What exactly should firms be doing at the portfolio-company level to meet bills like the US Foreign Corrupt Practices Act and UK Bribery Act?
Firstly firms need to take a view on exactly what that company is doing already. They need to ask the management team for the policies and procedures on anti-corruption and anti-bribery. See any communications they have had with their employees and find out if that information is sent out regularly. Find out if there is any training. Is that annual? And is it tracked?
Then once you have gone through this information you need to interview several members of senior management. Those people will sit down and be asked about the content of the documentation and communications. You need to assess whether or not there is a commitment from the top of the organization. Do they understand what they have written is it a priority within that organization?
Based on those meetings then try and test whether that message has flowed down into the organization. So interviews with employees of different groups, like sales, marketing, finance and ask them to discuss specific policies to see if what they say is happening is actually what the management team intended. And what the management team communicated to us.
Those best in class firms will also test the compliance infrastructure. [They will examine] a sample of invoices and understand the approvals and sign-off processes to determine whether there are further vulnerabilities here, particularly with respect to third parties such as consultants and agents.
If it turns out more training is needed, how is that typically handled by a GP?
You need to make sure that the content is right. This shouldn’t be difficult as you can summarize the key aspects of the FCPA and Bribery Act in a few PowerPoint slides. The idea is to communicate what’s contained in the laws, the effects of non-compliance and what is expected of employees as a result of these laws.
As every company is different the delivery of the training is so important. There may be issues around culture so you need to be able to adapt the communication to fit within their organization.
We often recommend that you actually get a local to do a face-to-face communication in emerging markets. Sometimes what employees glean from a message from private equity is “that’s what they have to tell us, but we know better, we know that is not how things operate here”.
The key message is this is not something that is imposed on you because of the west; it is something that is good governance in any country and in every company.
So whether it’s web-based, classroom based and so on matters less than ensuring the message that every employee must take these laws seriously is getting across.
How do you know if the message is getting across?
You need to monitor how regularly the training takes place. You also need to monitor how effective the training is by going back to the company and interviewing management and employees. Or having the management of the portfolio company report the training results to you.