Regulations like the California Transparency in Supply Chain Act and the UK Modern Slavery Act mean that compliance officers around the world are now in a position to help wipe out the global disgrace that is modern slavery.  The United Nations estimates that between 27 and 30 million people are currently caught in the slave trade industry. 
 
Slavery is a lucrative business, with an estimated $35 billion generated every year.  To combat this, governments are creating laws which incentive companies to proactively work to eradicate slavery, while at the same time non-governmental organizations and journalists are creating extreme reputational risk for companies caught benefiting from a supply chain filled with human misery. 
 
What weapons does a compliance officer have to combat modern slavery?  Plenty.  Here are a few:

1. Annual Risk Assessments
 
Your annual risk assessment should specifically include a review of high-risk areas for modern slavery.  Review the annual U.S. Trafficking in Persons Report to find out if any of the countries in which you operate are high-risk for slave trafficking.
 
2. Policies, Procedures and the Code of Conduct
 
Your company should adopt policies evidencing your commitment to work only with responsible companies who do not use slave labor, trafficked labor, prison labor, child labor or indentured servants.  Your Code of Conduct should take a public stand against such abuses, and you should implement procedures with your procurement office to ensure slavery cannot find its way into your supply chain.
 
3. Supplier Codes of Conduct
 
Requiring suppliers to adhere and attest to your Supplier Code of Conduct is a great way to enforce your standards with respect to modern slavery.  Be sure to include specific prohibitions to ensure the best outcome.
 
4. Contractual Obligations / push-down requirements
 
Your supplier contracts should include statements about the prohibition of the use of forced or trafficked labor.  Try to include an audit clause so you are able to audit high-risk suppliers and a termination clause so you can terminate the contract if you find violations of the anti-slavery requirements.
 
5. Due Diligence on Suppliers prior to engagement and on an ongoing basis
 
Most companies with a compliance program have due diligence questionnaires relating to bribery and corruption.  Your due diligence questionnaire should include questions with respect to hiring practices and the origin of the workforce so that you can evaluate your supplier before you engage them.  Ask about employment practices to ensure compliance with your Supplier Code of Conduct or internal anti-slavery policies, and renew your due diligence on a one-to-three-year basis depending on level of risk.
 
6. Training of people in the company on red flags
 
Your procurement and HR functions should be given training about spotting modern-slavery-related red flags. Red flags include:

• Workers with withheld documents (such as passports) or withheld exit visas
• Physical punishment, captive conditions, or physical injuries to multiple people in one place
• Unrestrained/inhumane working hours or conditions, managers/pimps in control
• Indentured servitude or “repayment” for travel to worksite
• Incapacity to leave or change jobs
• Movement of workers strictly controlled (e.g., picked up and dropped off each day by controller)
• Child labor
• Offering of sex for money 

 7. Reporting mechanisms and whistle-blowing

Your whistle-blowing procedures should extend (where possible by law) to allow reporting on modern slavery.  You may want to advertise your whistle-blower hotline in your high-risk locations or in offices located in countries with known slavery and trafficking issues.
 
8. Auditing and Internal Audit
 
As part of your coordination with Internal Audit, add anti-slavery elements into the audit plan for suppliers or for locations where there is a high risk of slavery.  For instance, Audit can check the payment records for workers to ensure they are receiving at least the minimum wage in the country in which the work took place, and that the workers aren’t paying back exorbitant “recruitment fees” for their transit to the worksite. 
 
Use of any of these weapons alone will help to combat human trafficking and modern slavery.  Together they can provide a strong defense to protect your company from fines, investigations and the reputational harm.

The indomitable Richard Bistrong sent me a copy of his essay from the book How to Pay a Bribe with a simple question: what can compliance officers learn from his first-hand account of paying bribes internationally? 
 
For those of you who haven’t come across Richard, he was once the Vice President of International Sales at a large publically-traded defense contractor.  In 2012, he was sentenced to 18 months in prison for violating the FCPA.  He ultimately spent 14 months in federal prison following his five years of covert and overt witness cooperation with law enforcement in both the UK and US.  He is now a well-known and popular speaker and consultant, teaching sales organizations and compliance teams from his first-hand experience.
 
