By Colin Maund, CEO of supplier management service provider, Achilles Group.
On 30th March 2011, The Ministry of Justice (MOJ) published its long-awaited guidance on the Bribery Act 2010 and confirmed that the Act will come into force on 1 July 2011. Businesses now have three months to review their policies and procedures and to ensure that they meet the standard being set by this new legislation.
Although the MoJ has emphasised that compliance is "largely about common sense, not burdensome procedures", corporates still need to look carefully at the particular risks posed by their business operations and business partners and ensure that they implement appropriate procedures. There are several steps that we would consider represent good common sense to improve supplier information management and help guide companies toward appropriate procedures.
Most organisations do not have adequate procedures for monitoring their suppliers; they often do not ask them for statements of intent or statements of practice. They do not say to them, for example, 'what measures are you taking to ensure that there are procedures in place to govern corruption, abuse of hospitality, or facilitation payments?' Nor do they ensure that suppliers are carrying through these measures in their own supply chain.
Where this really matters is in the case of companies that are part of consortia bids where one of the companies pays bribes in order to get the work for the consortia. One can easily imagine a situation in which a company is bidding for a one billion dollar contract and there are three or four members of the consortia and one of them decides that it is in their interest to pay bribes. Do they drag the other consortia members into that case?
Or where for instance an oil and gas contracting company bidding for a licence puts forward a structured bid with a number of other contractors to provide construction services, engineering services, etc and one of those companies decides to pay a bribe over the head of the main contractor. The oil and gas company has the benefit of the contract but the subcontractor also benefits from the work arising. It is actually the subcontractor that paid the bribe but under the UK act it would appear that because the oil companies are the main beneficiaries, they must have ensured adequate procedures to prevent bribes being paid.
What steps can a company take to avoid getting caught out?
The simplest procedure would be to ask two things:
a) What is your own internal procedure for ensuring that bribes or any form of corruption or facilitation of payment etc are not made?
b) What checks do you make on your own supply chain?
Looking first to put your own house in order, more elaborate checks involve asking: Do your internal procedures have the support of the Board? Is there a disciplinary process attached to it? What is the procedure for ensuring that accounts are properly checked, to make sure that certain items in accounts are not disguised bribes or facilitation payments?
And then in your supply chain, what are you doing to go down your supplier lists to make sure that the people in your supply chain are adopting the same procedures as you are? If you want to go beyond that, it would be a case of asking suppliers to show your company their procedures, training manuals, attendance records, disciplinary processes etc, so that it is possible to see that the area of bribery is being taken seriously and that it has got teeth. It is not just a case of saying we've got a nice procedure written by a consultant that we're going to stick on a shelf and leave it there.
Do you think this is likely to be driven by board members?
Board members would be very wise to drive a company's procedures because they are always the ones named in litigation and could be taken to court - especially as the new legislation creates personal liability for Directors. It should be at the heart of any well-run company, but the truth is that board members have in the past absented themselves from taking part in any bribery or corruption but may nevertheless have allowed it to go on -turning a blind eye to it. Now they won't be able to do that.
What checks should a company be making on its own supply chain?
The first thing to do is to really define where the risk is. Firstly, identify those countries where bribery is more likely to occur than others and secondly, some activities are more likely to lead to bribery than others. By putting the two together you end up with a risk matrix that identifies the most critical areas, where an organisation really needs to focus. From that you can have a varied response ranging from questionnaires, self-certification to asking for statements, to actually carrying out your own on site audit of your suppliers.
That's quite a massive undertaking, is it realistic?
It depends how much you can narrow down the risk matrix. If you can get it down to 50 businesses that are regarded as high risk then you could say that it is not that massive an undertaking. If you take a scattergun approach it can become too unwieldy. The right approach is a stepped one, starting with every company being asked if they have a policy on bribery and corruption, through to those who are in the medium risk category, perhaps filling in a questionnaire and a self declaration, through to the very top risk areas where it might be appropriate to put an audit team in to check that the right procedures are in place and that they are being adopted. And of course there is nothing to prevent companies collaborating with organisations in the same industry to reduce costs and increase coverage and, therefore, compliance.
Achilles is working with the international law firm Hogan Lovells on the implications of the Bribery Act 2010 for the procurement industry and appropriate adjustments to Achilles' supplier due diligence and evaluation processes.