Reassessing the Anti-Bribery Anti-Corruption Compliance Programme in Asia

KEY TAKEAWAYS:
1. There are heightened risks when managing businesses in jurisdictions far away from the parent company, and as a result maintaining effective oversight can be challenging.

2. The cost of bribery and corruption is high, and there have been more reports on anti-bribery and anti-corruption (“ABAC”) law enforcements in emerging markets. Therefore, it is a good time for businesses to reassess or implement an ABAC compliance programme if a company has overseas presence.

3. Benefits of a sound ABAC compliance programme when an issue arises include:
i)    Strengthening a company’s reputation amongst its business partners (clients and suppliers) and preventing them from dissociating with the company. This would reassure the company’s business and financials are not disrupted; and
ii) Limiting potential financial losses, as well as legal and investigative fees.

What is the cost of bribery and corruption to the economy?

In today’s global economy, companies often engage in multi-jurisdictional trade and supply chains, especially in emerging market countries, due to the low cost of labour and materials. This heightens risk and more susceptibility to misconduct as managing businesses in jurisdictions far away from the parent company can be challenging with limited oversight. 
The financial losses due to fraud is significant. According to:

• The Association of Certified Fraud Examiners’ biannual 2024 fraud survey report, 5% of revenue is lost to fraud each year, with corruption being the most common fraud scheme in every global region.
• The last United Nation’s meeting on corruption, the Secretary General reported that the World Economic Forum estimates the global cost of corruption to be at least USD 2.6 trillion, or 5% of the global gross domestic product. Additionally, the World Bank estimates that business and individuals pay more than USD 1 trillion in bribes every year.¹

One example of a common type of fraud is bribery. In certain jurisdictions, bribery is perceived as a norm to facilitate business development and is not recognised as a form of misconduct by the business community.
 

Why should companies be concerned about ABAC in Asia?

Long-standing Anti-Bribery Anti-Corruption (“ABAC”) legislations, such as the Foreign Corrupt Practices Act (“FCPA”) and the UK Bribery Act, are developed and enforced by regulators in their respective jurisdictions. Globally, there is an increasing trend of more stringent ABAC laws in many Asian countries considered as emerging markets. For example:

• Vietnam’s Communist Party (“CPV”) led a corruption crackdown in 2023, where multiple senior-ranking government members were arrested, investigated, and prosecuted on various charges, including bribery, abuse of power, and fraud.  Businesses in the private sectors, which were deemed to have close contacts with these government officials, were also subjected to investigations.²
• In China, several additions and amendments to their ABAC legislations have significantly strengthened the ABAC enforcement framework. Furthermore, on December 29, 2023, an amendment to the Criminal Law intensified punishments for individuals offering bribes to government officials;³
• Malaysia implemented Section 17A of the Malaysian Anti-Corruption Commission Act on June 1, 2020, which stipulates a corporate liability principle where an organisation’s directors can be held individually guilty if any of its employees and/or associates commit corruption for the benefit of the organisation.⁴

Hence, companies should be more aware of the heightened risk and costs of non-compliance with ABAC legislations in the Asia region.

Refreshing the ABAC compliance programme to fit Asia’s Needs:

Globally, one of the most notable ABAC programmes is the ISO 37001,⁵  which encompasses seven clauses. Depending on an organisation’s needs, it may or may not choose to become ISO 37001 certified. 
Nonetheless, organisations should consider refreshing or implementing ABAC programmes based on the principles of ISO 37001, which closely mirrors the hallmarks of an effective compliance programme recommended by the DOJ and SEC⁶  for companies with a US nexus to comply with the FCPA (the “Hallmarks of an Effective Compliance Program”), one of the highly enforced legislations.

Below are the seven ISO 37001 clauses and the Hallmarks of an Effective Compliance Program summarised in three areas of a business:

Control Environment Overview
The ISO 37001 clauses applicable here are: Organisation, Leadership and Planning.

The Hallmarks of an Effective Compliance Programme applicable here are: Commitment from Senior Management and a Clearly Articulated Policy Against Corruption; Risk Assessment.

