• Governance I Risk I Compliance Management

The United Nations (UN) estimates that roughly a trillion dollars in bribes is paid annually worldwide. This increases the cost of investment in developing countries by at least 20 percent. With a lot of companies remaining silent on the subject, as per a report on forbes.com, the time has come to put an Anti-Bribery Management System in place.

“We believe that organisations around South Asia are looking to get certified for the scope of ISO 37001 Anti-Bribery Management System and ISO 37301 Compliance Management System to demonstrate their ‘adequate procedures’,” says Zafar I. Anjum, Group Chief Executive Officer, the ABAC Group.

Fortifying your Anti Bribery Management System

“Concentrating on the increasing world disagreement against bribery corrupt business practices, global organisations are ramping up efforts to develop effective frameworks to prevent, detect and report bribery and corruption,” he continues.

In fortifying their Anti-Bribery Management Systems, those proactive organisations are further protecting themselves as sound frameworks can play a pivotal role in establishing “adequate procedures” as a compliance defence in the event of a bribery accusation, feels Zafar.

Protecting corporates through “adequate procedures”

“Adequate procedures” is a term made famous through the U.K. Bribery Act of 2010, which presents the potential of a company avoiding liability for failing to prevent bribery if that organisation can fully demonstrate clear, sound and established policies and procedures that deter individuals (both within and outside of the organisation) from partaking in questionable or corrupt conduct. Guidelines on Adequate Procedures are issued according to section 17A(5) of the Malaysian Anti-Corruption Commission Act 2009 (“GAP”), at a minimum, when establishing its group policies and procedures on anti-corruption.

However, a key challenge for the global business sector is that “adequate procedures” takes on different meanings, depending on what country or jurisdiction the business may reside. Further, most enforcement agencies and government authorities offer little guidance that pinpoints what “adequate procedures” means when considered a possible defence in a legal proceeding.

Consider two international legislative provisions – the U.K. Bribery Act of 2010 and the Foreign Corrupt Practices Act (FCPA) – that offer “adequate procedures” as a possible legal defence consideration, in addition to the recent National Anti-Corruption Plan of the Malaysian Government. Each provision demonstrates how a newly adopted international standard – ISO 37001:2016 – can offer multi-national organisations specific guidelines in developing a globally accepted anti-bribery management system that may support most “adequate procedures” defences.

U.K. Bribery Act of 2010

Under the U.K. Bribery Act, an “adequate procedures” defence would be considered during an investigation into a corporate failure to prevent bribery. The act provides commercial organisations with a defence to liability when they can prove and demonstrate that they had proper procedures to prevent persons associated with the organisations from undertaking bribery-related conduct.

Consequently, corporations that are otherwise liable can escape criminal liability from the regulation if they can prove that they had in place “adequate procedures” to avoid the relevant illegal conduct from occurring. This defence is unique because it contends that corporations act in good faith and take proper precautions throughout the organisation to implement adequate compliance procedures and avoid being held criminally accountable for preventing bribery. This defence is significant because there is no such defence under the FCPA (see below) or most other foreign anti-bribery laws.

The 2010 U.K. Ministry of Justice Guidance on the U.K. Bribery Act provides that “commercial organisations [should] consider how to monitor and evaluate the effectiveness of their bribery prevention procedures and adapt them where necessary.

Foreign Corrupt Practices Act (FCPA)

While corporate compliance procedures are not considered in the liability phase of the FCPA, they are considered during the sentencing phase by the U.S. Department Of Justice (DOJ) relevant to the FCPA. The United States Sentencing Commission outlines through its Federal Sentencing Guideline Manual six factors — four aggravating and two mitigating — that a sentencing court must consider in determining the appropriate penalty on organisations convicted under the FCPA.

The existence of an effective compliance program is one of the two mitigating factors. Subsequently, an organisation convicted of FCPA violations can use the existence of an effective compliance program to reduce a penalty against it potentially. However, US DOJ’s recently published “Evaluation of Corporate Compliance Program Guidelines” referenced J.M. 9-28.300. These factors include “the adequacy and effectiveness of the corporation’s compliance program at the time of the offence, as well as at the time of a charging decision” and the corporation’s remedial efforts “to implement an adequate and effective corporate compliance program or to improve an existing one.”

Section §8B2.1 (b)(5)(A) of the U.S. Sentencing Guidelines provides that an “organisation shall take reasonable steps … to ensure that the organisation’s compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct.”

Malaysian National Anti-Corruption Plan 2019-2023

Under Section 17A (3) of the Malaysian Anti-Corruption Commission Act, if the commercial organisation is found liable under the corporate liability provisions, a person who is the director, controller, officer or partner of the organisation, or a person who is concerned with the organisation’s management affairs at the time of the commission of an offence, is deemed to have committed that offence unless such a person can prove that the corrupt act was committed without his consent or connivance and that he exercised due diligence to prevent that commission of the offence as he ought to have exercised concerning the nature of his function in that capacity and the circumstances. Hence, there is a need for all organisations to put in place “adequate procedures” as a defence in case there is proven corruption by the associated individual.

