Has the government published any guidance advising how to comply with anti-corruption and bribery laws in your jurisdiction? If so, what are the elements of an effective corporate compliance program?
Bribery & Corruption (2nd edition)
In November 2018, the State-owned Assets Supervision and Administration Commission of the State Council (“SASAC”), which is the governing authority for all the state-owned enterprises in China released a compliance guidance for all the state-owned enterprises governed by the central government. Although the compliance guidance is mainly applicable to state-owned enterprises governed by the central government, other companies could also use it as major reference for establishing a solid compliance system. A wider range of compliance issues are identified as the key focuses including anti-corruption and bribery, anti-unfair competition and the like. And specific requirements including policy making, establishing risk identification and response systems, compliance review, strengthening accountability, regular compliance trainings, compliance evaluation and continuous improvements are also enumerated in the guidance.
Additionally, the Shenzhen Standard for Anti-Bribery Management Systems (“Shenzhen Standard”) was published by Shenzhen government as a recommended practice, rather than a compulsory requirement in June 2017. The Shenzhen Standard was drafted based on ISO 37001 Anti-bribery Management Systems, developed by ISO technical committee ISO/TC 309. The recommended elements of an effective corporate compliance program include third party due diligence, internal control (both financially and operationally), standardization on the gift and entertainment rules, anti-bribery control on business partners, effective reporting mechanism, proper investigation and crisis management process, and corrective measures on the identified issues.
The Sapin II Act details the legally binding rules and procedures which companies of a certain size shall implement in order to prevent corruption:
- A mapping of predominant corruption risks, designed by each company;
- A code of conduct shaped by senior management;
- An internal whistleblowing system;
- Third-party due diligence procedures;
- Accounting control;
- Anticorruption training for employees;
- Internal monitoring and assessment systems to ensure the effectiveness of the measures put in place.
In addition, since it was set up in 2016, the AFA has been responsible for publishing recommendations to help private and public entities implement those procedures. Its non-legally binding guidelines were first published in December 2017 and are regularly updated, with a view to clarifying and complementing the items listed in the Sapin II Act.
The AFA also issues specific guidelines for given sectors or corporate functions (e.g. charter for public sector stakeholders, guidelines on the corporate compliance function, upcoming guidelines on mergers and acquisitions).
In 2001 the German Federal Minister of Justice introduced the commission “Deutscher Corporate Governance Kodex” to provide some guidance for German listed companies on corporate governance. The commission consists of representatives of German listed companies and their stakeholders who are appointed by the German Federal Minister of Justice. Under the current German Corporate Governance Code, transparency is of high importance. In order to achieve this, a significant part of the code’s regulations deals with the improvement of the annual general meeting of the German stakeholders, the strengthening of the minority stakeholder’s position, the increase of the management’s and supervisory board’s liability in certain situations and the introduction of independent auditors. According to section 161 of the German Stock Corporation Act, the management board and supervisory board of a listed company shall declare annually that the recommendations of the German Corporate Governance Codex have been and will be complied with, or declare which recommendations have not been, or will not be applied and why. However, the German Corporate Governance Codex is a non-statutory guideline.
The Ministry of Interior has published an updated guideline on preventing corruption in the German Federal Administration. The “rules on integrity” describe specific steps for German authorities to prevent corruption like a dual control principle and allocation guidelines.
Lately, all the major companies have shown a strong commitment towards the establishment of an effective corporate compliance program.
Several enforcement agencies and regulatory bodies have issued over the years guidelines in respect to anti-corruption regulation, best practices, signs of irregularity of transactions etc. In addition to the guidelines issued by Regulatory Bodies (e.g. Bank of Greece, Hellenic FIU, Capital Market Commission), business associations in sensitive industries (e.g. healthcare) are proposing guidelines to their members, recommending best practices, evaluating market statistics, sharing experience from other jurisdictions etc.
The effectiveness of a corporate compliance program is always dependent on the special characteristics of a business activity. Generally, a compliance program is effective when:
- It sets out uniform practices within the entity in relation to communication and interaction with clients, suppliers and third parties. These practices should be reviewed on a regular basis and updated when necessary.
- It has useful and comprehensive tools to enable identification of red flags or signs of irregularity
- It sets out a standard procedure for internal reporting
It is also important to include provisions for regular training of employees on signs of possible misconduct and encourage them to address signs of irregularity using available procedures.
The government has not yet published guidance on compliance with anti-corruption and bribery legislation in Ireland. However, the government has recently appointed a review group chaired by the former Director of Public Prosecutions, James Hamilton, to carry out a review of anti-fraud and anti-corruption structures and procedures. The Terms of Reference of the Review note that it is aimed at assessing the extent to which the various State bodies involved in the prevention, detection, investigation and prosecution of fraud and corruption are working effectively together, and identifying any gaps or impediments in this regard. The Review Group is due to report its findings and recommendations to the Minister for Justice and Equality by summer 2019. It is hoped that as part of that Review, recommendations will be made in relation to, among other things, the publishing of guidance in relation to compliance with anti-corruption legislation.
