IACC-Logo, back to IACC-Home

Programme Papers from the 9th IACC
past IACCs



Privacy Policy


The 9th International Anti-Corruption Conference

The Papers

Workshop on Corporate Governance and Business Ethics
How can compliance be promoted and monitored?

Gayle Hill - Special Counsel
Freehill Hollingdale &Page
101 Collins Street


The signatories to the OECD Convention on combating bribery in international business transactions are now discharging their obligations by taking such steps as may be necessary, in accordance with their own legal principles, to establish the liability of legal persons for the bribery of a foreign public official.

Clearly, legislation on its own is not sufficient. Other actions are also needed in order to give effect to the aim of eliminating bribery in international business transactions. In fact, a matrix of measures is required involving all stakeholders concerned or involved with this issue.

Multi-national corporations play a fundamental role. For legislation criminalising foreign bribery to be effective, a fundamental requirement is that corporations who are involved in international business transactions abide by the legislative provisions. In particular, it is vital that sound compliance structures be implemented by those corporations.

The legislation which has been enacted in Australia to satisfy Australia's obligations under the OECD Convention, involves more far reaching principles of corporate criminal responsibility than exists under the common law in Australia. That alone represents a considerable shift in legal compliance obligations for Australian companies operating outside Australia.

1 The Australian Criminal Code

The most significant implications for Australian businesses arise from the inclusion of the offence of bribery of a foreign public official in the Commonwealth Criminal Code. The Code has far reaching principles relating to corporate criminal responsibility. The Code extends the usual common law principles by allowing the prosecution to lead evidence that the company's unwritten rules tacitly authorise non-compliance or fail to create a culture of compliance.

It captures situations where, despite formal documents appearing to require compliance with laws prohibiting foreign bribery, the reality is that non-compliance is expected.

Compliance on "paper" is not sufficient: there must be an environment of compliance operating within the company.

A company can be criminally liable if the corporate culture:

  • directs;
  • tolerates; or
  • leads to

non-compliance with the criminal provisions proscribing the bribery of foreign public officials.

In addition, under the Australian law, a company can be criminally liable if the company fails to create and maintain a corporate culture that requires compliance with the law.

Under the Australian law, corporate culture is defined to mean:

an attitude, policy, rule, course of conduct or practice existing within the body corporate generally or in the part of the body corporate in which the relevant activities take place.

The new provisions relating to corporate culture significantly extend the scope for corporate criminal responsibility beyond the current position at common law. In fulfilment of fiduciary and statutory duties, directors and senior managers of companies are recommended to ensure that appropriate and effective compliance programs are in place.

A culture of compliance is critical for Australian corporations having business operations in other countries.

2 The Australian Standard AS3806 for compliance programs

In Australia, there is a recognised standard for compliance programs which covers the structural, operational and maintenance elements to be included in any program. The standard is known as Australian Standard AS3806. It describes a comprehensive compliance management system, using elements common to systems of management and quality. The Australian Standard is general in its terminology because it applies to compliance programs across all areas of compliance.

Accordingly, it does not prescribe the actual elements of an international corruption compliance program, or indeed any specific compliance program. It does, however, serve to signpost the essential components of an effective compliance program.

The purpose of the Australian Standard is to provide a framework for an effective compliance program, the performance of which can be monitored and assessed.

The Australian Standard states:

A compliance program is an important element in the corporate governance and due diligence of an organisation, and should
  1. aim to prevent, and where necessary, identify and respond to, breaches of laws, regulations, codes or organisational standards occurring in the organisation;
  2. promote a culture of compliance within the organisation; and
  3. assist the organisation in remaining or becoming a good corporate citizen.1

The integration of business ethics into the corporate governance framework has been addressed by the Australian Standard in a number of respects. In promoting and maintaining a culture of compliance with the provisions prohibiting the bribery of foreign public officials, the Australian Standard provides excellent guidance to assist corporations comply with the new laws.

