Common Sense advice on implementation of the Bribery Act

  • Author: Colin Maund
Posted on 05-04-2011

UK Bribery ActOn 30th March 2011, The Ministry of Justice published its long-awaited guidance on the Bribery Act 2010 and confirmed that the Act will come into force on 1 July 2011. Businesses now have three months to review their policies and procedures and to ensure that they meet the standard being set by this new legislation.

Although the MoJ has emphasised that compliance is “largely about common sense, not burdensome procedures”, corporates still need to look carefully at the particular risks posed by their business operations and business partners and ensure that they implement appropriate procedures. There are several steps that we’d consider represent good common sense to improve supplier information management and help guide companies toward appropriate procedures.

Most organisations don’t have adequate procedures for monitoring their suppliers; they often don’t ask them for statements of intent or statements of practice. They don’t say to them for example ‘what measures are you taking to ensure that there are procedures in place to govern corruption, abuse of hospitality, or facilitation payments?’ Nor do they ensure that suppliers are carrying through these measures in their own supply chain.

Where that really matters is in the case of companies that are part of consortia bids where one of the companies pays bribes in order to get the work for the consortia. One can easily imagine a situation in which a company is bidding for a one billion dollar contract and there are three or four members of the consortia and one of them decides it’s in their interest to pay bribes. Do they drag the other consortia members into that case?

Or where for instance an oil and gas contracting company bidding for a licence puts forward a structured bid with a number of other contractors to provide construction services, engineering services, etc and one of those companies decides to pay a bribe over the head of the main contractor. The oil and gas company has the benefit of the contract but the subcontractor also benefits from the work arising. It’s actually the subcontractor that’s paid the bribe but under the UK act it would appear that because the oil companies is the main beneficiary, they must have ensured adequate procedures to prevent bribes being paid.

What steps can a company take to avoid getting caught out?

The simplest procedure would be to ask two things:

a)      What is your own internal procedure for ensuring that bribes or any form of corruption or facilitation payment etc are not made?

b)      What checks do you make on your own supply chain?

Looking first to put your own house in order:  more elaborate checks involve asking do your internal procedures have the support of the board; is there a disciplinary process attached to it; what is the procedure for ensuring that accounts are properly checked to make sure that certain items in accounts are not disguised bribes or facilitation payments?

And then in your supply chain what are you doing to go down your supplier lists to make sure that the people in your supply chain are adopting the same procedures as you are? If you want to go beyond that, it would be a case of asking suppliers to show your company their procedures, training manuals, attendance records, disciplinary process etc so that it is possible to see that the area of bribery is being taken seriously and it’s got teeth. It’s not just a case of saying we’ve got a nice procedure written by a consultants that we’re going to stick on a shelf and leave it there.

Do you think this is likely to be driven by board members?

Board members would be very wise to drive a company’s procedures because they are always the ones named in the litigation and could be taken to court, especially as the new legislation creates personal liability for Directors.  It should be at the heart of any well run company but the truth is that board members have in the past absented themselves from taking part in any bribery or corruption but may nevertheless have allowed it to go on and turn a blind eye to it. Now they won’t be able to do that.

What checks should a company be making on its own supply chain?

The first thing to do is to really define where the risk is. Firstly, identify those countries where bribery is more likely to occur than others and secondly, some activities are more likely to lead to bribery than others.  By putting the two together you end up with a risk matrix that identifies the most critical areas where an organisation really needs to focus. From that you can have a varied response ranging from questionnaires, self-certification to asking for statements to actually carrying out your own on site audit of your suppliers.

That’s quite a massive undertaking, is it realistic?

It depends how much you can narrow down the risk matrix. If you can get it down to 50 businesses that are regarded as high risk then you could say it’s not that massive an undertaking. If you take a scattergun approach it can become too unwieldy. The right approach is a stepped one starting with every company being asked if they have a policy on bribery and corruption, through to those who are in the medium risk category perhaps filling in a questionnaire and a self declaration, through to the very top risk areas where it might be appropriate to put an audit team in to check the right procedures are in place and they are being adopted. And of course there is nothing to prevent companies collaborating with organisations in the same industry to reduce costs and increase coverage and therefore compliance.

