From Due Diligence to 3rd-Party Audit - CEEEC 2020 · - the due diligence process to be thorough...
Transcript of From Due Diligence to 3rd-Party Audit - CEEEC 2020 · - the due diligence process to be thorough...
EthicsComplianceHubs | 2018 Edition | Musat & AssociatesJUN 7, 2018 / BUCHAREST
The Challenges of ABAC Compliance in the Supply ChainFrom Due Diligence to 3rd-Party Audit
Cristian DUCU, PhDCentre for Advanced Research in Management and Applied EthicsEuropean Ethics & Compliance Association
What is and what isn’t
ABAC Compliance
ABAC Compliance in the G-R-E-C-S MultiverseNew Developments
ABAC Compliance in the G-R-E-C-S Multiverse
The Ethics & Compliance function is both a strategic and a support one.
Strategic – it should earn a seat at the Board’s table
Leading Corporate Integrity: Defining the Role of the Chief Ethics and Compliance Officer(CECO); Ethics Resource Center, USA, Aug. 2007.
Emmanuel Lulinappointed Senior VP (2013)to extend his position as Chief Ethics Officer at L’Oreal (2013)
Sylvie Kandé de Beaupuyappointed to the Board of Directors of Siemens-Alstom (2018)
Support – it should provide effective means to prevent and fight corruption, bribery and abusive business practices throughout the organization and its value chain
A New Trend?
GOVERNANCE
• ABAC Policies & Procedures• Ethical Leadership & Stewardship• ABAC Training• ABAC Communication
ABAC Institutions
REGULATORY
• ABAC Regulatory Frameworks/Requirements• Regulatory Enforcement Actions• Sanctions Lists
REPORTING
• Financial Transparency• Non-Financial Transparency
RISK
• Enhanced Due Diligence (beneficial ownership, corruption risks etc.)• Risk Assessment• Substantive Testing• Monitoring Reviews• Internal Audits• 3rd-Party Audits• Whistleblowing/Ethics Hotlines• International roundtables
or integrity pacts
ABAC Technology
REGULATORY
• Thomson Reuters, LexisNexis etc.regulatory compliance platforms
• Lists of sanctions and sanctioned people
REPORTING
• Reporting platforms• International benchmarking systems
GOVERNANCE
• Policies & Procedures management systems• Internal Communication & training platforms
RISK
• Due Diligence platforms Enhance Beneficial Ownership → ORBIS (BvD)• Automated screening of 3-rd Parties• Audit systems • 3rd-Party Audits• Whistleblowing online platformsformer EthicsPoint (Navex) and similar services
ABAC Practices
REGULATORY
Negative approach: top-management introduce exceptions regarding some PEP clients that can help with some public affairs issues
REPORTING
Negative approach: in respect to the shareholders’ rights, demonstrate no transparency regarding a corruption case that affects the company
GOVERNANCE
Negative approach: implement procedures without extensive (internal and 3rd-party) communication and training
RISK
Positive approach: legal clauses included in the supply agreements concerning the monitor reviews, 3rd-party audits, sanctions in case of corrupt practices
• US Foreign Corrupt Practices Act (1977)
• Inter-American Convention against Corruption (IACAC, 1996)
• OECD Convention on Combating Bribery of Foreign Public Officialsin International Business Transactions (OECD Anti-Bribery Convention, 1997)
ABAC Regulatory Frameworks
The design and effectiveness of the ABAC policies & procedures are based on the existing regulatory
requirements
are influenced bythe available tech solutions
and
depend massively on the risk appetite of the organization
• United Nations Convention against Corruption (UNCAC, 2003)
• African Union Convention on Preventing and Combating Corruption (2003)
• European Anti-Corruption Conventions
• UK Anti-Bribery Act (2010)
• SAPIN II (2016)
• Spanish Penal Code (2015)
• ISO 19600, ISO 37001
• GRI Standards
Commercial Bribery
Blindspot
A Common Example of Corruption
A Less Known Case of Corruption: Commercial Bribery
Why Should I Be Responsible for the Actions of My Supplier?
