Inspiring Integrity and Effective Controls


Objectives

Cobasco’s approach is to cut through the hyperbole, box ticking, to integrate regulatory silos and aim for inspired integrity to:
  • Optimise commercial and operational performance;
  • Ensure business objectives are achieved;
  • Surpass every regulatory standard by adding flesh and muscle to the skeleton of the laws and regulations;
  • Protect honest companies and empower them to take decisions, safely.
The difference is explained further in the restricted modules, together with a cost benefit analysis of Inspiring Integrity versus baseline compliance. The argument for Inspired Integrity is overwhelming.


Cobasco’s Project Plan

The Overall Process
 

Cobasco is typically retained at or near board level, by Counsel or company monitors to review, make recommendations and to test compliance and control programmes, usually in the stages10 shown on Figure 4.

Figure 4: Cobasco’s Project Plan for Inspired Integrity
The following paragraphs give an overview of the process. Specific details are in the restricted modules. The stages “A1-4” etc refer to the restricted modules.


The Consolidated Regulatory Corpus (CRC)
 
Cobasco has consolidated more than 3 million words from international laws and guidelines published (called “source files”) by the main regulatory agencies, SFO and DOJ speeches and points extracted from DPAs into a fully indexed, chronological and cross referenced electronic concordance(called the Consolidated Regulatory Corpus: CRC).

The corpus “headwords” or indexed topics – are listed in alphabetical order, and linked to the source publication in the Context Pane shown in Figure 5.

Figure 5: The Context Pane of Concordance


Figure 6 shows how headwords are hyperlink to Full Text Viewer:

Figure 6: The Full Text Viewer
The Full Text Viewer shows the original text and the line number from the Context Pane. The viewer can be resized and contents copied and pasted into any other document.



Headwords are classified from the CRC into:
  • Risk topics; for example, “fraud”, conflicts of interest”, “insider dealing”
  • Control topics; for example, “policies”, “procedures”, “separation of responsibilities”
  • Regulatory topics; for example, “lobbying”, “anti-trust”, tax”
  • Objects; for example, “cash”, “electronic payments”, “inventories”
  • Orientation; for example, positive and negative verbs, nouns and pronouns
  • Processes; for example “accounts payable”, “decision integrity”
  • Relationships; for example, “stakeholders”, “employees”, “customers”, “suppliers”
The restricted modules demonstrate how specific narratives can be produced on any topic. For example, what every law, guideline, enforcement action says about offset projects, by source and in date order.


The Specific Regulatory Corpus (SRC)
THE RULES OF AN INTEGRITY CORPUS
  • The EIC should be in electronic form. It will contain far more topics than could ever be published in a code of conduct;
  • If a relevant topic is not included in the corpus, it will not be implemented;
  • Relevant control and compliance topics must be incorporated in  policies, procedures and training programmes;
  • Responsibility for (or ownership of) all relevant control topics must be assigned


Working with Clients’ legal advisers and compliance specialists a “Specific Regulatory Corpus” is prepared. For example, the regulatory profile and CRC for a multi-national listed on the London and New York exchanges, with extractive operations in Russia and China is obviously quite different from a retailer working only in the UK. The varying requirements are accommodated by adding or removing source files.


The Existing and Updated Integrity Corpus (EIC)

All of the company’s existing integrity, control and compliance policies and procedures are entered into a separate corpus (the “Existing Integrity Corpus”) and headwords compared to the Specific Regulatory Corpus.

Topics that are not adequately covered are identified. Also, at this stage, Codes of Conduct of the company’s main competitors or, sectorial guidelines (such as those for the defence or extractive industries) may be added to the EIC for benchmarking purposes.

Figure 7 shows how, following a philosophical review by the directors and other stakeholders an Undated Integrity Corpus is created and used to drive codes of conduct, policies, procedures and training programmes.

Figure 7: Development of an Integrity Corpus and Code of Conduct


Output from this analysis – which even for a large company can be completed in one or two days - is a list of all relevant topics and brief supporting narratives. These should be considered by the company’s directors and stakeholders as part of the philosophical discussions referred to below.


Philosophy and Tone from the Top

CUTTING AND PASTING
Far too many codes of conduct etc are cut and pasted by compliance staff. They do not represent deeply held values.


