In July the Ministry of Justice (MoJ) announced that the Bribery Act will not come into force until April 2011, a full year after it received royal assent. At the same time, it promised to issue guidance to enable commercial organisations to understand the concept of ‘adequate procedures’. This guidance is the subject of a consultation process, managed by the MoJ, with a closing date for responses set for 8 November.

The guidance is important because it will offer official, formal advice on those anti-corruption measures that a company must implement both to reduce bribery and to make a defence to a potential charge of failing to prevent it. However, it is likely to deal in high-level concepts only, and may leave companies and their advisers without the practical parameters they need to design and institute programmes that will reduce bribery in the commercial context. Here we offer illustrations, derived from years of experience in a host of challenging jurisdictions and across various sectors, of the anatomy of a corruption case – from inception to resolution.

Sounding the alarm

Our experience has revealed almost limitless – and often fact-specific – ways in which companies first become aware of potential corruption problems. However, among the many ways these issues surface, there are some repeat scenarios which may highlight effective methods – such as compliance or ethics hotlines – for uncovering problems before they become unmanageable.

Corruption is frequently detected through an allegation made by a company insider. So-called ‘whistleblower’ alerts are increasing in frequency since many companies have instituted ethics hotlines as cornerstones of their compliance programmes. More companies are expected to follow suit in light of recent UK legislation.

In addition to offering hotlines as avenues to air problems, companies are teaching employees how to use them and encouraging and rewarding those who do. In the US, on 21 July, president Obama signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act, which rewards whistleblowers who offer ‘original information’ leading to enforcement actions based on violations of the securities laws (including the Foreign Corrupt Practices Act) with up to 30% of any money the government collects.

In addition to these legislative developments, the economic downturn has produced a plethora of disgruntled current and former employees who may seek to ‘blow the whistle’ on suspected corruption. Increased levels of staff training on corruption risk are also likely to result in a greater number of ‘insiders’ identifying and voicing corruption complaints.

Moreover, existing regulatory and legal regimes in various jurisdictions (such as the Proceeds of Crime Act 2002 in the UK) require employees in specified sectors to report any illegality they observe in the course of their employment. It is worth noting that the Financial Services Authority’s final notice in the Aon case (when the insurer was fined £5.2m for failing to prevent bribery and corruption) mentioned that the world’s largest insurance broker had submitted over 60 suspicious activity reports.

All of these factors indicate that insiders will remain a key source of corruption complaints.

Corruption issues may also surface in one or more business lines or jurisdictions when a company has engaged in a rigorous process of self-examination, whether at the behest of regulators or prosecuting authorities, or as the result of a straightforward audit or instigation of a corporate social responsibility programme. They may also come to light when a company conducts due diligence in anticipation of financial transactions – whether in the context of a merger, a joint venture, or a proprietary acquisition.

Indeed, many of our international clients have voluntarily undergone corruption ‘health checks’ to determine whether their employees across the globe are aware of corruption risks and how to manage them should they arise. It is frequently when employees (particularly those stationed at ‘outposts’ far from corporate headquarters) are interviewed by objective third parties or advisers – whether legal or otherwise – that such issues become apparent.

Identifying the problem

There is no single easily identifiable form of corruption. Corruption risk may take infinite forms, but patterns do emerge when one examines a range of instances over time in certain jurisdictions and sectors.

In China, for example, rapid growth continues to create new opportunities both for legitimate business and for cases of graft. Historically, the Chinese law enforcement authorities concentrated their energies on pursuing corruption involving government and Communist Party officials. While this will remain a priority, there is now increased emphasis on combating commercial bribery.

The compliance environment for international business is challenging because of the complexity of China’s anti-corruption laws. Myriad laws and their uneven application from region to region previously made the operating environment less than fully transparent. However, in the past two years the Chinese authorities have issued new rules and guidelines clarifying the application of the laws to commercial bribery. For example, in late 2008, the Supreme People’s Court and the Supreme People’s Procuratorate issued a joint opinion which clarified that the acceptance of a bribe was a criminal offence, regardless of whether or not the recipient was a state official.

Bribes may take the form of cash cards, house renovations and credit coupons as well as cash. Chinese business culture often emphasises the value of an exchange of favours, but it is important to remember that some favours may be seen as a form of bribery.

To date, most commercial bribery cases in China have involved domestic concerns. However, the conviction in March of four executives from the international mining company Rio Tinto raised the question of whether foreign companies were now more likely to be singled out for special attention. The most sensitive features of the case were heard behind closed doors, and concerned accusations that the four men had stolen commercial secrets. By contrast, the commercial bribery aspects were reasonably straightforward and involved charges that the men had taken bribes from Chinese companies seeking preferential access to iron ore. At the very least, the Rio Tinto case serves as an example that foreign companies are not immune from Chinese anti-corruption investigations.

In practice, the Public Security Board (PSB) is usually reluctant to pursue commercial bribery cases because they are hard to prove. In our experience, PSB prosecutions of foreign company employees most often arise because the companies have sought official assistance to pursue offenders. For business, a perhaps more common corruption-related risk arises from investigations pursued and fines levied by the Administration of Industry and Commerce (AIC). The AIC is China’s commercial regulator and functions at the national, provincial and local levels. It exercises broad powers to investigate alleged commercial malfeasance, seize evidence and impose financial penalties. It also has the authority to order the disgorgement of profits earned through unfair commercial practices.

