EthicsComplianceHubs | 2018 Edition | Musat & AssociatesJUN 7, 2018 / BUCHAREST

The Challenges of ABAC Compliance in the Supply ChainFrom Due Diligence to 3rd-Party Audit

Cristian DUCU, PhDCentre for Advanced Research in Management and Applied EthicsEuropean Ethics & Compliance Association

What is and what isn’t

ABAC Compliance

ABAC Compliance in the G-R-E-C-S MultiverseNew Developments

ABAC Compliance in the G-R-E-C-S Multiverse

The Ethics & Compliance function is both a strategic and a support one.

Strategic – it should earn a seat at the Board’s table

Leading Corporate Integrity: Defining the Role of the Chief Ethics and Compliance Officer(CECO); Ethics Resource Center, USA, Aug. 2007.

Emmanuel Lulinappointed Senior VP (2013)to extend his position as Chief Ethics Officer at L’Oreal (2013)

Sylvie Kandé de Beaupuyappointed to the Board of Directors of Siemens-Alstom (2018)

Support – it should provide effective means to prevent and fight corruption, bribery and abusive business practices throughout the organization and its value chain

A New Trend?

GOVERNANCE

• ABAC Policies & Procedures• Ethical Leadership & Stewardship• ABAC Training• ABAC Communication

ABAC Institutions

REGULATORY

• ABAC Regulatory Frameworks/Requirements• Regulatory Enforcement Actions• Sanctions Lists

REPORTING

• Financial Transparency• Non-Financial Transparency

RISK

• Enhanced Due Diligence (beneficial ownership, corruption risks etc.)• Risk Assessment• Substantive Testing• Monitoring Reviews• Internal Audits• 3rd-Party Audits• Whistleblowing/Ethics Hotlines• International roundtables

or integrity pacts

ABAC Technology

REGULATORY

• Thomson Reuters, LexisNexis etc.regulatory compliance platforms

• Lists of sanctions and sanctioned people

REPORTING

• Reporting platforms• International benchmarking systems

GOVERNANCE

• Policies & Procedures management systems• Internal Communication & training platforms

RISK

• Due Diligence platforms Enhance Beneficial Ownership → ORBIS (BvD)• Automated screening of 3-rd Parties• Audit systems • 3rd-Party Audits• Whistleblowing online platformsformer EthicsPoint (Navex) and similar services

ABAC Practices

REGULATORY

Negative approach: top-management introduce exceptions regarding some PEP clients that can help with some public affairs issues

REPORTING

Negative approach: in respect to the shareholders’ rights, demonstrate no transparency regarding a corruption case that affects the company

GOVERNANCE

Negative approach: implement procedures without extensive (internal and 3rd-party) communication and training

RISK

Positive approach: legal clauses included in the supply agreements concerning the monitor reviews, 3rd-party audits, sanctions in case of corrupt practices

• US Foreign Corrupt Practices Act (1977)

• Inter-American Convention against Corruption (IACAC, 1996)

• OECD Convention on Combating Bribery of Foreign Public Officialsin International Business Transactions (OECD Anti-Bribery Convention, 1997)

ABAC Regulatory Frameworks

The design and effectiveness of the ABAC policies & procedures are based on the existing regulatory

requirements

are influenced bythe available tech solutions

and

depend massively on the risk appetite of the organization

• United Nations Convention against Corruption (UNCAC, 2003)

• African Union Convention on Preventing and Combating Corruption (2003)

• European Anti-Corruption Conventions

• UK Anti-Bribery Act (2010)

• SAPIN II (2016)

• Spanish Penal Code (2015)

• ISO 19600, ISO 37001

• GRI Standards

Commercial Bribery

Blindspot

A Common Example of Corruption

A Less Known Case of Corruption: Commercial Bribery

Why Should I Be Responsible for the Actions of My Supplier?

