Corruption and bribery: the risk of loss in the procurement cycle
This year marks the likely enactment of the Bribery Bill into primary legislation. Although the expectation is that a period of time will be provided for organisations to implement ‘adequate procedures’ to avoid falling foul of the new corporate bribery offence; preparations, if not already underway, should begin now to protect the organisation, senior management and employees.
This article provides a brief introduction to the Bribery Bill, and its potential effects on UK Plc and all organisations trading within. It also discusses corruption’s impact on the procurement process and what can be done to instil a business ethics culture to mitigate potential loss and regulatory intervention.
The Bribery Bill: an introduction
The Bribery Bill, which replaces three current pieces of outdated legislation, contains three principal offences:
- Section 1: the paying (or offering) of a bribe
- Section 2: the acceptance of a bribe
- Section 7: failing to prevent bribery
The Bill also includes the offence of bribing ‘Foreign Officials’. However, its biggest impact will be across the commercial spectrum as a result of the corporate bribery offence; making the corporate corrupter culpable for the bribery unless they can demonstrate ‘adequate procedures’ exist. The corporate offence in the Bribery Bill goes much further in some respects than the US’s Foreign Corrupt Practices Act (FCPA) and will make it easier for UK regulators to take action.
The need to protect your organisation, and staff, from breaching the offences is highlighted by recent cases, such as Balfour Beatty, AMEC, Mabey & Johnson and BAE. All these cases, although not taken under corruption legislation, made the companies culpable for the acts of their employees and agents, whether in the UK or overseas. Therefore, the introduction of the Bribery Bill will undoubtedly provide regulators with easier avenues for enforcement in an area they are increasingly devoting attention to.
Being found guilty of the proposed offences, irrespective of where in the world the offence takes place, will have serious consequences for both the organisation (unlimited fines, future regulatory compliance and potential exclusion from future contracts) and individuals (maximum 10 years imprisonment); hence the importance of preparing for its impending introduction.
The procurement process
Procurement is recognised as the area most susceptible to fraud and corruption. This is especially so in today’s economic climate which has, in some cases, meant a downsizing of the workforce, and a likely reduction of management controls and more importantly experience. In addition, individuals are under greater personal pressure. Whether financiall, rresulting in the need to generate cash, or pressure to deliver improved trading results, pushing some managers to take extraordinary courses of action to retain or win work.
The consequences of such fraud and corruption are profound. Whether this is the public procurement process being corrupted, often stunting growth and breeding inefficiency, or in the corporate sector, leading to increased costs (in some cases eroding profit and in some leading to increased prices to consumers) and with it, its very viability.
In cases where the organisation is the corrupter, the key risk is reputational and all concerned are at risk of the financial and regulatory intervention that follows such breaches.
So, where can corruption occur in the procurement cycle and how can it be mitigated?
The procurement cycle – the corruption risk
An easy generalisation to make when considering corruption in the procurement cycle is that it only exists within the tender/evaluation stage. However, corruption risks exist, and are exploited, throughout the cycle. The following table, drawn from Transparency International’s Handbook for Curbing Corruption in Public Procurement , highlights the main areas of concern:
It is also important to note that although each risk is associated with a particular part or parts of the procurement cycle, if this portrays the prevailing culture then it is highly likely that the corruption will permeate all parts of the cycle.
Given fraud and corruption’s pervasive and systemic nature, the only way to protect an organisation, and comply with necessary regulation, is to understand its vulnerabilities to procurement corruption risk, determine its risk appetite and instil an organisational culture of protection; with prevention and detection being the most cost-effective measures.
The fraud triangle/fraud diamond
Most people are familiar with the principles of the fraud triangle, which when set in terms of corruption suggests it occurs where someone has:
- the incentive to corrupt or be corrupted - ie personal financial pressures or simple greed
- the opportunity to corrupt or be corrupted - as a result of weak controls and lack of management oversight, and
- the ability to rationalise their actions through their personal code of ethics - the moral dilemma!
These traits need to exist in both the corrupter and the corrupted. In addition, it has been suggested by Wolfe [The Fraud Diamond: Considering the Four Elements of Fraud] that a fourth trait exists, that of the capability of the individual. The individual must have the capacity and the personal skills to plan and perform the opportunity of the corrupt activity, again irrespective of whether this is as the corrupter or the corrupted. There is a clear argument that this trait must exist within the procurement cycle as the corrupted must have a role within the procurement cycle, so as to influence the course of events.
Protecting your organisation from being corrupted
Prevention and protection are the best ways to mitigate financial loss and adhere to the requirements of regulators. Such measures should be embedded through a programme of communication and demonstrate your commitment to business ethical policies and procedures; built into your everyday environment, with the following elements:
Figure 1: The Anti-Corruption Triangle
As part of the procurement cycle, the mission statement will communicate the expectations of the organisation in dealing with its stakeholders, reinforced through its policies and procedures, including its anti-corruption policy and procedures for conducting a procurement exercise.
