in detail by executives and managers.
Managing the violation scrutiny: In case the signals are overlooked and a violation does occur, organizations need to be prepared and have a robust system in place to handle the investigation, follow a defined process accordingly and take the right decisions.
How MetricStream can help
Continuous monitoring and tracking of various related processes and ensuring awareness among all employees are some of the critical requirements in managing the UK Anti-bribery Act. MetricStream provides a comprehensive framework and accompanying workflows to help enterprises streamline, automate and monitor important aspects of UK Anti-bribery Act compliance while combining best-in-class technology with relevant regulatory content. Built on a single platform, the solution enables the UK Anti-bribery Act compliance management at multiple levels.
The solution, via its detailed workflows and complete integration, helps the ethics and compliance chief officers to set the right tone from the top of the organization which percolates to all levels and creates a culture of awareness of and compliance with the UK Anti-bribery Act. MetricStream Solution approaches UK Anti-bribery Act management in a holistic way covering all aspects to deal with incidents of non-compliance efficiently:
- Identifying and assessing related risks
- Defining and managing risk controls
- Creating and organizing relevant training programs for employees
- Conducting regular audits based on previously identified risk areas
- Managing issues and putting in place a corrective action plan
Policy Management: MetricStream Solution offers an efficient way of Policy Management by creating, publishing and distributing policies as well as performing policy awareness assessment for continued assurance. Organizations can ensure accurate knowledge of policies related to business conduct with overseas stakeholders through this solution across its enterprise. It is critical to the management of the act’s requirements that all employees are aware of these policies and have accepted to follow them.
Automated workflow for certifications and self-assessments allows the employees to receive notifications and updates and read and accept policies. The governance team can measure the success of related policy awareness and the maturity and preparedness of the organization in this area.
Policy exceptions can be tracked through a comprehensive issue management mechanism. Being a central repository of policies, the solution is a storehouse of latest versions of documents, policies, procedures, regulations and standards prescribed by the UK Anti-bribery Act. The availability of standard information contributes to increased employee awareness.
Risk Management: Non-compliance with the act can lead to financial risks in the form of penalties and impact on stock prices, risk of lost business opportunities as well as the risk of loss of reputation.
MetricStream provides an integrated and flexible risk management framework for documenting and assessing risks related to the UK Anti-bribery Act, defining controls, managing audits, identifying issues and implementing recommendations and remediation plans. The risk management solution includes tools for risk analysis and monitoring such as configurable risk calculators and risk heat maps.
The solution supports risk assessment based on typical scenarios specific to the industry the organization is part of, which means organizations can assess their risk based on not only their own operations, but the operations of their peers and competitors. The qualitative and quantitative impact of the risk can be evaluated and controls are implemented based on various assessments. The performance of these controls can be closely monitored and assessed to ensure their effectiveness to mitigate the risk.
The solution allows organizations to tailor their UK Anti-bribery Act compliance risk profile based on the following risk factors:
- Industry-specific risks
- Company size
- Corporate structure and affiliates
- Management structure (centralized against decentralized)
- Location of business units and other types of operations
- Key products and services
- Key markets and changes to markets
- Key customers
- Reliance upon third parties in various contexts
- Transactions and project based risks
Controls Management: Risk controls can be established in accordance with the risk profile of the company. These preventive controls need to be reflected in the company’s operations to ensure that they are followed. For example, to monitor the risk involved in large transactions, as a control signatory authorities are established for contracts of certain nature or amount. To ensure that this control is indeed in place, a proof in the form of signatory review or sign-off must be provided to the contract management team. Similarly, if a control in the form of third-party investigation process has been established to manage vendor risk, vendor relationship needs to be terminated in case of integrity concerns.
MetricStream’s integrated solution backed by detailed workflows enables organizations to define, assess and realign preventive controls. The solution supports tracking of controls to ensure the processes are followed and proofs are submitted to relevant personnel to confirm the effectiveness of the control.
Training Management: MetricStream Solution enables effective management of the UK Anti-bribery Act training process by:
- Maintaining the course offerings and course descriptions for easy review by employees and managers
- Scheduling training sessions
- Providing feedback on instructors and course material effectiveness
- Maintaining training records
- Conducting gap analysis to ensure complete compliance with the act
The powerful analytics and reporting capability with graphical dashboards to monitor training programs and effectiveness gives managers complete real-time visibility into the organization's UK Anti-bribery Act training management system including tests and scoring, awareness and preparedness quotient.
The scope of training management can include a basic level of awareness for all employees, third-party UK Anti-bribery Act training for suppliers and vendors as well as specialized and in-depth training for employees at risk.
Incident Management: MetricStream Solution supports identification of issues such as UK Anti-bribery Act non-conformance, exceptions, loss-events, and process deviations and initiation of cases across departments from different sources including other systems and applications.
The solution enables organizations to establish and follow consistent procedures for capturing issues, tracking loss events, managing tasks, and reporting issue status. The solution supports evaluation of issues as well as case investigation and tracking leading to an elaborate remediation or corrective action process. The analytics, tracking and reporting capabilities with graphical dashboards give managers complete real-time visibility into UK Anti-bribery Act compliance and provide critical information for reducing the risk of non-compliance.
Continuous Evaluation and Audit Management: Organizations need to evaluate their UK Anti-bribery Act compliance on an ongoing basis to eliminate issues and risks. Auditing the existing compliance management processes rigorously can bring forth issues in time for the compliance team to prevent them from leading to enquiries.
MetricStream provides a comprehensive audit system designed to help companies manage a wide range of audit-related activities, data and processes. The audit management software has the flexibility to support all types of audits including internal audits, supplier audits and operational audits for UK Anti-bribery Act compliance. The solution provides end-to-end functionality for managing the complete audit lifecycle comprising audit planning and scheduling, development of standard audit plans and checklists, field data collection, development of audit reports and recommendations, review of audit recommendations by audit entities and management and implementation of audit recommendations and remediation for a closed-loop compliance process for the UK Anti-bribery Act.
- MetricStream Solution provides a common compliance structure to manage not only the UK Anti-bribery Act, but a diverse range of regulations and multiple compliance requirements using a single framework.
- It prevents a fragmented approach towards different aspects of compliance management and introduces integrated methodology for complete compliance.
- The solution enables effective management of related policies, procedures, training programs, risks, internal controls, audits, issues and corrective action, integrating the different components together.
- MetricStream Solution provides a single, centralized view of the status of organization’s compliance program.
- The solution includes a built-in ability to track minute changes in the regulatory landscape by receiving regulatory alerts and updates from reliable external sources.
- MetricStream solution can be configured to adapt itself to the changing business processes and requirements of businesses, without deviating focus from business goals of the organization.
- The solution allows the top management to set the tone of regulatory accountability across the organization.
- MetricStream Solution is scalable and can be easily aligned with organizational growth path.