3 Promoting a culture of compliance

3.1 High level commitment

As a fundamental aspect of any compliance program, there must be commitment to effective compliance demonstrated at the most senior levels of the organisation. The Board or the governing body, the Chief Executive and senior management must be committed to complying with the relevant laws. Such commitment may be demonstrated by, for example, minuted resolutions of the Board of the company together with a clear and concise statement of policy.

The responsibility for translating that high level commitment into reality lies with the Chief Executive Officer. Management is also required to convey the message to staff and other relevant people that the organisation is committed to compliance with laws prohibiting foreign bribery and that lipservice to those laws does not constitute compliance.

Commitment, as well as the actions to realise that commitment, must be ongoing. Making a policy and merely informing staff that they must comply is not sufficient. Leadership needs to be shown. Appointing a senior executive with the responsibility for compliance and the authority to exercise that responsibility gives the whole compliance system the requisite imprimatur to ensure that it does not lack credibility or power within the company.

3.2 Compliance policy and operating procedures

Not only should there be a clearly stated compliance policy, it is also necessary to state how the commitment is to be carried out. Accordingly, the compliance program should be developed and implemented in consultation with staff. Examples of the sorts of elements which an anti-corruption program may include are:

  • a matrix of certifications;
  • an education program;
  • procedures to ensure contractors, agents and joint venture partners also meet their obligations.

    Depending on the particular corporation's internal documentation process, a compliance policy together with operating procedures may be appropriate to assist the corporation meet its obligations. Control of contractors, agents and, where possible joint venture partners, is very important, especially where the delegation and outsourcing of functions to third parties is prevalent. A company must not seek to delegate or outsource its responsibilities for legal compliance.

    3.3 Management responsibility and supervision

    All relevant managers must understand, promote and be responsible for compliance with the legislation. This is not limited to operational managers but includes the most senior corporate managers and the Chief Executive. As a result, the Australian Standard recognises that managerial roles and responsibilities should be articulated and understood. Management supervision is an integral part of an effective compliance program.

    It is intended that the responsibility for compliance be with management, not compliance officers or legal advisers. Managers should require their immediate subordinates to regularly report on compliance issues and should include compliance as a standing item on the agenda for management meetings with their subordinates.

    3.4 Resources

    Adequate resources are required to implement an effective compliance program. Included in resources are people. People are an important resource in any compliance program. A lack of adequate resources is often indicative of a lack of commitment to compliance. There must be adequate resources for training as well as access to more senior employees of the corporation to assist staff who may require advice and mentoring.

    Some corporations have implemented hotlines in order to assist staff to have access to senior personnel who have the appropriate expertise and understanding of the area to give advice and assistance.

    Manuals, whether electronic or hard copy, must be accessible and easily understood. Resources are needed to produce manuals and to keep them current. Technical jargon in manuals should be avoided. Where possible, manuals should be developed jointly by management and staff and should contain practical directions and examples.

    3.5 Record keeping

    Because the Australian legislation can result in a corporation being criminally liable if it fails to create and maintain a culture of compliance, keeping proper and detailed records about the components of the compliance program is vital. The components of the compliance program should be systematically recorded and accurate up to date records should be maintained. This is critical if the company ever needs to defend itself against criminal charges of bribery of a foreign public official.

    Record keeping assists a corporation not only with respect to compliance with the Australian criminal law, but also in the monitoring and review processes of its compliance program.

    The Australian Standard recognises that record keeping must include recording and classifying complaints and alleged compliance failures as well as the steps taken to resolve them. Sometimes however, it may be necessary to obtain legal advice when documenting sensitive issues such as an alleged failure to comply with criminal laws prohibiting foreign bribery.

    In that respect, adequate training and resources ought to be provided to management and staff. It may be useful to develop guidelines for staff on how to properly manage reports of alleged compliance failures.

    3.6 Reporting

    The Australian Standard states that all compliance failures need to be reported.

