Companies need to “consider how to monitor and evaluate the effectiveness of their procedures and adapt them where necessary…Organisations could…consider formal periodic reviews and reports for top-level management… [and] might wish to consider seeking some form of external verification or assurance of the effectiveness of procedures” - UK Bribery Act Adequate Procedures Guidance
Anti-corruption compliance is a challenging area for Boards. On the one hand, directors are aware of the ever-increasing expectations on them to ensure compliance and the risks of failing to do so; on the other hand, as companies’ global footprints increase, exercising effective oversight becomes more demanding and complex.
Guidance from regulators and others focuses on effectiveness-in-fact, not on the mere existence of a compliance programme. For example, the US DOJ and SEC ask three key questions when assessing an anti-corruption compliance programme:
- Is [it] well designed?
- Is it being applied in good faith?
- Does it work?1
Directors should regularly ask these questions of management, ensure they receive adequate reporting, and critically evaluate the information provided. In itself, however, this is unlikely to be enough to give the Board comfort that corruption controls are working because there is a limit as to the granularity of the information a Board can review – and reports from management or compliance will always involve a degree of marking their own homework.
To have a clear line of sight on the anti-corruption compliance programme, the Board should ensure that on a periodic basis it obtains an independent and rigorous assessment of its design, implementation and effectiveness.
In this article, we set out the types of questions the Board should be asking and explain how an independent review can help to answer them.