GRC Tuesdays: Enforcement of Anti-Corruption Worldwide, a Complex Regulatory Landscape
As we all know, complying with regulations is like hitting a moving target: it changes all the time and companies have to be flexible and adaptive to say the least. Talk about AGILE!
When it comes to anti-corruption, there is an additional difficulty according to many organizations that I have met: the multiplicity of authority agencies.
Let’s take the United Nations Convention against Corruption from 2003, whose purpose is to “promote and strengthen measures to prevent and combat more efficiently and effectively” and, as per Article 6, requests of the signatories that “Each State Party shall, in accordance with the fundamental principles of its legal system, ensure the existence of a body or bodies, as appropriate, that prevent corruption”.
With 189 parties that have accepted or ratified this convention – with or without reservations, this paints a complex landscape of regulatory bodies for organizations to keep track of:
Legend: in green are the Participants with Signature, Approval, Acceptance, Accession, Succession, and/or Ratification status for the United Nations Convention against Corruption, as of May 2020.
This has also been recognized by international organizations as a key issue.
As a matter of fact, the World Bank, the US State Department and the European Commission had launched in 2010 an initiative aimed at collecting data about the various national Anti-Corruption Authorities (ACAs). These ACAs are the public agencies that are officially tasked with combatting and preventing corruption.
The results consisted of 63 profiled agencies and were made available on an online platform: Anti-Corruption Authorities (ACAs) Portal
Unfortunately, this platform hasn’t been updated in many years. As a matter of fact, the latest news dates back to October 2015.
Recognising this status, the French Anti-Corruption Agency (AFA), in partnership with the Council of Europe’s Group of States against Corruption (GRECO), the Organisation for Economic Co-operation and Development (OECD), and the Network of Corruption Prevention Authorities (NCPA), have launched a survey project of the national anti-corruption authorities (ACAs) and have just published their report: Global Mapping of Anti-Corruption Authorities.
In this blog, I’d like to go over some of the findings of this report as they describe an interesting picture of the anti-corruption policies and their enforcement globally.
And these findings may even reassure some companies who feel that they are well behind when, truthfully, their Anti-Bribery and Corruption (ABAC) practices are still ahead of many authoritative bodies!
Objectives and reach of the report
First, let’s clarify the intent of this joint report: the stated objective wasn’t to help public or private organizations directly, the original intent was to “help to develop an international directory of ACAs [Anti-Corruption Authorities], and guide the NCPA’s [Network of Corruption Prevention Authorities] search for better ways to implement peer-to-peer cooperation in the field of corruption prevention”.
Nevertheless, I do believe that this report has an interesting side effect: between July 2019 and April 2020, it identified 171 participating national authorities from 114 countries and territories, hence a significant number of ACAs worldwide and much more than are listed on the Anti-Corruption Authorities (ACAs) Portal mentioned earlier. This is a great starting point for Compliance and Legal teams across the globe that sometime struggle to find the right stakeholder.
As a result, this report could help organizations better understand the regulatory landscape they operate in. In addition, it also lists some of the expectations of these agencies. In a “control once, comply with many” approach, this will prove invaluable I believe so as to streamline compliance efforts.
Firstly, the report highlights that, in 14% of the countries, anti-corruption functions are split between 2 entities tasked with combating and preventing corruption. And in just over 12% of the cases, 3 or more agencies are involved in the process. In which case, even if there is a separation of function, there is a likelihood that duplicate information will be requested of organizations.
The other aspect that is highlighted in this report relates to the expectations of the various Anti-Corruption Authorities. 63% of respondents have a repressive role and are authorised to conduct investigations and/or criminal proceedings. This means that a small minority only has a preventative role – and as such, may have difficulties in really enforcing policies.
Where it then becomes really interesting I find, specifically when we drill down to understand the agencies abilities to enforce this topic and therefore the organization’s exposure to sanctions, is that investigations and criminal proceedings mainly concern individuals. Only 46% of the ACAs have jurisdiction on both individuals and legal entities.
Concerning their power of sanction, here again there is a discrepancy. Less than half of the respondents (48% according to the report) have sanction mechanism, and, when they do, these are mostly administrative in nature:
Legend: Types of sanction mechanism(s) available to Anti-Corruption Authorities (out of 82 respondents)
As stated in the report “administrative sanctions also might favour a more timely enforcement of anti-corruption rules. In contrast, penal sanctions are typically pronounced after longer proceedings”. Some consider that only criminal charges really make a legislation compelling and give it “teeth” or substance. I would respectfully disagree: an administrative sanction could be even worse for an organization. Let’s assume an organization that operates in a highly regulated industry and relies on a license to operate that is granted by the authorities, if this license to operate is revoked – i.e.: via an administrative sanction, then this simply means the business is shut down. Isn’t that compelling enough?
Finally, now that we have a clearer picture of the organisms and their authoritative scope, the report also includes a summary of its expectations.
In three quarter of the cases, there is a mandatory requirement in the country to have an anti-corruption code of conduct. But this obligation mostly applies to Public Sector only (79% of responses). Private organizations seem to be only included in this scope in a minority of countries.
What’s more, only 56% of respondents say that there is an obligation to carry out risk mapping in their country. With once again a great prevalence in the public sector versus the private sector. This would therefore go quite against international best practices that recommend starting anti-corruption programs with a risk-based approach.
Going the extra mile(s) – quite literally
Knowing your “customer” – here the ACAs for Compliance and Legal teams, is already a good starting point.
But, in addition to the sheer number of local bodies, there’s another hurdle: in some cases, the extra territorial aspect of the legislation and the enforcement authority agency.
For instance, the provisions in the Foreign Corrupt Practices Act (FCPA) mean that a non-U.S. person or company may be prosecuted when they act as agents of U.S. companies or issuers, regardless of where the misconduct took place. In addition to having to map the national stakeholders, companies also have to keep track of bodies with international reach which adds another layer of complexity.
What about you, how does your Compliance and Legal team keep track of all its external “customers” for anti-corruption regulations? I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard