Internal Controls: The Role of Senior Management

The adequacy internal controls are vital to global anti-bribery compliance.  It does not matter whether an entity is subject to the FCPA, the UK Bribery Act, or another legal regime.  It also does not matter whether an entity is an issuer under the FCPA or subject to the jurisdiction of the Financial Services Authority (FSA).  The basic concepts are directly relevant to any entity’s compliance program.

The guidance issued by the FSA in December of 2011 for internal controls for bribery and corruption for entities subject to its jurisdiction provides useful insights.  Attorneys, in-house counsel, accountants, consultants, and other providing advice to entities should take particular notice of the guidance issued relative to the role of senior management:

A firm’s senior management are responsible for ensuring that the firm conducts its business with integrity and tackles the risk that the firm, or anyone acting on its behalf, engages in bribery and corruption.

Self-assessment questions:

  • What role do senior management play in the firm’s anti-bribery and corruption effort? Do they approve and periodically review the strategies and policies for managing, monitoring and mitigating this risk? What steps do they take to ensure staff are aware of their interest in this area?
  • Can your firm’s board and senior management demonstrate a good understanding of the bribery and corruption risks faced by the firm, the materiality to its business and how to apply a risk-based approach to anti-bribery and corruption?
  • How are integrity and compliance with relevant anti-corruption legislation considered when discussing business opportunities?
  • What information do senior management receive in relation to bribery and corruption, and how frequently? Is it sufficient for senior management effectively to fulfill their functions in relation to antibribery and corruption?

Examples of good practice:

  • The firm is committed to carrying out business fairly, honestly and openly.
  • Responsibility for anti-bribery and corruption systems and controls is clearly documented and apportioned to a single senior manager with appropriate terms of reference who reports ultimately to the board.
  • Anti-bribery systems and controls are subject to audit.
  • Management information submitted to the board ensures they are adequately informed of internal and external developments relevant to bribery and corruption and respond to these swiftly and effectively.

Examples of poor practice:

  • There is a lack of awareness of, or engagement in, anti-bribery and corruption at senior management or board level.
  • An ‘ask no questions’ culture sees management turn a blind eye to how new business is generated.
  • Little or no management information is sent to the board about higher-risk third-party relationships or payments.