The Knowledge Exchange / Risk Management / Accountability: Who is responsible for risk management?

Accountability: Who is responsible for risk management?

What every executive should learn from Walmart’s mistakes

Walmart made headlines recently for all the wrong reasons. The New York Times exposed the international retail giant’s history of bribing Mexican government officials in order to dominate that market. Top executives systematically swept the company’s misdeeds under the rug despite stern advice from its general counsel and internal investigator. And new evidence shows that Walmart lobbied to dilute the US Foreign Corrupt Practices Act (FCPA), which prohibits payment of anything of value to foreign officials to obtain or retain business. Walmart’s actions violated Mexican anti-bribery laws, the FCPA, and the U.K. Bribery Act (by virtue of certain corporate holdings).

For lawyers at the Department of Justice and the Securities and Exchange Commission, which enforce the FCPA jointly, the Walmart case is as open and shut as these things get. Evidence suggests that the highest levels of Walmart’s corporate hierarchy knew of the corruption and made it disappear. Now under the FCPA those executives are subject to criminal penalties for presiding over bribery — and would be even had they done so unknowingly.

This should send chills down the spines of C-level executives. “Facilitation payments” and other “costs of doing business” in various markets can no longer be condoned. Anti-corruption laws have spread internationally and have become increasingly strict. The U.K. Bribery Act of 2010 makes the FCPA look meek by comparison, and the UN Convention Against Corruption has spurred the European Union, China, and others to establish corporate integrity standards of their own. CXOs and boards of directors must remember that they are personally liable for the actions of their employees and agents abroad. With regulators emboldened by Walmart’s debacle, corporations must embrace the lessons of the cover-up and implement preventive and reporting measures.

  1. Commit to zero tolerance and say so. Boards of directors must express their commitment to a zero-tolerance policy toward corruption in the form of a formal code of ethics or conduct. Such codes must address standards of business conduct vis-a-vis gifts and entertainment, anti-money laundering, facilitation payments and internal whistle-blowing. Equally important is that corporate policies must include detailed procedures for how they are to be carried out. Showing that exact procedures exist and were followed may immunize executives from prosecution under even the strictest anti-corruption laws such as the UK Bribery Act. This does not apply to the FCPA.
  2. If you’re digging a hole, stop. If you discover corporate corruption, climb out of the hole and focus immediately on rooting out wrongdoing, not on damage control. Take Walmart, for example. Top executives, including the corporate secretary and ethics officer, received frank, unbending advice from the company’s internal investigator (a former FBI agent) and its general counsel. That advice was buried. Although considerable damage had been done, Walmart could have reported itself then to US and Mexican authorities. They could also more effectively have addressed the alleged wrongdoings of a high-ranking Walmart de Mexico official who was since promoted to the highest levels of Walmart’s international headquarters in Arkansas. Instead, it did neither and will now be judged not only for its initial wrongdoing but also for its failure to self-report and for turning a blind eye toward those alleged to have been at the center of the controversy. Seven years later, Walmart has discovered that no hole is deep enough.
  3. Put someone in charge. Deputize a C-level corporate investigations officer to work hand-in-hand with compliance and legal, but with the autonomy to take his findings directly to the boardroom. This officer should have an affirmative obligation to report suspected violations to proper legal and regulatory authorities such as the DOJ, the SEC and their international counterparts. Internal investigations cannot be undermined. Again, stop digging. Walmart, for example, made an end run around its investigations officer and assigned key parts of its inquiry to the management of the very business unit being investigated. This move was the antithesis of transparency, leaving law enforcement years later to make heads or tails of a case with a strong appearance of impropriety. It is also wise to work with objective third parties who specialize in anti-corruption investigations and financial audits. When Walmart’s general counsel solicited a bid for such an investigation, a respected law firm proposed a three-month investigation. Walmart’s upper management echelon balked despite her recommendation.
  4.  Make sure employees know their role. Employees must have an affirmative obligation to blow the whistle internally as early as possible. There are two keys to such a standard: Corporations must educate employees at hire about the exacting standards to which they will be held. Failure to notify proper corporate authorities must carry consequences. Not every suspected violation reported will rise to the level of legal liability, but that determination must be made by the investigations officer and general counsel. At the same time, employees must have every assurance that blowing the whistle will not affect their career. This is easier said than done, but it should be a natural corollary of a company-wide, top-down, anti-corruption program. ING Group, Daimler, General Electric and Ford Motor each have robust policies of this nature.
  5. Think globally and manage your risk. Every company must assess the realities and associated risks of doing business in markets known for corruption. Transparency International is a great resource for such analysis. For example, an examination of FCPA enforcement reveals that the oil and gas industry receives more attention from federal prosecutors (18 percent of FCPA investigations) than any other. Is this industry inherently corrupt? No. But oil and gas companies do business in risky markets where the stakes are incredibly high. It’s also important to remember that anti-corruption laws are not homogeneous. The Bribery Act, for example, gives UK courts jurisdiction over bribery committed anywhere in the world by an “associated person” where the alleged corporate offender has a “close connection” with the United Kingdom. These are sweeping liability standards. Walmart is surely taking note: It owns Asda, Britain’s second-largest supermarket, thereby rendering it liable under the Bribery Act too. It will be interesting to see where that leads. Standards set by the 34-member OECD and the European Union are also important, but beware. Laws with “long arms,” such as the Bribery Act, can hold you responsible for your company’s corruption even in those countries that don’t have anti-corruption laws.

Bribery is a business staple in many countries, but foreign officials hardly care about your legal exposure. How do you deal with this reality? Only the strictest standards for prevention and reporting will do unless you are willing to roll the dice that you will never be prosecuted for the actions of your agents. One of every five Walmart stores is in Mexico, where it is now the largest retailer. Was its market dominance worth the price? Ask its C-level executives in a year or so — if they’re not in jail.

NOTE: Originally published by Harvard Business Review in 2012.  Copyright 2012 Harvard Business Review.  All rights reserved.  Reprinted by permission.

Who is responsible – accountable – for risk management in financial services organizations, including reputation risk, liquidity risk and credit risk? Take a look at the 2012 EIU report Society, shareholders and self-interest to get a view into how senior bankers view their accountability.

Tags: ,
  • Facebook
  • del.icio.us
  • Twitter
  • Digg
  • LinkedIn
  • email