The company’s top management, including the board of directors and executives, should set the tone to foster a culture of ethics and compliance with the law across all levels of the company. 
The foundation of a well-designed compliance programme is established upon the effectiveness of the company’s risk assessment in each line of business. For example, business units with:

• Frequent interactions with government officials in certain jurisdictions where bribery and corruption are generally accepted as part of the norms of business practices may suffer from “demand-side” bribery risk, as they would likely face bribe requests when carrying out normal business activities; on the other hand
• Operations in highly competitive markets may be susceptible to “supply-side” bribery risks when they try to gain competitive advantage over other counterparties by offering bribes to key decision makers.

Management and Implementation
The ISO 37001 clauses applicable are: Support and Operation.

The Hallmarks of an Effective Compliance Programme applicable here are: Oversight, Autonomy, and Resources; Code of Conduct and Compliance Policies and Procedures; Training and Continuing Advice.

Those charged with compliance oversight should have sufficient seniority within the company, appropriate experience, and sufficient resources to implement and enforce the internal controls. The compliance programme should entail:

• Policies and procedures that address risks identified by the company through the risk assessment process;
• A code of conduct to specify the company’s commitment to full compliance with the applicable laws and regulations which are applicable to all company employees and third parties; and
• Trainings and communications for employees across all levels to understand the compliance programme, which are key to a successful compliance programme.

Continuous oversight
The ISO 37001 clauses applicable are: Performance and Improvement.

The Hallmarks of an Effective Compliance Programme applicable here are: Third-Party Due Diligence and Payments; Confidential Reporting and Internal Investigation; Periodic Testing and Review; Pre-Acquisition Due Diligence and Post-Acquisition Integration; Incentives and Disciplinary Measures.

The following are areas where companies ensure the compliance programme is fit for purpose and set up for success:

• Continuous auditing of different business units within the company and business partners to assess their awareness of compliance polices and whether they are compliant with the compliance programme.
• Regular updating and reviewing of the company’s compliance policies and procedures periodically through gap analyses and analysis of prior non-compliance issues.
• Enforcement of clear disciplinary procedures consistently across the company and communication of these procedures to all employees to discourage non-compliance and convey intolerance for unethical conduct.
   

Why is it important for companies to maintain a sound ABAC compliance programme? 

Companies can not only limit financial losses due to bribes paid but also shield themselves from further financial and legal liabilities, such as hiring external lawyers and investigators to review misconduct and potentially pay hefty fine penalties for ABAC violations. A well-designed and robust ABAC programme can provide evidence of proactive compliance efforts, even in cases where individual employees engage in corruption or bribery.

In an SEC case⁷  on FCPA violations by a former executive of a financial services company, it was demonstrated that companies can protect themselves from government charges related to alleged corrupt payments, if they can prove to the regulators the existence of compliance programmes to mitigate the ABAC risks. 

Regulators recognise the efforts of compliance teams in FCPA investigations, and records of an effective ABAC program can help dissociate the company from acts of bribery and corruption committed by individual employees.

More importantly, when a company’s bribery misconduct is heavily publicised or known in its industry, the company will be able to reassure its business partners (clients and suppliers) that they are operating above board and that the misconduct was due to a rogue employee. This would avoid the undesired event of business partners cutting ties and disassociating themselves from the company, which could result in a major financial disruption in the business.
 

Recommendations for Action

Given the heightened risks and increased opportunities for misconduct by employees in emerging markets, coupled with the enforcement of more stringent ABAC laws in many Asian countries, it is now a good time to:
i)    Reassess the current state of the ABAC compliance programme and make further improvements; or
ii)    Implement a compliance programme to deter and detect bribes and corruption.

Sources:

¹https://www.un.org/press/en/2018/sc13493.doc.htm

²https://www.reuters.com/world/asia-pacific/vietnam-extend-anti-graft-drive-police-reveal-real-estate-fraud-worth-3-gdp-2023-11-23/
https://www.scmp.com/week-asia/politics/article/3213141/vietnams-blazing-furnace-corruption-purge-spotlights-political-tug-war-economic-unease

³https://www.bloomberglaw.com/external/document/XAHPNFVG000000/commercial-professional-perspective-new-us-chinese-laws-targetin

⁴https://www.legal500.com/developments/thought-leadership/corporate-liability-provision-under-section-17a-macc-act-2009-and-why-it-matters-to-you/
⁵https://www.iso.org/iso-37001-anti-bribery-management.html
⁶https://www.justice.gov/criminal/criminal-fraud/fcpa-resource-guide