CHAPTER 4: IMPLEMENTING AN ABMS: ONE KEY ISSUE
What’s a gift?
When implementing an ABMS, a gifts and hospitality policy is one of the most discussed and contentious areas to roll out to all staff.
If this can be done successfully, many of the other areas of the ABMS will be comparatively plain sailing.
Gifts may be cash, other items, services or activities of value. Value will be relative to the organisation, wider cultural perceptions in the country concerned and the purpose of the gift. A promotional biro with a logo on it is almost certainly not a bribe, whereas a sports car would be. The difficulty resides with items in between the two extremes and the circumstances in which they are offered or accepted.
Hospitality can merge into the concept of gifts, e.g. a relatively inexpensive meal to discuss a business prospect may be different to a lavish meal at a top hotel, and may be treated as such by a recipient, even if there was no corrupt intention. Business trips that merge into holidays, or even business trips that become a vehicle to offer gifts, including personal services, can become problematic unless there is a clear, well-communicated policy.
For example, an expenses-paid visit to a sporting event may be an inducement but if it is part of a wider, well-publicised marketing activity by an organisation, then it may not be. It all depends on circumstances. It should be risk assessed and also be subject to a gifts and hospitality policy agreed and championed by top management.
Top management also needs to champion the ethos that an ethical approach to business is vital. The gifts and hospitality policy is a key part of the ‘shop window’ of this policy in action.
Brutal truths have to be accepted by an organisation because denial is likely to come back and bite it later in the ABMS implementation.
1. Giving or accepting a bribe is unethical and illegal. Gifts and hospitality can be bribes irrespective of what customers may suggest otherwise. All staff and self-employed consultants need to understand and agree to this.
2. Appropriate and reasonable gifts or hospitality, properly recorded and authorised, are fine so long as the costs incurred are proportionate and reasonable (which need to be defined and risk assessed in each circumstance). It is also fine if the expenditure given or received is part of a duly authorised and properly accounted for marketing or promotional budget.
3. Senior staff shouldn’t see gifts and hospitality budgets as a perk of their package. Although taking the chief executive of your largest client to a good restaurant might be appropriate, the same criteria apply: is the cost reasonable, proportionate and likely to be recoverable in increased profit or surplus, and will it be properly recorded and reported?
4. This rule especially applies where the award of a contract is restricted to a limited shortlist of equally balanced contenders, based on the decision of one person (or a very small group of individuals). Any gifts and hospitality given or received in such circumstances have to be very carefully considered and fully recorded at the time.
5. Even if a customer is blue chip this doesn’t necessarily reduce the risk that much. They might still – unwittingly – be employing a corrupt individual. If that individual is ever caught, they may allege that it was you who initiated their dishonesty – known by lawyers as ‘the cut throat’ defence. Even people you thought were your friends in business may well be tempted to do this to protect their reputation and job or avoid imprisonment.
This risk alone justifies why there needs to be ABMS policies, procedures and good, consistent record keeping. Any ethical grey areas should always be referred to line or compliance management, because keeping things close to your chest can be seriously misconstrued at a later date.
If a gap analysis has been undertaken between ISO 37001 and the existing governance and treasury processes, it may be found that staff expense claims are already effectively managed and reported upon.
If there is a different approach to gifts and hospitality for senior staff, then this needs to be carefully defined. There should be an explicit policy decision about controls to be put in place for such an approach. This is one area where the ‘governing body’ requirement of ISO 37001 can offer a level of control.
In other words, this kind of policy needs to be planned and accepted by top management and leadership. An ‘expense account’ culture has to be risk managed on an ongoing basis and operated within the law.
ISO 37001 talks about charitable or political donations. This might be for legitimate business reasons, e.g. as part of a corporate social responsibility policy, part of duly authorised marketing or promotional activities, or to encourage team building among staff. All such donations (whether in time or money) should always be scrutinised by top management.
Where a branch office can make a cash or labour contribution to charity, then this should be authorised and risk assessed.
This is because small or newly established charities can be used as vehicles for fraud. There should be agreed due diligence, including whether any local staff may have a financial connection with the charity concerned, e.g. they act as a trustee or paid consultant.
In the developing world, charitable contributions may be a direct front for bribery, typically where local decision makers or their family members are beneficiaries to these funds. Even where it is not immediately apparent that an individual is directly connected to a charitable organisation, a strategic donation to their preferred cause or team may be made with the corrupt intent of influencing them. This is a form of bribery, just as if they were paid directly and then donated the money themselves. Due diligence should look into the underlying philanthropic motivations of the actions and scrutinise how or why a particular cause was selected to be supported. For example, if a local official who has some discretionary authority over your business operations is the one who suggests supporting a community development initiative, then that should raise a red flag for further investigation.
On the record
If an organisation decides to adopt a ‘no hospitality given or received’ approach, this needs to be communicated to customers to ensure no offence or other issues are created. This should not be left to junior management. There should be a clear, consistent message from top management. If this is not planned, different layers of management may give different messages or even encourage different operational practices among customers.
If a controlled approach to gifts and hospitality is decided upon, limits of acceptability need to be set and briefed to staff. This may be monetary, such as a percentage of salary, or by specific limitations, e.g. a sandwich lunch is permitted but no alcohol. Exceptions for sales staff or senior managers also need to be defined. Top management need to show accountability for any issues, even if tactical decisions are left to HR or Finance to manage.
Gifts and hospitality received need to be fully recorded. There may be one central log or more local records kept, but there needs to be an agreed, regular approach to reviewing the log. Where trends are identified, a clear policy towards investigation is needed. All staff at all levels of the organisation need to understand that it is important to the business for compliance and wider reputational or marketing reasons.
Practical hospitality issues, such as attendance at sporting events or other potentially expensive activities, need to be considered a policy issue at an early stage. Different organisations will take different views about what is reasonable and proportionate, what their guiding principles are and whether corporate hospitality can be reciprocated. Transparency and consistency of decision making on such points is vital.
Some organisations will only invite multiple parties to such hospitality events, so it cannot be argued that one individual or organisation is solely benefiting. And some organisations will accept no hospitality whatsoever – not even a cup of coffee.
All approaches need to be risk managed – just because more than one customer’s representative(s) are present doesn’t necessarily mean the hospitality is for a legitimate business purpose. However, a proportionate approach to risk based thinking also needs to be considered – sometimes a cup of coffee is simply just that.
Gifts and hospitality can be lifecycle driven, e.g. what might be acceptable hospitality during normal business operations may not be so during a retendering process or a contractual or payment dispute between the parties.
If international business is undertaken, briefing and policies for each territory need to be agreed and implemented. In terms of a long-term business relationship, this can be time consuming if many different cultures and interests need to be considered, and parties consulted. This will be discussed further in the due diligence section.
Some organisations permit modest hospitality to be given or accepted without formally recording this. It should be decided if this still needs to be more informally reported, e.g. an email to line management. Both fraud and corruption tend to operate within secret arrangements and/or where controls are weak, so you should always err on the side of over-reporting. Although this might take some working time, it is essential to have all such transactions properly documented.
Remember that just reporting something doesn’t make it legal or within policy, but it gives line management the opportunity to question it. The chapter on investigations will look at how apparent breaches of the policy should be progressed.
Top management needs to have agreed protocols for dealing with clients and key suppliers who have issues with understanding or accepting the organisation’s policy. This will be discussed further in the due diligence chapter.
If all staff accept and understand the gifts and hospitality policy – and can operate it consistently – then your organisation is a long way towards implementing an ABMS.