Pending Commitment? The Fight Against Bribery and Corruption

True or false? “Systematic and controlled corruption is over,” stated Mexican President Andrés Manuel López Obrador, near the beginning of his mandate almost four to five years ago. However, at an international level, on the Corruption Perception Index, analyzed and published by Transparency International between 1995 and 2022, Mexico has been ranked, as low 27th and as high as 37th among 180 countries that participated in this study. Progress? Definitely not. Pending commitment? Absolutely! That is why compliance, in any organization (public, private or NGO), requires expert personnel for its execution, risk management and controls – focusing on the promotion of an ethics and integrity culture. Sounds redundant? Definitely not.

Being corrupt is not part of Mexican culture, as per former President Enrique Peña Nieto, who stated publicly that Mexicans are corrupt because it is their nature. We need to promote an ethics and integrity culture in organizations. However, who should lead these processes? The government regulators have the rights and duties to enforce the law; however, the political will and application of the law is not there yet. So, organizations (private sector, mainly) need to act.

Have you heard about the Compliance Officer? All their functions, obligations, and responsibilities are within the international regulatory framework because he or she will go much further than just enforcing the rules and laws, becoming a reference figure for order, the creation of an ethical culture and integrity and the safeguarding of the reputation of any organization. 

A Compliance Officer is "a figure who manages risks, must be a person who demonstrates values such as integrity, commitment, leadership, effective communication, ability to insist and convince about the acceptance of their recommendations, as well as a deep knowledge (or have access to experts) in regulatory compliance issues."

The framework to settle the pending commitment (a perfect fit) is implementing the ISO 37301: 2021— Compliance Management System that will help to analyze it thoroughly. 

1) Identify obligations and risks 

The Compliance Officer must clearly and objectively identify the different obligations and risks to which organizations will be subject, including two essential types:

They will not only dedicate themselves to the observance of the law and its risks in accordance with the operation, but also to all the internal codes that will regulate each one of the business processes.

2) Implement management indicators and controls 

Thus, and also hand in hand with the previous point, the Compliance Officer must identify and, of course, address any risk related to the regulatory framework that the organization is subject to, including those derived from relationships with customers, suppliers, distributors, commercial and various organizations. 

One more challenge in this difficult work? The difficulties resulting from  the COVID-19 crisis, including: 

• Assessment of the impact of post-COVID-19 on risk maps and plans.

• Development and monitoring of mitigation measures through manual processes and technology support. 

• Maintenance of activities with guarantees for health. 

• Strict follow-up to measures and regulations issued by the authorities.

In addition to being clear, there a so-called "new risks," in which are contemplated:

• Discrimination and harassment. 

• Data protection and privacy. 

• Human rights and organizational culture focused on sustainable and sustainable development.

• New tax measures and generation of business plans that do not expose any fiscal and reputational risk to the organization.

• New technologies, digitalization, Internet of Things, social networks and, of course, the consequent need for training. 

Seeing a clear increase in "social" risks, that is, those that, although they do not have consequences before the authorities, they do have consequences in terms of public image, there are many fronts to consider. 

3) Identify and address the risks derived from third parties

With third parties, the Compliance Officer is in charge not only of dealing with corrupt acts, but also, identifying and implementing controls and measures to identify and know in a timely manner any risk to which the organization is subjected on behalf of its organization by third parties or that directly impacts the operations of the organization.

4) Establish and lead complaint mechanisms and manage internal investigations

A Compliance Officer is not a policeman. He or she is a strategic ally that helps organizations to make decisions aligned with the culture of ethics and integrity, always safeguarding the organization’s reputation and work environment.

Therefore, when someone inside or outside the organization is not aligned, violent or fails to comply with internal policies and procedures, an investigation must be carried out – internally or advised by specialized externals. That said, the Compliance Officer should keep in mind that:

The whistleblower can be anonymous or give his name and that he can belong to the organization or a business partner.

• There is no retaliation, whoever it was, whether it was someone from senior, middle or operational management or not. This  is key to the organization.

• The investigation of complaints, of any kind, must be conducted with absolute autonomy and independence by experts in the field. 

• An effective plan should always be established that allows the company to find the root cause of the allegations. 

• Be clear about the objectives and sanctions that should be applied according to the findings of the investigation.

5) The Compliance Officer as training coordinator

Now, we know that there can be a good level of compliance without its guidelines being informed, understood, and complied with, efficiently, by all hierarchical levels of the organization, so the Compliance Officer will be responsible for:

• Provide or coordinate training in the field, which must be continuous, as well as reach each of the associates. 

• Direct training according to each competency. That is, and for example, training on the use of a whistleblowing channel that should be global (for all areas), while training in financial control issues will only be suitable for similar areas. 

• Select appropriate educational systems for the different levels of professionalization within the company, including opting for technological e-learning tools specialized in compliance.

• Be a support figure in case of doubts; that is, present cases applied to the organization, such as the problem and resolution presented in  previous investigations (with due discretion and confidentiality, according to the culture of the organization).

• Be an "arbitrator" to know how to proceed in certain cases. 

And even to determine whether certain conduct or actions constitute an infringement or are subject to further investigation; hence, the importance of its character, objective, and focused training. 

6) The Compliance Officer as the person in charge of communication

The Compliance Officer will also be responsible for the communication of the Compliance Program (or programs), such as: 

• Supervise the documents, systems, and final processes. 

• Study and determine the most appropriate communication channels (whether for training, reporting, prevention, or alerting issues), as well as alternative means of feedback. 

• Disclose any relevant information regarding compliance. 

• Develop awareness campaigns to raise awareness about the importance of ethical and moral behavior. 

• Deliver and disclose the relevant Code of Conduct or Integrity and policies to employees and third parties. 

Like all the policies that staff must comply with,  integrate it into a complete model of the matter. 

7) Perform compliance audits 

And, also chained with the two previous points, the Compliance Officer must monitor the ENTIRE compliance risk prevention system, considering third-party audits to:

• Establish preventive and corrective measures that guarantee effectiveness.

• Ensure review at planned intervals. 

• Propose and have possible reformulations of procedures to ensure the good management of third parties and measure the effectiveness of controls.

• Prevent possible fraud, corrupt acts, corporate crimes, among others.

• Thus, verifying the effectiveness of all the measures adopted and, of course, correcting course when necessary. 

Conclusions 

The Compliance Officer is extremely complex, because it is not only a supervisory function, since it will be immersed in different areas and issues. In any area (internal or external), possible risks, fraud, corrupt acts, ethics, and dangers that violate the organization may arise. 

Likewise, it is important to mention that specialized firms provide official training programs or diplomas with high-level practical cases, having to support it through domestic and foreign institutions, specializations, and professional certifications. The culture of compliance is spreading steadily and substantially in Mexico and Latin America, so let's hope it's getting more and better news.

And, of course, if you believe that in your organization you do not yet need to implement a compliance program to close the pending commitment, then expect possible economic and criminal sanctions that your organization is exposed to and that can have a significant impact. That is, not having a compliance program is as costly as any fraud or theft that directly impacts your organization's reputation.