Monitoring For Compliance With Controls: ABC Compliance Program Elements #6

Posted in Anti-Bribery and Corruption (ABC) on January 8, 2024
Monitoring For Compliance With Controls

Monitoring for compliance with Controls. The independent monitoring and review procedures and processes adopted by the ABC officer must be standardized, uniform, relevant, and consistent with the enterprise-wide bribery and corruption risks management practices.

Such monitoring and review procedures enable systemically aggregating the data and information to identify any patterns, themes, or trends of bribery and corruption that may indicate the overall weaknesses in the internal control system. ABC officer performs reviews and investigations and verifies the key information obtained and used as evidence.

Monitoring For Compliance With Controls

Monitoring For Compliance With Controls: ABC Compliance Program Elements #6

In addition to periodic bribery and corruption risk assessment conducted by ABC officer, the ABC officer carries out the independent regulatory compliance reviews, based on a relevant sample, of material and high-risk activities of the organization, where non-compliance of anti-bribery and corruption risks may have serious regulatory implications on the organization’s reputation, strategy, financial stability and standing in the sector. 

ABC Officer

The ABC officer reviews must, at a minimum, cover the areas like the awareness of anti-bribery and corruption regulatory requirements, and adequacy of compliance controls, with the actions required to fulfill the identified internal controls gaps.

The ABC officer decides the areas, processes and frequency of regular compliance risk reports to line managers and senior management. Based on anti-bribery and corruption reports, the ABC officer must report to the anti-bribery committee and the Board on the observations and findings with appropriate analyses of bribery and corruption risks in the organization.

Monitoring And Periodic Testing

The organization should review compliance with ABC controls through ongoing monitoring and periodic testing. To do so effectively, firms should maintain and comply with reasonable records retention policies. Risk-based monitoring or testing of employee activity to detect instances of non-compliance with Policy and procedural requirements should be part of the overall control framework placed around bribery and corruption (e.g., post-transaction monitoring of expense reimbursement, business hospitality, sponsorships, and corporate events).

The organization also encounters customer-related corruption risks, as briefly summarized below. Such risks are beyond the primary scope of this Guidance, and an organization’s specific organizational structure may delegate units other than the compliance program lead with authority to manage such risks.

Potential Risks

Organizations must consider potential risks arising from deal-related business activities such as underwriting, lending, and advisory transactions. For example, project finance initiatives to support public sector infrastructure/construction projects or the exploitation of natural resources may be vulnerable to the payment of bribes or other corrupt activity, particularly in high-risk jurisdictions. Where an FI raises funds or makes funds available to a customer later determined to be involved in bribery or corruption, it may suffer reputational harm and, in some circumstances, might incur liability for explicitly or implicitly facilitating or aiding the customer’s illicit activity.

Taking an RBA, the organization must consider the potential bribery and corruption implications of proposed deal-related activities, conduct ABC due diligence, and take appropriate steps to mitigate any identified risks. It may be appropriate to include ABC contractual protections in deal documents and leverage the efforts of transactional coverage lawyers or other deal-related control processes (e.g., transaction review committees, credit approval committees) to identify and mitigate these types of risks.

Bribery And Corruption Training Requirements

As part of bribery and corruption risk monitoring, the management must check the bribery and corruption training requirements to ensure that the regulators’ applicable legal and regulatory requirements are covered in training materials and sessions provided to the employees. ABC officer monitors that all training sessions are recorded to have a track record of those who are provided with the training sessions and the content provided through training sessions. Considering the training record, it must be ensured that all those employees, including the new joiners, are lined up for the anti-bribery and corruption training sessions. 

The monitoring of bribery and corruption linked with gifts and hospitality, hiring or internships, charitable donations, and political contributions, and the changes in the business activities that may materially increase the exposure to bribery and corruption risks make the overall monitoring process relevant and effective. 

The monitoring activities also include the transactions, products offered, services provided, including those that involve state-owned organizations or Public Officials, and the activities of the branches and subsidiaries of the organization. The organization must take measures to adjust and update its compliance program, and such adjustments should also be highlighted in training to ensure that all up dations and current requirements are provided to the employees through training classes by the subject matter experts, including the compliance officer.

Final Thoughts

The availability of data required to test controls has increased in recent years, allowing for more automated testing activities. Compliance controls are frequently automated and enforced by systems, but they are occasionally circumvented by employees. Continuous Control Monitoring is made possible by the digitalization of compliance controls and increased data availability (CCM).