The term “tone from the top”, has been parroted by almost every regulatory agency and in every control guideline as essential for “embedding” integrity throughout an organisation, usually based on a Code of Conduct. The restricted modules explain why “tone” is a bad metaphor; a placebo – if not a danger - and why cultures in specific contexts, key performance drivers and metrics are far more important. Working with the company’s top managers, compliance and legal advisers, Cobasco analyses the Updated Integrity Corpus so that every risk and regulatory topic is considered

The revised corpus and Code of Conduct should be owned by the directors and other stakeholders but maintained by Legal and Compliance.

The Integrity Corpus serves six main purposes:
  • It represents, in effect, the company’s integrity capital;
  • It is a central and definitive source of reference for senior managers on all integrity issues;
  • It ensures that all derived codes, policies and procedures are consistent;
  • It is the foundation for an Adequate Procedures Dossier;
  • Its access and logging routines provide an early warning of potential problems as shown in Figure8:






















Figure 8: Using the EIC As An Early Warning
Access to the UIC should be granted to all employees and associated persons based on three or four privilege levels, controlled by secure passwords. Access must be logged so that it is traceable to the individual concerned. Repeated or unusual access to a topic gives an early warning of potential problems. These should be researched by Compliance and line managers. Enquires should be logged in the employee’s training record.


All board discussions on integrity should be recorded in minutes and archived in the Adequate Procedures Dossier. The corpus should be reviewed and refreshed every two years.


Fraud and Bribery Risk Evaluation

Background
 

THE SFO BOARD ROOM GUIDE
This prestigious report–published in September 2011 by the Serious Fraud Office and supported byTransparency International–emphasises the importance of proportionate controls based upon the CPI:
  • TI recommended that – based on positions on the index – countries ranking between 1 and 39 could be regarded as ‘low risk’; those positioned between 40 and 133 as ‘medium risk’ and the remainder as ‘high risk’.
  • In the same report. PriceWaterhouseCoopers (PWC) recommended that countries should be classified based on their scores. It suggested that those with 6 or more points should be classified as “high risk” and between 3 and 6 as medium risk. PWC seems to have misdirected itself because the higher the score on the Index, the less corrupt a country is perceived to be.
Thus companies following the PWC recommendations would have classified all risk countries as safe and vice versa.
Risk is defined as the chance that an adverse event will occur sometime in the future and at its core is uncertainty. Risk evaluation is a process that attempts to predict future probability and criticality. This is especially difficult with comparatively low-frequency, covert events for which there are no reliable baseline statistics. Risk evaluation is definitely not a science and questionably not even an art: it is at best a subjective guess.

All of the regulatory agencies emphasise the importance of risk assessment yet they are misdirected on the nature of fraud and corruption. The MOJ GCO for example, has only a few hundred words to say on the subject and deals predominantly with payments to FPOs, with nothing said about equal or more important skulduggery such as:
  • Bribe extortion by its associated persons;
  • Competitive corruption;
  • Internal corruption; where one employee corrupts a colleague
  • Blue collar corruption.
The FSG is silent on risk evaluation but all other guidelines are dominated by country risks and the Corruption Perception Index (CPI) published by Transparency International. The problem with the index – in addition to its obvious unreliability - is that it diverts attention away from corruption in home markets, such as the UK and USA.

Another problem with official guidelines is that they all exaggerate the importance of red flags. In fact, criminals usually make sure their skulduggery does not trigger any red flags; looking for them is akin to hunting the Dodo. Risk evaluation must be anticipatory and context rather than country specific.

The restricted modules specify a practical  methodology for evaluating covert risks and especially those that might involve regulatory breaches.


Evaluating Bribery Risks

Cobasco believes that companies should evaluate corruption risks under five main headings
  • The primary risk: evaluates incoming, internal, outgoing and competitive corruption;
  • Detection failure risk: assesses the impact of incoming or outgoing corruption not being discovered or being first chanced upon by regulators;
  • Investigatory risk: analyses the problems with all complex investigations, including legal breaches, disclosure problems and perverting the course of justice;
  • Reporting risk: evaluates the problems resulting from self-disclosure;
  • Derivative risk:  evaluates  the  consequences  of  any  of  the  above,  including reputational damage and derivative litigation.

Figure 9: Corruption Risk Evaluation


The primary evaluation for UKBA and FCPA purposes should also categorise relationships with associated persons based on a decision matrix. The methodology is discussed in the restricted modules and typically results in increased operational efficiency, reduced costs and positive collaborative relationships.


