When gunmaker Smith & Wesson looked to increase sales in Asia, the company hired employees, agents and consultants to make deals in the region. These representatives went about their business as usual, providing kickbacks in exchange for sales, treating management of state-owned enterprises to trips and meals and presenting extravagant gifts in exchange for product orders. With little understanding of the region, no anti-corruption risk assessment and no due diligence on agents or buyers, managers at corporate headquarters signed off on all the expenses claimed by colleagues in the region.

The company soon found the Securities and Exchange Commission (SEC) bringing a Foreign Corrupt Practices Act (FCPA) enforcement action against it, precisely for failing to implement basic components of a compliance program. Smith & Wesson eventually settled the case with the SEC for $2 million without admitting or denying any wrongdoing. However, the company stopped impending deals stemming from the charges, implemented a series of “significant measures to improve its internal controls and compliance process,” and fired its entire international sales team, the SEC said.

A new whitepaper from the Center for Responsible Enterprise And Trade (CREATe.org), Why Anti-Corruption Programs Fail: Turning Policies into Practices, offers insights into where compliance programs fall short and provides ways to embed practices across an organization.

Insufficient Commitment

Recent high-profile bribery cases emphasize the risks and costs of non-compliance; however, companies still lag when it comes to committing to and implementing a robust and proactive program. Here are several reasons why:

• Lack of leadership. “Tone at the top” is a concept often discussed in compliance circles. However, the phrase rings hollow unless leadership sends the message that compliance is both vital and integral to good business. Equally important, communications and actions need to come from those who will make the true difference in a program: middle management. “Tone in the middle” is a key indicator of successful anti-corruption program implementation. If mid-level managers are not taking accountability for compliance or are sending mixed messages, the risk for failure is high.
• Insufficient resources. Without adequate human and financial resources, compliance programs often fail. This can happen when compliance is tasked to a single individual or an overburdened legal team or when anti-corruption responsibilities are tagged on to other programs and get lost in the shuffle.
• Insufficient profile of the compliance function. Although the compliance function is gaining prominence, many companies still lack a Chief Compliance Officer (CCO), which could send the message that compliance isn’t a C-suite issue. Whether an individual or a team of hundreds, the compliance function needs to have visible support from senior management and be recognized as an integral part of the business.

Anti-corruption compliance is a complex task. Knowing how to address compliance challenges is crucial.

Failure to Engage and Communicate

Programs may be in place; however, employees and third parties may still be unclear about their roles and responsibilities. Here are a few reasons why:

• Lack of clear policies and procedures to make policies accessible. Although it seems basic, companies have been cited for not translating policies into the local language. In other cases, the policies may be written in complex jargon or legalese. In addition to clear policies, there should be established procedures to ensure employees have guidelines for following policies.
• Competing priorities and incentives. How are your sales teams compensated? For sales alone? If compliance isn’t factored into incentive programs, employees may be inclined to hit sales targets at any cost and by any means. Integrating compliance benchmarks along with sales targets provides reinforcement of mutual goals. Some companies also offer awards for employees or groups showing a commitment to compliance.
• Insufficient communication and training. It is increasingly common to hear CEOs talk about compliance and ethics to external audiences. However, do employees actually know what they need to do to meet requirements? Training too often comes in a “one-size-fits-all” package, such as the one-hour-a-year model. Communications and training should be tailored to risks, responsibilities and local challenges. For example, finance departments should understand red flags for bribery in expense reports. Discussing “gray-area” scenarios with those on the frontline and sharing specific ways to deal with them can also help employees and third parties deal with situations that could lead to trouble.

Lack of Business Processes

In reference to the Smith & Wesson action, Kara Brockmeyer, chief of the SEC Enforcement Division’s FCPA Unit, stated: “This is a wake-up call for small- and medium-size businesses that want to enter into high-risk markets and expand their international sales.” She added: “When a company makes the strategic decision to sell its products overseas, it must ensure that the right internal controls are in place and operating.”

When it comes to those necessary business processes, here are additional areas where companies fall short:

• Failure to assess and understand risks. In the Smith & Wesson case, the SEC noted that the company did not perform any risk assessment or due diligence on agents working in international markets. A thorough assessment creates awareness around business risks that can then be managed or avoided through strengthened internal controls.
• Insufficient third-party management. SEC and Department of Justice (DOJ) cases are continually noting where companies fail to train third parties—including consultants, agents and distributors—on anti-corruption requirements. To improve compliance practices, leading companies today will require third parties to take assessments to determine the level of maturity of practices and then work to improve top risk areas. Many also offer online training in local languages for third parties.
• Insufficient monitoring. A crucial element of an effective program is monitoring it to ensure employees and third parties are adhering to your requirements. This can be done through linking to audit programs, financial reviews and employee interviews, among other actions.
• Inconsistent enforcement and corrective actions. When it comes to compliance and ethics violations, a senior employee may not be reprimanded in the same way as a junior employee, or managers will differ in how they treat an offense. To deter these behaviors, companies should have clear guidelines as to the actions that managers take when a violation occurs. Additionally, companies should analyze why an issue occurred and take steps to prevent further breaches.

Anti-corruption compliance can be a complex task for companies. Understanding the top reasons programs fail and addressing these challenges can go a long way towards preventing corrupt behaviors from eroding a company’s value and reputation.