Evaluating and Certifying Compliance Programs

Transcription

1 Evaluating and Certifying Compliance Programs Claire TETART, Certification Manager, ETHIC Intelligence Maxime GOUALIN, Business Ethics & Human Rights Manager, Schneider Electric

2 ETHIC Intelligence Certification through the years 1997 : Participation of Philippe Montigny in the OECD negotiations 2002: Creation of ETHIC Intelligence 2006: First anticorruption compliance certification 2014: publication of ISO 19600, ETHIC Intelligence part of the drafting committee 2011: Swiss judgement on ALSTOM, mention of ETHIC Intelligence 2009: First Excellence in Compliance Day 2016: 10 years of certification 2016: publication of ISO 37001, ETHIC Intelligence part of the drafting committee 2017: first ISO audits

3 Evaluating and certifying compliance programs What is a Market-leading Global anti-bribery management system? What is standardization? What is ISO 37001? How does implementing an ISO anti-bribery management system ensure a market-leading Global Anticorruption Compliance Program? How does certification work? Testimony : provisions of the certification to the certified company SLIDE 3

4 What is a Market-leading Global Anti-Corruption Compliance Program? Efficient globally Legal Defense Business-oriented A Market-leading Global Anti-Corruption Compliance Program demonstrates: That business is sustainable because it is based 100% on sound activities Success is based on innovation and market relevance, not on bribes That an always possible case of corruption will have limited impact on the company An act of corruption will be considered as an accident contrary to the company s rules Compliance is not just an administrative process, but a way of doing business People are always vigilant even in situations that have not yet been identified as risky

5 How bribery risks should be addressed Similarities between corruption and accidents in the work place Similarities in risks Both are business specific Both present a risk that can never be excluded Both engage the liability of Management Similarities in policies Both require a risk-based policy Both call for the implementation of strict processes Both involve the mobilization of staff at all levels Similarities in preventative actions Accidents in the work place Corruption in business transactions 1.Information 2.Training 3.Tools 4.Control Top level commitment/communication to avoid accidents Explaining accident risks at work place and the security organization & policy Adequate security organization and safety equipment and rules Is equipment properly maintained and are safety rules properly enforced? Top level commitment and communication to avoid corruption Explaining corruption risks and the compliance organization & program Adequate compliance organization and proportionate anti-corruption processes Are compliance processes regularly updated and efficiently enforced?

6 A Market-leading Global Anti-Corruption Compliance Program: the four criteria ETHIC Intelligence Certification Benchmark US Federal Sentencing Guidelines 7 steps (2004) UK Bribery Act Guidance 6 principles (2010) France (Law Sapin II 8 Nov. 2016) ISO Anti-bribery Management System (Oct. 2016) 1. Information 2. Training 2. Commitment by Top Management 4. Formation Anti-corruption 2. Commitment by Top Management 1. Code of conduct (as part of the Company's internal rules) 6. Training 5. Leadership 7.3 Training 3. Tools (adapted to the risks and the business 4. Controls 1. Implementation of an AC program 3. Due diligence 6. Promotion and update of AC program 5. Program evaluation + whistleblowing 7. Appropriate response to illegal acts 5. Communication and training on anti-corruption 1. Adequate procedures 3. Risk assessment 4. Due diligence 6. Follow-up and evaluation 3. Risk evaluation 4. Due diligence business associates 2. Whistleblowing 5. Financial Control 8. Program monitoring 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement 7. Sanctions

7 Evaluating and certifying compliance programs What is a Market-leading Global anti-bribery management system? What is standardization? What is ISO 37001? How does implementing an ISO anti-bribery management system ensure a market-leading Global Anticorruption Compliance Program? How does certification work? Testimony : provisions of the certification to the certified company SLIDE 7

8 ISO management system standards ISO Management systems standards enable organizations to implement a structured approach to their activities in order to achieve their objectives. ISO management system standards (MSS) help organizations improve their performance by specifying repeatable steps that organizations consciously implement to achieve their goals and objectives, and to create an organizational culture that reflexively engages in a continuous cycle of self-evaluation, correction and improvement of operations and processes through heightened employee awareness and management leadership and commitment. This is a process of systematizing how things are done based on the particular structure of the organization and its risks. ISO Management systems standards are : Adapted to all types of organizations : companies, administrations, NGOs Adapted to any size of business. ISO management system standards are the result of negotiations between international experts. SLIDE 8

9 ISO ISO ISO ISO management system standards For example : Risk management Social responsibility Compliance management (2014) ISO 9001 ISO Generic standards : For example : Quality management Anti-bribery management (2016) Generic guidelines : High Level Structure ISO 2200 ISO ISO Sector standards : Specific guidelines : For example : Auditing Documentation ISO ISO/TR For example : Food safety Oil and gas industry Graphic technology High Level Structure Identical for all ISO Management systems Guidelines : «The organization should» Benchmark that allows for an external audit The Mangt system of Company X has been audited by Y according to ISO Z Standards : «The organization shall» Benchmark that allows for external certification Company X has been ISO Y Certified by Z

