How would you describe the current legal and regulatory environment governing anti-corruption efforts? To what extent have related risks and compliance demands increased for businesses?
John Loesch: In the United States, prosecutors and regulators continue to aggressively enforce the Foreign Corrupt Practices Act (FCPA) and impose significant sanctions on corporations and individuals. With the Department of Justice (DOJ) Corporate Enforcement Policy, there are now significant incentives for companies that self-report misconduct, fully cooperate with the DOJ’s investigation, and timely and adequately remediate their compliance programs. To receive full cooperation credit, among other things, companies are required to identify all individuals substantially involved in the underlying conduct and turn over all relevant facts. This is consistent with the DOJ’s increased focus on individual liability. Recent statements by DOJ officials substantiate that these cases are a priority and that they, with the FBI, will continue to dedicate resources to investigating and prosecuting these matters.
Outside the United States, many countries are passing new anti-bribery laws or stepping up enforcement of existing laws. France recently conducted their first independent prosecution under their new anti-corruption law, Sapin II. In addition, Brazil and Argentina have both been more aggressive in independently pursuing investigations and prosecutions against corrupt government officials. U.S. prosecutors and regulators are now working more closely with their foreign counterparts to share information and, in many instances, are arriving at global resolutions whereby financial sanctions are allocated between the participating jurisdictions.
Thus, in the current environment, it is likely that a company with a bribery/corruption problem will be facing investigations in multiple jurisdictions. Compliance programs must be appropriately scoped to meet these multinational risks.
What steps can organisations take to ensure their anti-corruption programmes align with regulatory compliance requirements?
Joseph Campbell: Fortunately, there is a good bit of guidance published regarding anti-corruption compliance programs. The DOJ and U.S. Securities and Exchange Commission (SEC) have published FCPA guidance, which includes “Hallmarks of Effective Compliance Programs.” The UK Ministry of Justice has published Bribery Act guidance, which addresses “Adequate Procedures.” In addition, the Organization for Economic Cooperation and Development and several other organizations have released compliance program guidance. All of the guidance is similar and requires that compliance programs include continuous and comprehensive risk assessments, coupled with a process to strengthen existing controls and develop new controls as necessary, consistent with the risk assessment. A code of conduct, and ethics policies endorsed by top management and that require accountability throughout the organization, should also be included. An effective whistle-blower program is also recommended. Companies also should develop a strong internal audit team and plan. Audits should be structured to test the execution of existing controls, incorporate steps that recognize fraud indicators and anomalies associated with historical weaknesses, and those that are indicative of emerging risks. A training program should provide all employees with an understanding of the company’s policies, procedures, processes, and controls, and how they are designed to ensure compliance with the law and regulations.
What role can data analytics and artificial intelligence play in detecting and preventing corrupt activities?
John Loesch: In today’s “Big Data” world, data analytics and artificial intelligence (AI) can help an organization analyze data quickly from multiple sources to identify anomalous activity associated with third parties, employees, and customers. Patterns can be revealed that are too complex for humans to see without mechanical assistance (or without significant time and effort). For example, AI can analyze accounting ledgers, travel and expense reports, receipts and invoices, emails, phone calls, and text messages to detect payments/expense payouts that are questionable in terms of timing, nature, regularity, and amounts. A surveillance tool using machine learning can be “fed” historical information and learn to recognize acceptable and appropriate transactional patterns and then have the ability to identify transactions that do not “fit” that pattern and may be anomalous and should be reviewed for improper behavior. Such deviations, for example, a salesperson in Asia whose expenses are double the average of the rest of the regional sales team, can be investigated allowing mitigation of corruption at early stages.
As data analytics/AI becomes more of a best practice, a decision not to incorporate data analytics and AI will most certainly be second guessed by prosecutors/regulators, thus there better be a good documented reason for not incorporating.
Director, Global Investigations and Compliance practice