The governance structure. The responsibility of oversight of bribery and corruption risks posed to the organization lies on the board and senior management. The board shall delegate the oversight and monitoring functions to any of its sub-committee, preferably to the Board Compliance Risk Committee or Board Audit Committee. The internal risk assessment report must be presented to the board or its sub-committee for approval after review and recommendations of the compliance risk management committee.
The recommendations about internal risk assessment report must be action-oriented for developing mitigating controls on bribery and corruption risks, identified on weaknesses of controls observed. It will be the responsibility of the compliance risk committee to monitor the implementation of a time-bound action plan developed to mitigate bribery and corruption risks.
The organization must take steps to ensure that anti-bribery and corruption controls are adhered to and are effective, and should be monitored on an ongoing basis for ensuring timely remedial measures. The entity’s standardized risks and the effectiveness of available controls are required to be evaluated by the relevant Board subcommittee on a periodical basis. Significant internal control gaps and violations must be a part of the report submitted to the board. The standardized report must include a review and recommendations of the compliance risk management committee before submitting it to the relevant Board sub-committee.
The board and senior management of an organization have the responsibility to maintain and promote a strong compliance culture by ensuring that all employees understand their responsibilities concerning compliance and feel comfortable raising any event of non-compliance without any fear of negative consequences.
In this respect, the board and senior management must create an enabling compliance culture that ensures that its employees comply with anti-bribery and corruption-related legal & regulatory requirements, standards, and market best practices and encourages the required ethical conduct that underlies such requirements.
The Board of Directors of the organization has the ultimate responsibility of guiding and overseeing the design and implementation of enterprise-wide compliance risk management program.
To fulfill its responsibilities, the board, either itself or through any of its sub-committee must:
(a) Approve compliance risk strategy and allied policies of the organization and oversee its implementation across the entity in letter and spirit;
(b) Ensure the establishment of a robust compliance function compatible with the overall risk management strategy, risk profile, and complexity of operations, with required authority, independence, financial resources, and quality human resources;
(c) Approve an end-to-end compliance program that promotes and supports compliance risk management across the organization at every hierarchal level of the organization. The compliance program should also clearly define the roles and responsibilities of different functions, the coordination mechanism, the processes, methods, and tools adopted to identify, mitigate and report entity-wide compliance risk.
(d) Maintain and promote a high compliance culture and values of honesty and integrity in the organization.
(e) Discuss compliance issues regularly, ensuring that adequate time and priority is provided in the board agenda to deliberate compliance issues and that such issues are resolved effectively and expeditiously.
(f) Evaluate the effectiveness of the organization’s overall management of bribery and corruption compliance risk, at least annually, keeping in view the regulatory observations in onsite examinations, regulatory enforcement actions, internal assessments from internal audit, internal compliance reviews.
(g) On the advice of the CEO, approve the appointment of an ABC officer with sufficient experience, expertise, skills, and qualifications to perform compliance roles effectively.
(h) Approve any disciplinary action or termination of ABC Officer.
(i) Ensure that the seat of the ABC officer does not remain vacant.
(j) Ensure that the ABC officer has the appropriate stature, authority, resources (physical, financial, and human), and support to fulfill the duties, is sufficiently independent of line departments, and can offer objective opinions and advice to Senior Management and the Board on matters of compliance risk.
(k) Engage with the ABC officer on a half-yearly basis to allow him or her to discuss issues faced by the CF in the implementation of the board-approved compliance program.
(l) Review the minutes of Compliance Committee meetings to ascertain its effectiveness in managing bribery and corruption risks.
(m) Review the progress in implementing remedial actions taken concerning instances of non-compliance or internal control weakness as identified by the ABC officer.
(n) Satisfy itself of receiving the accurate and comprehensive information required to perform its compliance risk oversight responsibilities, including seeking assurance from Senior Management that the compliance risk controls have been implemented and are working effectively.
The board’s and senior management’s commitment to a no-bribery policy is the foundation for combating bribery. The board of directors and senior management should publicly commit to prohibiting bribery in the company’s operations. The board should also commit to supporting the implementation of an anti-bribery program by providing oversight and delegating implementation to a senior manager. In doing so, the board should become aware of the risks and the necessary policies and procedures.