Integrity and risks awareness in business

Tuesday, 12 October 2010 23:19 -     - {{hitsCtrl.values.hits}}

Business integrity isn’t just about what happens inside the four walls of your company. Business behaviour also impacts a large and growing array of stakeholders outside of your company’s doors. As business activity becomes increasingly global, its impacts on others expand accordingly.

Corporate and Social Responsibility (CSR) – often referred to as CR sustainability, or corporate citizenship – focuses on business impacts on society. Once marginalised by critics as an indulgence for ‘green’ executives, more and more corporate leaders recognise CSR as being increasingly central to business success.

Most businesses recognise and understand the link between ethics and corporate responsibility. They nevertheless often struggle to integrate these disciplines within their organisations. McQuire Rens & Jones’ combined ethics and corporate responsibility expertise makes us uniquely suited to helping our clients develop integrated programmes that minimise brand and reputational risks while maximising strategic opportunities. Such integration enhances internal communications, reduces operational costs and improves overall programme effectiveness.

Economic and business pressures

Ongoing economic and business performance pressures increase the likelihood that fraud, corruption and related activity may pose heightened risk to realising acceptable returns on acquisitions. In a weak market, intense pressure to meet performance targets, accompanied by headcount reductions and pay cuts, can increase performance pressures and opportunities for fraud in acquisition candidates.

At the same time, the attractiveness of targets in high growth potential emerging markets carries risks in the form of weak legal and regulatory regimes, lack of transparency and, in some markets, an ingrained culture of corruption. Increasing complexity of supply chains and capital sources also contribute to greater risk. In addition, regulation and enforcement activities aimed at fighting corruption and money laundering and enforcing economic and trade sanctions requirements have also grown in scope and scale, not only in the United States but also globally.

Compliance-and integrity-related risks are often found working in concert. For example, a fraud may be committed to create a slush fund that will, in turn, fund corrupt activity. Understanding the interrelationship between different risk factors can yield insight that may not be visible in isolation. History has shown that failure to identify compliance and integrity issues pre-closing has resulted in unintended consequences post-closing, including:

* Maintainable earnings below expectations

* High-risk businesses or relationships that must be discontinued, and therefore, revenue streams that evaporate

* One-time investigative or remedial costs or ongoing compliance costs and monitoring costs

* Losses related to undetected fraudulent activity

* Investigations and required disclosures to regulators

Simply put, contemplating compliance and integrity risk can be an important aspect to getting deal pricing and economics right and to avoid integration surprises.

Integrity in operation

The challenge: Continue to conduct our business with integrity in all dealings with customers, sales people and sales situations.

Our answer: Address any gaps and strengthen our business processes so that incorrect or illegal business practices are very visible to us. In Sri Lankan business context, we, who set policy and regulation, should be the first to comply under their terms and conditions. This discipline and moral conduct is sadly lacking in several instances.

We talk of corporate values and professionalism, but… judge us by our behaviour. This is fundamentally a critical area for chairmen and CEOs.

What makes me pick this area to write on?

* Violations of law and company policies

* Penalties

* Increased global focus on integrity

* Company responses

* Expectations

Risks come from those situations where a clear answer is usually not obvious and people need to rely on policies and good business judgment to identify an answer. How do we define good business judgment? Well, the fundamental question is, “Is there good governance?” In one of my previous articles to the FT, I listed out criteria, actions and procedures for setting up ‘good governance’ in organisations. Good governance is the bridge on which good business decisions and judgment travel.

What is at stake? Examples of what is happening:

* Johnson Controls Inc.

* Business in the Middle East violated the UN Oil for Food programme

* Investigations

* Violations of anti-corruption laws

The Penalties: $ 22,000,000 in fines; $ 20,000,000 anticipated costs in 2009 (JCI global profit was $ 2 b).

Consider: How much revenue do you need to generate so that the company pays US$ 42+ m in fines and costs?

Aibel Group Ltd.

Scrutiny does not go away!

* Violations of terms in the oil and gas explorations

The penalties: In the UK, it received its third conviction in Nov 2008 – two-year term of organisational probation – and rumours of bankruptcy. Previous affiliates of Aibel were sold off after a 2007 conviction. What happened to their employees?

Consider: How long can a company stay in business under these conditions?

Eli Lilly

Eli Lilly and integrity issues

* Unable to get its South Korean business in line with its anti-corruption policies.

* Closed that part of the business, jobs lost, revenue and tax income lost

Consider: If the problem was known and isolated, why close the business unit?


Corruption tends to get to you!

* Recent anti-corruption judgment and settlement

* Additional litigation probable

The Penalties: Fines = $ 1.6 b.

Consider: Other countries, e.g., Argentina, Austria, Czech Republic, Greece, Indonesia, etc., are now investigating. What impact would this scrutiny have on Siemens?

My conclusions from these examples

Taking a second look:

* Informal business arrangements make corrupt practices hard to detect

* Very loose controls over who we would do business with

* Loose controls over financial transactions as well as poor record keeping.