Richard’s essay focuses on an assignment in Egypt, which was written as an amalgamation of multiple experiences.  He was tasked with selling defense equipment to the police force.  “I was given no road map, just the corporate charge to grow the sector,” he writes. 
Richard met intermediaries who would help him to navigate the “positively labyrinthine” procurement rules of Egypt and other countries where he worked as part of his global role. Before he left the States, the Legal Department of his company gave him a document explaining the FCPA which he signed and agreed to abide by.  But that didn’t stop him from paying bribes and ending up getting targeted by the Justice Department and Crown Prosecution Service, which led to his cooperation, and finally, to prison.  What can we in compliance learn from what went wrong?
 
1: Rationalization is Compelling and Easy
 
In his essay, Richard describes the challenges he felt while working with his intermediary Mehmet.  Mehmet wouldn’t be paid unless the tenders the company made were successful, which was great for the company, but provided a tough challenge for Richard.  Should the deal fall through, Mehmet, who had worked for months to secure it, would get nothing.  Richard had become acquainted with people in the Egyptian police force, many of whom were clearly paid what we would consider to be poverty wages on which they were trying to support their families.  Not only would these people’s lives be supported by the bribe money, but the police force would receive top-quality equipment which would help them to effectively do their jobs.  As Richard shared with me, “from the business perspective, those situations seemed like a win-win.  I wasn’t thinking about the wider unintended ethical consequences of my decisions, upon society, my former employer, and regrettably, upon my family.”
 
Reading Richard’s description, it is not hard to understand how he was thinking.  In Richard’s words, “I asked myself whether my boss really wanted to know what was going on.  After all, wasn’t this only an issue if I made it one?  The Egyptian police would get a quality product, my company would get the sale and I would make my forecast, and hence my bonus.  The idea and consequences of getting caught were a very abstract concept.”
 
Rationalization is easy and compelling.  The capacity to counteract it must come from direct corporate messages and reward structures that make it clear to the person on the ground that bribery is simply unacceptable and that the company is behind you if you can’t make your numbers or finish the sale in an ethical way.

2: Corporations Need to Really Understand Their Third-Party Intermediaries
 
The first time Richard knew that something was wrong was when Mehmet’s overcoat-wearing friend brought Richard and Mehmet copies of all of the competitor’s bids to ensure that Richard’s company submitted the best price.  In a real-world event that led to Richard’s downfall, another third-party intermediary asked Richard to provide a blank, yet signed, sheet of paper, so the third-party could lower the company’s formal bid price just enough to win a large United Nations armoring contract using corruptly obtained competitor information. Again, the intermediary was only paid if they won.  What is a company incentivizing when it allows for this type of payment structure in places where bribery, corruption, and lucrative business opportunities are all intermixed?
 
One of the things that surprised me most about Richard’s account was that the third-party intermediaries in his story worked hard and performed legitimate services.  In compliance training we’re taught to look for consulting agreements where people are paid only for introductions, or don’t appear to do any actual work for their fees.  This was quite the contrary in Richard’s case.  He describes the intermediaries as working incredibly hard to put together the required bid documentation, get papers notarized, translated and stamped, as well as to help market and price the services.  When I asked Richard about this element, he shared “Most intermediaries intertwine corrupt and legitimate business services. They are not what we think of as bagmen. They have bank accounts in their name, in their country. Many work hard on developing the market for their multinational partners, but they also pay bribes when they need to pay bribes, and many don’t share our concerns about the consequences and legality of corruption.”
 
Thus, an internal auditor scrutinizing Mehmet’s arrangement would not have found a dummy contract with no actual value, nor would the contract have included “miscellaneous service fees” or other obvious red flags.  Richard says the bribes were paid out of the total single fee paid to the intermediary for his services, which is precisely why businesses needs to understand exactly what the third party is doing.  Proper due diligence includes questions about why the third-party is needed, what they will be doing, and how they will be compensated.  Anything else can result in blindness. And as Richard shared with me “if someone tries to change the terms of the agreement after the transaction, best to treat that request as a default red-flag.”

3: Corruption Occurs Everywhere
 
Richard’s Plea Agreement addresses bribes that were paid for a UN contract in New York City and a Dutch Police Contract in the Netherlands.  These places are considered low risk on the Transparency International Corruption Perceptions Index.  Indeed, I’ve performed anti-corruption training in Denmark and was asked in front of a room full of people, “Why are you telling us these things?  We are Danish, we would never do this!”  But corruption isn’t only something that happens in back rooms in the Philippines or in Africa.  It happens everywhere.
 
Many corporations take comfort if they only operate within the United States and Western Europe because they don’t believe corruption can occur in those places.  They are wrong. Would the Dutch Police forces have made anyone’s top ten risk markets!  
 
