7638341


Commercial Controls

This section provides guidance in relation to the requirement that an organisation should implement commercial controls which minimise the risk of corruption by, on behalf of, or against the organisation (Measure 16 of the Anti-Corruption Programme for Organisations).

Commercial controls are the management systems and processes implemented by an organisation to help it ensure that its sales, procurement, supply chain management, operational, project management and other commercial issues and risks are being properly managed.  The purpose of these controls is much wider than corruption prevention.  However, these controls can also have an anti-corruption effect, and, in designing and implementing these controls, the organisation should consider and take account of their effectiveness in reducing corruption risk.

From a corruption prevention perspective, the organisation should undertake a risk assessment of the corruption risks which face the organisation (see Organisation Anti-Corruption Risk Assessment), and then assess the extent to which its existing commercial controls help reduce these corruption risks.  The organisation should consider whether enhanced commercial controls would help reduce or further reduce the assessed risks, and if, so, enhance the controls as far as reasonable and proportionate. 

Commercial controls which may have a beneficial anti-corruption impact are listed below.  The following list does not attempt to include all possible controls.  The type and extent of control will depend on the organisation and the corruption risks it faces. There is sometimes an overlap between these recommended commercial controls and other controls recommended on other GIACC web-pages (e.g. Risk Assessment and Due Diligence, Financial Controls, Decision-Making Process and Procurement Controls). It does not matter under what management control category the organisation deals with these issues, as long as they are dealt with adequately in a reasonable and proportionate manner.

Approvals

(1) Implement appropriate approval procedures

In relation to all commercial matters which require approval, such as (1) the entering into of contracts or commitments between the organisation and any business associate (client, sub-contractor, supplier, consultant etc.); and (2) the approval of any work, services or supplies carried out under those contracts, the organisation should ensure as far as possible as follows:

  • Approval should be given by a person(s) of appropriate seniority.  Transactions which carry a more than low corruption risk should require the approval of a manager(s) of appropriate seniority.  (See Decision-Making Process).
  • Approval should be given by a sufficient number of persons who have made appropriate checks and enquiries.  Transactions which carry a more than low corruption should require the approval of more than one appropriate manager.  In the case of high corruption risk transactions, the approval of the Board could be required. The organisation may determine that small low risk transactions do not need a second approval.  (See Decision-Making Process).  Such approval should be given only after appropriate checks and enquiries have been made.  For example, if a manager of the organisation wishes to appoint a friend, or an organisation owned by the manager, as a supplier, then the risk of this occurring is reduced if a second manager’s countersignature based on appropriate checks as to suitability of supplier and validity of supporting documentation is always required for  such appointments.  While it is possible that the first manager may lie about the transaction and falsify the documentation, it makes it more difficult than if the manager could approve the appointment or work  without a second signatory. 
  • Where appropriate, there should be a separation of duties between approvers.  In relation to more than low corruption risk transactions, persons from the same department or function should not be able to both initiate a transaction (e.g. appoint a sub-contractor), and approve work or services to be carried out under that transaction.  Therefore, in addition to requiring two signatures, the organisation could ensure that the second signature is from a different department or function.  This reduces the risk of a conspiracy between the two managers (e.g. the risk that a bonus based on department or function success could corruptly influence two managers from the same department or function).

Commercial controls in relation to work, services or supplies undertaken by the organisation for clients

(2) Assess the legitimacy of the work, services or supplies to be undertaken by the organisation for a client

This control should be designed to take reasonable and proportionate steps to prevent the organisation from entering into a transaction which may be illegal.

The illegality may be due to corrupt reasons.  For example, the organisation may bid to a client to construct a building for the client.  The client may have obtained planning permission for the building by the payment of a bribe to a government official.  In many jurisdictions, paying a bribe to obtain planning permission will result in the planning permission and resultant building being illegal.  The authorities could therefore terminate the planning permission, with the result that the construction contract may also be terminated. In addition, any payment made by the client to the organisation under the contract may constitute money laundering.

