Over the past few weeks, we here at TRACEblog have noticed a few interesting critiques of anti-bribery certifications. Harvard Law Professor Matthew Stephenson writes on his blog that he holds “a fair amount of skepticism” regarding anti-bribery certifications and believes that they “might in some cases prove counterproductive.” As British poet William Blake once wrote, “opposition is true friendship,” and we think that same holds true here. So, in that spirit, we’ve taken Professor’s Stephenson’s blog posting as an opportunity to address head-on some common assumptions and misunderstandings that we believe surround anti-bribery certifications.
Full disclosure at the outset: TRACE Inc., an independent compliance firm working alongside TRACE International, offers a third party compliance certification to SMEs that involves a due diligence review, analysis and approval process. The TRACE certification differs from most in that it’s confirmation of a rigorous due diligence process, rather than confirmation that a company’s program is adequate.
- Certifications falsely promote a definitive judgment on the adequacy of a company’s compliance program
This is probably the most common misperception that we hear at TRACE. Critics of certification programs all too often obsess over the word “certification”: how can any compliance program ever be ‘certified’?” The word seems duplicitous, adding a pretense of certainty in an uncertain world. Of course, it is universally recognized that no compliance program, no matter how sophisticated, guarantees against wrongdoing. So to those critics of anti-bribery certifications, we would suggest focusing less on the form of the word and more on the substance of the review. A certification, at least as that term is used by TRACE, is an attestation that a company has successfully completed certain discrete steps aimed at combating corruption.
Certification by TRACE does not mean that the company is problem-free. In fact, each TRACE certificate explicitly states that it is not a guarantee against past or potential wrongdoing by the certified entity or a guarantee against potential liability, and goes on to explain that a summary of any red flags identified during the TRACE certification review is included in the report. In the end, what we at TRACE are certifying is that the entity has completed a rigorous review and that no unresolvable red flags were uncovered . But risk factors vary by company. Ownership of a consulting company by the Minister of Defense, even if legal under local law, will matter more to an aerospace and defense companies than it will to a medical device company. Companies must request and read the reports in the context of all facts known to them, their business and their appetite for risk.
- Certifications rely on methodologies that are non-standardized and opaque
Another common misperception is that certifying organizations make up an unfettered industry. In fact, TRACE is heavily committed to efforts aimed at standardizing anti-bribery compliance certifications. We are active participants in the ISO’s efforts to create a standard to evaluate anti-bribery management systems. This is a three-year process aimed at creating a set of best practices for companies to establish systems to mitigate, identify, and handle bribery-related issues. The standard will be a central part of an eventual ISO certification regime.
What about methodology? During a TRACE certification review, the candidate is asked to provide a predefined package of information and documentation that is then verified by TRACE, to a large extent using public domain sources and PEP/Sanctioned and Denied Parties databases. The review is fact-intensive, requiring the active participation and collaboration of a candidate, and also involves an anti-bribery training component for key employees and assistance in the adoption of an appropriate Code of Conduct. And while we cannot speak with regard to other certifying organizations, TRACE has always been transparent about the methodology it uses to review entities interested in TRACEcertification. The result is not a simple pronouncement by TRACE, but a hefty report with all relevant documentation included. Below is the description of the TRACEcertification process, as described in our public, marketing material:
“To complete a review successfully, you must provide responses to a comprehensive anti-bribery questionnaire and disclose the following information:
›› Detailed company information, including information on subsidiaries and affiliated entities
›› Business registrations, as applicable
›› Corporate literature or a company description
›› Beneficial ownership (except for shareholders owning less than 5% of publicly-traded companies)
›› Identification of directors and key employees
›› Curriculum vitae for owners, directors and key employees
›› Additional ownerships, directorships and employment of all owners, directors and key employees
›› Current government employment of owners, directors and key employees
›› Previous government employment of owners, directors and key employees
›› Three business references
›› One financial reference or audited financial statement
TRACEcertification involves a media search dating back ten years and denied party screening. Candidates are required to adopt a code of conduct and to complete a mandatory anti-bribery training course (administered by TRACE utilizing our online training module) as part of the certification process. TRACEcertification requires certified parties to update their verified due diligence information on an annual basis.”
- Certifications are mistakenly aimed at seeking protection from US, UK and other state enforcement agencies, yet are not recognized by these agencies.
Another common misperception is that certifications promise a false defense against government investigators located in the US and UK. The reality, as we’ve observed, is that most certified companies are not looking for a defense from US investigators, but rather are looking for a defense against bribe-seekers, that is, the government officials who extort bribes from them.
The uncomfortable reality that we here at TRACE are trying to address is that Western-focused anti-bribery compliance is a nonfactor for the vast majority of global business transactions. In the Philippines, small and medium sized companies constitute an estimated 99% of all business. How can we reach these SMEs who are, by default, not subject to the FCPA or UK Bribery Act, yet just as vulnerable to bribery demands? The fact that SMEs are a very easy target for low level government officials seeking to supplement their incomes is rendered even worse by the fact that so little effort has been made to reach these organizations and provide them practical tools with which to defend themselves.
Conspicuous certifications backed by internationally-recognized organizations like TRACE are tangible tools that SMEs can proudly display on their websites, in their offices or on the back of their contracts — and often do — to show that they will not acquiesce to bribe demands. It is an open, public display that they are committed to responsible business dealings and provides a solid foundation (policies, training, etc.) with which to resist government graft. Certification also builds strength in numbers. It allows SME to take matters into their own hands to create a better business environment for themselves. Certifications also play an important role for those SMEs seeking a competitive advantage in their business dealings by demonstrating their commitment to commercial transparency. And while we do not, as described above, certify a company’s reputation, we do certify their successful completion of the due diligence process followed by daily screening against media and denied party lists, which itself can be an important factor for multinational companies in vetting their smaller business partners.
- Certification companies have a conflict of interest that prevents them from providing independent judgment regarding the adequacy of a company’s compliance program.
The thought here is that because companies pay to be certified, certifying organizations have a conflicting incentive to overlook faults in a compliance program in order to grant certification. As already mentioned above, at TRACE we do not certify the adequacy of compliance programs, but rather are certifying whether the entity has been sufficiently transparent in the due diligence process. This distinction means that the decision to certify is based on objective measures, like whether the third party has produced the requisite documentation, not on the discretion of the person reviewing the entity’s compliance program. Less discretion means less possibility of conflicting interests.
Moreover, entities seeking TRACEcertification must agree that a decision to grant or deny certification will be solely within TRACE’s discretion. TRACE does deny certification to those entities that are insufficiently transparent during the review period or fail to provide required documentation. Payments made to TRACE are non-refundable, however, regardless of the outcome of the certification. This means that TRACE has zero financial interest in the outcome of the review.
Finally, because TRACEcertification reports are typically provided to multiple companies, we believe that there is a considerable incentive to the entities undergoing the process to be scrupulous in their responses. While it may be possible to mislead a single company about ownership or past misconduct, more eyes on the report mean a greater likelihood of being caught, — and so of having the certification revoked.
And so, while we at TRACE hold Professor Stephenson in high regard, we would respectfully point out that in this instance he is wrong. We see TRACE’s anti-bribery certification program as an exciting new way to include small and medium sized businesses in the anti-bribery discussion. These are companies that might otherwise have no other resources to build a compliance program on their own. For those interested in finding out more about TRACEcertification, we encourage you to read a recent case study by S3 International, a Milwaukee-based repairer of military and commercial spare parts.