10 A common framework for ISO Standards on «Management systems» In 2012, ISO decided that every ISO standard on Management Systems (ex Quality, Risk, Environment.) would have: A common structure (10 chapters) Common terminology: Organization: person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives Objective: result to be achieved Management system: set of interrelated or interacting elements of an organization to establish policies and objectives and processes to achieve those objectives Policies: intention and direction of an organization, as formally expressed by its top management Processes : set of interrelated or interacting activities which transforms inputs into outputs Each standard will add the specificities related to its sector and needs: ISO on Compliance Management Systems ISO on Anti-bribery Management Systems SLIDE 10

11 Evaluating and certifying compliance programs What is a Market-leading Global anti-bribery management system? What is standardization? How does implementing an ISO anti-bribery management system ensure a market-leading Global Anticorruption Compliance Program? How does certification work? Testimony : provisions of the certification to the certified company SLIDE 11

12 ISO Anti-Bribery Management Systems Scope Anti-bribery only Does not concern fraud, cartels Type of standard: Requirements: The company shall. Allows for comparable certification Provides guidance: For Chief Compliance Officers to establish and implement an effective anti-corruption management system For Consulting firms to evaluate anti-corruption management systems Published October 2016 ETHIC Intelligence Participated in the drafting of the standard Carries out certifications according to the standard SLIDE 12

13 ISO Anti-Bribery Management System (ABMS) 1. Scope Bribery In the public, private and not-for-profit sector By the organization (active corruption) By the organization s personnel acting on its behalf or for its benefit By the organization s business associates acting on its behalf or for its benefit Of the organization (passive corruption) Direct and indirect bribery But doesn t address Fraud Cartel Etc 2. Normative reference No normative reference 3. Terms & definitions Bribery public official Business associates.. SLIDE 13

14 ISO Anti-Bribery Management System (ABMS) Understanding the organization and its context (incl. applicable laws ) 4.Context of the organization Ex: the organization s business model and bribery risks Understanding the needs and expectations of stakeholders Ex: Transparency International and the defense industry Determining the scope of the anti-bribery management system Ex: definition of the applicability of the ABMS Anti-bribery management system (which should be proportionate) Ex: documents related to the ABMS Bribery risk assessment Ex: Country risks, sector risks SLIDE 14

15 ISO Anti-Bribery Management System (ABMS) Governing body 5. Leadership Ex: approving the ABMS Top Management Ex: Commitment of Business Leaders in the promotion of the ABMS Anti-bribery policy Ex: goals and means of the ABMS Organizational roles, responsibility and authorities Ex: the ABMS organization Anti-bribery compliance function Ex: The Chief Compliance Officer Delegated decision making Ex: the Compliance Officer network SLIDE 15

16 ISO Anti-Bribery Management System (ABMS) 6. Planning Actions to address risks and opportunities Ex: monitoring the effectiveness of the ABMS Anti-bribery objectives and planning to achieve them Ex: the yearly work plan for ABMS Resources 7. Support Ex: Resources allocated to the ABMS Competence Ex: Profiles of the compliance function Employment procedures Ex : Make sure the new employees comply to the AB policy Awareness and training Ex: training on the ABMS Communication Ex: ABMS requirements communicated to third parties Documented information Ex: ABMS documentation should be available and updated in appropriate languages SLIDE 16

17 ISO Anti-Bribery Management System (ABMS) Operational planning and control Ex: ongoing and documented review of how the ABMS meets its objective Due diligence Ex: due diligence on third parties and business associates Financial controls Ex: financial control on bribery risks Control over controlled organizations and business associates Ex: requiring that partners in consortium are mitigating bribery risks appropriately Anti-bribery commitments Ex: requiring that business associates are committed to do business without bribery Gifts, hospitality, donations and similar benefits Ex: Gifts and entertainment policy Managing inadequacy of anti-bribery controls Ex : When Business Associate are unable to manage bribery risks, terminate a project or transaction Raising concerns Ex: whistleblowing line Investigating and dealing with bribery Ex : data-mining exercise SLIDE 17

18 ISO Anti-Bribery Management System (ABMS) 9.Performance evaluation Monitoring, measurement, analysis and evaluation Ex: yearly evaluation of the ABMS Review by anti-bribery compliance function Ex: periodic control of the compliance system Internal audit Ex: third party audit or ISO certification Top management review Ex: Top management review for the governing board Governing body review Ex: Executive Committee reviewing the ABMS report prepared by Top Management 10.Improvement Non-conformity and corrective actions Ex: Appropriate actions and remediation in case misconduct is discovered Continual Improvement Ex: regular update of the ABMS SLIDE 18

