News / Press Release
SA organisations operating in high risk bribery jurisdictions to take caution
02 Oct 2013 at 05:39hrs | Views
THIRD PARTY BRIBERY RISK: SA ORGANISATIONS OPERATING IN HIGH RISK BRIBERY JURISDICTIONS TO TAKE CAUTION WHEN USING THIRD PARTIES
The international community has recently been shocked to learn of alleged bribery in the pharmaceutical sector taking place in China, with both GlaxoSmithKline and Alcon, the eye care division of Novartis, being accused of bribing officials. In both cases third parties were used to apparently make illegal payments to doctors. Consequently, firms with global offices are being urged to step up internal compliance, and take care when using third party suppliers.
As in the above cases, organisations face a range of bribery risks and most large organisations will have hundreds of third party relationships stretching across multiple jurisdictions that expose the organisation to increased bribery risks. Understanding these risks and where an organisation is most vulnerable is critical to managing anti-bribery compliance, as well as managing third party relationships very carefully.
Current anti-bribery laws, such as the Foreign Corrupt Practices Act (FCPA), U.K. Bribery Act (UKBA) (including OECD recommendations) state that all third parties must be appropriately vetted by a company before engaging their services. Alarmingly, in terms of the UKBA, a commercial organisation can be held liable, even if the bribery is carried out by an employee, an agent, a subsidiary, or another third-party, and the location of the third-party is irrelevant to the prosecution. For example: a South African company, with a branch or office in the UK, which pays a bribe anywhere, for example, in Africa or Latin America could, in terms of this legislation, face prosecution in the UK. This is particularly precarious for organisations operating in high risk bribery jurisdictions globally.
In South Africa, according to Transparency International, 47% of South Africans paid a bribe in the past year, while Minister of Justice and Constitutional Development Jeff Radebe said that in the 2012-2013 financial year there were criminal investigations into the activities of 242 people in 89 priority corruption cases each involving R5-million or more. In the Deloitte's Anti-Corruption Practices Survey 2011, participants attributed 52% of the source of corruption risk to "use of third parties".
Organisations therefore need to ensure they have robust anti-bribery compliance procedures in place, especially to protect themselves against unscrupulous third parties. As further incentive to comply with legislation, the UKBA does provide the commercial organisation with a defence, if it can show that, while bribery did take place, the commercial organisation had taken "adequate procedures designed to prevent persons associated with [the organisation] from undertaking such conduct". The burden of proof in this situation is on the organisation, with the standard of proof based on a balance of probabilities. In terms of "adequate procedures" taken out by organisations to curb bribery, the guidelines set out six non prescriptive fundamental principles. These are: Appropriate procedures, Top-level commitment, Risk assessment, Due diligence, Communication (including training) Monitoring and Review.
The UK Ministry of Justice also suggests that in terms of the third party due diligence that these procedures need to be "proportionate" and "risk based" in order to mitigate the identified bribery risks. The organisations' due diligence process in respect of third parties should include:
· An evaluation and logical business rationale for wanting to engage with the third party;
· An evaluation of the company profile, including shareholding, directors, background, experience, government interaction and reputation of the third party;
· Any information relating to any past incidents, convictions, investigations of its directors, shareholders and/or employees. An adverse media investigation is advised here as an independent check.
· Information on the organisations current anti-bribery policies (if any)
· A detailed understanding of the type of services that the third party will be providing;
· An understanding of how the third party will be remunerated, compensated and paid;
· Determine whether the third party intends using other third parties;
· Reasonable controls to monitor the transactions of third parties going forward;
Ensure there is a written agreement/contract in place which acknowledges the third parties understanding of the organisations commitment to anti-bribery compliance;
It is equally important to keep properly documented evidence of this due diligence and to ensure that the person initiating the contact with the third party, the person carrying out the due diligence, and the person ultimately authorizing the contact are not the same person. Organisations are ultimately responsible for ensuring that third parties who act on their behalf are compliant with the global anti-bribery legislation as well as any other local country legislation. Should the organisation fail to do this, it will remain completely vulnerable to stringent enforcement action. As a bare minimum and in order to mitigate third party bribery risk further, organisations should ensure that standard third party agreements / contracts include the following clauses:
Representation by the third party to comply with the organisations code of conduct, ethical business practices and with all laws;
Audit rights, including audit rights for anti-bribery compliance procedures; (these rights must be exercised for this to be considered effective)
The right to terminate the third party relationship due to breach of contract or non-compliance with the organisations code of conduct, ethical business practices, or other laws;
· The third party may not engage with agents, subcontractors, intermediaries or consultant without the prior approval of the organisation;
· The third party agrees to cooperate with any anti-bribery compliance investigation;
· The third party agrees to implement anti-bribery compliance training for its staff;
· Annual certification that the third party has not engaged in or aware of any bribery or corruption violations or other applicable laws;
Due diligence does not stop at the initial approval or selection process; it is an ongoing process which must continue until the relationship with the third party ends.