Challenge #1

Common Rationalization

The vast majority of businessmen & businesswomen, across the globe:

my sole and constant objective/target is to make more money for my shareholders(and avoid paying fines and other types of costs associated with non-compliant practices)

to be responsible for what my supplier does is an exaggeration on the behalf of the regulatorbecause I cannot control his/her actions and business practices

“Everyone is responsible for himself/herself.”

Illustration:- Rana Plaza collapse (April 24, 2013; Bangladesh) – Primark vs. Walmart behaviour

One Example: UK Anti-Bribery Act (2010)

‘No Clean Supply Chain’ Rule

Challenge #2

There are no supply chains immune to corruption and bribery,no matter what a company does to protect itself.

‘No Clean Supply Chain’ Rule

The absence of admittance of this leads to blind spots and increasing risks throughout the supply chain.

The risks associated with corruption increase with the size of the supply chain: a larger supply chain is more exposed than a small one.

The level of the corruption, bribery and abusive practices depends not only on the size, but also on how spread and where is geographically located the supply chain: a dispersed supply chain throughout Asia is more exposed than one located in Eastern Europe.

If abusive practices are generally easy to spot, corruption and bribery are allusive and happen mainly behind closed doors.

Industry Practices

Challenge #3

Some industries are more exposed to corruption and bribery than others

a) especially the strict regulated industries (e.g., Extractive, Pharmaceutical, IT&C , Construction etc.)

b) especially those who are forced down to offer low prices(e.g., Textile, Agriculture etc.)

c) especially those who are working with public procurement(e.g., IT&C, Consulting for EU funds)

Industry Practices

Illustrations:- Microsoft Cases (Romania); Siveco (Romania); Asesoft (Romania)- Automotive Industry – the collusion case of the German automakers

(Volkswagen, Audi, BMW, Porsche, Daimler) on diesel emissions (the 90s)

Some states are more flexible when the bribe serves the interests oftheir SOEs and/or are paid in foreign countries:

- former regime of Gaddafi (Libya), China, Russia

So you need to screen even more the legal entities belonging to this type ofstates or PEPs.

How deep should the due diligence process be?

National Double Standards

How Do You Discover a Rogue Supplier?

Challenge #4

Most of the time, it is too late when a company learns about thenon-compliant practices of one of its suppliers.

There are also cases when a company learns via a tip(ethics/whistleblowing hotline). This is the most used channel in suchcases and it should come with considerable protection towhistleblowers.

The investment in prevention is the key for keeping the corruptionand bribery risks at acceptable levels.

How Do You Discover a Rogue Supplier?

The investment in prevention is the key for keeping the corruption and bribery risks at acceptable levels.

What to Do?

To decrease the corruption and bribery risks can be achieved only by increasing the risk adversity of the supplier:

- the due diligence process to be thorough and not negotiable

- the danger of losing the contract if non-compliant to be real

- monitoring reviews to be comprehensive

- the ethical stewardship to be an active program

- the whistleblowing hotline to be effective and lead to testing

- 3rd-party audits to be unannounced and more comprehensive

Compliance Fatigue

Challenge #4

The Ethics & Compliance Department should not become theorganizational policeman and nor should introduce a new form ofbureaucracy.

Compliance Fatigue

The danger of increasing the responsibilities of the Ethics &Compliance Department to the breaking point.

Illustration:- local, less significant markets, multinationals have the tendency toconcentrate multiple functions in one department or even in one position

Legal & Compliance & IP & Data Protection ManagerAML, Anti-Fraud, Internal Control & Compliance & Ethics Dept

It is equally if not perhaps more important torecognize that laws and regulations, surveillance, andsanctioning -- the tools of control -- may themselvesbe related to unlawful behaviour. Increasing theseresources to strengthen agency capabilities may havethe unintended effect of increasing real rates ofunlawful business conduct, even after accounting forincreases from greater enforcement activity.

Diane Vaughan (1983), Controlling Unlawful OrganizationalBehavior. Social Structure and Corporate Misconduct; University ofChicago Press.

Integrity is not a cost nor an investment,but an excellence of character

+4 073 320 4146 centre@etica-aplicata.ro

www.etica-aplicata.ro