19 ISO benchmarks a process to improve the efficiency of the Management System progressively 10. Improvement 7. Resources 1. Plan 4.Management System 4. Act 2. Do 3. Check 8. Policies Procedures 6.Objectives 10.New Objectives 5.Leadership 9.Controls SLIDE 19

20 Evaluating and certifying compliance programs What is a Market-leading Global anti-bribery management system? What is standardization? What is ISO 37001? How does implementing an ISO anti-bribery management system ensure a market-leading Global Anticorruption Compliance Program? How does certification work? Testimony : provisions of the certification to the certified company SLIDE 20

21 The different types of audits The ISO audit on Compliance Management Systems Not a certification audit, a regular audit Helps to benchmark a program according to an international standard Helps to improve a program with recommendations Can prepare for certification audit The ISO certification audit on Anti-bribery Management Systems Certification audit, pass/fail exercice Attests of a certain level of the Anti-Bribery Management Systems Recognized worldwide ETHIC Intelligence certification Certification audit with recommendation Audit against international best practices (FCPA, UKBA ) Letters of opinions with recommendations by international lawyers SLIDE 21

22 The steps of a certification audit If application Rejected, reapplication possible NO Certification application Is it sufficient to be certified? ETHIC Intelligence YES Launching of the certification process Stage 1 : kick-off meeting and document review Lead Auditor Avg. duration of process: Non-conformities 2/3 months Non-conformities should Be addressed within Three months Stage 2 : on-site interviews Audit team No non-conformities Annual Surveillance audit Award and 3-year registration of the certificate ETHIC Intelligence Technical committee SLIDE 22

23 ISO awarding process Type of findings Major non-conformity Major non-conformities are major failures in the anti-bribery management system which prevent it from working. The organization shall take remedial action within three months. Minor non-conformity Minor non-conformities are small failures in the anti-bribery management system which can prevent it from working if they are not solved. The organization shall present an action plan with remedial action within three months. Many non-conformities will constitute a major non-conformity Observations Observations are elements which present some risk and which could become non-conformities The organization shall take remedial action within the certificate validity date Noteworthy efforts Northeworthy efforts are best practices that the auditor witnesses during the audit and wants to highlight Conformity is based on fulfillment of all requirements (except for as appropriate ) The Lead auditor reports the findings and recommend or not the certification The technical committee validates the findings or not of the Lead Auditor Quality of certification depends on auditor qualifications

24 Evaluating and certifying compliance programs What is a Market-leading Global anti-bribery management system? What is standardization? What is ISO 37001? How does implementing an ISO anti-bribery management system ensure a market-leading Global Anticorruption Compliance Program? How does certification work? Testimony : provisions of the certification to the certified company SLIDE 24

25 Anti-corruption certifications at Schneider Electric First deployment for the African subsidiaries of the company 2007 ETHIC Intelligence Anti-corruption Compliance Policy Certificate awarded to Schneider Electric Egypt. Renewed in 2008, 2011 and ETHIC Intelligence Anti-corruption Compliance System certificate awarded to Schneider Electric South Africa 2014 ETHIC Intelligence Anti-corruption Compliance System certificate awarded to Schneider Electric Morocco South Africa 2015 ETHIC Intelligence Anti-corruption Compliance System certificate awarded to Schneider Electric Nigeria ETHIC Intelligence Anti-corruption Compliance System Certificate awarded to Schneider Electric Egypt All certification processes were launched with a one day «Risk Assessment and Compliance Benchmark» seminar to help entities design the road map to successful certification.

26 The main advantages Use the anti-corruption certifications as a strategic asset To strenghten the tone at the top To develop the tone at the middle To embed anti-corruption in the processes To build local capacity To attract and retain talents, especially Millenials To work with high-standard business partners «I want everybody in the Company to understand that we have very strong principles in that matter and we want them to be applied the same way wherever we operate.» Jean-Pascal Tricoire Chairman & CEO «I want to reiterate here with the highest strengh and determination that we expect from everyone in the company perfect and impeccable behavior on ethics and business practices. We won t tolerate any exception or show any weakness in ruthlessly persuing and sanctioning any misconduc. Great companies are uncompromising on principles of responsibility and we are one of them.» Emmanuel Babeau Deputy CEO & CFO

27 The main advantages Use the anti-corruption certifications as a strategic asset To develop and maintain a strong corporate culture of ethics & integrity and promote the company values Businesses and individuals pay an estimated $1.5 trillion in bribes each year = 2% of global GDP = 10 times the value of overseas development assistance. Corruption = #1 factor preventing poverty reduction It contributes to higher-order crimes: when money is lost through illicit financial flows, it often finds its way across borders to fund drug and human trafficking. Corruption is operating as a strong disincentive to foreign investment.

28 Next step Middle East & others

29 Thank you for your attention Certifying Excellence in Anti-Corruption Compliance since SLIDE 29