    This principle is particularly important with respect to allegations concerning non-compliance with laws prohibiting foreign bribery. Not only do the laws relate to criminal offences, the penalties may be quite severe and have far reaching consequences for an organisation. For example, some business licences may state as a condition of the licence that the licensee not engage in any criminal conduct. If the sanction for such conduct is a potential revocation of the licence, the very foundations of the corporation's business may be under threat.

    It is not only systemic and recurring compliance failures which ought to be reported and addressed. A compliance failure which is isolated in nature may be of serious concern if it is intentional or if it is significant in quantum. Apparently minor compliance failures may create the perception within the organisation that failure to comply is not important and can even lead to non- compliance becoming a systemic problem.

    Accordingly, formal reporting lines should be known and understood within the organisation. Staff must understand that in discharging their reporting responsibilities, nothing of relevance must be withheld. Those formal lines of reporting should be non-threatening in nature, otherwise staff may be reluctant to raise the issues. In that respect, it may be appropriate for an organisation to give consideration to having a formal mechanism within the corporate structure to provide an avenue for "whistle blowers" to report compliance failures without fear of retribution. "Whistle blowing" would not provide immunity if the whistle blower is actually culpable in paying a bribe to a foreign public official. Exposing the conduct may, however, afford the culpable "whistle blower" some leniency by the employer company and law enforcement authorities.

    4 Maintaining a culture of compliance

    4.1 Education and training

    It is important, particularly with new laws which extend corporate criminal responsibility to circumstances relating to an organisation's corporate culture, that there be education and training of all relevant staff. In fact, any compliance program must involve education and training relevant staff about the issues and the elements of the compliance program itself.

    Education and training should be an ongoing part of the company's operations and, with respect to education and training about laws prohibiting foreign bribery, it should be linked to the company's corporate training system. The education and training should be appropriate and practical and structured so that it is readily understood by the target audience.

    It is important that education and training about the company's anti-corrupt conduct policy be part of the corporate induction program for new recruits as well as containing an ongoing element in order to keep relevant staff up to date with their obligations.

    As minimum requirements, the Australian Standard has set out the following criteria:

    • the content of the training should include examples which are reflective of the industry or sector in which the company operates and should be relevant to the day to day work of the target audience;
    • the content should be readily understood and should avoid technical jargon, for example, technical legal definitions used in the Commonwealth Criminal Code;
    • teaching methods which involve participation by the staff should be used.

      It is recommended that the education and training expressly identify the learning outcomes to be achieved. For example:

      • to understand that it is prohibited by Australian, USA and relevant local law to pay bribes and secret commissions;
      • to understand that company policy prohibits corrupt conduct;
      • to be better informed about the company's compliance program, including the various certification processes;
      • to be aware that contracts must include anti-corrupt conduct clauses; and
      • to be informed of the legal ramifications for the company and the employee of non-compliance.

      Ideally, although not stated in the Australian Standard itself, a mechanism for testing whether or not the learning outcomes have been achieved ought to be included.

      To continue to maintain high standards with respect to the education and training component of any compliance program, the effectiveness of the education and training program should be periodically evaluated, reviewed and updated.

      Maintaining records to verify that the training has been conducted, the names of the attendees, the content of the training and achievement of the learning outcomes is very important (see 3.5 Record keeping).

      4.2 Visibility and communication

      In implementing a compliance program with respect to compliance with laws prohibiting the bribery of foreign public officials, the policy and program should not be restricted in its dissemination.

      Indeed the policy and program should be widely publicised within the organisation so that it is understood and becomes part of everyday practice.

      Maintaining the visibility and communication of the program can be achieved in a number of ways, including through the education and training program, reminding staff of their obligations in corporate newsletters and on bulletin boards. E-mail reminder messages and prominently placed posters also assist. A timetable of regular communications may be developed as a prudent measure to assist in achieving regular communication of the required message.

      4.3 Monitoring and assessment

      Maintaining the effectiveness and viability of the compliance program requires regular monitoring of the program and its elements and assessing the performance of the program.