Challenge #1
Common Rationalization
The vast majority of businessmen & businesswomen, across the globe:
my sole and constant objective/target is to make more money for my shareholders(and avoid paying fines and other types of costs associated with non-compliant practices)
to be responsible for what my supplier does is an exaggeration on the behalf of the regulatorbecause I cannot control his/her actions and business practices
“Everyone is responsible for himself/herself.”
Illustration:- Rana Plaza collapse (April 24, 2013; Bangladesh) – Primark vs. Walmart behaviour
One Example: UK Anti-Bribery Act (2010)
‘No Clean Supply Chain’ Rule
Challenge #2
There are no supply chains immune to corruption and bribery,no matter what a company does to protect itself.
‘No Clean Supply Chain’ Rule
The absence of admittance of this leads to blind spots and increasing risks throughout the supply chain.
The risks associated with corruption increase with the size of the supply chain: a larger supply chain is more exposed than a small one.
The level of the corruption, bribery and abusive practices depends not only on the size, but also on how spread and where is geographically located the supply chain: a dispersed supply chain throughout Asia is more exposed than one located in Eastern Europe.
If abusive practices are generally easy to spot, corruption and bribery are allusive and happen mainly behind closed doors.
Industry Practices
Challenge #3
Some industries are more exposed to corruption and bribery than others
a) especially the strict regulated industries (e.g., Extractive, Pharmaceutical, IT&C , Construction etc.)
b) especially those who are forced down to offer low prices(e.g., Textile, Agriculture etc.)
c) especially those who are working with public procurement(e.g., IT&C, Consulting for EU funds)
Industry Practices
Illustrations:- Microsoft Cases (Romania); Siveco (Romania); Asesoft (Romania)- Automotive Industry – the collusion case of the German automakers
(Volkswagen, Audi, BMW, Porsche, Daimler) on diesel emissions (the 90s)
Some states are more flexible when the bribe serves the interests oftheir SOEs and/or are paid in foreign countries:
- former regime of Gaddafi (Libya), China, Russia
So you need to screen even more the legal entities belonging to this type ofstates or PEPs.
How deep should the due diligence process be?
National Double Standards
How Do You Discover a Rogue Supplier?
Challenge #4
Most of the time, it is too late when a company learns about thenon-compliant practices of one of its suppliers.
There are also cases when a company learns via a tip(ethics/whistleblowing hotline). This is the most used channel in suchcases and it should come with considerable protection towhistleblowers.
The investment in prevention is the key for keeping the corruptionand bribery risks at acceptable levels.
How Do You Discover a Rogue Supplier?
The investment in prevention is the key for keeping the corruption and bribery risks at acceptable levels.
What to Do?
To decrease the corruption and bribery risks can be achieved only by increasing the risk adversity of the supplier:
- the due diligence process to be thorough and not negotiable
- the danger of losing the contract if non-compliant to be real
- monitoring reviews to be comprehensive
- the ethical stewardship to be an active program
- the whistleblowing hotline to be effective and lead to testing
- 3rd-party audits to be unannounced and more comprehensive
Compliance Fatigue
Challenge #4
The Ethics & Compliance Department should not become theorganizational policeman and nor should introduce a new form ofbureaucracy.
Compliance Fatigue
The danger of increasing the responsibilities of the Ethics &Compliance Department to the breaking point.
Illustration:- local, less significant markets, multinationals have the tendency toconcentrate multiple functions in one department or even in one position
Legal & Compliance & IP & Data Protection ManagerAML, Anti-Fraud, Internal Control & Compliance & Ethics Dept
It is equally if not perhaps more important torecognize that laws and regulations, surveillance, andsanctioning -- the tools of control -- may themselvesbe related to unlawful behaviour. Increasing theseresources to strengthen agency capabilities may havethe unintended effect of increasing real rates ofunlawful business conduct, even after accounting forincreases from greater enforcement activity.
Diane Vaughan (1983), Controlling Unlawful OrganizationalBehavior. Social Structure and Corporate Misconduct; University ofChicago Press.
Integrity is not a cost nor an investment,but an excellence of character
+4 073 320 4146 [email protected]
www.etica-aplicata.ro