The Fourth Anti-Corruption Compliance Asia-Pacific Summit 2016 was held December 6 through 9 in Hong Kong. Managing Director, Joyce Wong, Consultant, Dana Liu and I attended as representatives of Polaris.
The Summit was focused on anti-corruption with both a US FCPA as well as a more local anti-corruption perspective for countries in Asia-Pacific and therefore was attended by a variety of industries that are currently operating in the region.
In the last few years, the Asia-Pacific region has seen an increase in anti-corruption enforcement actions that impose requirements and enforcement risk for organizations, including HCOs and HCPs. Certain Asia-Pacific countries have passed new anti-corruption legislation. South Korea, where the ‘trustability’ of government officials is low, has enacted new regulations. In fact, as Suh Jeasik, Director of General Institutional Improvement Division at ACRC Korea, pointed out during his presentation at the summit, a survey shows 57.8% of said officials are perceived to be “corrupt”.
Regulators put new and updated anti-corruption legislation in place in September, which should close any loopholes in previous regulations that did not cover newer corrupt activity types. Other countries have been active in taking steps to strengthen the enforcement of the existing anti-corruption framework. This was highlighted by Mohd Hafaz bin Nazar, Chief Senior Assistant Commissioner Malaysia Anti-Corruption Commission (MACC). Whether operating in a country where there is new regulation or they are strengthening the existing framework, it seems that enforcement of regulations is a main driver for all professionals in the Life Sciences to be actively aware of the regulations and their implications.
Apart from understanding the new developments around regulations and enforcement actions, there were two other recurring topics that came up during the summit: Gifting and hospitality, and Third Parties.
Gifting and hospitality was a topic that generated a good deal of discussion during one of the panels on the first day. In some AsiaPac cultures, gifting has traditionally been part of cultivating relationships with colleagues and business partners. Companies however are setting out policies (whilst keeping regulations in mind) that might conflict with these original practices. All panelists agreed that bringing awareness in the organization through policies, clear processes, including approvals and localized training, is important. The approach, however, in terms of policies and process is very different. For policies, the main consideration seems to be to put in a threshold for incoming and outgoing gifts, or to provide more of a guideline approach. Whatever approach fits the organization best, it is crucial to understand and be able to identify the transaction as part of the process. Whether that process requires an approval of all gifts or only above certain caps, the panelists agreed that facilitating this process by implementing a tracking system which records all incoming and outgoing gifts will reduce the effort associated with this, and actual analytics can be performed on this data.
Analytics can identify risk areas which can become the focus of compliance officers. Whether using a tracking system as a process facilitator or as source for data analytics, it is essential that all members in the organization are aware of the policies and processes around gifting and hospitality. This will help to minimize the risk of situations that might not be inappropriate, but still look that way and cast the organization, its employees and its business partners in a negative spotlight.
The other topic that came up regularly across different presentations is third parties and associated risks. On the last day, there was an active discussion between the panel and the audience during the session called “Identifying and reducing Third Party corruption risks in developing Asia-Pacific Countries.” The active give and take shows how prominent the topic is on the compliance radar. Together with the rest of the panel, Polaris’ Joyce Wong participated in the discussion and shared her thoughts and best practices in four specific areas. First, the group discussed how to define developing countries related to third-party risks. They concluded that countries that do not have systems and programs in place around the third-party process should be high on an organization’s list. In addition, they agreed that China and India are in general still high on the list in the region, especially because to access these markets companies often, if not always, need to work together with third parties. Second, they addressed identifying third parties in an organization. Overall, understanding the business is key to identify the third parties partnered with in the organizations. Once firms have identified the third parties, they will be able to take the appropriate next steps in assessing the risk levels associated with those parties. Examples of third parties used in the region by Life Sciences companies are distributors or clinical research organizations (CROs). Third, the panel explored how to assess the risk associated with a third-party vendor. Joyce shared six key criteria to help assess the relative risk:
- Country – what is the overall risk level associated with the country related to this transaction,
- Vendor type – which type of vendor is used,
- Value – keeping in mind the value of the agreement and is there a budget in place,
- Government Involvement – is the third party (partially) owned by the government,
- Corporate Executive Affiliations – is there any affiliation between the executives and government,
- Litigations – has the vendor been involved in any fraudulent activities recently or in the past.
The risk assessment really proves its value if all criteria are combined. When only focusing on a single or limited set of criteria, the probability of identifying the areas of risk correctly and assigning resources appropriately becomes less likely. The group agreed that these are all critical to assessing the risk, and that these criteria can be used as part of the initial assessment. However, they can also be leveraged while monitoring the relationships on a regular basis. Automating the risk assessment and monitoring actions is something that is not yet done by all attendees. However, the panel agreed that this can facilitate the overall Third Party Due Diligence process dramatically. Lastly, the panel discussed the challenges and push-back from third parties when involved in due diligence activities prior to or during the relationship.
As Joyce highlighted, the main takeaway here is to make sure that audit rights are part of the contract with the third party. Research by the Singapore Management University has shown that only 29% of companies includes audit rights in their contracts. In addition to auditing the third party, monitoring them throughout the relationship and training the organization to look for certain flags can help to identify and address higher level risk partners in an ever-evolving environment.
The other panelists in the session were Gez Clayton, Regional Compliance Officer, SNC-Lavalin, who acted as a moderator, Nick Maholtra, Director Compliance Asia Pacific at Philip Morris International, and Michelle Juan, Representative Asia-Pacific at TRACE International.
In conclusion, the conference was a great platform to keep up to date with new legislation and enforcement actions taking place in the region, as well as discussing the challenges and best practices around gifting and third parties.
For more information on Polaris and its software and consulting solutions, click here.