Most of the fraud and commercial corruption cases that affect international companies, in China and elsewhere, are the result of a lack of vigilance among middle and senior management. Examples include hasty decisions to form joint venture partnerships without proper due diligence, the appointment of commercial agents with large budgets and no questions asked, and uncritical delegation to local management (‘after all, they understand the culture’) without instituting proper controls. Procurement departments are particularly vulnerable and we have come across many cases where company staff have accepted kickbacks in return for awarding contracts or placing orders with friends or relatives.

Lavish corporate entertainment is widely seen as an intrinsic part of Chinese business culture, but it may nonetheless subject international firms to criminal liability. For instance, in a recent case involving Lucent Technologies, the Department of Justice (DoJ) alleged that the company sponsored 315 overseas trips for Chinese government officials from 2000-2003, and that these ‘primarily included sightseeing, entertainment and leisure’ designed to help the company secure future multi-million-dollar contracts. Lucent ultimately entered into a two-year deferred prosecution agreement and paid penalties totalling $2.5m to the DoJ and the Securities and Exchange Commission.

While bogus trips are clearly unacceptable, corporate hospitality can play a positive and legitimate role in building business relationships in China, as in any country. It is essential for companies to provide clear guidelines as to what kinds of activity are and are not acceptable, and what is acceptable only with the authorisation of senior management. The ‘adequate procedures’ guidance demands nothing less.

Our experience assisting companies has revealed that dealing with corruption concerns efficiently is not only part of effective compliance, but is also key to overall risk management, especially in more opaque and high-risk markets. In particular, where international companies are faced with an environment where business and politics overlap, such as in Africa and the Middle East, it is often the case that the business will find itself in a relationship with politically influential partners or company officers. Companies that fail properly to retain effective visibility and control may find that when an allegation of corruption surfaces, the issue can prove hard to investigate and may raise security and political concerns.

Where companies have lost managerial control of an influential partner or employee, it may be difficult to gain access to the books, records and witnesses needed to understand fully any alleged problem. In contrast, those companies that understand their partners and operating environments are best-placed to evaluate identified risks and to manage them without suffering commercial harm.

Red flags

While corruption risk may present location-specific pitfalls, there are circumstances, regardless of where they occur, that may alert counsel to the need for a closer look. Taken in isolation they may mean nothing, but a combination of any of the following may merit further investigation: rapid expansion; expatriate managers who are focused upward only; aggressive localisation of key managerial roles; non-existent or inadequate employee screening; lack of explicit policies and standards; failure to educate employees about relevant rules and limited documentation of educational efforts and training; limited or no personal disclosure; poor internal security; absence of information classification; lack of relevant internal audit or controls; no vetting procedures for new accounts or vendors; ineffective monitoring of local management activities; the existence of perverse incentives, such as bonuses for hitting unrealistic financial targets; and conscious disregard of unethical behaviour by a successful employee (or competitor), since inconsistent application of the rules sends the wrong message and may encourage copycat action among others.

Managing the problem

The fundamentals of a best-practice programme require a clear ‘no bribes’ policy, fully understood at every level of the company and reinforced by well-targeted (and recorded) training. Most multinational companies offer basic ethics training, but this often lacks practical examples and may not be offered in the native language. Holding workshops in which staff can practise how to respond to corruption risks can pay extraordinary dividends as staff develop the tools, confidence and language to meet corruption risks head on.

We believe one-off training is insufficient to get the message across. Repeated educational efforts, conducted at least annually and then surveyed to ensure that the appropriate lessons have been learned, is absolutely essential.

However good the training may be, it is unlikely to anticipate every possible situation. Employees who encounter problems – or who believe that another staff member is involved in corruption or fraud – need to know where to turn for help. Having implemented hotline systems around the world, we have learned that the two key elements to success are publicity and trust. The best hotline in the world is useless if potential users (staff and third parties) do not know it exists or how to use it.

Regular auditing and monitoring is another key area that is often overlooked or deliberately avoided because some employers feel uncomfortable informing staff that their activities may be routinely scrutinised for compliance with corporate standards.

Similarly, companies must continuously assess the corruption and compliance risks they face to ensure that their programmes are robust and effective – before problems arise. Effective due diligence is a key part of risk assessment and perhaps the most important safeguard to business missteps, particularly in developing economies. It is essential that organisations know with whom they are dealing – whether a prospective business partner, acquisition target, supplier, distributor or management hire. The most common surprises include the existence of hidden ties among related parties, opaque ownership structures of offshore corporations, obscured government connections and non-transparent financial dealings.

Finally, the company must take action when suspected malfeasance is detected. This may include disciplinary and legal action against the perpetrators in addition to improvements in internal controls to prevent recurrence. Most importantly, there must be policies in place that describe clearly what constitutes a violation, with demarcated levels of offence, and the measures a company may take to respond. Staff should be thoroughly familiarised with these policies and asked to acknowledge their understanding in writing.

Investigations into suspected corruption or other malfeasance can be costly, time-consuming and damaging to the company’s reputation and its financial bottom line. Particularly in the current regulatory environment, where prosecuting authorities across jurisdictions share information, counsel must ensure that they understand the contours of the businesses they serve and the local environments in which these businesses operate, so that they can devise and implement procedures that are truly adequate in addressing potential corruption risk around the world.

Lisa Osofsky is a regulatory adviser for Control Risks and formerly represented the UK as co-vice-chair of the anti-corruption committee of the International Bar Association; Lucy Norton is an associate director within Control Risks’ corporate investigations practice