ABC compliance program. The Wolfsberg Group adheres to the risk-based approach (RBA) to develop and implement anti-bribery and corruption (ABC) compliance programs. These ABC compliance programs should be reasonably designed to prevent and detect acts of bribery and corruption. To achieve that goal, the organizations should periodically assess their activities, products, and services to identify inherent risks and adopt suitable policies, procedures, and controls that are proportionate to the identified risks.
The ABC Compliance Program
The bribery and corruption risks generally are greater for highly regulated institutions and deal in public funds such as banks; however, all organizations should take appropriate measures in the form of a compliance program to identify and avoid the risks of bribery and corruption. When organizations pursue business opportunities from or provide services to a government rather than a customer in his/her capacity, they should weigh the bribery and corruption risks against their particular structures and business operations.
The ABC compliance program must completely prevent or protect against corruption, and there is no one-size-fits-all compliance program because of the different business and operational structures of different organizations. An appropriate compliance program should incorporate the elements of governance, policy, procedures, and operating procedures, which as a whole serve as a guideline for the employees.
The responsibility of oversight of bribery and corruption risks posed to the organization lies on the Board and senior management. The Board may delegate the oversight and monitoring responsibilities to any of its sub-committee, preferably the Board Compliance Risk Committee or Board Audit Committee. The internal risk assessment report must be presented to the Board or its sub-committee for approval after review and recommendations of the compliance risk management committee.
The recommendations concerning internal risk assessment report must be action-oriented for developing mitigating controls on bribery and corruption risks, identified on weaknesses of controls observed. It will be the responsibility of the compliance risk committee to monitor the implementation of a time-bound action plan developed to mitigate bribery and corruption risks.
The organization’s anti-bribery and corruption compliance program should be overseen by the Board and Senior Management, administered by an individual with sufficient authority, expertise, and resources.
A written anti-bribery and corruption compliance policy should be in place that prohibits the promising, offering, giving, solicitation, or receiving of anything of value, directly or indirectly through third parties, to influence action or obtain an undue advantage.
The anti-bribery and corruption compliance program prohibits falsifying or concealing any books, records, or accounts that relate to the business of the firm, its customers, suppliers, or other business partners, and it defines and identifies the heightened risk of interaction with Public Officials. The compliance program allows employees to report potential bribery confidentially and protects employees from retaliation for good faith reports. It notifies employees of potential consequences of non-compliance and obtains strong and visible commitment from Senior Management, employees, and the members of the Board of Directors.
Risk-based controls should be designed to mitigate bribery and corruption risks associated with the engagement of third-party providers, including any intermediaries and the principal investments and controlled fund acquisitions/ joint ventures. The activities related to giving and taking gifts and hospitality (e.g., meals, entertainment, transportation, lodging, training, and conferences) and any charitable giving and political contributions, marketing sponsorships, and employment and work experience must be monitored as part of the compliance program.
Each organization should periodically assess the nature and extent of the inherent risks relating to bribery and corruption to which the organization is exposed and the effectiveness of internal controls designed to identify and mitigate these risks.
Internal controls must be designed to ensure that all identified risks are mitigated and the component of residual risk is minimized to avoid any potential regulatory or legal requirements. It is the responsibility of the Senior Management to design and implement effective internal controls in the organization’s processes to ensure that the customers and employees do not breach the regulatory and legal requirements.
Communication of the anti-bribery and corruption compliance program through policies, procedures, and guidance, must be ensured with the appropriate and tailored risk-based training for the employees and certain third-party providers. Training provides an opportunity for the employees and the stakeholders to understand the employer’s requirements and the regulators. The organization’s Compliance Officer must ensure that these training programs are developed and training sessions are provided to the employees at frequent intervals, considering the changes in the regulatory requirements in the overall anti-bribery and corruption frameworks.
The organizations should have a mechanism to confirm and test the compliance with policies and procedures of anti-bribery and corruption. Non-compliance with policies and procedures should be remediated, and the senior management and employees must implement control improvements.