In terms of global anti-bribery compliance, regardless of whether the FCPA, UK Bribery Act, Canada’s Corruption of Foreign Public Official’s Act, Brazil’s Clean Company’s Act, or other legal regimes may be involved, many of the guidelines of the internal controls requirements of the United Kingdom’s Financial Conduct Authority need to be kept in mind. One of the guidelines relates to the need for an entity to have in place up-to-date policies and procedures appropriate to its business that are readily accessible, effective, and understood.
Unquestionably, the need for up-to-date polices and procedures is entirely consistent with the need for compliance programs to be monitored on an ongoing basis and subject to regular review. Yet so often overlooked is the need for policies and procedures to be readily accessible, effective, and understood by all relevant staff and employees.
Not all staff and employees are sufficiently competent or skilled to capably use the new technology that is increasingly pervasive in today’s society. Able and well-intended staff and employees may not even have ready or even reasonable access to such technology. It therefore follows that serious consideration must always be given to devising practical means of communicating with all relevant staff and employees.
An added consideration is whether agents, representatives, consultants, and others acting on behalf of an entity have access to pertinent policies and procedures. Obviously, permitting third parties to have unlimited access to an entity’s Intranet or internal communications can never be permitted. Nonetheless, consideration must be given to how to apprise third parties of policies and procedures that apply to acting on the entity’s behalf.
Aside from the need to have policies and procedures written in a language that can be understood by relevant staff and those acting for the entity, the policies must be clear and uncomplicated. Legalese should be avoided. To the degree possible, the policies and procedures should be simple and designed to raise red flags and funnel complex decisions to those with the requisite expertise.
Drafting clear and simple policies and procedures is a very difficult process. It takes extraordinary amounts of time to work through all of the implications. As a result, one of the components of regular reviews and ongoing monitoring should be considering whether there may be ways of further simplifying the policies and procedures and, as well, making them more easily understood.
One of the keys should be lowering the burden on staff, employees, and those acting on behalf of an entity. Whether in the form of emails, paper, or general admonitions, an overload of information tends to increase the tendency to disregard what is being conveyed. Concise, clear, and simple policies are far more likely to be effective in enhancing compliance.