As mentioned above, there are guidelines published by the ANAC and by other private organizations and trade associations. The key elements of an effective corporate compliance program regard the segregation of duties, the separation between decision-making and control functions, the traceability and documentation of the relationship with the public administration, the correct allocation of powers (which has to be consistent with the roles of the individuals entrusted with such powers), as well as the presence of an effective sanctions system, the performing of a thorough training activity of personnel, etc.
In 2016, an anti-corruption guide for Belgian enterprises overseas has been drafted and can be found on the website of the Federal Public Service Economy (https://economie.fgov.be/nl/publicaties/anticorruptiegids-voor).
In this guide, advice is provided regarding the elements constituting a compliance program. The compliance program must comprise three actions: prevent, detect and respond.
This guide also refers to the ICC Rules on Combating Corruption (2011)24 as guideline for an effective compliance program.
As stated in Answers 9 and 12, the METI Guidelines have been published with respect to anti-corruption and bribery of foreign public officials. The guidelines articulate the details of an effective corporate compliance program. The key elements described in the guidelines are (i) the importance of the attitude and message from top management, (ii) a risk-based approach, and (iii) the need to take action at a subsidiary level based on the bribery risk.
The Government has not published any guidelines at present advising how to comply with anti-corruption and bribery laws in Kenya.
The DOJ and SEC jointly issued guidance in 2012, and published an update in 2015, entitled A Resource Guide to the US Foreign Corrupt Practices Act, which, among other things, addresses the hallmarks of an effective corporate compliance program. In addition, the DOJ’s FCPA Corporate Enforcement Policy from November 2017 describes the criteria it will apply in evaluating whether a corporate entity has an effective compliance and ethics program, which criteria overlap with those discussed in the Resource Guide. The DOJ and SEC recognize that an effective corporate compliance program must be tailored to each company’s own needs, risk and challenges, but should have the following elements:
- Senior management should show a commitment to a ‘culture of compliance’ and clearly articulate a policy against corruption. Employees should be aware that any criminal conduct will not be tolerated.
- The company should have a written code of conduct and compliance policies and procedures.
- One or more senior executives should be assigned to oversee the compliance program and be provided with sufficient autonomy, authority and resources, including adequate funding and experienced personnel.
- The compliance program should analyse the company’s risk and be tailored to those risks.
- The company should provide training on its compliance policies and offer continuing advice concerning those policies.
- The company should have clear disciplinary procedures for compliance violations and offer positive incentives to drive compliant behaviour.
- The company should engage in due diligence of third parties and monitor those relationships, including payments to third parties.
- The company should have a mechanism for confidential reporting of violations and a procedure for conducting internal investigations.
- The company should seek to continuously improve their compliance program by periodically reviewing and testing its controls through audits.
DOJ, FCPA Corporate Enforcement Policy [Nov 2017]; DOJ and SEC, A Resource Guide to the US Foreign Corrupt Practices Act at 57-62 [2012, updated 2015].
The Mexican government has not published specific guidelines regarding compliance with anticorruption laws. However, Article 25 of the LGRA (described in answer to question 11 above) states that when determining liability of legal persons (companies), having in place an integrity policy shall be considered. Said Article outlines the main elements that an integrity policy shall contain, such as: (i) manuals of organization and procedures; (ii) a code of conduct which is duly made available between all members of the organization; (iii) adequate and effective control, audit and surveillance systems; (iv) adequate denouncing and reporting systems, both within the company and towards the authority, including disciplinary processes and concrete sanctions; and (v) adequate training systems; among others. Please refer to our answer to question 11 for further information in connection with guidance issued by the government for compliance with the foregoing article 25 of the LGRA.
Article 42 of the Decree No. 8,410 of 2015 sets forth the elements of an effective compliance program, that is, a risk-based and tailor-made program.
Noteworthy is the fact that, when analyzing the Compliance Program authorities will also consider the entities main traits, e.g., number of employees, market in which it operates, interactions with public sector and others.
The parameters for assessing its effectiveness, include:
a. Tone at the top and clear commitment of the upper management;
b. Standards, policies and codes of ethics and conduct for employees, managers, and third-party vendors;
c. Period training at appropriate intervals;
d. Performance of risks assessments;
e. Proper register of the books and records;
f. Specific procedures intended to prevent fraud and corruption in the context of bidding for government contracts,
g. Independence and proper structure attributed to the Chief Compliance Officer and department that is responsible for the Compliance Program;
h. Adequate due diligence in mergers, acquisitions, corporate restructurings and in dealings with third parties,
i. Ethics channel or reporting lines for whistleblowers;
j. Establishing disciplinary measures for violations;
k. Monitoring and periodic refinement of the program.