Drilling Down to Contexts and Decisions

Cobasco recommends a decision-centric approach which drills down into specific contexts and to decisions made in and received by them. The evaluation can be employed at two levels. The first is part of comprehensive and collaborative risk evaluation covering the Extended Enterprise and should be refreshed every two years. The second is specifically targeted at individual jobs and can be carried out at any time, used to refresh entity wide reviews or to evaluate the impact of changes to operations, personnel, process or regulations.


Risk Catalogues and Gap Analysis

Evaluations typically result in a catalogue containing hundreds of Risk Working Sheets which are controlled through a relational data base containing fields listed in the mind maps.

Working sheets are analysed and existing controls evaluated based on how they work in practice. Specific transactions are tested using Critical Point Auditing techniques and control gaps closed. A summary report is prepared for the directors and other stakeholders.

All working papers relating to risk evaluation – including catalogues and reports - should be archived in the Adequate Procedures Dossier.


The Inspirational Integrity Campaign

Rather than simply aim for box ticking compliance to defend control failures, larger companies should specify an inspirational campaign that is branded, promoted and marketed throughout the Extended Enterprise with the same effort, flair and enthusiasm as used for the company’s products or services.

The campaign should be positive and persuasive and include:

  • A brand name and logo;
  • A mnemonic;
  • A by-line(for example ‘Inspiring Integrity’)
The campaign should be given the highest possible profile and promoted (rather than just communicated) through every possible sensory method and at every opportunity.  The restricted modules explain how an effective campaign can be developed.



Codes of Conduct

WORLD’S MOST ETHICAL COMPANIES
Ethisphere gives awards for the “World’s Most Ethical Companies” based to a large extent on a review of Codes of Conduct. In 2007, Ethisphere rated Morgan Stanley’s policy very poorly. This is the same policy that the DOJ and SEC were so fulsome in commending when declining to prosecute!
For many organisations a Code of Conduct is the most important statement on integrity, but it cannot possibly cover every relevant topic: hence the need for an all-inclusive Corpus. Although codes are mandated by most regulatory agencies, there is no universally accepted standard on what topics they should cover or how they should be orientated. However, the recent Resource Guide states that the questions the DOJ and SEC will ask when evaluating ECEPs are:
  • Is the company’s compliance program well designed?
  • Is it being applied in good faith?
  • Does it work?
The guide states that failure in one instance does not mean a program is ineffective and that “well designed” means addressing ten very basic points. These are discussed in the restricted modules.

Codes of Conduct can be viewed in two categories. The first, and by far most important, are those set in a proactive frame that motivate performance and especially – in the corruption and fraud area - decisions at an operational level.  They are specific to the organisation concerned and genuinely represent its philosophy and values.  They are persuasive, entrepreneurial and inspirational. They are driven, or more accurately led, by top managers and are genuinely intended to result in exemplary corporate citizenship, while optimising performance. They demonstrate unwavering commitment to integrity and easily surpass compliance standards.


Codes of Conduct are only of value if implemented


The ANTI-FLATULENCE POLICY
What impression would you form of a company that introduces an “anti-flatulence” policy?. Framing policies negatively admits to the underlying problem and begs the question.
The second, and unfortunately far more common, category represents codes written to contrive a defence when things have gone wrong. They are reactive cosmetic and generic.  They are written- often by cut and pasting - to anticipate failure.  They exist primarily on paper. Their titles often include the word “anti” -such as “anti- bribery”.  But the use of this word tells you all you need to know.

The restricted modules set out in detail the essentials of effective Codes of Conduct and analyse those of 50 large and small British and American companies based on a methodology that evaluates more than 200 elements including those shown in Figure 10.
Figure 10: Some Considerations for Evaluating Codes of Conduct
The figure suggests that three of the most important factors are: Topic Coverage, Accessibility and Implementation, but there are others.



Cobasco’s analysis emphasises the importance of:
  • Topic coverage and consistent implementation;
  • Objectives setting: for example is the code issued primarily to comply with regulations or meant to drive exemplary performance?
  • Orientation: meaning - among other things - that the code is designed and worded to generate a feel good factor by the people for whom it is intended;
  • Accessibility: means that there is a high level awareness of the code’s existence, that it is easy to navigate (for example with an index and table of contents, tabbed sections and accurate cross referencing); is available on paper and electronically and in a form that is unlikely to be filed in a desk drawer or thrown away
Many of the 50 codes reviewed appear to have been issued only for compliance purposes (to “prevent and defend” rather than to “inspire”) and were unlikely to be well received or followed by marketing and other opportunistic people (classified as “promotion focused”).  Figure 11 shows how the 50 policies were categorised.

