Making Paper Compliance Go Away

Bearing high corruption risks, Ukraine has consistently been in the focus of foreign law-enforcement. While Ukrainian anti-corruption authorities mainly watch the public sector, some Ukrainian companies, including subsidia­ries of international businesses, have already experienced the far-reaching arm of the US enforcement authorities embodied in U.S. Department of Justice and U.S. Securities and Exchange Commission. There were times when Ukraine was on the top of the list of countries in open FCPA-related investigation disclosures.

Will an established corporate compliance program or the close watch of local and foreign anti-corruption authorities actually prevent corruption? The chan­ces are high if the company wants such a prog­ram to work, in particular, under threat of significant penalties.

The program starts working if the messages conveyed by the company to its staff have substance behind them, and when company management, facing a choice between profit without compliance and compliance without profit, opts for the ­latter.

Below we list a few points that may help a compliance program to operate effectively.

“Tone at the Top” is Engaged

We have already covered the “tone at the tope” in an earlier edition of this journal. Basically, it means an attitude of zero tolerance towards corruption visibly articulated by the company’s senior management. This attitude may be expressed in different forms — emails, discussions with employees, engagement in internal and external events — but should be proactive, consistent with subsequent management’s actions and decisions and be maintained continuously.

Psychologists say that kids don’t do what you tell them to do — they do what you do. The same is in business — if management makes exceptions or excuses for itself, the employees will likely follow the same pattern. Compliance usually flows downward from the top but not vice versa.

All Risks Taken into Account

A compliance program “borrowed” from “best practices” templates will not make the vehicle drive itself.  The prog­ram must account, first and foremost, for the environment of business the company operates in and the risks which such environment creates for the company. Therefore, the company needs to carry out a comprehensive assessment and reflect its outcomes in the compliance program, thereby identifying imminent risks rather than fight windmills and leave real threats unattended.

Program Easy to Read and Understand

If you want to get the message over to people with such a complex issue as compliance, it’s better to forget about 20-page documents written in legal language. Complicated things need to be explained using short and simple words. If the program is flavored with practical cases, illustrations and responses to frequently asked questions, it can be easily comprehended and memorized, and so has a better chance of conveying the message to employees.

Underlying Messages Delivered

Even a sophisticated program leaves room for misunderstanding, as people tend to interpret things in a way that confirms their views and beliefs. That’s why it is important to continuously communicate with employees during personal meetings, corporate training or online, and convey the right messages — what can or cannot be allowed or tolerated, what is unacceptable per se. Employees also can be trained and go through a simple test if in doubt — would the person take the decision or continue his/her behavior if it were to become known to the general public or that person’s relatives? This method really works and employees start questioning their actions.

Each training session should always rest on proper and deliberate planning and implementation, which should include assessment of the level of current knowledge, tailoring training to risk are­as, and choosing the appropriate form (face-to-face or online). The training exercise should be followed by feedback in order to assess its effectiveness and reveal any gaps, as well as to identify the necessity for further compliance measures.

“Speak up” Tools Ensured

The management should encourage employees to reach out in case of any doubts or suspected or actual violations. This can be combined with an anonymous whistleblowing hotline or web-based reporting platform. These tools must ensure that a two-way street has been established, which maintains dialog between management and employees.

Ready to Deal with Violation

The company should have a clear workflow in place for dealing with violations, as employees should understand that there are instruments for revealing violations of compliance requirements which may result in consequences for them.

For example, an arrangement with an employee or internal labor rules may stipulate separately the right for the company to check an employee’s corporate e-mail, devices and working place.

The company should keep its emplo­yees informed on decisions or actions ta­ken in connection with any violations that have been committed.

Is Compliance Inherent in Business Practice?

The company needs to maintain its compliance level with its business partners, as quite often risks arise from the outside and the environment in which the company operates. The business partners should be screened commensurate with the risks they may create. The risk may be entry-specific (e.g., a counterparty lacks capacity or was directly recommended or maintains ties with public officials, or the services offered are beyond the scope of its normal business, etc.) or transaction-specific (e.g., the costs of services are unreasonably high, provider requests payments to be made through a third party, excessive advance payment is requested, etc.).

The existence of risks revealed does not mean that the counterparty should be automatically rejected. Those involved in the assessment should decide whether the risk can be mitigated or sufficiently addressed, or whether the risk is too onerous for the company to do business with the counterparty.

The Bottom Line

These, in our opinion, are key criteria to use when assessing a company’s ability to prevent and deal with corruption violations. There are many more issues to address (procedures review and improvement, protection of those reporting wrongdoing, conflict of interests, etc.), but without implementing the above the effectiveness of the program would be under question.

Some companies may be incenti­vized to roll-out compliance measures not by company values or a proactive stake against corruption, but rather by external factors: an upcoming IPO, requirements set by business partners, etc. It’s not necessa­rily bad, as it increases the chance that employees will be infected with the idea of compliance and will subsequently drive real changes. We hope that Ukrainian business will ultimately become that force able to drag Ukraine from the bottom of corruption ratings and put it alongside successful countries that value fair play.