The Challenges of ABAC Compliance in the Supply Chain From Due Diligence to 3rd-Party Audit Cristian DUCU, PhD Centre for Advanced Research in Management and Applied Ethics European Ethics & Compliance Association EthicsComplianceHubs 2018 Edition Musat & Associates JUN 7, 2018 / BUCHAREST
ABAC Compliance What is and what isn t
ABAC Compliance in the G-R-E-C-S Multiverse New Developments
ABAC Compliance in the G-R-E-C-S Multiverse A New Trend? The Ethics & Compliance function is both a strategic and a support one. Strategic it should earn a seat at the Board s table Leading Corporate Integrity: Defining the Role of the Chief Ethics and Compliance Officer (CECO); Ethics Resource Center, USA, Aug. 2007. Emmanuel Lulin appointed Senior VP (2013) to extend his position as Chief Ethics Officer at L Oreal (2013) Sylvie Kandé de Beaupuy appointed to the Board of Directors of Siemens-Alstom (2018) Support it should provide effective means to prevent and fight corruption, bribery and abusive business practices throughout the organization and its value chain
ABAC Institutions GOVERNANCE ABAC Policies & Procedures Ethical Leadership & Stewardship ABAC Training ABAC Communication REGULATORY ABAC Regulatory Frameworks/Requirements Regulatory Enforcement Actions Sanctions Lists REPORTING RISK Enhanced Due Diligence (beneficial ownership, corruption risks etc.) Risk Assessment Substantive Testing Monitoring Reviews Internal Audits 3 rd -Party Audits Whistleblowing/Ethics Hotlines International roundtables or integrity pacts Financial Transparency Non-Financial Transparency
ABAC Technology GOVERNANCE Policies & Procedures management systems Internal Communication & training platforms REGULATORY Thomson Reuters, LexisNexis etc. regulatory compliance platforms Lists of sanctions and sanctioned people RISK Due Diligence platforms Enhance Beneficial Ownership ORBIS (BvD) Automated screening of 3-rd Parties Audit systems 3 rd -Party Audits Whistleblowing online platforms former EthicsPoint (Navex) and similar services REPORTING Reporting platforms International benchmarking systems
ABAC Practices GOVERNANCE Negative approach: implement procedures without extensive (internal and 3 rd -party) communication and training REGULATORY Negative approach: top-management introduce exceptions regarding some PEP clients that can help with some public affairs issues RISK Positive approach: legal clauses included in the supply agreements concerning the monitor reviews, 3 rd - party audits, sanctions in case of corrupt practices REPORTING Negative approach: in respect to the shareholders rights, demonstrate no transparency regarding a corruption case that affects the company
ABAC Regulatory Frameworks Inter-American Convention against Corruption (IACAC, 1996) OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (OECD Anti-Bribery Convention, 1997) United Nations Convention against Corruption (UNCAC, 2003) African Union Convention on Preventing and Combating Corruption (2003) European Anti-Corruption Conventions US Foreign Corrupt Practices Act (1977) UK Anti-Bribery Act (2010) SAPIN II (2016) Spanish Penal Code (2015) ISO 19600, ISO 37001 GRI Standards The design and effectiveness of the ABAC policies & procedures are based on the existing regulatory requirements are influenced by the available tech solutions and depend massively on the risk appetite of the organization
Blindspot Commercial Bribery
A Common Example of Corruption
A Less Known Case of Corruption: Commercial Bribery
Challenge #1 Why Should I Be Responsible for the Actions of My Supplier?
Common Rationalization The vast majority of businessmen & businesswomen, across the globe: my sole and constant objective/target is to make more money for my shareholders (and avoid paying fines and other types of costs associated with non-compliant practices) to be responsible for what my supplier does is an exaggeration on the behalf of the regulator because I cannot control his/her actions and business practices Everyone is responsible for himself/herself. Illustration: - Rana Plaza collapse (April 24, 2013; Bangladesh) Primark vs. Walmart behaviour
One Example: UK Anti-Bribery Act (2010)
Challenge #2 No Clean Supply Chain Rule
No Clean Supply Chain Rule There are no supply chains immune to corruption and bribery, no matter what a company does to protect itself. The absence of admittance of this leads to blind spots and increasing risks throughout the supply chain. The risks associated with corruption increase with the size of the supply chain: a larger supply chain is more exposed than a small one. The level of the corruption, bribery and abusive practices depends not only on the size, but also on how spread and where is geographically located the supply chain: a dispersed supply chain throughout Asia is more exposed than one located in Eastern Europe. If abusive practices are generally easy to spot, corruption and bribery are allusive and happen mainly behind closed doors.
Challenge #3 Industry Practices
Industry Practices Some industries are more exposed to corruption and bribery than others a) especially the strict regulated industries (e.g., Extractive, Pharmaceutical, IT&C, Construction etc.) b) especially those who are forced down to offer low prices (e.g., Textile, Agriculture etc.) c) especially those who are working with public procurement (e.g., IT&C, Consulting for EU funds) Illustrations: - Microsoft Cases (Romania); Siveco (Romania); Asesoft (Romania) - Automotive Industry the collusion case of the German automakers (Volkswagen, Audi, BMW, Porsche, Daimler) on diesel emissions (the 90s)
National Double Standards Some states are more flexible when the bribe serves the interests of their SOEs and/or are paid in foreign countries: - former regime of Gaddafi (Libya), China, Russia So you need to screen even more the legal entities belonging to this type of states or PEPs. How deep should the due diligence process be?
Challenge #4 How Do You Discover a Rogue Supplier?
How Do You Discover a Rogue Supplier? Most of the time, it is too late when a company learns about the non-compliant practices of one of its suppliers. There are also cases when a company learns via a tip (ethics/whistleblowing hotline). This is the most used channel in such cases and it should come with considerable protection to whistleblowers. The investment in prevention is the key for keeping the corruption and bribery risks at acceptable levels.
What to Do? The investment in prevention is the key for keeping the corruption and bribery risks at acceptable levels. To decrease the corruption and bribery risks can be achieved only by increasing the risk adversity of the supplier: - the due diligence process to be thorough and not negotiable - the danger of losing the contract if non-compliant to be real - monitoring reviews to be comprehensive - the ethical stewardship to be an active program - the whistleblowing hotline to be effective and lead to testing - 3 rd -party audits to be unannounced and more comprehensive
Challenge #4 Compliance Fatigue
Compliance Fatigue The Ethics & Compliance Department should not become the organizational policeman and nor should introduce a new form of bureaucracy. The danger of increasing the responsibilities of the Ethics & Compliance Department to the breaking point. Illustration: - local, less significant markets, multinationals have the tendency to concentrate multiple functions in one department or even in one position Legal & Compliance & IP & Data Protection Manager AML, Anti-Fraud, Internal Control & Compliance & Ethics Dept
Diane Vaughan (1983), Controlling Unlawful Organizational Behavior. Social Structure and Corporate Misconduct; University of Chicago Press. It is equally if not perhaps more important to recognize that laws and regulations, surveillance, and sanctioning -- the tools of control -- may themselves be related to unlawful behaviour. Increasing these resources to strengthen agency capabilities may have the unintended effect of increasing real rates of unlawful business conduct, even after accounting for increases from greater enforcement activity.
Integrity is not a cost nor an investment, but an excellence of character +4 073 320 4146 centre@etica-aplicata.ro www.etica-aplicata.ro