The continuing risk of supplier failure

  • Author: Colin Maund
Posted on 01-03-2010

Despite the recent recovery in global trading conditions, a significant risk from supplier failure still exists. Indeed, the experience from past recessions is that the most dangerous times for widespread bankruptcies is in the first stages of recovery. Although credit availability may be a little better than it was a year ago, the financial security of many suppliers remains an open question.

Buyers face the continuing risk of a supplier going under, maintaining the prospect of interruptions or failure in the supply of critical components and services. Even worse, if a supplier goes bust, who owns the part completed or fully completed goods? Retention of title clauses can make for complex situations that may become very messy.

If a supplier is vulnerable it is worth knowing about it in advance. That way an alternative supplier may be sought, or if the supplier is a single source for a vital component or service, action may be considered to help that supplier. Either way, predictive financial tools and up-to-date credit ratings on suppliers is the only way of reducing exposure to this very real risk. Despite the existence of many established and well known products, these have been developed largely for short term use by sellers and are neither accurate nor up to date. For buyers they are particularly inappropriate as buyers need to look during the lifetime of a project, supply contract or even a piece of machinery or IT programme which is often dependent upon continuing support, maintenance as well as the provision of expensive warranties.

However, gaining a clear view of your supplier base, with access to pertinent information that has been qualified, evaluated and monitored, need not be complex and stressful. Working in collaborative communities within industrial sectors, much of the work associated with updating information and monitoring suppliers can be undertaken by an independent, specialist third party for the betterment of the entire community. Furthermore, tools and processes for identifying and ranking supplier risk in the supply chain can be used to understand and manage the risks in a controlled way whilst giving access to more up to date and more specialist information.

Mitigating risk is all about understanding your supply chain. Companies that manage risk successfully will continue to reap the benefits; companies that mismanage it will expose themselves to a far greater chance of failure, or equally as bad, will become far less competitive as recent events in several industry sectors demonstrate.

Are your suppliers exposing you to data security risks?

  • Author: Colin Maund
Posted on 17-02-2010

The trend over recent years to outsource ever more sensitive functions has significantly increased a company’s exposure to risk. Over the same period, reputation and the value of the brand have grown in importance too, a combination that has placed a heavy emphasis on the impact suppliers have on the reputation and performance of the enterprise.

How your supplier behaves, and what processes your supplier has in place, can directly affect your business. In some cases those effects can be completely disproportionate to the value of the contract.

One emerging concern that is likely to grow in importance is data security. This is an area of particular importance to government departments and financial institutions following a number of high profile lapses in security, but increasingly corporate bodies will be required to sharpen their practices too.

Companies may have very strict processes in place for how their staff handle sensitive data – blue chip companies are very well thought of in this regard – but then all too often a supplier or contractor is called in to undertake IT work and the buyer of those services fails to check that the contractor has similarly rigours terms in place in relation to their subcontract employees. This is particularly sensitive where the data has been sent offshore to a low cost processing location or to a specialist computer facility and is therefore outside local court jurisdiction.

The danger is that a breach in security, with sensitive data being taken off-site, lost or misused by a supplier, could have a serious negative impact on a company’s hard earned reputation – and may even leave you, as the buyer, open to litigation. Greater scrutiny of a supplier’s contractual arrangements with its staff and subcontractors is essential in mitigating this risk.

What’s more, monitoring that those standards are maintained and contractual arrangements are current, is important too in ensuring the ongoing compliance of suppliers to the rigorous standards of data security that the buying organisation both requires and expects. In an environment where data is becoming increasingly valuable and tradeable this is likely to be a major area of risk for procurement teams in the future.

Small, but critical

  • Author: Colin Maund
Posted on 07-12-2009

In just about every organisation the focus is on the largest suppliers, the most critical. And with regards to gathering data on suppliers it may make perfect sense for a purchasing department to allocate resources to where the greatest proportion of activity occurs. But when it comes to risk, dangers are equally likely at any point in the supplier base, whether the supplier be large or small.