The book How to Pay a Bribe is sub-titled, “Thinking like a criminal to thwart bribery schemes.”  Understanding the conditions on the ground and the unspoken messages sent within sales quotas can help compliance teams to stop corruption before it happens. 
 
What would have happened if Richard had been contacted by the compliance officer two months into his stay in Egypt to see how it was going?  Would it have made things different?  What if the compliance officer had visited Richard six months into his foray abroad to ask about the issues he was facing and see if he needed any help?  What if Richard’s boss had inquired about the third-party relationships and tried to negotiate a payment structure which wasn’t entirely win/lose for the intermediary? 

Could it have ended differently?

Could the story have ended differently? It’s a question that Richard is asked quite often. One aspect which he addressed with me focused upon a common practice, in how personnel are often transferred among markets. After all, if someone is a ‘rain-maker’ in one region, why not put him/her to work in another place which needs rapid development. As Richard reflected with me, “I spent over a decade in the lowest risk marketplaces:  US police and US military sales. I think if someone with business responsibility, as in the CEO or group President, would have sat down with me before that first flight and shared the peril which I would soon face, I would have been better prepared.  I think a conversation around what I would encounter, the company’s approach, the pay plan to support risk avoidance, and how I was expected to perform in such environments, might have had an impact.  That’s not to say it would definitely have changed things, those are questions which can never be answered, but those are the conversations you don’t ever forget.”
 
And that’s why it’s important to learn what really happens when things go wrong.  It is only in understanding human frailty, the unspoken messages sent by incentives, struggle and opportunity that we can create compliance programs with the hope of succeeding.
 
How to Pay a Bribe is available on Amazon.com from TRACE International.  It can be purchased here: http://amzn.to/29PpsUz . Richard Bistrong can be reached at www.richardbistrong.com.

Two weeks ago I was at the 10th annual C-5 Anti-Corruption Conference in London, listening to Kathleen McGovern, Senior Deputy Chief of the Fraud Section of the U.S. DOJ and Kara N. Brockmeyer, Chief of the FCPA Unit of the U.S. SEC, when they were asked an interesting question. What did they think of the new ISO 37001 Anti-Bribery Management Systems Standard?  A hushed room eagerly awaited their response. 

“I think it’s great,” said Ms. McGovern.  “Anything that tells companies, especially overseas companies, what is expected from an anti-corruption perspective is a good thing.” 

“I agree,” said Ms. Brockmeyer.  She went on to say that levelling the playing field so that everyone has one standard is a positive step for global corruption prevention.

Why is the DOJ and SEC in favour of ISO 37001?

It’s simple: a single anti-bribery standard that can be applied globally makes sense for global businesses.  The ISO 37001 standard was developed by anti-bribery experts from 28 countries, in addition to 16 observer countries and 7 liaison countries.  It’s a global standard built on the framework of the US Federal Sentencing Guidelines and the UK’s definition of Adequate Procedures.  It helps companies all over the world to comply with those laws (and other anti-bribery laws) such that they can more easily be approved as partners, agents or representatives of US or UK companies. 

What’s in the ISO 37001 Standard? 

The ISO standard requires the things you’d expect: risk assessments, strong tone at the top, anonymous reporting channels, training, anti-retaliation policies, and preventative controls.  ISO formalizes anti-bribery program expectations then allows the company to apply for certification that it has met the standard.

What’s in it for Business?

Obtaining certification will not make a company immune to prosecution.  However, it will make prosecution much less likely in the first place.  Why?  Because employees will have been trained, controls will be put in place, reports will be available and red flags should be caught more easily.  If a company is prosecuted for bribery, the company will already have policies, procedures and reports available to mount an adequate procedures defence or to seek mitigation of damages because of the strong compliance program. 

Additionally, having an ISO 37001 certification is short-hand for “We’ve got a good compliance program.”  Like many other ISO certifications, ISO 37001 should move suppliers and third-parties through due diligence processes more quickly, as an outside body has already certified that an anti-bribery program exists and is effective.  This can be a tremendous business advantage – one which benefits both supplier, moving faster through the procurement process, and buyer, who will be exposed to less risk with a certified company. 

The DOJ, SEC and compliance experts from around the world have endorsed the ISO 37001 standard.  It will become active and available September 15, 2016.  Mark your calendars- it’s going to be a great new era in combating bribery and corruption on a global scale.