ABCs of ABAC compliance


Zaakir Mohamed | Director | Cliffe Dekker Hofmeyr | mail me |

Corruption is a reality throughout the world. For any organisation, the financial and reputational risks that follow incidents of corrupt activity can be quite severe.

The financial consequences do not only include the loss that an organisation may suffer from corrupt activity, but also includes the money that is often required to be spent in investigating these types of incidents as well as in any ensuing legal processes (such as, for example, civil recovery proceedings, disciplinary enquiry proceedings where employees are involved, as well as regulatory enforcement processes).

The financial consequences affecting an organisation also includes the amount of management time that is spent in dealing with such incidents whilst the time would be better utilised managing the business. The cost of this time is difficult, if not impossible to quantify.

From a reputational point of view, corruption can be crippling. It takes years for an organisation to build its reputation, however, within days an organisation’s reputation can be tarnished and it can be difficult for an organisation to come back from the reputational harm that it may suffer.

Anti-Bribery and Corruption (ABAC) compliance programme

To ensure the sustainability of an organisation’s business and to protect it from the harmful effects of corrupt activity, it is essential to mitigate the risks of corruption by developing an effective Anti-Bribery and Corruption (ABAC) compliance programme.

Implementing measures to mitigate the risk of corruption and navigating the world of ABAC compliance can become quite confusing and some may find it difficult to know where to start. Nevertheless, following a systematic approach in dealing with ABAC risks and developing an effective ABAC compliance programme will assist organisations with implementing appropriate measures.

Understanding legislative and other regulatory requirements

As a starting point, it is critical for organisations to understand the legal and regulatory requirements of ABAC compliance in the jurisdictions in which they operate to ensure that the measures that are implemented meet the requirements of the laws of the relevant jurisdictions.

This is particularly important in jurisdictions in which the enforcement of ABAC compliance is robust, such as, for example, the United States of America and the United Kingdom.

Organisations must ensure that they understand what conduct is expressly prohibited and that they are fully aware of any reporting and/or other positive obligations that are imposed on them.

For example, in South Africa, it is legally required in terms of the Prevention and Combating of Corrupt Activities Act No 12 of 2004 that ‘persons in a position of authority’ in an organisation report fraud, theft, forgery or uttering a forged document, extortion or corruption involving an amount of R100,000.00 or more to the Directorate of Priority Crime Investigation (DPCI) unit of the South African Police Service.

Conducting a risk assessment

Conducting a risk assessment is crucial when developing an effective and meaningful ABAC compliance programme.

Prior to implementing an ABAC compliance programme, an organisation should conduct a risk assessment that takes into account numerous factors such as the actual risks posed by the nature of the organisation’s operations, its use of agents, the degree of business with government entities as well as the countries in which it does business.

This risk assessment should also be used to identify any gaps in the policies and controls already in place. The results of the risk assessment will guide the organisation on the appropriate measures to implement to mitigate the risks identified. It will also ensure that organisations are able to identify key priority areas which will ensure that resources allocated to deal with ABAC risks are utilised effectively.

Tone at the top

Top-level commitment is paramount in driving an ethical culture within an organisation. Management should adopt a zero-tolerance approach to all incidents of corrupt activity, and this message should be communicated effectively throughout the organisation.

Due Diligence

Due diligence forms an integral part of an ABAC compliance programme.

It is important for organisations to conduct effective due diligence on their business partners, agents, suppliers and service providers, as well as employees. All of these individuals and entities pose not only corruption risks to organisations, but also the risks of theft, fraud and other commercial crime.

A proportionate risk-based approach should be followed and the kind of due diligence that will be performed should be based on the particular risks which the relevant individuals and/or entities pose to the organisation. The level of risk will be determined by conducting a risk assessment on the relevant individuals and/or entities.

Effective policy framework

An effective policy framework sets out prohibited conduct as well as relevant procedures to be followed and should include policies on fraud and corruption, whistleblowing, gifts and donations, and procurement.

These policies should be drafted so that they are practical and effective whilst at the same time compliant with the relevant legislative and regulatory prescripts.

Training and communication

A policy framework is meaningless if it is not communicated effectively to an organisation’s employees and key stakeholders.

It is essential that specialised training is provided for employees in high-risk markets and business units and that ‘high-risk’ business partners receive training as well. At a minimum, every person in a position to obtain business through bribery or other improper means should receive ABAC compliance training. Organisations should also consider training all accounting, financial, legal and internal audit employees.

Whistleblower protection

The importance of whistleblowers can never be understated. Often, irregular conduct is first discovered as a result of a whistleblower coming forward to report such behaviour. Organisations should create a culture in which whistleblowers feel free to come forward to report irregular conduct free from any reprisals.

Whistleblowers must know where, how, and when to report; that their identity will be kept confidential (if need be); and also that they will be protected with anti-retaliation remedies. Raising awareness of the importance of whistleblowers can promote a ‘speak up’ culture and de-stigmatise the disclosure of wrongdoing.

Monitoring and review

Bribery and corruption risks will change over time, as will the risk profiles of employees and business partners.

It is recommended that periodic risk assessments should be done to show whether the measures implemented are working as intended as well as identify any new risks. It is important that the ABAC measures that are implemented evolve as the risks change to ensure that they consistently remain effective.

The above serves to highlight some the key measures that an organisation should consider implementing as part of its ABAC compliance programme. Ultimately, organisations need to pay careful attention to how they approach dealing with bribery and corruption risks. In this respect, a deep understanding of the relevant ABAC legislative and regulatory requirements is critical along with implementing measures that are effective in detecting and preventing corrupt activity.



Please enter your comment!
Please enter your name here