      Monitoring and assessment are essential.

      It is recommended that a clear strategy for continual monitoring be developed and that the strategy specifically sets out both internal and external monitoring processes.

      An outline of the schedule for monitoring, the resources required and the data to be collected should be specified.

      In order to undertake effective assessment of the compliance program, it is recommended that there be pre-determined objectives which have been documented to assist in evaluating the performance of the compliance program. Monitoring and assessing the process and the paperwork is necessary but not sufficient. Ascertaining the culture of the operating environment and the awareness of the need for compliance is also required.

      4.4 Review

      The review aspect of an effective compliance program is not simply another form of monitoring and assessment. It goes beyond what would be required in terms of monitoring. Reviewing the operation of any compliance program is necessary to identify and understand reasons for compliance failures. In addition, the review of the program assists an organisation to identify and to design improvements.

      Under the Australian Standard, it is recommended that reviews occur at specified intervals to ensure that the compliance program is operating effectively and that it is still appropriate to the organisation's operations. The Australian Standard recognises that the actual depth and frequency of such reviews will vary with the nature of the organisation and its policies.

      With respect to laws prohibiting the bribery of foreign public officials, much will depend on the nature of the organisation's particular activities. If the company operates in countries which are perceived to be "high risk" in terms of corruption and in industries which are also perceived to be "high risk", the depth of such reviews may be more extensive and the frequency more regular than for another area of legal compliance which does not present such a high level of importance in terms of regulatory compliance.

      Reviews are necessary to identify and understand the risk areas and the reasons for compliance failures. They also assist in assessing if the compliance program is performing effectively. Although a company's compliance manager may organise a review, the review itself should not be carried out by the manager having day to day responsibility for compliance within that part of the organisation being reviewed. It is important that there be independence brought to bear either by the review being conducted by a manager from another part of the organisation or by an independent reviewer or consultant.

      4.5 Liaison

      A corporation's compliance program may also include liaison with other bodies and advisers. Liaison is important to assist an organisation in maintaining its awareness of current problem areas and new developments in compliance methods.

      For example, with respect to a compliance program dealing with anti- bribery legislation, membership of, or regular contact with, Transparency International will assist a company to obtain early warning of intended changes to laws or practices.

      The newsletters and other publications produced by Transparency International and professional advisers, such as lawyers and accountants, are useful means of supplementing liaison with the relevant regulatory authorities and other bodies.

      4.6 Accountability

      Any legal compliance program requires management skills to make it work. Compliance officers themselves have the responsibility of organising and assisting to bring about compliance with laws prohibiting foreign bribery. However, compliance staff cannot discharge a company's compliance responsibilities.

      Compliance not only requires commitment at senior levels. Communication of that commitment throughout the organisation coupled with input from and involvement of relevant staff from all levels of the organisation is also needed. It is important that the appropriate staff understand and accept their accountability for compliance.

      In particular, performance evaluation of the compliance program should be reported as set out in the program itself, including reporting to the Board or governing body, audit or compliance committee and the Chief Executive Officer.

      Those personnel who have an accountability and responsibility for compliance with anti-corrupt conduct laws should have those accountabilities and responsibilities reflected within their relevant job descriptions. It should also be clear that any relevant Board or management committee having such a responsibility, has that particular responsibility clearly articulated in its terms of reference. One aspect of discharging accountability could be the production of annual compliance reports for the Board as well as ad hoc exception reports or the governing body as appropriate.

      An area where companies may expose themselves to risks, if not of prosecution at least of adverse public comment and reputational risk, is in promoting staff who fail to demonstrate a commitment to compliance. In other areas of the law, such as trade practices (also known as anti-trust), promoting staff who have a poor compliance record or attitude has been adversely commented upon by the courts. Rewarding staff who flout the company's compliance program to achieve commercial targets will have damaging effects: the compliance program will be undermined, the company's credibility will be weakened, the risk of prosecution will be increased.