In terms of procedures for protecting itself from corruption during the procurement cycle, an organisation needs to ensure that:
- all procurement staff are properly vetted, at least annually, and that they sign up to the organisation’s codes of conduct
- clear procedures exists in managing a procurement decision, including detailed mapped procurement processes, highlighting designated responsibilities and segregation of duties, skills and audit trail
- information management protocols are in place to securely store procurement data - whether this be draft/final tenders sent out and received, supplier lists, project plans and financial information
- access and, more importantly, changes to key data should be restricted and fully auditable
- the process is open and transparent. ie advertised tender, defined points of contact and timetable for delivery
- a cleansed and accurate vendor supplier/tender list exists, showing primary and secondary contacts for both the supplier and the organisation and agreed payment details
- new suppliers/contractors tendering for contracts are subject to detailed due diligence
- annual reviews of operating contractors are conducted, especially where a contractor has undergone change or where the contract scope has changed or is facing difficulties
- suppliers sign up to the same standards of your organisation, with the right to audit and the provision of training
- a whistleblowing hotline is available to internal staff and external stakeholders and that investigation and remediation protocols and resources are in place to respond
- a hospitality gift register is in place and used by staff.
In addition to policies and procedures, proactive monitoring and compliance checks, a big feature within the Bribery Bill, should be performed. This can take many forms, ranging from desktop reviews, fraud audits, monitoring, internal audit checks, compliance checks and data analysis.
Irrespective of the form the detection takes, the purpose is the same: to identify non compliance, awareness gaps and instances of corruption, to enable focussed training to increase staff members ‘awareness enabling ‘ and, more importantly for the benefit of the business, to show that the threat of corruption is being taken seriously.
Protecting your organisation from being the corrupter
The effect to your organisation of being corrupted can be considerable and impact current and ongoing operations. However, arguably, the effects of your organisation being the corrupter are more significant, given the:
- financial and reputational impact
- costs of a corruption investigation
- equally costly follow –up remedial action that will be imposed by the regulator, and
- the potential to be barred from specific future tender opportunities.
The simply message that must be embedded into your organisation, at the same time as embedding your internal anti-corruption protection controls, and running through your detection programme, is that bribery is unacceptable and carries with it corporate and individual sanctions. As noted above, an anti-corruption policy is now an essential part of any organisation, including:
- guidance surrounding ‘facilitation payments ‘ (they will be a bribe in the UK!)
- explaining the extension of the Bribery Bill overseas - facilitating payments outside the UK are captured under the Bribery Bill and may or can be prosecuted in the UK
- relationships and meetings with potential clients (private or public sector) must be transparent and recorded and detailed notes kept to avoid suspicion
- gifts and hospitality, which are becoming more and more unacceptable, irrespective of value. Be aware of the circumstances in which your organisation makes gifts.
Training and awareness
Training, and continuing reinforcement of the message, is crucial. It is generally recognised that one of the biggest hurdles to implementing protective measures is that managers and staff usually lack the life experience of fraud and corruption, or the understanding of the drivers for fraud and corruption and how fraudsters identify and exploit opportunities. It is not something that is taught in schools!
This lack of awareness, if not dealt with, will lead to uncertainty as to how corruption risks should be managed. Therefore, staff training is a key tool in mitigation and protection so they become ‘awareness enabled’ in the fight against financial crime.
In addition, as part of embedding your business ethical policies and procedures, of which an anti-corruption policy is but a part, it is vital to ensure that your staff’s behaviour is congruent to the organisation’s culture and ethos surrounding the control and the mitigation of loss, whether this is corruption or other types of fraudulent activity. As a result, all staff must be aware of and be trained in your policies and procedures and be aware of how to report concerns. Training can be provided individually, be workshop led or through the many evolving e-learning packages.
Part of ‘awareness enabling’ staff in the fight against corruption is to understand how to recognise red flags; the warning signs of corruption. Numerous articles have been written on what flags to look for and their distinguishing features. All of these are valid, and a selection is provided on the Serious Fraud Office’s website.
Overall, however, the most important element is that of understanding. Staff must fully understand the transaction they are reviewing, irrespective of which element of the procurement cycle they are in. This requires transparency! It also requires the ability to question in an environment that encourages inquisitiveness, as part of the organisation’s culture, whether this is part of the management oversight function or through the whistleblowing hotline.
Bribery and corruption, although already illegal in the UK, has not been the subject of targeted enforcement. However, the introduction of the Bribery Bill into primary legislation will provide the mechanism for increased investigation by the regulatory authorities, building on their recent high profile work in this area.
As a result, all organisations trading or based in the UK have no excuse going forward in ignoring these risks, whether from a regulatory stance or from the protection of your own organisation‘s very viability. The good news is that adherence to your responsibilities requires only a modification to and extension of best practices that should already be (or are being) embedded within your organisation.
Given the acknowledgement of the SFO’s increased readiness for the introduction of the Bribery Bill into primary legislation, organisations and senior management ignore these risks at their peril.
Paul Huck FCCA
Associate Director, Forensic and Investigation Services
Grant Thornton UK LLP
0207 728 2640