The importance of having a robust corporate compliance programme that is closely adhered to by all employees should not be underestimated, given its role in helping to prevent corrupt conduct within the organisation. On the facts of the Standard Bank case, the bank was unable to mount a convincing argument based on the adequate procedures defence due to its ineffectively designed and implemented compliance programme.
As regards design, it is crucial to ensure that the compliance programme is relevant to the corporate entity’s business, operations and risk profile. Generic compliance programmes should be avoided in favour of more nuanced ones. The sophistication of a corporate compliance programme can be increased by tailoring it to factors such as the jurisdictions involved, nature of the business and capacity in which other parties may be engaged.
As regards implementation, the Standard Bank case clearly shows that ensuring employees understand when various component policies, processes and procedures of a compliance programme apply, is vital. On the facts of that case, Standard Bank staff had been unclear about whether a particular policy on introducers applied to the local partner (EGMA), and consequently failed to conduct due diligence checks on EGMA. Mere desktop checks, if conducted, would have revealed that two directors of the local partner were politically exposed persons and that one was a serving public official at the time, undeniable red flags for corruption and bribery. However, Standard Bank relied on checks purportedly conducted by its sister entity, Standard Bank Tanzania, in the transaction instead. Those checks were deficient and failed to identify the political status of both directors. As a result, measures to contain the risks and protect Standard Bank from being involved in any questionable payments were not taken. Evidently, clarifying the applicability of each policy, process and procedure making up the compliance programme will be necessary to ensure that employees comply with them in practice. Ideally, the question of applicability should be addressed both at the outset, when designing and scoping the compliance programme, and consistently thereafter, throughout the implementation of the programme.