How to create a robust Anti-Corruption Framework (Part 1)

Corruption - A house of cardsIs your corruption prevention program going to deal you a winning hand, or will it collapse like a house of cards?  In today’s increasingly complex global environment, it’s no longer a question of whether an organisation has an anti-corruption framework in place, but how robust that framework actually is.  Corruption prevention and compliance programmes that fail to stand up to scrutiny when stress-tested, can have significant and far-reaching consequences.

In Part 1 of this two-part series, I’ll outline the essential building blocks that should be included in an effective anti-corruption framework.

How a failure to prevent corruption by employees led to a US$772 million penalty

While the resources needed to develop a robust corruption prevention framework may seem significant, the financial risks of not investing are even higher.  First and foremost are the direct financial and reputational losses caused by the act itself. This is highlighted by the ACFE’s annual global fraud surveys, which consistently estimate that the typical organisation loses 5% of its annual revenue to fraud alone.

These are not the only risks.  In a growing number of jurisdictions, the failure to implement processes that prevent employees or agents from offering bribes to facilitate business, will have a direct (material) impact on the size of the financial penalties levied should the organisation be prosecuted for corruption.  While the largest fine to date has been US$772 million, last year marked the largest number and highest dollar-value of FCPA (Foreign Corrupt Practice Act) enforcement actions in a single year, with US$2.43 billion of monetary penalties paid by 27 corporate entities.  As the number of countries enacting anti-bribery legislation containing extra-territorial reach grows, so does the potential risk of double or even triple- jeopardy, with organisations risking prosecution in multiple jurisdictions for the same crime.

While there is no silver bullet or ‘one-size-fits-all’ approach to designing and implementing a robust anti-corruption framework, there are a number of critical elements that should be included.  A number of these are covered below.

Key elements of an anti-corruption framework

For anti-corruption efforts to be effective, they must be part of an integrated holistic approach. The structure needed for this, is made up of a number of inter-related elements, each playing a critical role in countering corrupt behaviour, while at the same time helping to develop a strong ethical culture.

So what does such a framework look like?  While tailored to meet an organisation’s unique fraud and corruption-risk profile, an example of a generic anti-fraud and corruption framework is outlined in the Figure below.  Made up of a series of interlocking components, it can be broken down into three main parts: the pillars, or building blocks, which hold it up; the foundation on which they are built; and the overarching structure that binds it together.

Fraud and Anti-Corruption Framework Figure

The building blocks

Strong, well-designed anti-fraud and anti-corruption pillars are critical.  When taken together, they form the framework’s main building blocks. While the number used will vary depending on the organisation’s context, the framework outlined above is made up of six. As a general rule, they should be constructed around the three inter-related elements of corruption prevention, detection and response.

It is also important that the pillars focus not just on the implementation aspects, but include continuous monitoring and improvement features as well.  While the number – and content of each – will differ (depending on an organisation’s context), a brief description of each of the six pillars outlined below:

Pillar 1 – Fraud and corruption control plan

An integrated fraud and corruption control plan is an essential component of any anti-corruption framework.  The plan should document the organisation’s approach to controlling fraud and corruption at a strategic, tactical and operational level.  It should also outline the actions that need to be taken to implement and monitor the organisation’s individual corruption prevention, detection and response initiatives.

To be effective, the plan should be positioned within a broader enterprise-risk management system (see Pillar 3 below), and reviewed on a regular basis to take into account any changes in the internal and/or external environment.

From an accountability perspective, ownership of it should be assigned to an individual with the appropriate seniority, skill-set and gravitas.

Pillar 2 – Code of ethics / Code of conduct

A key strategy in corruption prevention is the development of an ethical organisational culture. Central to this is a comprehensive code of ethics. Containing a high-level aspirational statement of values, it should also include specific details of the types of behaviour the organisation deems as unacceptable.  To be as effective, it needs to be aligned with the organisation’s corruption prevention policy.

Pillar 3 – Corruption risk management

At the heart of corruption prevention efforts is a proactive risk-based management approach.  Knowing the organisation’s fraud and corruption-risk profile will enable the it to develop the appropriate risk-mitigation strategies, and assign corruption prevention resources to where they are needed most.  A comprehensive assessment should be carried out (at least annually) in which all potential fraud and corruption risks are identified, analysed and evaluated.

Pillar 4 – Detecting corrupt practices

Effective detection systems are also vital, as preventative methods may not always be successful.   Early detection is critical to limiting the spread of corrupt conduct and minimising any financial and reputational damage caused by it. While the majority of cases are reported by tip-offs, managers play a key role by ensuring they provide the appropriate level of supervision and checking.

An effective organisational internal reporting system, sound complaint and grievance processes, and a comprehensive internal audit and work review programme, also facilitates detection. The implementation of a whistleblower system is an essential component of this.

Pillar 5 – Responding to corrupt conduct

Responding effectively to suspected cases of fraud, corruption and other compliance breaches is critical. This involves a well conducted internal – and if necessary, external – investigation to ascertain the facts.  If proven, prompt reporting and appropriate disciplinary action is essential.  This includes referring the matter to the police in cases where a law may have been broken.

The information gained and lessons learned from each case should form part of an on-going review of fraud and corruption prevention controls, to ensure they are as comprehensive and effective as possible.

Pillar 6 – Education and awareness

The most important anti-corruption resource at an organisation’s disposal is its own staff.  In the majority of cases, employees will come forward if they know what to look for and feel safe reporting it.

For this reason, formal and informal education and corruption awareness raising is essential.  Encouragement and space should be provided to allow staff to openly talk about the topic, making them more comfortable in coming forward should they subsequently suspect corruption (or other compliance breaches) to have taken place.

Many fraud and corruption cases continue for years before they become known to the organisation, as managers and staff are either not aware of the warning signs, or the atmosphere is not conducive to reporting them.

So what does all this mean?

While a number of essential corruption prevention building blocks have been covered in this article, it is only the first step in developing a robust fraud and anti-corruption compliance framework.  Just as important is the foundation on which it is built, and the cement which binds it all together.  Both of these, along with a number of other key aspects that also need to be considered, will be covered in Part 2 of this series.

Jeremy SandbrookAbout the author: Jeremy Sandbrook is the Chief Executive of Integritas360, a global social enterprise that helps charities and NGOs/NFPs  ‘corruption-proof’ themselves. An internationally recognised anti-corruption expert, he has spent the last decade working in the international development sector, predominantly in Africa, Europe and Australasia. Jeremy also lectures on the topic at the University of Sydney’s Centre for Continuing Education.