Latest Products

What is happening with anti-bribery?

Tuesday 28 March 2017

Last year, it was announced that the 37001 Anti-Bribery Management System had been released.

In response, Martin Tolar, General Manager Asia Pacific for Red Flag, said organisations now need take the time to construct policies based on this standard, even if they are not legally obliged to inculcate it into their risk and compliance frameworks.

Tolar further suggested that those who do take this initiative will be noticed by the regulators, and this is likely to place that organisation in great stead with the regulator. “Hopefully, 37001 will start to focus minds on the issue, and increasingly, there seems to be a lot more media attention in this area,” he told GRC Professional.

Tolar added that, while Australia may be some time away from implementing these international standards into their regulated systems, it would still be in the best interest of any organisation to pay close attention to them.

Regulators and the Media
“Even though the regulators may be a bit behind, and there are promises to try and catch up on the regulatory pace, the journalists are on to it,” Tolar explained. “Most Australian organisation are being caught by the media, and they are being caught by international regulation. So there needs to be bench-marking of their regulatory efforts here very soon.”

Tolar added that the Leighton Holdings case remains interesting in this respect, despite being ongoing now for a few years. What makes it relevant is, of course, is that ASIC’s are now looking into it from a different perspective.

“My understanding is that ASIC are looking at the emails and the correspondences taking place within Leighton Holdings,” Tolar said. “In particular, they are looking at an employee who falsified accounting documentation around how the money was actually treated and the claims that have been made.”

Tolar added that, at least on the surface, it looks like an approach that has been implemented successfully by the US Department of Justice, where most organisations are tagged by regulators as a result of improper book- and record-keeping, and not just as a result of penalties or regulatory infringements because of bribery activity. And, while it looks like politicians here are dragging their feet on this issue, ASIC may be trying to address the problem with this new approach.

Risk and compliance in Australia
“They must have an anti-bribery policy in place,” Tolar explained. “That’s the beginning point; that’s the beginning of the framework. Now the challenge is going to be making sure the leadership—the CEO or board of directors—are on your side to endorse it and support your approach.”
Unfortunately, not all risk and compliance professionals have the benefit of that kind of leadership, or that kind of support from their leaders.

However, Tolar explained it is this kind of policy that best aids risk and compliance professionals to develop training and education around this area. It also provides an opportunity to check third-party risk and exposure. One of the biggest issues for Leighton Holdings, according to Tolar, is that they actually employed against this around the world, and as a result of not doing their due diligence, the repercussions came right back onto the organisation.

He added it was imperative for organisations to have policies in place that not only pacify the regulator when they come knocking, but also that ensure third party checks and due diligence is part of your third-party’s policy.

“If you do nothing else, you must check those third parties are doing the right thing,” Tolar said.
In the end, of course, it is not enough simply to have the policy. That policy must also be practice. That is the only way an organisation can effectively demonstrate to regulators—and to the media—that they are trying to do the right thing.