In its newsletter of April 2013 De Nederlandsche Bank (DNB) indicated that banks should put the topic of anti-corruption higher on their agendas. According to the DNB’s initial research into this issue, there is still insufficient form given to conducting systematic risk analysis on corruption and the maintenance of an anti-corruption policy. DNB concludes that the same applies to insurers. And although everyone agrees that corruption goes against the ethical norm and that the risk of reputation damage is large, in practice it is not easy to formulate a policy and to mitigate the risk of corruption.
The anti-corruption legislation in the Netherlands is included in the Penal Code. In addition to this, Dutch banks and insurers supervised by DNB on the basis of the Wtf, must have sound and controlled management, which in itself implies that the policy must be aimed at preventing corruption.
For Dutch banks and insurers which are active abroad international rules penalising corruption also apply. In this respect the United Kingdom’s Bribery Act and the American Foreign Corrupt Practices Act are particularly important. These two laws have extra territorial action and consequently apply outside the British and the American territories. The British and the American authorities strictly enforce these laws, often with huge penalties. For Dutch parties active in these countries it is particularly relevant to be able to show that they have adequate procedures in place to fight corruption, preventing possible enforcement (ground for exculpation).
It is therefore important to have an adequate policy in the field of anti-corruption, not only with respect to the requirements of the Wtf and the importance DNB attaches to this subject, but also because of the potential consequences when for instance business is unintentionally done with a party that appears to be involved in corruption.
The anti-corruption policy covers several areas. In a substantial number of areas you will already have a policy resulting from existing Wtf-requirements. Consider for instance not only regulations concerning additional functions, the prevention of conflicts of interests and the reporting of incidents, but also the investigation of the integrity and the reputation of business partners who you cooperate with as a bank or an insurer or from whom you purchase products.
In its newsletter DNB indicates that it perceives risks especially in the field of conflicts of interests (in particular in the mixture of interests with additional functions) and in the investigation of business partners. It is however also possible that corruption takes place by receiving or giving gifts or facilitation payments or that your company sponsors an event. You have to make sure that there is no corruption whatsoever or that you have done everything reasonably possible in your power, with an adequate policy and procedures, to exclude the risk of corruption to the greatest extent possible.
Compliance and policy
According to the DNB it is difficult in practice to formulate an adequate policy in this field. There is no instant solution since the risks for the different companies are partially overlapping but also show many differences and depend on, among other things, the following circumstances.
The countries you operate in as a company, for instance high-risk countries, including those on the FATF website. The countries on the WWFT which you as a business have identified yourself, or the countries where independent organisations have established an increased risk of corruption (the National Corruption Index). Furthermore, you must be aware that in some countries it is commonplace to make facilitation payments, but that this is not considered as corruption in that specific country. Also consider the size of your activities or the partners you work with. Is it for instance a business partner who depends greatly on this cooperation for the continuity of his company or does your business partner have an opaque business structure? These then are indications which may lead to an increased risk.
Also with regard to adequate controlling measures there may be differences in the steps you and your competitor take to mitigate the risks. After all, adequate implies a principle-based approach, depending on the nature, the volume and the organisation of the company.
It is particularly important to start at the beginning; initially making a risk analysis to determine where risks of corruption could possibly arise within your company. After this, using a risk analysis you can then judge where the policy as formulated within your company concerning the frame of norms, still falls short in confronting the risks, subsequently adapting the policy on these points, or introducing a new policy to cover the areas where there is not yet a policy. To conclude, it is important to fully implement (the adjustments to) the policy, to continue monitoring and to evaluate whenever possible.
For the implementation you can use an implementation plan, for instance, determining per controlling measure what is needed to translate it into a process or a procedure within the company, and also apportioning this to a specific individual within a fixed timeframe. Subsequently, the success of the measure needs to be tested periodically, where the periodicity may be set dependent on the materiality of the risk concerned.
- Insufficient insight into the scope of the anti-corruption legislation. For instance, the requirement to know who you are doing business with (the business partners) for instance, is not only aimed at purchasing but also includes collaborations, joint ventures, lawyers and other parties from whom you purchase services. No one can guarantee completeness, but when forming a policy, analyses and its implementation involve as many disciplines as possible (compliance, legal, risk management and business people).
- Conducting a risk analysis that is too limited, due to the perception that the current regulations regarding for instance gifts, additional functions and staff screening will suffice.
- The choosing of controlling measures to be taken should be proportionate to the level of risk, whereby the scores within the organisation of the level of risk should be sufficiently objective
- Insufficient recording of choices made in the risk analysis and implementation; this needs to provide sufficient insight in order to be able to show that the policy is adequate and also to demonstrate this when requested by the supervisor.
- Having adequate procedures and measures in place is in itself not enough. The success of these procedures and measures also needs to be tested periodically. To this end it should be clear who has which responsibility during testing, who will be reported to and in which way.
- Also consider how to act when a case of corruption does occur and how the damage can be limited in so far as possible.
Charco & Dique
If you want to know more about this subject, the layout of a risk analysis or the drawing up, adjustment and implementation of a policy in the field of anti-corruption, Charco & Dique can assist you.
For more information please contact Charco & Dique on 020-4165403 or send an email to: firstname.lastname@example.org