      4.7 System for handling compliance failures

      Embedding a compliance program into an organisation's operations requires the inclusion of a system for handling compliance failures, regardless of whether those compliance failures are major or minor in nature.

      Clearly, systemic and recurring problems will be of fundamental importance in terms of compliance with anti-bribery laws. However, an isolated incident of compliance failure could also present serious potential difficulties for any corporation, particularly if that compliance failure is significant in nature and has occurred through the deliberate conduct of an employee. Indeed, even small compliance failures may demonstrate the existence of a systemic problem with respect to the organisation's operations.

      It is important that there be a system in place to classify, analyse and have a process for investigating allegations and specific incidents of compliance failure. Such a system provides useful feedback to the organisation and can assist in such areas as:

      • re-designing the program;
      • changing organisational practices and procedures;
      • re-focussing of the education and training program; and
      • providing an early warning of potential problems.

      4.8 Continuous improvement

      The relevance and effectiveness of a corporation's compliance program will be influenced by whether or not the organisation has some means of incorporating continuous improvement philosophies into its procedures. Both the compliance objectives and the assessment criteria ought to involve ongoing review for continuous improvement to be effected.

      Continuous improvement assists in keeping the company abreast of developments and in fostering a culture of compliance within the organisation. Innovation is encouraged where continuous improvement philosophies are promoted.

      A way of maintaining and motivating continuous improvement is to recognise exemplary compliance behaviour within the workforce of the organisation. In this way, good corporate practice by staff is not only encouraged, it is also rewarded. Ethical conduct by employees assists in enabling the company embrace good ethical practices as an integral part of its corporate governance framework. Benefits will flow to the company with its enhanced reputation as a good corporate citizen.

      5 A culture of compliance

      The Australian Criminal Code which contains the offence of bribery of a foreign public official has the effect of exposing a company to criminal charges if the corporate culture of the company directs, tolerates or leads to non-compliance with the criminal provisions. In addition a company can be criminally liable if the company fails to create and maintain a corporate culture that requires compliance with the law. As a result, a culture of compliance is critical for Australian companies conducting business outside Australia.

      Promoting and monitoring compliance can be a challenging and difficult undertaking. However, in Australia the Australian Standard AS3806 on compliance programs provides detailed guidance on the necessary elements for implementing, operating and maintaining any compliance program.

      The Australian legislation implementing the OECD Convention requires companies to scrutinise the prevailing cultures within those parts of the businesses involved in its overseas operations. It is vital that a culture of compliance with foreign bribery laws be established, promoted and maintained.

      Bringing about change in organisational cultures can be extremely difficult and time consuming. A company which has permitted a culture to develop which tolerates or encourages the payment of bribes to foreign public officials will experience difficulties in re-educating staff, changing the corporate culture and implementing a compliance program to meet the Australian Standard. Nevertheless, it is essential under Australian law.

      If a prohibited culture is permitted to persist within an Australian company, that organisation will remain at risk of prosecution under Australian Commonwealth criminal law. Directors and senior officers of such a company would also risk being in breach of their fiduciary and statutory duties.

      The Australian Standard for compliance programs offers valuable guidance on the elements of an effective compliance program to assist companies, directors, management and staff to achieve compliance with the new Australian laws. The Australian Standard for compliance programs may also provide useful guidance for effective compliance with anti-corrupt conduct laws in other countries.


      1. Australian Standard AS3806 - 1998, Compliance Programs, Standards Australia, page 4


      CCH Australia Limited Australian Legal Compliance: Making it Work

      Parliament of the Commonwealth of Australia, Joint Standing Committee on Treaties OECD Convention on Combating Bribery and Draft Implementing Legislation 16th Report June 1998

      Practising Law Institute Doing Business Under the Foreign Corrupt Practices Act Don Zarin, Corporate and Securities Law Library

      Standards Australia Australian Standard: Compliance Programs AS3806 - 1998

      Standards Australia A Guide to AS3806 - 1998, Compliance Programs SAA HB133 - 1999

return to table of contents