In a recently released White Paper by the Wolfsberg Group, entitled “Wolfsberg Anti-Corruption Guidance”, a group of internal banks, together with Transparency Internal and the Basel Institute on Governance, issued guidance on anti-corruption and anti-bribery procedures which financial institutions should institute to ensure that their employees “adhere to high standards of integrity.” The White Paper is designed to provide banks and other financial institutions with a process and procedure which they can follow which will create a “best practices” anti-corruption and anti-bribery compliance program. However, the White Paper is also designed to prevent “misuse of financial institutions” and take a “multi-party approach to combating corruption.” This last statement may portend a greater involvement by financial institutions in evaluating a company’s anti-bribery and anti-corruption program. Finally, the Wolfsberg Group White Paper lays out excellent principles outlining the general parameters of a best practices compliance program which any non-financial institution may draw upon to create or enhance its own compliance program.
The Wolfsberg Guidance provides the full component of a minimum anti-corruption and anti-bribery program. Such a program should include the following.
- The program should be developed by senior management and endorsed by the Board of Directors.
- A written policy and procedures which should address commercial and public corruption and bribery. It should include both actual bribery and offers of bribery.
- A clear delineation of the risks associated with public officials including a definition of ‘public officials’ which meets international standards.
- Internal communication of the full compliance program to all appropriate employees and to relevant third parties.
- Roles and responsibilities should be allocated to persons senior in the organization to ensure implementation.
- An independent unit within the company, such as compliance, legal or other department should be charged with providing day-to-day resources on the compliance program to all employees and third parties who may seek assistance.
- A firm commitment to the compliance program should be publicly communicated.
The White Paper notes that the overall compliance program framework should be informed by a Risk Assessment. However, more than simply an initial risk assessment should be performed. A financial institution should regularly re-assess their internal corruption and bribery risks in connection their client risk. This means, for a non-financial institution, such a re-assessment should also be performed to evaluate ongoing and new geographic risks, transactional risks, third party risks, along with any new laws, regulations or new best practices should also be evaluated.
The White Paper recognizes that third parties pose a serious risk for corruption and bribery. Therefore, an appropriate level of due diligence should be performed prior to retaining such entities. However, ongoing monitoring should also be performed, which should include transactional monitoring and management, remuneration monitoring and, finally, monitoring of the third parties’ activities and expenses. This third party monitoring should extend to vendors in the procurement process and joint ventures principal investments and acquisitions.
The White Paper states that accurate policies and procedures should be maintained for political contributions and charitable donations. These should include pre-approval for such activities and full transparency with such contributions and donations are made. One of the key factors is to avoid the appearance of impropriety and to mitigate any risk of conflict of interest.
The White Paper makes it clear that a key component of any compliance program is clear procedures for gifts, entertainment and travel. Recognizing that financial institutions operate in an atmosphere where a wide variety of business entertainment is routinely offered, the White Paper emphasizes that business hospitality should take into account the recipient’s role and responsibility but most importantly be proportional. Further, when a governmental official is involved, there must be an accounting for the “applicable laws and regulations to which the public official is subject, but domestically and those which have an extra-territorial reach.” When such arrangements involve road shows or other events occurring over several days, “it behooves financial institutions to ensure that they have clear contractual arrangements with their clients and any third parties participating in the road show” [for payment arrangements]. Lastly, a clear escalation procedure should be created, delineated and communicated to relevant employees before certain gifts, entertainment or travel can be offered.
The White Paper states that financial institutions should establish a whistleblowing system, as an integral part of a compliance program. The system should be fully confidential, where legal. All whistleblower reports should be “diligently acknowledged, recorded, screened” and investigated.
All of the components of a compliance program should be communicated “effectively both internally and to appropriate third parties.” Obviously this starts with “Tone at the Top” with messages from senior management, including the Board of Directors. Substantively, the White Paper suggests that training should also include reference to applicable internal policies and procedures, present potential scenarios that may arise and a clear explanation of employees’ duties under applicable laws, regulations and the compliance program.
The White Paper suggests that a rigorous system of internal controls be implemented to serve as the “four eyes principle” of monitoring and surveillance. Monitoring should be ongoing as business circumstances change. Such monitoring should not include institution employees only but also third parties, where appropriate. Post transaction monitoring is appropriate to assess adherence to internal processes and procedures. Lastly, there should be a general prohibition against cash payments.
The White Paper identifies compliance terms and conditions with third parties as one of the mechanisms to manage risk, going forward. Generally speaking a contract should not be entered into unless an appropriate level of due diligence is performed; thereafter, key stakeholders should be queried to determine if the risk profile is acceptable to them. Only then should such a contractual arrangement be entered into with robust compliance terms and conditions.
The Wolfsberg Group White Paper is an important addition to the compliance world of thought leadership on what should constitute a minimum best practices compliance program. While it focuses on bank and other financial institutions, it cannot help but be adapted as a guide for all other businesses. For such non-banks, it can also be used as a checklist that companies can used when presenting their compliance programs to banks or other financial institutions during the loan or refinancing process. This final point may be its most useful in the long run.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2011
FCPA Compliance and Ethics Blog 