Anti-Bribery and Corruption (ABC) Risk Assessment
Overview
Corruption is an unfortunate reality throughout the world in developed and underdeveloped countries alike. It weakens and undermines democratic institutions, distorts national economies, contaminates business practices, fosters government instability, discourages external investments, unjustly enriches public officials and private sector business people, worsens social conditions and public services, and impacts hundreds of millions of people each day.
Major Governmental Regulatory Enforcements
UK Bribery Act 2010
The Bribery Act is an Act of the Parliament of the United Kingdom that covers the criminal law relating to bribery, replacing all previous statutory and common law provisions in relation to bribery — being bribed, the bribery of foreign public officials, and the failure of a commercial organization to prevent bribery on its behalf.
US Foreign Corrupt Practices Act (FCPA) of 1977
This act was enacted for the purpose of making it unlawful for certain classes of persons and entities to make payments to foreign government officials to assist in obtaining or retaining business.
Risk Assessment
As part of the subsequent requirements to have a proper program in place to ensure compliance, organizations should conduct a well-informed, documented and regularly updated risk assessment by determining the nature and extent of its possible external and internal corruption risks.
By having a proper framework in place, financial institutions can play an important role in fighting bribery and corruption in the markets where they operate.
Methodology
Key to achieving the above, institutions need to implement effective risk assessment methodology. Below are 6 stages to be followed as issued by Transparency International UK:
- 1Ensure top level commitment and oversight.
- 2Plan scope and mobilize.
- 3Gather information.
- 4Identify the bribery risks.
- 5Evaluate and prioritize the risks.
- 6Use the output of risk assessment.
Approach
The ABC risk assessment exercise needs to follow a three-phased approach for each line of business segment, as per guidance by the Wolfsburg Group:
Stage 1: Inherent Risk
The risk of a breach of regulatory requirements in the absence of controls.
Stage 2: Control Effectiveness
Determining the effectiveness of the controls deployed to mitigate the inherent ABC risk.
Stage 3: Residual Risk
The risk of a breach of regulatory requirements based on the assessed effectiveness of controls.
Risk assessments should assess both inherent risk and corresponding controls to arrive at a residual risk level.
Elements
There are many elements of a risk assessment, but the core assessment should include:
- 1Potential liability created by intermediaries and other third-party providers.
- 2Corruption risks associated with the countries and industries in which the FI does business, directly or through intermediaries.
- 3Transactions, products or services, including those involving state-owned or state-controlled entities or Public Officials.
- 4Activities of the FI's branches and subsidiaries.
- 5Corruption risks associated with gifts and hospitality, hiring/internships, charitable donations and political contributions.
- 6Changes in business activities that may materially increase the FI's corruption risk.
Conclusion
Residual risk reporting should then be leveraged for Management Information, which is provided to stakeholders and risk oversight forums to ensure relevant functions are operating within risk tolerance levels.
In summary, being able to do more than check-off actions against those set out in guidance notes, employing a customized understanding of the risks and responses through an ABC lens, and utilizing a wide approach across all lines of defense, will effectively manage risk and truly differentiate any ABC programme.
Get more from RMPF
Subscribe for new articles, news, and event invites (double opt-in).