Figure 11:  Orientation of Codes of Conduct and Probability of Implementation
The size of the circle reflects a code’s topic coverage and its orientation: whether it is preventive-defensively directed and primarily for compliance purposes or inspirational and promotion focused. The circle marked “A” represents the optimum coverage and orientation. The recommendations by Lord Wolf for British Aerospace (BAE) has good topic coverage but is far from inspirational. Many of the policies analysed did not even refer to the UK Bribery Act!


Strangely, there is one critical topic omitted from all but two of the 50 codes. Can you guess what it might be?



Effective Implementation

Communication

Integrity Campaigns, codes of conduct, policies, procedures, hardware and IT resources must be effectively implemented; starting with inspirational communications. Typically communications on controls and compliance are set in a legal frame, on paper, driven vertically down the organisation and motivated by fear of punishment. It is no wonder they fail.

The restricted modules discuss the strengths and weaknesses of different types of communication and propose that the most persuasive are horizontal or cellular- from peer to peer –and in specific contexts.

Whatever channels are used,  detailed records must be retained in the Adequate Procedures Dossier.


Control Options and Tools

As far as possible, controls should be commensurate with risks. They fall into one or more of five categories:
  • Intelligence; provides an early warning of potential problems (see later);
  • Preventive: these are before the event and usually intended to restrict access to a physical object or process. Examples include such things as locks, passwords, separation of responsibilities, physical barriers, and authorisation tables. Normally preventive controls are costly and if too they are too restrictive lead honest people to believe they are not trusted, to frustration and ultimately disuse. They also lead to bureaucracy  which encourages corruption. An effective preventive control should reduce at least one risk without creating others: at the same time, it should protect innocent people against unfounded suspicion and create positive contexts in which entrepreneurship flourishes. The importance of this second objective is never mentioned in regulatory guidelines;
  • The principle is that companies must be the first to know.
    Reactive, or monitoring: intended to give a fail-safe indication that a breach of preventive controls has taken or, better still, is about to take place. Examples include burglar alarms, exception reports and fraud detection programmes. Reactive controls are usually cheap to maintain and do not burden honest people, since the threat of detection is only of concern to those who intend to misbehave. Reactive controls should be focused, automatic and incapable of disablement;
  • Reconstructive: these trigger when both preventive and reactive controls have failed and are intended to minimise the criticality of a loss. Examples include contingency plans for conducting investigations and fidelity insurance. Reconstructive controls must be available when needed, tested, updated, relevant, and simple and understood by the people concerned;
  • Monitoring and enforcement: these ensure that controls are maintained, successes reward and violations penalised as a deterrent to others.
Controls may be implemented through:
  • People using hardware or following a specified procedure;
  • Technical or automated operations, such as computer access control;
  • Hardware, such as weighbridges or cash registers.
Controls must be specified, ownership assigned and monitored to ensure they function as intended.  Wherever possible, there should be a separation of responsibilities between accountability for implementation and authority for monitoring.

There are four dominant reasons why controls fail:
  • They are not specified accurately;
  • They do not function as specified;
  • Failure to function is not detected;
  • They are deliberately circumvented

Structuring and Combining Controls

Seldom will a single control eliminate a specific risk. The relationship is complex with an array of controls set against a matrix of risks.

The combination of controls is critical. Standards recommended by regulators – based on low trust and reliance on preventive controls - fall into category B on Figure 12. They should generally be avoided.  Inspired Integrity campaigns are in category A and are built on the principle of “assured trust”, a prudent minimum of preventive controls with fail-safe monitoring.

Figure 12: Balancing Preventive and Reactive Controls
Reliance on preventive controls encourages bureaucracy


Ownership, Authority and Responsibility
WHISTLE BLOWING LINES
Some regulators recommend that the Audit Committee should be the owner of whistle blowing lines, because it assures independence. There are two problems with this. The first is that the term “whistle blowing” should be banned from the English language. It is negative and a term such as “Integrity Reporting” or “Incident reporting” is preferable. Secondly, the responsibility for control should be unambiguously assigned to owners in the management line. Anything that detracts from this is a weakness.


