A Guide for Small and Mid-Sized Organizations
Chapter 1: Introduction
Why are you reading this book? Perhaps your organization exports goods or performs services in overseas markets where bribery is part of daily business. Maybe you wish to protect your company as you expand into a new market. Or possibly, you are simply trading locally and updating your existing anti-corruption programme. In all of these cases, you will rightly be wondering how your organization can best protect itself against the risks of bribery and corruption.
Well, you are not in luck, because most of the anti-corruption advice that is available – including most official government guidance – is written with multinational enterprises (MNEs) in mind. This may be unsurprising, given that they are the potentially biggest bribe payers. However, they are also the ones with the resources and scale of activities that can justify dedicated compliance functions, internal investigators, consultants and digital tools, not to mention lawyers and crisis management consultants when things go wrong.
This focus on large organizations leaves micro, small- and medium-sized enterprises (MSMEs or usually just SMEs), as well as non-profit organizations, rather exposed and left to find their own way through the legal and compliance maze. SMEs, taking the informal and formal sectors together, make up over 90 per cent of all businesses in the world.1 This means that most SMEs are struggling whilst being disproportionately exposed to bribery and corruption risks.2
Surprisingly, no standard international definition of an SME exists. SMEs are defined differently in the legislation of different countries, in particular because ‘small’ and ‘medium’ are relative to the size of the domestic economy.3
This book takes a broad definition of SME, offering guidance useful to any organization that is not a large multinational enterprise. In particular, this includes privately owned companies and non-profit organizations that operate internationally and are therefore exposed to greater corruption risks. These organizations may be micro in size or have several thousand employees, but they generally share a common feature – they have limited resources for anti-corruption compliance.4
If your organization is like most SMEs, one-size-fits-all advice can be difficult to follow. Where to start? What is essential? What isn’t? What are some different approaches to anti-corruption compliance, and which one is right for my organization? How can my organization mitigate corruption risks without being suffocated by paperwork and policies, and without losing both business agility and entrepreneurial spirit?
As a result of this confusion, you may postpone decisions on following anti-corruption advice and hope it does not apply to your operations around the world. This is risky, because anti-corruption laws do not make allowances for the size of the organization involved. The laws (see Chapter 2) apply equally, regardless of the number of employees or the legal structure. And no matter how small the bribe is, the amount is irrelevant as for most laws there is no permissible minimum.
And as you well know, for a small organisation, the capacity to withstand legal and reputation damage arising from a criminal investigation is not the same as for a large one.
1.1 Anti-corruption compliance: headache or opportunity?
Unless your business is a very unusual one, you do not operate in isolation. You will have customers – often larger companies or government departments – and investors who may well be sending you piles of forms to fill in as part of their due diligence. Non-profit organizations will be inundated with similar forms from donors. You may spend hours staring at the page wondering what to answer or feeling a constant underlying stress that perhaps your answers are not quite as good as they should be. Maybe that is because you do not actually know if your employees or agents are doing the right thing, and always telling you the whole truth about how they won that big contract.
Think of this not as a headache but as an opportunity to enhance your business and put it on firmer foundations. Why? Because working on developing an ethical culture, implementing anti-corruption compliance preventive tools into daily business and closing the gaps through collective action are cost-effective actions that are within any budget. Following the approach set out in this book will help to strengthen your organization and anti-corruption programme together.
An ethical culture can inform your risk mitigation and business strategy, hiring practices, operational processes and decisions on new business – in other words, be ingrained into your organization from top to bottom and backed up by a robust compliance programme. If you manage to do this and still find that there are gaps and tough areas to address, then proactively joining or starting initiatives to prevent corruption through collective action will create a strong and sustainable base for your organization to grow.
At the end of the day, by taking charge of developing an effective compliance programme that works for you, you will develop a company culture that is resistant to corruption risks in the first place and in which integrity is simply part of how business is done. This has multiple benefits, including to your bottom line.
A programme that works for you is not something you can pick off a shelf, depending on the anti-corruption laws that apply to your organization. It is one that matches your needs and resources and answers the demands of your customers, investors and/or donors. This is why your managers and other employees are such a great resource. Given the chance, they will probably be glad to help develop a programme that makes sense for the business as well as its stakeholders. Your teams are best placed to identify the risks in the fields and countries where they operate, and they need to be part of the solutions.
You will find another great resource in the due diligence forms and codes of ethics that larger customers may have sent you to fill in and sign. Paying close attention to these will highlight aspects you definitely need to consider in your own anti-corruption compliance programme.
Developing or updating anti-corruption compliance measures is also a good opportunity to check that you are complying with all relevant laws in the countries in which you operate, which may have changed since you first started operating there. It is a chance to review any corruption-related risks arising from customers and business partners, too. This is a challenging task, because the bigger the customer is, the bigger the potential business rewards – but the more attention needs to be paid to the risks they raise for your organization.
If they do not match up to your ethical standards because they require services that will drag employees into illegal practices such as bribery, in the long term they are not worth it.
1.2 How do culture, compliance and collective action build an effective anti-corruption programme?
The goal of an anti-corruption compliance programme is often summarized as being to ‘prevent, detect and respond’ to bribery and other forms of corruption, and to remediate failures when they occur. As will be discussed later, this is often achieved though the adoption and implementation of risk-based, firm-specific procedures and controls. This shorthand underplays an essential element: the ethical context or company culture. If you do not get this right, all your efforts made through anti-corruption policies, procedures, controls and certifications will be undermined. It is the single most important element of the programme.
Technology can help, but at the end of the day it is people who use software, pitch for business and interact with clients, governments and investors. So take heart: it will take time and effort to develop the right culture (see Chapter 3), but as an SME, the size of your organization means you are closer to your employees and do not need to throw a lot of money around to achieve this. With a strong foundation, your anti-corruption programme will then be a lot easier to implement.
That said, there are traditional elements of an anti-corruption programme that cannot be ignored. These are:
• identifying bribery and other corruption risks;
• developing policies and procedures to guide employees and enable them to get advice and report issues;
• establishing financial controls for risky areas;
• due diligence on third parties, including some customers;
• training on all these standards;
• communicating with stakeholders and partners;
• monitoring how it is all working;
• investigating when it goes wrong;
• finally, fixing failures.
Compliance is a work in progress that requires a mix of skills, and nobody expects a small organization to do everything perfectly at once. Specialist legal knowledge can help, but common sense, business experience and sharing experiences with others are important too. This is where, no matter where you are in your journey towards an anti-corruption compliance programme, collective action can help.
Chapter 7 explains what collective action entails and how it can help your company. It can help not only in places where corruption-related problems seem intractable and need multiple players to solve the issues, but also to level the playing field and make it easier for you, as a smaller player in your field, to compete equally against larger competitors. Teaming up with others is endorsed by governments and many companies as it is a useful tool to complement anti-corruption efforts.