By Suveer Khanna, Partner – Forensic Services, KPMG in India and Abhishek Sinha, Technical Director – Forensic Services, KPMG in India

Corruption is a global phenomenon and not restricted to any one country. In recent years, the fight against corruption of public officials has gained momentum due to globalisation, active media and role played by international groups and organisations.

In 1977, the United States (U.S.) enacted a federal law, the Foreign Corrupt Practices Act (FCPA), that prohibits the payment of bribes to foreign officials by the U.S. organisations, acting anywhere in the world, directly or indirectly, in order to obtain or retain business. The FCPA also requires the organisations to maintain accurate books and records. They should also have a system of internal controls sufficient to provide reasonable assurances where transactions are executed, and assets are accessed and accounted for, in accordance with management's authorisation. The sanctions and penalties for FCPA violations can be significant. Organisations may also be subject to oversight by an independent consultant.

The United Kingdom (U.K.) introduced the Bribery Act 2010. Internationally, it is among one of the strictest legislations on bribery in the world. Other European governments and emerging economies, including China and Brazil, have implemented anti-corruption regulations too.

India is no exception to the ill-effects of corruption. Historically, India has been ranked low in the corruption perception index published by Transparency International. India currently has the Prevention of Corruption Act, 1988 (PCA) that prohibits public officials from accepting bribes. The amendments to the PCA in 2018, prevent an organisation from taking the plea that bribery and corruption instances are individual offences, except when it can prove that it had adequate compliance procedures and safeguards in place to prevent its associated persons from such conduct. For more details, please refer to our thought leadership on “The Prevention of Corruption (Amendment) Act, 2018: Key Highlights”.

With globalisation, there has been a growth in international organisations operating in multiple jurisdictions. The biggest challenge for these organisations is to meet the compliance requirements of applicable international and local legislations. It is critical that companies establish a compliance system that can identify and elevate potential red flags.

Adequate and effective Corporate Compliance Programme (CCP)

Enough guidance[1] is available from regulators and international bodies on how organisations can build an adequate and effective CCP. An effective compliance programme is expected to be tailored according to a company’s specific business and its associated risks. It should also be constantly improved and adapted to corporate changes. Hallmarks of an effective compliance programme are as follows:

  • Periodic risk assessments and continuous improvements – a risk-based approach should be followed to design the CCP
  • Code of conduct and compliance policies and procedures – should be clear, concise, accessible, and reviewed periodically to remain updated
  • Tone at the top, training, and continuing advice – a ‘culture of compliance’ adopted and adhered to by high-level executives, that is implemented by middle managers and clearly communicated to and reinforced for all employees
  • Oversight, autonomy, and resources – responsibility for overseeing and implementing the CCP should be with senior executives, who are expected to have appropriate authority within the company, as well as adequate autonomy from management, and sufficient resources to ensure effective implementation. Staffing and resources to the CCP should be proportionate to the size and risks of the businesses
  • Appropriate due diligence program – to manage third party risks and risks associated with mergers and acquisition
  • Confidential reporting – for employees and others to report misconduct or violations of the companies’ policies on a confidential basis and without fear of retaliation
  • Investigation, analysis, and remediation of misconduct – A well-functioning and well-funded mechanism for the timely and thorough investigation of allegations of misconduct and a means for documenting the company’s response, including any disciplinary or remediation measures taken. Companies should conduct a root cause analysis of the misconduct and integrate lessons learned into their policies, procedures, and controls.

KPMG in India’s experience shows that organisations in India, especially in the mid and small size segment, have a compliance programme which is good on paper but lacks proper risk assessment, staffing and resources for effective implementation and monitoring of the CCP. Compliance procedures are mostly manual and unstructured which may not identify and elevate potential red flags. Data retention is disorganised, which creates challenges in data retrieval for compliance audits and is also prone to loss of data.

Organisations can leverage technology to improve efficiency and effectiveness of CCP by:

  • Automating periodic risk assessment and workflows of CCP
  • Incorporating analytics tool to automate the transaction monitoring
  • Incorporating structured and centralised data management system with document retention
  • Incorporating real-time dashboards and reports for compliance assessments.

Now, it is imperative for organisations to understand that simply creating a compliance programme is not enough. Compliance programmes and internal controls must be well designed and effectively implemented and also tailored to a company’s risk profile for managing bribery and corruption.

[1] Some of the key guidance notes are as follows:

  1. US Department of Justice guidance (DOJ) on “Evaluation of CCP – last updated in June 2020
  2. UK Bribery Act Guidance 2010 – The six principles
  3. The OECD Principles of Corporate Governance
  4. An Anti-Corruption Ethics and Compliance Programme for Business: A Practical Guide
  5. ISO 37001: International Standard in anti-bribery management systems