For your consideration:

* Were just a few individuals to blame?

* How did the business practices contribute to the problem?

* Who is responsible for the company’s integrity as a business?

* Look into the future

* Make a cultural change to avoid repetition

What changes?

* Greater visibility of all financial transactions

* Deeper scrutiny into everyday decisions

* Higher expectations

* Each individual knows the risks associated with his/her job

* Personal accountability

* Responsible for and knowledge to escalate concerns and report problems.

If you do not get it right:

* Viewed as a repeat offender

* Lose opportunities to do business with government

* Possibility of being viewed as “too corrupt” to be worth fixing

* Jail sentences for individuals

* Larger fines and stricter supervision

* Tighter government regulation

* Individuals lose jobs, income and future opportunities.

Your accountability:

* What temptations will you face?

* How do you tell what is “right” when you have to make a choice between something that will boost profits and our integrity as a company?

* Why must you choose actions that align with the company’s value of integrity?

My experience with a Fortune 500 company

During the period that I served Smithkline Beecham International in my multiple roles as Regional Head of HR Special Projects and Regional HR Consultant, South East Asia & India (overseeing the HR related matters of nine countries), one of my key initiatives was to launch and re-launch the SB values across countries.

I personally supervised and supported these launches in collaboration with each country HR Director. We ran half day values workshops under the banner ‘Living Our Values’. These programmes were run in English for junior executives and above and in the vernacular for all other positions, i.e., successful vertical and horizontal run.

The follow-up to all values workshops were meticulously carried out and in some operations, we introduced ‘Living the Values’ as a criterion in selecting the ‘Best Employee’ or ‘Team’ of the year. The three criteria were:

1. Superior performance

2. Initiative and result

3. Living the values

This process helped us to ingrain the corporate values in all our people. Hence, integrity within Smithkline Beecham was not an area for question. The company is now known as Glaxo Smithkline or GSK.

Strategies for conducting effective compliance and integrity due diligence

Acquirers that are fluent in compliance and integrity risk areas and consider them as a central part of Merger and Acquisition (M&A) decision-making have a higher likelihood of avoiding pitfalls.

A holistic, tailored and flexible approach to assessing compliance and integrity risks is essential. Unfortunately, there is no one-size fits-all solution. Leading practices vary depending on the characteristics of the target and the nature of the deal. However, a framework that puts compliance and integrity risk into perspective at the outset of the transaction, alongside financial, tax and commercial risk, can focus effort on areas of primary concern.

The starting point is an assessment of risk factors in order to develop an initial risk profile of the target and to calibrate diligence scope, focus and depth. Although fairly subjective in nature, certain key indicators tend to imply a higher level of apparent risk and can be assessed in a fairly disciplined manner.

These indicators include:

* Industry practices: Industry structure and practice can increase risk. For example, business connections to government sales increase the potential for corruption. It has become the practice of several government organisation staff to expect ‘kickbacks’ for releasing payments against invoices and goods/services delivered. Financial services firms may be more vulnerable to money laundering and economic sanctions violations. Defence and technology firms are exposed to greater risk related to potential breaches of trade sanctions and export controls.

* Sales and distribution: The excessive or unusual involvement of sales agents, intermediaries and consultants implies heightened risk, as does the degree of interaction with and dependence on government, particularly in emerging markets.

* Legal and regulatory environment: It is important to understand the compliance and integrity related legal and regulatory requirements that apply to a target’s operations. This provides both an indication of the degree of scrutiny applied to a target’s operations by regulators as well as potential vulnerability to local regulatory issues — important as corruption, sanctions and money laundering enforcement is increasing globally.

* Geography: Generally, higher risk jurisdictions lack transparency, requisite standards of corporate governance and strong enforcement of legal and regulatory requirements.

(The writer is the Managing Director and CEO, McQuire Rens Group of Companies. He has held regional responsibilities of two multinational companies of which one was a Fortune 500 company. He carries out consultancy assignments and management training in Dubai, India, Maldives, Singapore, Malaysia and Indonesia. He is a much sought-after business consultant and corporate management trainer in Sri Lanka.)

In jurisdictions with lower levels of transparency, it can also be difficult to identify integrity and reputational issues with key principals and parties associated with a deal.

* Stressed or distressed situations: Excessive use of leverage may heighten risk due to the increased pressures on management to service debt.

* Legal issues: The target’s historic and pending legal issues can help to reveal significant risks the entity faces and issues that might require immediate advice from counsel.

Key questions to be addressed include:

* What is the potential for any given risk factor to pose a material risk to the acquirer or target’s reputation, operations, sales or profitability?

* How should apparent risk factors be prioritised? Do certain businesses, operations or geographies require more rigorous diligence?

* How important is an assessment of local compliance programs and controls?

* What is the appropriate level of involvement of internal and external legal counsel?

* What is appropriate degree of on-site review of documentation, interviews and analysis and testing of client controls and transactions?