CGU has published an English version of a guide for entities that aims to clarify the concept of a Compliance Program under the Brazilian Clean Company Act and its regulations. This document is intended solely for the purpose of guidance and is available at: http://www.cgu.gov.br/Publicacoes/etica-e-integridade/arquivos/integrity-program.pdf.
At last, although there are pillars and guidelines available, each program will be evaluated on a case by case basis.
Yes, the New Zealand Government has published Saying No to Bribery and Corruption – A Guide for New Zealand Business (2015).
The following guiding principles for effective anti-corruption compliance procedures are outlined within this publication:
- Proportionality to the individual risk faced by a business
- Top level commitment to combatting corruption
- Clearly articulated anti-corruption policies and internal procedures
- Risk assessment
- Awareness raising and training
- Due diligence on third parties
- Reporting and investigating without fear of retaliatory action
- Monitoring and review to adapt to accommodate changes to the business and the environment in which it operates.
In 2015, the Ministry of Justice published a booklet called Undgå korruption (“Avoid corruption”) which provides an overview of the law as well as corresponding guidance. The booklet emphasises two elements in an effective corporate compliance program: 1) companies should establish a code of conduct which contains general guidance on conduct as well as specific guidelines on how employees should conduct themselves in relation to bribery issues. The booklet further states that the code of conduct could contain a description of the consequences that a violation of the code of conduct could have for the employee and 2) companies should identify areas of business that entail special risks (in relation to bribery offences) and seek to mitigate these risks by establishing relevant internal procedures.
The government did not publish any official guidance advising how to comply with anti-corruption and bribery laws and, as long as such a guide would not be included or declared mandatory by a normative act, it could not have any (or much) consequences over the criminal liability.
There exist, however, some guides internally adopted either by public authorities or by non-governmental organisations, which have a preventive role and an informative effect. In this respect, mention should be made that any legal entity is free to draft its own guides or internal regulations, as long as it is in accordance with the law. The effects of the aforementioned guides are limited to the organisation that has adopted them and aims at both the awareness of the phenomenon within the organization as well as the possibilities of prevention or means of counteraction.
From the perspective of criminal liability of the legal entities, the internal adoption of anticorruption guidelines/procedures can be considered as a circumstantial element that can remove the will of the organization from tolerance of corruption. Therefore, more and more organisations tend to implement such policies in order to deliver an unequivocally statement regarding their zero tolerance approach on corruption.
The CPIB has published their answers to some frequently asked questions relating to anti-corruption and bribery laws in Singapore on their website at http://www.ifaq.gov.sg/CPIB/apps/Fcd_faqmain.aspx.
In 2017, the CPIB and SPRING (now Enterprise Singapore – a government agency championing enterprise development) also launched the Singapore Standard (SS) ISO 37001 on anti-bribery management systems. This voluntary standard is based on internationally-recognised good practices. It provides guidelines to help Singapore companies strengthen their anti-bribery compliance systems and processes and ensure compliance with anti-bribery laws.
Further, in 2017, CPIB published PACT – its Practical Anti-Corruption Guide for Businesses in Singapore.
PACT provides guidance for business owners on how to develop and implement an anti-corruption system. The elements of an effective corporate compliance program as stated in PACT include the following:
- Tone from the top promoting a corporate culture of compliance;
- Implementation of clear, visible and easy to understand anti-corruption policies and a code of conduct;
- Guidance on common corruption risk areas including:
- Corporate gifts and entertainment;
- Conflicts of interests; and
- Contributions and sponsorship.
- Conducting bribery and corruption risk assessments;
- The implementation of effective internal controls;
- The availability of effective reporting and whistleblower systems; and
- Regular monitoring of the compliance system.
The Swiss State Secretariat for Economic Affairs (SECO) publishes guidelines for compliance with anti-corruption and bribery laws. According to those guidelines, a robust compliance program includes (1) organisational measures (e.g. transparent business processes and competencies, dual controls, integrity clauses in contracts, due diligence processes for the selection of local agents), (2) measures relating to staff and management (e.g. awareness training, checklists, escalation and advisory processes), and (3) supervisory measures (e.g. supervision of compliance measures, regular testing, external audits).
When assessing organizational measures to prevent bribery, the Swiss law enforcement authorities take into account the SECO guidelines as well as the guidance available from international organizations such as the OECD or the ICC. A failure to adhere to those guidance is seen as a strong indication of a defective organization.
The UK Ministry of Justice has issued guidance on procedures that commercial organisations can put into place to prevent persons associated with them from bribing.
