Search |
News/Blog |
Making Managing the Risk Related to the UK Bribery Act 2010 Operational
A recent article regarding the UK Bribery Act 2010 has pointed out that its consequences are potentially more severe than the Foreign Corrupt Practices Act 1977. (Please see: United Kingdom: "The UK Bribery Act 2010 v Foreign Corrupt Practices Act Of 1977: How Different are they & Should your Business be Concerned?", by David Flint and Valerie Surgenor, 26 April 2010.)
The problem that most businesses will face is making the management of the risk related to the UK Bribery Act operational. As with the FCPA, organizations will pay hefty sums for reports identifying where they are at risk, but will experience the frustration of not having an automated set of businesses processes and business rules that alert them both to actual and potential violations. Ideally, such a system, at a minimum would:
1. Check potential 3rd party business entities against lists of suspect persons, etc. from governmental agencies and against the company's own list of previously disapproved entities.
2. Create an exception report identifying any actual company vendors that don't match the company's authorised vendor list.
3. Detect unusual entertainment expenses.
4. Detect violations of maximum expenditure limits (e.g., 10% maximum commission)
5. Detect any unusually high expenditures or any unusual payment mechanisms (e.g., payment required in advance or paid to another party).
6. Detect aggregate payments of small amounts that indicate a suspicious pattern.
7. Verify that evidence has been obtained, and kept, regarding special uses for commission payments (e.g., that they will be used to build a warehouse).
To be effective, our recommendation is that the system should at the very least:
• Be Proactive, enabling the company's board and management to track patterns and trends that pinpoint areas of abuse that they can quickly remedy.
• Provide Information in Real Time, so that the company can avoid UK Bribery Act (or FCPA) abuses that could result in serious violations if there is no mechanism in place for reporting such violations to the board and management in real time, thus allowing them to continue unnoticed until it is too late.
• Digitise Business Rules and Processes, so that the board and management can monitor UK Bribery Act (or FCPA) activities that could lead to violations.
• Establish Accountability and Create a Deterrent, digitising itself acts as a deterrent since employees will know that the system is monitoring their activities by flagging and reporting unusual activity that occurs outside of established parameters. This process would make the recurrence of the activity virtually impossible since the system would immediately reveal the wrongdoer to the company's board and management, allowing them to take immediate remedial action.
• Enable Processes and Procedures to be Flexible and Easily Changed, providing the company's board and management with the ability to update and improve the UK Bribery Act (or FCPA) system as circumstances change.
• Enable the Board and Management to Update Business Rules, so that they can keep pace with the ever-changing regulatory environment in which they work by editing Business Rules immediately and easily, as and when changes occur in UK Bribery Act (or FCPA) regulations.
• Provide a Clear and Thorough Audit, thus providing the board and management with a comprehensive overview of potentially harmful activities, as well as providing them with the ‘fingerprints' of any wrongdoers.
• Provide reporting and analytics that continuously monitor and report upon the organisation's global exposure to risk.
• Enable Cross-Platform Compatibility & Communications, to enable the full integration of all information relevant to UK Bribery Act (or FCPA) issues.
• Demonstrate UK Bribery Act (or FCPA) Compliance to external agencies, through documented processes and escalation systems.