Section 17A(2) of the Malaysian Anti-Corruption Commission Amended Act increases the penalties to a maximum imprisonment of 20 years and/or fine of not less than 10 times the value of gratification or One Million Ringgit Malaysia (RM1,000,000.00) (whichever is higher). Malaysia’s Corporate Liability Provision came into effect on June 1, 2020.

Prevention of Corruption Act 1960 (PCA), Singapore

Enacted on 17 June 1960, the Prevention of Corruption Act 1960 (PCA) is the primary anti-corruption law in Singapore. The PCA empowers the Corrupt Practices Investigation Bureau (CPIB), and governs and defines corruption and its punishments.

CPIB also strongly encourages companies to obtain certification under the Singapore Standard (S.S.) ISO 37001 – Anti-Bribery Management Systems to help companies implement or enhance an anti-bribery management system to reduce corporate risk and reputational costs.

 Demonstrating “Adequate Procedures” through ISO 37001 Certification

In complying with these guidelines and proving “adequate procedures,” public and private sector organisations should strongly consider the ISO 37001 certification process, which would provide proper assurance that the organisation has succeeded in establishing, implementing, maintaining, reviewing and improving its Anti-Bribery Management System.

ISO 37001 Anti-Bribery Management System is an internationally accepted standard that specifies the procedures an organisation should implement to prevent bribery while detecting and reporting any bribery incident.

The standard requires organisations to implement these procedures on a reasonable and proportionate basis according to the type and size of the organisation and the nature and extent of bribery risks faced. It applies to small, medium and large organisations in the public and private sector and can be implemented in any country. Though it will not provide absolute assurance that bribery will completely cease, the standard can help establish that the organisation has in place reasonable, proportionate and adequate anti-bribery procedures.

About ABAC® Center of Excellence

ABAC® offers a complete suite of services and solutions designed to educate, equip and support the world’s leading business organisations with the latest best-in-practice risk & performance assessments, systems improvement & standards certification. The ABAC Center of Excellence Limited is fully accredited as a Conformity Assessment Body (Certification Body) to assist your organisation in attaining ISO 37001 certification through a thorough bribery risk assessment and audit covering the entire scope of the standard. The audit methodology is evidence-based, meaning any issues raised will be confirmed through adequate evidence that the ABAC Certification team has discovered during the audit.

Auditing techniques take a risk-based approach to examining your organisation’s Anti-Bribery Management System (ABMS), and the ABAC Certification team will increase the scale of the investigation if they determine that a specific process presents on a higher risk side. Factors such as Impact, Negligence, Minor, Major, and Critical are considered during the audit.

A separate audit method is a process-based approach where the ABAC Certification examines the organisation’s processes while considering the interaction between those processes. Finally, there is a sampling-based audit approach where ABAC Certification incorporates an appropriate sampling plan utilising samples from different ABMS processes to conclude and support the audit findings and results.

The audit is extremely thorough in its approach, which results in accredited certification for the scope of the ISO 37001 Anti-Bribery Management System. Because of the standard’s international acceptance and the thoroughness of the audit process, such certification can provide a valuable safeguard in demonstrating an “adequate procedures” compliance defence in cases posing a liability for a company’s failure to prevent bribery.

Indeed, from an FCPA and Evaluation of Corporate Compliance Programs perspective, an accredited ISO 37001 Anti-Bribery Management System certification may provide tangible evidence that a compliance program was in place at the time of the alleged bribery actions. Moreover, from a U.K. Bribery Act perspective, the certification could provide the company with tangible prima facie (or “first look”) evidence presented by an accredited certification body attesting to the establishment and effectiveness of the organisation’s compliance program.

Notably, per Section 17A of the Malaysian Anti-Corruption Commission, the Prime Minister’s National Anti-Corruption Plan 2019-2023 has declared ISO 37001 certification a requirement for companies operating in Malaysia.

There is a strong likelihood that ISO 37001 Anti-Bribery Management System will continue to set the pace for a globally recognised “adequate procedures” standard for corporations embroiled in corruption litigation proceedings. However, for now, the most powerful “assurance” tool that public and private sector organisations can use in their defence strategy is ISO 37001 ABMS certification.

ABAC Certification is a subject specialist Accredited Certification Body accredited by the United Kingdom Accreditation Service UKAS, Emirates International Accreditation Center (EIAC) and Department of Standards Malaysia.

Find out more about ABAC®!

We’re here to serve you, Let’s Talk!