The international community has recently been shocked to learn of alleged bribery in the pharmaceutical sector taking place in China, with both GlaxoSmithKline and Alcon, the eye care division of Novartis, being accused of bribing officials. In both cases third parties were used to apparently make illegal payments to doctors. Consequently, firms with global offices are being urged to step up internal compliance, and take care when using third party suppliers.
As in the above cases, organisations face a range of bribery risks and most large organisations will have hundreds of third party relationships stretching across multiple jurisdictions that expose the organisation to increased bribery risks. Understanding these risks and where an organisation is most vulnerable is critical to managing anti-bribery compliance, as well as managing third party relationships very carefully.
Current anti-bribery laws, such as the Foreign Corrupt Practices Act (FCPA), U.K. Bribery Act (UKBA) (including OECD recommendations) state that all third parties must be appropriately vetted by a company before engaging their services. Alarmingly, in terms of the UKBA, a commercial organisation can be held liable, even if the bribery is carried out by an employee, an agent, a subsidiary, or another third-party, and the location of the third-party is irrelevant to the prosecution. For example: a South African company, with a branch or office in the UK, which pays a bribe anywhere, for example, in Africa or Latin America could, in terms of this legislation, face prosecution in the UK. This is particularly precarious for organisations operating in high risk bribery jurisdictions globally.
In South Africa, according to Transparency International, 47% of South Africans paid a bribe in the past year, while Minister of Justice and Constitutional Development Jeff Radebe said that in the 2012-2013 financial year there were criminal investigations into the activities of 242 people in 89 priority corruption cases each involving R5-million or more. In the Deloitte's Anti-Corruption Practices Survey 2011, participants attributed 52% of the source of corruption risk to "use of third parties".
Organisations therefore need to ensure they have robust anti-bribery compliance procedures in place, especially to protect themselves against unscrupulous third parties. As further incentive to comply with legislation, the UKBA does provide the commercial organisation with a defence, if it can show that, while bribery did take place, the commercial organisation had taken "adequate procedures designed to prevent persons associated with [the organisation] from undertaking such conduct". The burden of proof in this situation is on the organisation, with the standard of proof based on a balance of probabilities. In terms of "adequate procedures" taken out by organisations to curb bribery, the guidelines set out six non prescriptive fundamental principles. These are: Appropriate procedures, Top-level commitment, Risk assessment, Due diligence, Communication (including training) Monitoring and Review.
The UK Ministry of Justice also suggests that in terms of the third party due diligence that these procedures need to be "proportionate" and "risk based" in order to mitigate the identified bribery risks. The organisations' due diligence process in respect of third parties should include:
· An evaluation and logical business rationale for wanting to engage with the third party;
· An evaluation of the company profile, including shareholding, directors, background, experience, government interaction and reputation of the third party;
· Any information relating to any past incidents, convictions, investigations of its directors, shareholders and/or employees. An adverse media investigation is advised here as an independent check.
· Information on the organisations current anti-bribery policies (if any)
· A detailed understanding of the type of services that the third party will be providing;
· An understanding of how the third party will be remunerated, compensated and paid;
· Determine whether the third party intends using other third parties;
· Reasonable controls to monitor the transactions of third parties going forward;
Ensure there is a written agreement/contract in place which acknowledges the third parties understanding of the organisations commitment to anti-bribery compliance;
It is equally important to keep properly documented evidence of this due diligence and to ensure that the person initiating the contact with the third party, the person carrying out the due diligence, and the person ultimately authorizing the contact are not the same person. Organisations are ultimately responsible for ensuring that third parties who act on their behalf are compliant with the global anti-bribery legislation as well as any other local country legislation. Should the organisation fail to do this, it will remain completely vulnerable to stringent enforcement action. As a bare minimum and in order to mitigate third party bribery risk further, organisations should ensure that standard third party agreements / contracts include the following clauses:
Representation by the third party to comply with the organisations code of conduct, ethical business practices and with all laws;
Audit rights, including audit rights for anti-bribery compliance procedures; (these rights must be exercised for this to be considered effective)
The right to terminate the third party relationship due to breach of contract or non-compliance with the organisations code of conduct, ethical business practices, or other laws;
· The third party may not engage with agents, subcontractors, intermediaries or consultant without the prior approval of the organisation;
· The third party agrees to cooperate with any anti-bribery compliance investigation;
· The third party agrees to implement anti-bribery compliance training for its staff;
· Annual certification that the third party has not engaged in or aware of any bribery or corruption violations or other applicable laws;
Due diligence does not stop at the initial approval or selection process; it is an ongoing process which must continue until the relationship with the third party ends.
Source - Epic Communications (Pty) Ltd