Anti-bribery and corruption (ABC) Compliance Survey 2021

This bears out our experience: while most companies are alive to the need to conduct pre-acquisition due diligence, fewer go the extra step of seeking to conduct post-acquisition due diligence as part of integration once the deal has been completed.

Post-acquisition due diligence is crucial: companies need to get under the hood of newly acquired subsidiaries and new JVs to ensure that ABC risks are being managed appropriately, and any issues can be remediated quickly. Many bribery investigations start following a site visit to, or speak up report from, a subsidiary bought years earlier that has not been properly integrated into the group. The extent to which a company can subject its newly acquired subsidiaries and JVs to appropriate scrutiny to track and remediate misconduct is indicative of a company’s overall effectiveness of its compliance programme.

Over half of respondents said that there was only a small/some degree of oversight of joint ventures (JVs) and subsidiaries in relation to ABC.

This is surprising given that the actions of subsidiaries and JVs give rise to a significant proportion of bribery cases globally (for example as associated persons under the UK Bribery Act). While the degree of centralisation that is appropriate varies between corporate groups, it is important that there is sufficient oversight and management of ABC risks – many ABC issues occur a long way from “home”.

Respondents said that when performing their risk assessment process they focused mainly on addressing risks relating to (i) the involvement of third parties; (ii) specific transactions; and (iii) the geographical location of their business activities.

Whilst those areas are important, an evaluation of issues facing peer organisations in similar industries and/or regions should also inform the risk assessment (and this is emphasised in the DOJ guidance).

In our experience, this is crucial because many peer companies face similar issues in particular markets (see for example the issues faced by telecoms companies in a number of jurisdictions).

Risk-tailored resource allocation is important for two reasons.

First, and most importantly, it gives a company the best chance to ensure that its finite resources are deployed efficiently in order to make the compliance programme as effective as possible.

Second, authorities across the world expect to see a risk-based compliance programme.  This will be difficult to show if resources are not utilised to address key risks identified by the company.

Only 34 percent of respondents indicated that ongoing monitoring of third parties is conducted on a regular (i.e. annual) basis. While we can see that for lower risk third parties less frequent monitoring may be appropriate, regular monitoring is crucial for medium and high risk third parties. This is borne out by respondents having indicated that ongoing third party monitoring is a key area resulting in the identification of instances of non-compliant behaviour in relation to ABC.

Third parties are at the heart of ABC risk; in most companies if third parties are not appropriately monitored then ABC risks will not be appropriately monitored. The DOJ expects organisations to engage in ongoing monitoring through various methods, such as updated due diligence, training, audits and/or annual compliance certifications. The MOJ expects appraisals and continued monitoring of a company’s associated persons proportionate to the identified risks.