Fighting supply chain corruption

With many companies having tens of thousands of suppliers, it is not surprising that managing corruption risks is proving problematic. Miranda Ingram reports

The Bribery Act 2010 was passed in the UK in 2011. So far there have been no prosecutions but investigations are underway. The first prosecution will make it very clear what is and isn’t acceptable and how heavy the punishments will be.

Obviously a fat brown envelope to a government employee or customs official is a no-no. But what about Wimbledon tickets, say, or a slap-up lunch?

Do you know if your procurement manager selecting suppliers because of a family relationship? Is one of your suppliers’ suppliers paying kickbacks to pass health and safety inspections? Could your purchasers and suppliers be divvying up the spoils of fraudulent billing?

Corruption is possibly the biggest obstacle to economic and social development around the world, distorting markets, stifling economic growth, undermining democracy and the rule of law. The United Nations Global Compact estimates that the cost of corruption is more than 5 per cent of global GDP, with more than US$1.5 trillion paid in bribes each year.

Businesses all over the world are exposed daily to corruption risks in the supply chain as well as the ensuing financial hardships, growing threat of legal action and increased pressure of public opinion. Yet almost two thirds of the anti-corruption due diligence procedures assessed by GoodCorporation over the past four years have been found to be inadequate – particularly appropriate due diligence on third parties.

“Managing corruption risks in the supply chain is one of the hardest areas of anti-bribery controls to get right,”says GoodCorporation director Michael Littlechild.

“With many companies having tens of thousands of suppliers, it is not surprising that this is proving problematic. The temptation is to do one of two things: conduct superficial due diligence on all third parties and suppliers or carry out more detailed investigations on a handful thought to pose the biggest risk.”

But today the situation is the exact opposite of what it used to be. Ten or so years ago, when you talked about corruption in the supply chain, people would shrug and say “that’s the way business is done over there; you can’t operate without kickbacks.” Then, the supply chain could be used as a way of not knowing what was going on: “I don’t care how you do it but I need those goods shipped this week” was a way of not knowing that a customs official had had to be bribed to speed up clearance.’

But the new Bribery Act - and similar toughened up legislation around the world - makes a company responsible for the actions of its agents - a particular risk when the use of a local agent is obligatory in licensing applications, for example.

“Anti corruption due diligence is not rocket science,”says Littlechild. “But it does demand focused effort as well as considerable resources to do it properly. This is particularly tough on SMEs who as well as lacking resources may also lack clout. If you are Shell, say, and you ask a supplier to fill in a questionnaire they’ll probably do it - a smaller company may lack leverage.”

But while the investment in stringent anti corruption policies may be high, the costs of ignoring it can be far higher - not just the costs of the corruption itself but also management time and resources dealing with the fallout, such as legal liability and damage to a company’s reputation.

Dealing with corruption, on the other hand, can improve product quality, reduce fraud and related costs, enhance the company’s reputation, improve the business environment by promoting fair competition and create a more sustainable platform for future growth.

Crucially, suppliers also reap benefits. The United Nations Global Compact 10th Principle Working Group recommends that customers not merely dictate compliance terms but play an active role in educating suppliers and helping them fix problems.

Tullow Oil is a leading independent oil and gas company operating in Africa and the Atlantic Margins and with a portfolio of over 130 licences spanning twenty two countries.

Since instigating a rigorous zero tolerance for bribery and corruption programme with the launch of its Supply Chain Anti-Corruption Due Diligence Evaluation Procedure in 2014, the company raises awareness of its Code with suppliers through meetings that are held before contracts are awarded.

“The oil industry has known issues of corruption related to bribes being paid for securing of contracts, collusion in companies’ supply chains and unethical dealings with public officials, to name a few,” says ethics and compliance manager Hemrish Aubeelack.

Tullow now makes sure all suppliers have an equal opportunity to tender by providing advance notice of tenders, an overview of the standards potential suppliers are required to meet and feedback to all unsuccessful companies on why they were not selected.

Supply chain due diligence has had a positive impact in encouraging suppliers that did not have adequate controls in place.
“We have had a number of success stories where, as a result of providing feedback to suppliers on their anti-corruption controls that we considered inadequate, suppliers took the opportunity to develop or enhance their compliance programmes. They understand that investing in compliance controls makes them an attractive and trusted business partner for any client, which is rewarding,”says Aubeelack.

Over the past year, during which Tallow was assessed by Transparency International as having scored 100% in ‘reporting on anti-corruption programmes’ , the company has delivered workshops and training to over 200 staff and suppliers involved in contract management and both staff and business partners are encouraged to raise concerns about actual or potential breaches of the company’s Code of Business Conduct, anonymously if they wish, through the company’s ‘Speaking Up’ channels.

“With an anti-corruption programme in place we are able to demonstrate to our stakeholders, both internal and external, how we are living our values,” says Aubeelack. 

***

GoodCorporation recommends the following three-stage approach:

Stage One: Screening
• Undertake a careful risk-based assessment of all suppliers – new and old – to identify those that pose a real threat to the organisation.
• Use a carefully designed decision tree covering the following areas:
• Do the third party’s services include helping to obtain, promote or expedite sales?
• Has the third party been independently sourced or recommended by a public official/client?
• Do the third party’s services involve freight forwarding or customs clearance and might they subcontract this process?
• Does the third party obtain any kind of government permit on the company’s behalf or might they use agents to do so?
• Do the third party’s services involve lobbying or interacting with government or public bodies on your behalf?
• Does the third party source goods or services
• Is the third party paid a success fee?
• If the answer to any of the above is YES a due diligence risk assessment should be completed.

Stage Two: Initial Risk Assessment
• The due diligence risk assessment should covering the following subjects, some of which will require a questionnaire to the supplier:
• Is the third party delivering its services in a high or medium-risk country?
• Are the third party’s owners/managers/close associates current or former public officials/politically connected or subject to sanctions?
• Has the third party any previous connection with the contracting company?
• Is the third party subject to any investigations or convictions relating to bribery or corruption?
• Has the third party requested non-standard remuneration?
• Does the third party have an acceptable/robust anti-bribery policies/code of conduct?
• Would this contract represent a substantial share of the third party’s business?
• Could the third party provide three referees from existing customers?
• If the answer to more than one of the above is YES, risk based due diligence follow-up is required.

Stage three: Risk-Based Due Diligence
This could involve all or some of the following:
• Verification of the information provided in the due diligence questionnaire
• Telephone follow-up of any references provided
• On-site interviews and independent background checks for those that cause the greatest concern
• In the event of negative or incomplete feedback from the risk-based due diligence, the supplier should NOT BE SELECTED
Post selection controls to mitigate risk
• Once selected there should be a process in place to communicate the organisation’s responsible business principles and ensure that the supplier abides by these or their own equivalent principles
• Offer training/coaching to strengthen third party ABC controls
• Ensure that there is a policy in place not to offer, pay, solicit or accept bribes in any form to or from suppliers either directly or indirectly
• Ensure that the exchanging of gifts and hospitality complies with the organisation’s own local policy on gifts and entertainment
• Agree a process of monitoring and engagement to ensure compliance with anti-corruption controls and procedures
• Establish auditing rights to ensure that high-risk suppliers can be assessed as required
• Ensure regular and open dialogue with suppliers
Ensure third parties are aware of the organisation’s speak-up system so that any concerns regarding the breaches of anti-corruption procedures can be raised through the appropriate channels.