Ownership must be assigned for every physical object, process and relationship throughout the Extended Enterprise. This means aligning authority with responsibility and maintaining accountability for both successes (which should be rewarded) and failure (which should be sanctioned). The restricted modules give detailed explanations of ownership, based on the following principles:
  • Control and compliance are line management responsibilities;
  • Directors must be the designated owners of the Integrity Campaign and capstones for its implementation;
  • Larger organisations should have a specialist, advisory department responsible for specifying controls and compliance standards, providing assistance to employees, monitoring and reporting results;
  • Ideally, this department (possible titled the “Directorate of Integrity” or an alternative positive name other than “Compliance”), should be headed by a full board director who should represent all control functions including Compliance, internal Audit, Risk Management, Insurance, Health and Safety etc;
The Head of the Legal Department (or General Counsel) should be a full board director but independent from the Directorate of Integrity.


Costs of and Budgets for Controls
DANGER ON CHARGE BACKS AND COST ALLOCATIONS
The practice of allocating central compliance or investigation costs by charging them back to operational departments is a bad mistake. It results in action that is essential for integrity purposes being denied on cost grounds by people who could be the subject of an enquiry. It puts Dracula in charge of the blood bank!


All owners (usually consolidated by context, division or department) should be provided with financial and resource budgets for maintaining effective controls. Advisory departments – such as Legal, Compliance (but preferably rebranded as Integrity), Internal Audit and Corporate Security- should have their own budgets, so that they are not dependent on owners when confronted with control problems.

A record of all control costs should be included in the Adequate Procedures Dossier. All departments should publish their annual objectives on integrity.


Policies and Procedures

Policies are high-level or strategic statements of principles and should be devolved from the Integrity Corpus.  Key integrity policies are listed in the restricted modules.

Procedures are detailed working level instructions – again coordinated through the Integrity Corpus. They should be issued as mandatory standards rather than guidelines. The limited and skewed procedures recommended in the MOJ GCO, FSG and Resource Guide are summarised in the restricted modules together with additional standards needed for Inspiring Integrity.

The most important include those on decision integrity, fraud detection and investigations.

Whatever policies and procedures are implemented, copies should be retained (together with organisation charts) in the Adequate Procedures Dossier, so that the company’s control position – at any time in the past- can be reconstructed.


Decision Integrity

A perverted decision is at the heart of all frauds, corruption and other dishonesty yet most organisations don’t have a clue how, where, when or by whom the most vulnerable are taken or accepted. Neither do regulators recognise the importance of decisions.

The restricted modules examine the psychology of decision making based on the stages shown in Figure 13.  Each stage is vulnerable to fraud and corruption;

Figure 13 : Simplified Stages in Decision Making
An essential step for all significant decisions is to set out a matrix of the criteria and to keep criteria under review



The modules also discuss many important principles including:
LOSS COVERING
Psychological research proves that people are more willing to take risks (including paying bribes) to avoid a loss or to cover a mistake than they are to gain. Thus loss making contexts are especially exposed to fraud and corruption.
  • The process used for making a decision is distinct from its outcome;
  • The integrity of process can always be guaranteed: outcome is less certain;
  • The more bureaucratic a decision-making process is (or the more bottlenecks that can be contrived), the more exposed it is to fraud and corruption:
  • The person responsible for authorising an action should be part of its decision-making process;
  • Companies must take decisions in real time and cannot wait for prosecutorial discretion:
  • Managers must assert the right to manage;
  • Decisions made by committees are usually more risky than those taken by an individual;
  • To prove an offence under bribery laws, prosecutors must demonstrate a corrupt intent, beyond reasonable doubt;
  • People are more likely to take risky decisions to avoid a loss or conceal a past problem than they are to obtain an advantage.
DEFENDING SPURIOUS ALLEGATIONS
If regulators allege that the intention was to pervert a third party decision by, for example, hospitality, the RKT matrix can be used to show precisely what criteria were influential. The defence is even more compelling if the third party (which gives or accepts the decision) confirms the assessment.
Cobasco’s recommendation for decision integrity is based on a model designed by Dr Charles Kepner and Dr Benjamin Tregoe, two engineers employed by the Rand Corporation. Cobasco has revised the methodology (Revised Kepner Tregoe – RKT) for controlling and exposing decisions that could be corrupted. RKT can also prove conclusively that the intent of a decision was honest. This is the best defence to UKBA and FCPA bribery charges.

The RKT system is built on the principle that there are needs (which are absolute requirements) and wants (which are desirable attributes) in every binary(“Yes no”)- and multiple- choice decision. Any option that does not satisfy a need should be excluded. The importance of each want is weighted on a scale of 1 (poor) – 100 (excellent) and multiplied by a score reflecting to what extent the attribute is satisfied (again in the range of 1 to 100). The weighted score of each attribute is multiplied to produce a total.


