Besides the more notable pieces of legislation that deal with bribery and corruption, which include the USA’s Foreign Corrupt Practices Act of 1977, the United Kingdom’s Bribery Act of 2010 and even South Africa’s Prevention and Combating of Corrupt Activities Act 12 of 2004; now South African organisations will have to contend with even more anti-bribery controls. Considering that South Africa reportedly loses between R25bn-R30bn each year due to bribery and corruption in state procurement alone, any additional anti-bribery measures should be welcomed with open arms.
As governance measures and controls continue to intensify across the world, organisations should be aware that they are legally obliged to comply with all bribery legislation which is applicable to them, no matter which legal jurisdiction they are operating in. So for example, a South African organisation that has any business dealings with the United Kingdom, they are required to comply with the anti-bribery laws of the UK as well as those of South Africa, despite the organisation not having a registered office in the United Kingdom.
In addition to the various pieces of legislation, in many instances an organisation is also required to comply with various international standards, and these standards are set by the International Organisation for Standardisation (ISO). Some of the more well-known ISO standards include ISO 26000 (Social Responsibility), ISO 31000 (Risk Management), ISO 22301 (Business Continuity) and ISO 9001 which covers Quality Management Systems.
As part of an organisation’s commitment to good governance, as well as its desire to improving its reputation for engaging business in an ethical manner, these organisations will openly commit to implementing ISO 37001. This standard deals specifically with the implementation of an anti-bribery management system (‘ABMS’) and it is due to be released in the latter part of 2016. Within ISO 37001, organisations are expected to implement a series of policies, procedures and controls in order to mitigate the risk of bribery, as well as comply with all anti-bribery legislation. This standard has evolved from the current anti-bribery British Standard, known as BS 10500 which provides a practical framework for implementing and applying an ABMS. Similar to BS 10500, the new ISO standard deals specifically with the offence of bribery, as it applies to the organisation and the various jurisdictions in which it operates. Whilst the ISO 37001 standard does not make provision for other offences such as fraud, anti-trust or money laundering, organisations may choose to extend the scope of their respective systems to include these additional offences. This standard can be applied to organisations in the public, private and voluntary sectors, regardless of their size and nature of business and it is applicable to every aspect of the organisation’s activities.
Notably the BS 10500 standard defines an ‘anti-bribery management system’ as a “management system, or part of an overall management system, designed to help an organisation to prevent bribery and to detect, report and deal with any bribery which does occur”. Moreover, this standard also specifically allocates the responsibility of this system to ‘top management’ and states that they should take responsibility for the adoption of the anti-bribery policy, including the implementation of the system.
To avoid any misconception of who is actually going to be held accountable for these systems being properly installed and managed, the BS 10500 standard defines ‘top management’ as a “person or group of people who direct and control the organisation at the highest level”. In South African terms — and in the context of the Companies Act of 2008 (‘the Act’) — it is fairly safe to assume that ‘top management’ may therefore be considered to be the board of directors. This being said, Section 66(1) of the Act states, “the business and affairs of a company must be managed by or under the direction of its board, which has the authority to exercise all of the powers and perform any of the functions of the company, except to the extent that this Act or the company’s Memorandum of Incorporation provides otherwise”.
As the BS 10500 standard is being used as the basis of finalising ISO 37001, one may expect the new standard to echo much of the sentiments found in clause 4.2.1. of the BS 10500, such where it states that top management are required to make a statement that their organisation have adopted an anti-bribery policy, and that top management fully supports their policy and anti-bribery management system. Within this particular clause, it indicates that the chairman or the CEO will usually make the statement regarding the organisation’s firm stance in respect of its anti-bribery policies and systems implemented to prevent bribery. Of course, as more pressure is exerted upon organisations and their top management to support all forms of anti-bribery, one may also expect anti-bribery statements to feature in the organisation’s annual Integrated Report, and such where these statements are verified by the organisation’s internal and external auditors and made public to all the organisation’s stakeholders.
More responsibilities are bestowed upon top management, especially when they decide to delegate some of their duties in relation to allowing other personnel to make decisions where certain risks of bribery may be possible. In these circumstances, it is incumbent on top management to “establish a decision-making process that ensures that the decision process and the seniority of the decision-maker are appropriate for the value of the transaction and the perceived risk of bribery”. Hopefully, the new ISO 37001 will incorporate this thinking, as well as insist that a compliance manager with the requisite skills have direct and prompt access to top management in the event that any issue or concern needs to be raised in relation to the anti-bribery policy or anti-bribery management system.
Indeed, it is also important that the compliance manager has access to the organisation’s forensic department in order that the forensics experts can become involved as quickly as possible when this is necessary. Their involvement could minimise the potential risks and losses when bribery is suspected or committed, not least also providing proper guidance on the necessary preventive steps which must be taken to ensure the loop holes are closed.
With these sorts of measures in place, it is clear that the International Organisation for Standardisation is intent on playing its part to ensure that anti-bribery policies and systems are taken seriously, and that the highest levels of management in the organisation are held to account.
As one considers the current BS 10500 anti-bribery standard and its ISO 37001 replacement — which will be applicable on a global basis — hopefully organisations will come to realise the critical importance of adopting these standards on a meaningful basis, and that they will not merely see ISO 37001 as another ‘tick-box’ exercise. Of course, if regulators place hefty fines or even jail sentences on those who continue to perpetuate conflicted, under-handed and unethical business transactions, then there is sure to be positive change on the horizon.
It must be clearly understood that bribery most definitely does affect many more people, besides the actor and the other party involved in the wrongful act, and such where their actions cause an unfair advantage. At a more macro level, bribery and corruption undermines state legitimacy and service delivery; it furthermore distorts market competition, increases the cost of doing business and decreases the ease of conducting business.
Understandably, this scourge has a massive and debilitating burden upon South Africa’s development and it remains a critical area of risk for business stability and sustainable growth in our economy. To this end, Transparency International (‘TI’) rates South Africa 67th out of 174 countries in respect of the perceptions of corruption in the public sector and this position has steadily become worse over the years. Understanding that the best ranking is 1, which is currently held by Denmark with a score of 92, South Africa is placed in 67th position and in the same league as Kuwait, Brazil and Bulgaria. From a bribery perspective, in the private sector South Africa is ranked by the Bribe Payer’s Index (BPI) Report in 15th position out of 28 countries.
It is estimated that the South African economy may have lost approximately R675 billion as a result of corruption since 1994 and it is clear that at the heart of this problem lies a perceived lack of accountability for maladministration which many leaders in business and government seem to be evading. Considering the extent of our anti-corruption and anti-bribery legislation already in place, one can only hope that the policies, processes and controls which are found within ISO 37001, will drastically reduce these rampant acts of bribery and corruption.
Undoubtedly, whilst there may be excellent anti-corruption architectural structures in place to tackle bribery and corruption; these are meaningless if there is no political leadership or political will that prevents the continual impunity for the perpetrators fuelling bribery and corruption. If the board is ultimately accountable for ensuring the organisation’s compliance to ISO 37001 — and the correct consequences for non-compliance are in place — stakeholders may begin to see a rapid reduction in this crime, not least better and more sustainable business practices both locally and abroad.