Antibribery survey bears out DOJ compliance advice

20 March 2017 1:21pm

16 March 2017. By Mark Bocchetti.

A recent survey of compliance officers carried out by Kroll and Ethisphere validates the focus on third-party due diligence and periodic review in the new compliance guidance put out by the US Department of Justice.

More than half of the 388 respondents reported finding legal, ethical or compliance issues with third parties after the parent company already had agreed to a relationship with the vendor, agent or other type of business partner.

Joe Spinelli, a senior managing director at Kroll and former FBI agent, said this result is not surprising; 85 to 90 percent of Foreign Corrupt Practices Act cases involve the actions of third parties, he said.

The 2017 Anti-Bribery and Corruption Benchmarking Report, released on Wednesday, also documents the continuing concerns of compliance officers about third-party and other risks.

Respondents cited third parties as the biggest corruption risk for their companies, at 40 percent, and they cited reputational risk as the No. 1 reason for rejecting third parties in prescreening, according to the Kroll/Ethisphere report.

"Reputational damage, you can't ever put a price tag on that," said Spinelli. "You live with that, and it can put a price tag on your organization indefinitely."

And the frequency with which companies find problems later with third parties bears out DOJ's focus on periodic testing and review. Companies should rate third parties and then conduct regular rescreening of the most risky, he said.

Survey results show that overall, the risk of corruption is not declining: 35 percent of respondents said they expect increased risk, while 57 percent foresee the same levels. More third party relationships and greater global enforcement worry those who foresee greater risks.

A bare majority of compliance officers, 51 percent, said they have enough resources, a slight decline over last year. And only about a third of respondents, 37.6 percent, said their company is putting more resources into compliance.

The DOJ evaluation framework released last month pays close attention to this area; the section on resources and the autonomy, one of 11 sections, digs into the issue over seven separate criteria, including reporting lines for compliance officers, the company's past responses to issues they raised, and even compensation levels for compliance officers.

Spinelli, also a former inspector general for New York state, expressed skepticism over whether companies really devote sufficient resources to compliance. Very few compliance officers tell him they have everything they need, he said, whether it is sufficient time to focus on compliance alone or enough skilled employees or working relationships with others who really understand the risks.

The functional role of the compliance officer in the corporation also gets a strong emphasis in the DOJ framework, and here, Spinelli endorsed the report's finding that more senior corporate leaders are engaging on bribery and anticorruption risks.

Many compliance officers now rank as senior management and report to the CEO, with direct access to the board of directors in the event that they find potential misconduct among senior management, he said. And Spinelli welcomes the focus on compensation, noting that it would not be credible for a company to talk about the importance of compliance but skimp on pay for those responsible.

And many compliance officers are feeling the responsibility: A third of respondents expressed a greater level of anxiety over possible personal liability. Spinelli discounted prosecution as a risk but said that the growing incidences of shareholder lawsuits also could put compliance officers on the spot.

Spinelli welcomed the new DOJ guidance, with seven pages of questions to provide companies with a more detailed framework for self-assessment. He added that both DOJ and the US Securities and Exchange Commission have been consistent in their expectations.

But he does see one area for improvement: the need to add something similar to the UK Bribery Act's adequate procedures defense. Companies that spend the time and resources to establish a world-class compliance program should have greater certainty that they would not get hit with a big fine when a problem arises, Spinelli argued.

	Eliot Gao