Weight x Score = Total for attribute


THE PROBLEM OF RED FLAGS
All agencies have produced lists of red flags. The first problem is that crooks go to lengths to avoid them. The second is that each one is given equal weight as a potential disqualifying factor. A decision matrix can allow for this by assigning weights to each red flag and scoring them. In other words, they are usually treated as needs rather than wants.
The revised KT system requires decision-makers to identify positive and negative needs and wants and to calibrate them on a matrix based on their relative significance. This may seem no more than common sense but in many aspects of the anti-corruption field – for example, the selection of intermediaries and agents – only the negative attributes are considered. Thus, the candidate  with the least damaging adverse information in its public record is preferred rather than the best.

Possibly the most important advantage of RKT is that if someone wants to pervert a decision, he or she must manipulate the selection criteria or their weights or scores. This is usually obvious and is thus also a deterrent.

THE MORGAN STANLEY CASE
In Morgan Stanley – Garth Peterson - case (which is discussed in the restricted modules) the company and its external Counsel – Jones Day –produced an excellent guide on how they worked with SEC and DOJ resulting in the so called declination to prosecute. The approach consisted of five main pillars:
  • Conducting a professional and probing investigation into the specific suspicions and keeping the regulators informed;
  • Checking other areas in the company;
  • Improving controls;
  • Continuous advocacy;
  • Documenting Morgan Stanley’s compliance program during the previous six years.
The Jones-Day presentation is highly recommended, if not essential reading, for any company subject to regulatory investigation.
A simple example is given in Tips and Tricks. Thus RKT deters and flushes out perverted decisions, even when they are made by a committee. It also proves that decisions were honest.

Cobasco works with Clients to identify their most vulnerable outgoing, incoming and internal decisions(from both a financial and regulatory point of view) and at all levels from the most senior directors to the most junior blue collar workers.  



The Adequate Procedures Dossier

An Adequate Procedures Dossier should archive all of a company’s risk evaluation schedules, policies, procedures, details of training programmes, and any other relevant material to prove it used its best endeavours to comply with the laws.

The main objective of the dossier, besides establishing an audit trail for internal use and to keep the electronic corpus updated, is to be able to produce overwhelming evidence that convinces regulators – at the earliest possible stage - that prosecution is unjustified. The restricted modules contain a schedule of material that should be included in the dossier.


Monitoring, Testing and Benchmarking

Most official guidelines emphasise the importance of monitoring to confirm that controls are effectively implemented but are – as usual - light on detail. The official recommendation is that implementation can be measured by the number of:
  • New policies issued and revised;
  • Contacts made by staff and others with compliance and ethics functions;
  • Contacts made via helplines or other reporting channels;
  • Records of disciplinary infractions;
  • Regular surveys of staff;
  • Internal audit and investigation reports;
  • Proportion of staff undertaking training in the year;
  • Benchmarking.
IS IT SNEAKY OR AN EFFECTIVE TEST
A company was concerned that its agent in an African country was paying bribes to an FPO and “arranged” for anonymous letters to be sent to its compliance officer. Can you guess the result?

The answer is in the restricted module and it is not what most people would expect!!

In fact these provide little assurance of effective implementation, although they do tick a few boxes.
 


Cobasco recommends an entirely different approach. This is discussed in the restricted modules.The main differences are illustrated in Figure 15:

 

Figure 14: Differences in Monitoring Processes
Indicates the very limited and box ticking regulatory approach


Certification of Adequate Procedures

Some companies which are subject to the FCPA and the UKBA have sought external certification of their anti-bribery procedures based on standards such as:

•    British Standard 10500-2011,
•    Ethisphere Institute (“World’s Most Ethical Companies” and “Ethics Inside”) models
•    Ethic Intelligence

Certification may also be part of a corporate social responsibility (CSR) self-evaluation under the UN Global Compact (UNGC) or Global Reporting Initiative (GRI).

Although third party certification may be helpful, it does not guarantee that procedures are adequate or qualify as EPECs.

Cobasco stands behind its appraisals (by including formal statements with supporting evidence) and will attend court as an expert witness.
 

Standing behind our expert opinion….


 


10 Explained more fully in the restricted modules
11 Proprietary classifications, discussed in the restricted modules

 

© Copyright 2017 Cobasco Group LtdWeb Design By Toolkit Websites