Risk Assessment: The vital first step towards implementing adequate procedures
The Guidance, issued by the Ministry of Justice on 30 March 2011, identifies “Risk Assessment” as the third of its “Six Principles”. To comply with this Principle:
“The commercial organisation assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented.”
Despite its billing, we, at the Bribery Library, consider that this is the vital first step towards a commercial organisation implementing adequate anti-bribery procedures. The reason for this is simple: if an organisation does not properly understand the risks it faces, any procedures that are put in place by that organisation are unlikely to properly address those risks. Consequently, time and money will have been wasted in putting in place procedures which, if investigated, will not afford that organisation with the opportunity to rely upon the “adequate procedures” defence to the corporate offence of failing to prevent bribery.
As regards the scope of the assessment that commercial organisations will need to carry out, the Guidance identifies five commonly encountered risks. In terms of a high level assessment, commercial organisations (in particular, large multinational organisations) should initially consider the following two factors:
- Country risk: this is evidenced, among other things, by perceived high levels of corruption. In this regard, the “Corruption Perceptions Index”, published by Transparency International (“TI”), is a helpful and widely used tool for identifying countries where there is a high risk of bribery and corruption.
- Sectoral risk: some sectors are traditionally higher risk than others. A useful guide (although published in 2008) is TI’s “The Bribe Payers Survey”, which looks at the likelihood of firms in 19 specific sectors to engage in bribery. In the first of two sectoral rankings, companies in public works contracts and construction; real estate and property development; oil and gas; heavy manufacturing; and mining were seen to bribe officials most frequently. The cleanest sectors, in terms of bribery of public officials, were identified as information technology, fisheries, and banking and finance. The second sectoral ranking evaluates the likelihood of companies from the 19 sectors attempting to wield undue influence on government rules, regulations and decision-making through private payments to public officials. Again, public works contracts and construction; oil and gas; mining; and real estate and property development were seen as the sectors whose companies were most likely to use legal or illegal payments to influence the state. The banking and finance sector was also identified as likely to make private payments to public officials, meaning that its companies may exert considerable undue influence on regulators; as TI notes, this is a significant finding in light of the ongoing global financial crisis. The sectors where companies are seen as least likely to exert undue pressure on the public policy process are agriculture, fisheries and light manufacturing.
Whilst these two factors are by no means the only ones that a commercial organisation should consider when carrying out its risk assessment (for instance, the Guidance also identifies: Transaction Risk; Business Opportunity Risk; and, Business Partnership Risk, as being particularly relevant), what they indicate is that the level of risk a commercial organisation faces will depend on its own particular circumstances. There is no one standard risk profile and, consequently, there is no ‘one size fits all’ set of procedures that a commercial organisation can be put in place to prevent bribery.
Consequently, identifying the relevant factors and carrying out a proper risk assessment should be the first item on a compliance officer’s ‘to do’ list.
Image © Crown Copyright 2011