As the Commission of Inquiry into State Capture continues, the sheer scope of how many South African business people - whether as individuals or as representatives of their employers - have become involved in alleged corruption is rising to the surface.
“South African businesses need to seriously look at how to protect themselves from getting embroiled in similar situations in the future. However, corruption is, of course, not unique to our country,” says Zaakir Mohamed, director and Head of Corporate Investigations and Forensics at international corporate law firm CMS.
“In 2003 already, the United Nations Convention against Corruption established an International Anti-Corruption Day, recognised on 31 October each year. Shockingly, perhaps all it has done is highlight how much worse the crimes have become over the years,” he notes.
In 2019, Transparency International published seven shocking facts related to corruption across the globe. These included that across Europe, the Middle East, Africa and India, nearly half of all workers believe bribery and corruption are acceptable during an economic downturn. In turn bribery, theft, corruption and tax evasion cost developing countries some US$1.26 trillion each year.
“Corruption is clearly endemic throughout the world,” notes Mohamed. “The financial and reputational risks can be severe, and include not only the loss that an organisation may suffer from corrupt activity, but also the costs that may be incurred investigating the incidents towards any legal processes.
He suggests eight steps that corporates can take to mitigate the risk of corruption among their own employees.
1. Understand the law and other regulations
It is vital for organisations to understand and keep up to date with the anti-bribery and anti-corruption (ABAC) legislation and regulatory environment in their own jurisdictions, to ensure that how they operate always falls within legal boundaries. In South Africa alone, several pieces of legislation exist, including the Prevention and Combating of Corrupt Activities Act 12 of 2004 (PACCA), the Prevention of Organised Crime Act 121 of 1998 (POCA), the Financial Intelligence Centre Act 38 of 2001 (FICA), the Companies Act 71 of 2008 (Companies Act) and the Protected Disclosures Act 26 of 2000 (PDA).
2. Conduct a risk assessment
A risk assessment is the first step towards establishing an effective and meaningful ABAC compliance programme. Mohamed suggests that it be conducted across three stages to identify systemic issues. The first stage looks at the risks posed by the company’s operations, the extent of its business with government departments, its use of agents and other intermediaries, and the regulatory environments of the countries with which it does business. The second stage identifies and analyses the company’s existing policies and controls to mitigate its risk and establish where the gaps may be. In the third stage, an effective anti-corruption compliance programme is produced to provide the company with a reasonable assurance of compliance.
3. Set the tone top-down
Top-level commitment to ABAC compliance drives an ethical culture of integrity within an organisation, Mohamed explains. Management must adopt a zero-tolerance approach to all forms of corrupt activity and communicate this message effectively throughout the organisation. This must also extend to how the company deals with irregular and unethical behaviour, as it happens, to establish throughout the organisation that this type of conduct will not be tolerated. ABAC compliance stands or falls by the tone set at the top.
4. Always conduct due diligence
Mohamed stresses that due diligence forms an integral part of any ABAC compliance programme, and should be conducted at all times not only on staff but also on business partners, agents, suppliers and service providers. Procedures that can be undertaken include: requesting and then fact-checking information, or conducting recurring background screening to identify any red flags, such as adverse media reports, political links, or appearances on sanctions and watch lists. More comprehensive procedures could include interviews with key parties and even forensic scrutiny of accounts.
5. Keep reviewing your policy
Simply put, all companies should have effective systems for reviewing and updating their ABAC policy frameworks, Mohamed advises. “An effective policy framework will include policies in respect of fraud and corruption, whistleblowing, gifts and donations, procurement, and financial policies and procedures, among others,” he says.
6. Communicate and train
Even the best ABAC policies will have no effect if staff are neither aware of them, nor receive training on them. This needs to occur from the employee’s first day of employment and continue. Training is particularly vital to employees who may be dealing with high-risk business partners, or function in high-risk markets or high-risk business units.
7. Always protect whistleblowers
In Mohamed’s experience, more often than not, irregular conduct is reported by whistleblowers who are brave enough to come forward. Companies need to create safe spaces in which to expose incidents without fear of reprisals. “In South Africa, the PDA puts the onus on employers to have a system in place that enables this,” he stresses.
8. Monitor and review
Change is constant and unexpected - as 2020 has shown us. Likewise, ABAC risks do change and it is important for organisations to undertake periodic reassessments of their risk profiles. “In other words, just as it makes sense to have a robust compliance programme in the first place, it makes sense to also make provision to monitor and review it as the need arises,” Mohamed concludes.