When establishing a compliance programme, companies need to determine the risks that apply in their sector and consider the jurisdictions in which they operate
The way in which businesses interact with public authorities is coming under increasing scrutiny in countries around the world, says Osborne Clarke partner Silvia Steiner. For example, in Spain there are the proposed amendments to the Criminal Code, while in China the government is penalising public officials who accept bribes as well as the companies that pay the bribes.
Considering businesses have to deal with public bodies on a regular basis in the course of their operations, they should protect themselves against possible breaches of regulations, Steiner says.
“Businesses have to interact with public authorities, whether it´s paying taxes, importing goods or obtaining permits, so this interaction has to be covered by internal protocols to guide the company and its employees in such interactions. When such interaction increases, so internal protocols must also increase – for example, pharmaceutical companies provide services to public hospitals and they interact with doctors, professors and key opinion leaders.”
Steiner believes that, in general, there is still a lack of knowledge about anticorruption compliance. “For example, small and medium-sized enterprises in Spain may say ´we only sell products in Spain and via third parties in Brazil, so why do we need to implement a thorough internal compliance programme?´ The reason they need such a programme is that they will be ultimately responsible for those third parties if they are not compliant because, these third parties represent the company in the assigned market or territory.”
However, events in the news are raising awareness of the need for compliance, according to Steiner. “Businesses know that if public officials receive bribes, the regulators will eventually focus on the companies that paid them,” she says. “In the US, where there is the Foreign Corrupt Practices Act, and in the UK, where there is the Bribery Act, they are much more advanced with regard to applying financial and human resources to combat corruption worldwide.”
There are two major considerations when establishing compliance programmes in your business, says Steiner. “Firstly, you need to determine the risks that apply to your particular sector, and secondly, you need to consider in which jurisdictions the business carries out its operations.” She adds that not all clients need the same compliance programmes. “The programme needs to be practical and manageable,” she says. “If you are a multinational headquartered in Spain, the head office will have to monitor how the compliance programme is being followed in all its subsidiaries.”
Steiner highlights the fact that rules on incentives may differ in different jurisdictions. “A local industry association may say no gifts worth more than €20, but in another jurisdiction, the local association may say no gifts at all and, of course, that is the rule that should apply.”
However, Steiner adds that there is “always common ground” between the systems being implemented in different countries to regulate the interaction between businesses and public authorities. “Most countries are aiming to implement the same kind of internal control systems, whether that is in Spain, the US, the UK or Italy, for example.”
Clients´ key concerns involve being held liable as both businesses and individuals, Steiner says. “They want to avoid liability for the company and for their employees,” she adds. There is also a great reputational risk, but it is taking time for businesses to become fully aware of the need to establish internal mechanisms to assure anticorruption compliance or, at least, mitigate the possible risks. As an example, Steiner explains that a common complaint from in-house lawyers is that their advice to their companies is often at odds with the instructions given to the commercial team when they are requiring results. “Management have to set the tone for compliance and lead on this issue – the tone must come from the top,” she says.
“Companies should establish tailored-made compliance programmes before they get investigated and not during an investigation – it´s not complicated and programmes can easily be adapted to your business and be practical and effective”.