Due to huge investments in the area of anti-corruption compliance, companies worldwide are now focused on protecting themselves from breaches of international corruption laws. These laws are increasingly directed on commercial bribery (meaning unauthorised and unknown kickbacks payable to employees of your company). Despite this improvement in anti-corruption compliance, companies are neglecting to focus on conflicts of interest. At the end of the day, a conflict of interest is taking your own interests ahead of your company’s – precisely what commercial bribery laws are trying to address.
The following are some tips for launching or reinvigorating your conflicts of interest programme.
Build a programme, not a policy
Too many companies have only a conflicts policy, rather than having a comprehensive compliance programme. They place a simple policy on their intranet and don’t consider it again until there is an investigation. Having just a policy is simply no longer enough. A compliance programme is a much broader concept and must include all aspects of compliance. It must address the commitment to the conflicts programme, top down endorsement, a set of objectives, targets and key messaging. To see all the aspects of a compliance programme versus a simple policy, review the Australian Standard on compliance programmes, AS3806. The four key areas of compliance are:
- monitoring and measurement
- continual improvement.
Drive the programme as a compliance programme
The conflicts of interest compliance programme must address policies, procedures, rules, frequently-asked questions, approvals, escalations, technology enablers, training, communications and awareness. You need to drive the conflicts programme just like you would any other compliance programme (for example, your anti-corruption programme). As identified above, every single commercial bribery allegation has a potential conflict of interest at the root of it, so it is important to dovetail your conflicts of interest and anti-corruption programmes.
Your conflicts of interest compliance programme must also look at changing the company’s behaviour regarding conflicts. This includes driving people to complete declarations when required to do so and trying to avoid conflicts in the first place. In many companies, obtaining a simple declaration is like pulling teeth, with employees – even senior employees – dragging their feet at completing a disclosure. This alone should set off warning signs about that person. In some cases, you will need to incentivise people to timely complete their declaration – consider something such as an award for the first responder or group of responders.
Decide when disclosures should be made
Best practice is to require a disclosure once a year from senior management, at the very least. While years ago, the attitude was to “disclose when you need to”, current preferred practice is an annual disclosure, even if it only states that there is nothing to disclose. Directors, senior management and middle managers should complete this disclosure as part of their variable remuneration requirements and at any time throughout the year when a potential conflict arises.
Give examples of disclosures in training
Many employees simply do not understand what a conflict is. They do not appreciate that having a relationship with a supplier may give rise to a conflict of interest. More work needs to be done to create an awareness, communications and training (ACT) campaign to ensure that all staff actually understand the types of conflicts that exist and that are relevant to your business. The key is to give examples that are locally relevant in the cultures where you are undertaking the ACT campaign. In many countries, it is culturally very acceptable to engage a friend as a key supplier. That cultural issue needs to be addressed in the training and in the examples given.
Build a monitoring programme
There should be a monitoring programme in place that includes both aggressive and defensive checks of the disclosures and its content. These should include tests of the policy awareness and quality of disclosures as well as actual tests of the disclosures by use of forensics or other checks. It is not sufficient to rely 100 percent on disclosures; you should identify key-risk employees and conduct proactive validations of their disclosures (or lack thereof). This can be done by conducting reverse director checks and checks of family members. It may also involve comparing vendors’ or suppliers’ bank account numbers against those of employees – you will be surprised at how many hits this proactive review often has.
Move conflicts management into the digital era
It is simply impossible for large companies to manage conflicts of interest compliance programmes without technology. Contact a technology provider in the market to find out how technology can help. The Red Flag Group® offers the ComplianceDesktop® Technology Platform, which allows to you build a conflicts management programme where disclosures can be made in multiple languages. Employees can use the system to manage their conflicts, engage with their compliance team about disclosures, and ensure they are in compliance with their programme.