* To what extent are background checks on key individuals and entities appropriate?

Based on this assessment, the diligence process can be calibrated to the specific risks identified and managed to deeper levels of detail as the deal progresses. For example, a high level and relatively limited diligence process at the front-end of a deal may reveal insights that influence the underlying business case, deal process and timing and can be followed up by more comprehensive diligence, as appropriate, as the deal progresses.

Effective compliance

Effective compliance and integrity due diligence has both a top-down and bottom-up component. The top-down risk assessment is investigative in nature, aimed at identifying critical risk issues related to the target, key people, operations, relationships and customers.

The bottom-up analysis examines the environment in which the target operates: its legal and regulatory framework, industry structure and practices, internal controls and any related compliance programs. By comparing the critical risk areas with the environment and controls in place at the target, the diligence team is able to estimate the impact of compliance and integrity risk on company performance and deal pricing.

It is also important that the diligence work plan address the holistic set of compliance and integrity risks that are applicable in the context of the deal. As detailed in the chart below, there are commonalities across compliance and integrity risks that are well suited to an integrated diligence work plan. While each risk area has a different driver, each starts with an assessment to identify high-risk businesses, clients, transactions and individuals.

Similarly, diligence should encompass risk areas at common “extended enterprise” sources of risks related to clients, agents and intermediaries. While diligence may focus on government touch points and agents with respect to corruption risk, or high-risk client segments for money laundering or sanctions violations, the work that is conducted is similar, and an integrated plan can afford an opportunity to detect risk that a soloed approach may not.

Next, it is important to look at transaction activity and any monitoring programs and controls that serve to identify and detect any suspicious activity. These may be accounting controls around gifts and entertainment, for example, or sanctions screening systems or anti-fraud controls.

Of course, you will also want to assess any compliance programs, culture and training, as well as internal audit and regulatory examination reports that touch on any compliance and integrity-related subjects.

Quantifying the impact of compliance and integrity risk in the transaction

Finally, the results of the diligence process can be distilled down into practical deal advice. This can impact value and deal pricing decisions but also informs approaches to mitigating risk discovered during diligence to protect value.

Assessing the implications

Each finding, individually and in combination, is then assessed for the potential to impact the deal model and fundamental business case behind the transaction. For example, compliance and integrity diligence findings may lead a deal team to modify key assumptions in financial models and have a direct impact on deal pricing and expected returns:

* Quality of earnings and other adjustments (one time and recurring)

* Relationships with high-risk clients or intermediaries may be discontinued adversely impacting sales and profitability

* Exiting certain acquired high-risk businesses

* Slower expected growth as management takes a more cautious, conservative approach to growth post-closing

* One time remedial or recurring compliance costs

* Potential for fines and other penalties

* Red flags that require further investigation or potential disclosure to regulators

* Weaknesses in risk management data quality requiring improvement

* Risk and compliance systems that require upgrade or additional integration-related costs

* Cost associated with ethics, regulatory and other training for acquired employees and managing cultural transformation of the target

In the event significant issues are identified during diligence, an acquirer must ask whether the risk factors uncovered are material enough to present a risk to the reputation, brand and culture of the acquirer. If the answer is yes, an acquirer should consider approaches to mitigate risk.

In extreme circumstances, the buyer may need to decide if alternative targets exist or whether to walk away from the transaction altogether. Generally, this is only the case in the event the issues are found to be endemic across the organisation or the risk cannot be mitigated or actively managed.

Addressing risk and protecting value

A wide range of approaches to mitigating risk exist and can be considered as an essential part of the deal maker’s toolbox in the event compliance and integrity risks are identified. Some examples include:

* Structuring around potential liabilities: The deal may be structured to avoid significant legal or remedial liabilities. For example, certain high-risk business units or individuals might be excluded from the deal

* Defining conditions to close: Where problems are potentially resolvable by the target, closing can be conditioned on completion of appropriate actions

* Indemnifications, representations and warranties: If limited time rules out rigorous investigation, indemnifications, representations and warranties can mitigate risk, as long as they are provided by an entity with the financial wherewithal to satisfy potential future claims

* Purchase price adjustment mechanisms: Providing a mechanism to adjust purchase price post-closing in the event financial statements are restated or certain accounts adjusted

* Contingent consideration: Making a portion of the purchase price contingent on future performance targets being met

Strengthening controls: To ensure compliance and to prevent and detect malfeasance


Compliance and integrity due diligence should be a normal part of acquisition, due diligence and the M&A decision-making process in the same way financial due diligence has become common practice. Potential red flags cannot be identified without asking the right questions and there is no one-size-fits-all solution: executives need a holistic and flexible approach.

Obtaining the kind of information needed at each stage of the deal process if critical in making well-informed investment decisions as the transaction progresses. Knowing what to look for can reduce the risk of post-closing surprises, enhance relationships with regulators, protect value, and better position the target for success and to deliver expected results.

Recent columns