There are plenty of examples of where production lines have been brought to a standstill by the failure in supply of a seemingly insignificant component – take for example, the incident two years ago at Toyota, where problems at a supplier of piston rings created a stoppage that lasted several days at twelve of the automotive manufacturer’s plants.

This incident may have been costly for Toyota, even somewhat embarrassing, however, far greater damage can result from a brand’s failure to identify and address the risks to its reputation from its smaller suppliers. Risks that may come about through a purchasing organisation’s inability to identify a small supplier’s non-compliance with issues such as: Health & safety, legal & statutory, data security, CSR and quality targets.

In areas such as Health & Safety supplier failure can be enormously damaging, not only in terms of reputation, but also in terms of cost and exposure to possible litigation. An accident is a hugely expensive, disruptive event but companies can no longer exonerate themselves by relying on a contract that abdicates responsibility to the supplier. The changing attitude of those in authority is that buyers should be active in monitoring and checking that suppliers are compliant, regardless of the size of the contract or the supplier. Conducting regular checks – or when justified, audits – of all suppliers and having detailed and up-to-date information on them, is the only way of mitigating this risk and of demonstrating to the authorities, along with other key stakeholders, that a buyer is diligent and responsible.

However, most companies, even the largest and most professional, do not have data on their smaller suppliers; they tend to concentrate on their top quartile, leaving 75 per cent or more of their suppliers completely off the radar. This is a significant exposure to risk.

If buyers are going to manage the growing and complex matrix of potential risks effectively, visibility of appropriate, accurate and verified information is going to be essential, across the full spectrum of the supply base. But the problem facing most companies is one of time, resources and the complexity of the task. For large multi-national companies that means gathering, evaluating and monitoring information in a consistent way across a supply base of perhaps several thousand suppliers. For any one company that is a major challenge.

What makes more sense is to work collaboratively within industrial sectors to share the burden of gathering and maintaining this comprehensive data resource. By working in collaborative communities within industrial sectors, much of the work associated with updating information and monitoring suppliers can be undertaken by just one independent party, to the mutual benefit of the entire community – including buyers and suppliers. Furthermore, tools and processes for identifying and ranking supplier risk can then be adapted for individual companies, so that they are used effectively to understand and manage the risks in any particular supply chain in a controlled way.

By the very nature of the way the vast majority of companies tend to structure their analysis and appraisal of potential risk around the top tier of suppliers, the significant exposure to the risks from the large raft of smaller suppliers surely makes a collaborative approach to this complex challenge the most compelling solution.

A new perspective

  • Author: Colin Maund
Posted on 03-12-2009

Welcome to the first Achilles Blog – a new regular two-weekly updated commentary and forum for debate on issues challenging the procurement and supply chain space. With such a wealth of cross-industry knowledge and in-house expertise at Achilles we felt we should be more active in expressing our opinion and views on issues affecting procurement and risk management in the supply chain. From a central and neutral position in supply chain communities our ‘thought leaders’ are uniquely positioned to offer an unbiased perspective on important topics. Hopefully, with your involvement, this regular series of blogs will stimulate debate within the key industry sectors that we are involved.

This is an exciting new initiative for Achilles, one where over the coming months we will explore core issues of common interest, such as risk exposure in regards Health & Safety compliance of second or third-tier suppliers and the importance of corporate social responsibility. Our main aim for the blog is to facilitate discussion that is independent from commercial messages. We value your contribution to these debates and encourage you to participate.

We hope too, to invite contributions from our customers and from our partnership organisations at leading academic institutions where we have close collaborative working relationships, such as the Oxford-Achilles Working Group on Corporate Social Responsibility at the Said Business School and the Public Procurement Research Group at the University of Nottingham.

I very much hope that you will enjoy reading our views, insights and opinions, and that you will take the opportunity to engage in these discussions by submitting your comments. I look forward to welcoming you as a regular reader and contributor.