The Ministry of Justice’s guidance is not prescriptive as to the nature of systems and procedures that firms should implement in order to meet the “adequate procedures” standard necessary to provide a defence against the Section 7 corporate offence. A one-size-fits-all approach is simply not possible; whether an organisation has adequate procedures in place to prevent bribery will depend on the specific facts and circumstances of the case. However, the guidance highlights six principles of bribery prevention that an organisation’s officers should consider when drafting an anti-bribery compliance program:
(a) Proportionate procedures
An organisation’s internal procedures to prevent bribery by persons associated with it ought to be proportionate to the bribery risks it faces and to the nature, scale and complexity of the organisation’s activities.
(b) Top-level commitment
The management of an organisation (i.e., directors, owners or any other equivalent body or person) ought to be committed to preventing bribery by persons associated with it. The management should endorse a culture in which bribery is never acceptable.
(c) Risk assessment
An organisation should consider the nature and extent of its exposure to potential risks of bribery on its behalf by persons associated with it. Its assessment ought to be “periodic, informed and documented”.
(d) Due diligence
An organisation must implement due diligence procedures, applying a proportionate approach, in respect of persons who perform or will perform services for or on its behalf.
(e) Communication (including training)
An organisation should seek to ensure that its anti-bribery policies are understood throughout the organisation via internal and external communication and, if appropriate, training.
(f) Monitoring and Review
An organisation needs to periodically monitor and review its anti-bribery procedures, and where necessary, make improvements.
A number of federal departments, agencies and Crown corporations provide guidance, though official guidance is limited.
Global Affairs Canada (“GAC”) represents Canada at international anti-corruption forums and in outreach efforts with emerging economies regarding corruption. The GAC applies the 2010 Policy and Procedure for Reporting Allegations of Bribery abroad by Canadians or Canadian Companies, which instructs Canadian missions on the steps that must be taken when allegations arise that a Canadian company or individual has bribed a foreign public official or committed other bribery-related offences.
Furthermore, Export Development Canada’s (“EDC”) policy statement regarding bribery as set out in the Code of Business Ethics and Code of Conduct, places the onus on employees to “ensure that EDC does not knowingly support a transaction that involves the offer or giving of a bribe, and that EDC exercises reasonable diligence and care not to support such a transaction unknowingly.” It further provides that “[e]mployees are responsible for exercising reasonable due diligence in transactions, and for complying with EDC’s Anti-Corruption Policy Guidelines, including provisions regarding identification of persons associated with transactions who have been convicted of bribery.”
Further, EDC exporters are required to sign anti-corruption declarations. In general, the anti-corruption declarations state, with respect to the transaction(s) being supported by EDC, that the exporter has not been and will not knowingly be party to any action which is prohibited by any applicable criminal law dealing with the bribery of foreign public officials, including the CFPOA. Exporters are also required to declare whether they are currently charged with or, within the previous five years, have been convicted of, bribing a foreign public official.
Similarly, the Canadian Commercial Corporation’s (“CCC”) Code of Conduct and Business Ethics Policy forms the basis for CCC’s approach to fighting bribery and corruption. This Code provides specific guidance and direction to CCC’s employees and clients with regard to ethical behavior in all of its business activities. All employees have access to a copy of this Code and are obligated to sign a yearly acknowledgement confirming their understanding of, and responsibility to comply with it.
Finally, the OECD Guidelines for Multinational Enterprises (Guidelines), contain guidance regarding corporate social responsibility aimed at multinational enterprises investing abroad. The Guidelines are supported by National Contact Points, which are offices established by adherents to implement and raise awareness of the Guidelines. In February 2018, Canada’s NCP underwent a voluntary peer review to map its strengths and accomplishments, while also identifying opportunities for improvement.
Yes. As answered in question No. 9, by September 2016 the Government published a Code of Conduct (Resolution No. 53/2016) setting out rules generally aimed to prevent any sort of action that might be considered against the public interest, transparency and impartiality.
Although expressly applicable to members of Government, this Code of Conduct constitutes general guidelines to be followed by holders of high public office.
Under this Code of Conduct members of Government are obliged to report any effective or potential conflict of interest and take any necessary measures to eliminate it.
Members of Government must reject any offer (be it goods, services, attendance at social events or any other benefit) that might affect the impartiality and integrity of their public functions, namely those which are valued at €150 or more.
Any offer accepted for institutional reasons (such as gifts from other States) must be registered and may be given to non-profit welfare institutions.
The Anticorruption Office issued “Integrity Guidelines to better comply with articles 22 and 23 of Law 27401 of Criminal Liability for legal entities”. This Guidelines explain further the main elements of integrity programs which are listed in Law 27,401 as described in answer to question No. 11.
An adequate compliance program must be tailored to each legal entity taking into consideration its own needs, characteristics and culture, as well as the context in which it operates and its associated risks.
There is no specific guidance published by the government. Several public entities organize very often seminars, workshops and awareness campaigns on radio and tv informing the population about the legal consequences of corruption.