The illegality may be due to non-corrupt reasons.  For example, a public sector client may decide to award a contract to the organisation by directly negotiated award despite the relevant public procurement regulations requiring a competitive tender.   The client may be doing so without any corruption (e.g. in the belief that the regulations are slow and cumbersome).  However, even if this belief is genuine, it is unlikely to legitimatise by-passing the regulations, as the regulations will normally need to be complied with.  If the client is proposing to make a direct award under a potentially legitimate exception to the competitive tender process (e.g. the use of direct award in cases of emergency) then the emergency needs to be genuine, and cannot be a contrived reason by the client to by-pass the tender procedures.  If the organisation accepts an award of a contract which has been placed illegally by the client in breach of procurement regulations, the awarded contract may as a result be illegal and unenforceable.  In some cases, a client manager may be by-passing the regulations for a corrupt reason (e.g. a bribe may have been paid to a client manager to ensure that the competitive process was by-passed).  In this case, the organisation may be implicated both in the illegality of the award and in the corruption.

If the organisation participates in an illegally awarded contract, it is assuming several risks:

  • That the contract may be terminated, leaving the organisation with financial losses.  These losses may be recoverable from the client, but may not if the client goes into liquidation (e.g. as a result of the planning permission termination), or if the organisation is deemed to be a participant in the illegal award.
  • That any payments received by the organisation from the client may be deemed to be money laundering, as the payments may be deemed to be the proceeds of a crime (the illegal planning permission, or breach of tender procedures).
  • The organisation may be caught up in a bribery investigation.  The authorities may claim that the organisation knowingly participated in a corrupt project, or corruptly influenced the client to by-pass the tender procedures.

It is of course difficult for the organisation in most cases to be able to verify the legitimacy of relevant actions by its potential client.  However, the organisation should identify the relevant areas which carry a more than low corruption risk, and take reasonable and proportionate steps to satisfy itself of their legitimacy. 

  • It may in relation to the above planning permission example:
    • ask the client for proof of planning permission
    • undertake a search of any applicable planning data bases
    • undertake searches on the internet for any articles or postings which have raised concerns about the planning process
    • consider whether, on the face of it, there are any concerning aspects (for example, an industrial building being built in a residential area). 
  • It may in relation to the above breach of tender procedure example:
    • ask the client for proof that tender procedures were correctly followed
    • in the event that any exception to the tender procedures is used (e.g. a direct award in the case of emergency), take steps to verify that the emergency is genuine
    • undertake searches on the internet for any articles or postings which have raised concerns about abuse by the client of tender procedures.

The organisation is likely to derive a higher level of comfort if the planning permission is obtained, or tender procedures are implemented, by a client with a good ethical reputation in a location where corruption is a low risk, than where the planning permission is obtained or tender procedures are implemented by a client with a poor or unknown ethical reputation in a location where corruption is a high risk.  If, after suitable consideration, there are no suspicious factors to alert the organisation to any concerns, then the organisation may determine that it is reasonable to proceed with the contract. However, if there are significant concerns or unanswered questions, the organisation may decide that it is too high a risk to proceed with the contract.

(3) Assess the necessity of the work, services or supplies to be undertaken by the organisation for a client

In most cases, whether or not the work being required by the client under a contract is necessary is a matter for the decision of the client.  However, if work is ordered by the client which on the face of it appears to be suspiciously unnecessary, then this can be a warning sign for an organisation which may be bidding for or asked to undertake this work.  Therefore, the organisation should take reasonable and proportionate steps to assess before it takes on work for a client whether any item appears to be on the face of it suspiciously unnecessary.

For example, the client may request the organisation to appoint a consultant specified by the client in connection with the works which the organisation is undertaking for the client.  The client says it will pay the organisation for the consultant’s costs, and that the organisation should then pay the consultant.  However, the organisation does not need the support of the consultant for the works, and the scope of work of the consultant is vague and/or not necessary for the works.  This could be an indicator of a corrupt arrangement under which a client manager is passing funds to the consultant through the organisation.  If the organisation participates, it could be criminally liable for participating in a corrupt transaction, and/or could be involved in money laundering.  The organisation should decline to appoint the consultant unless it can be reasonably satisfied that this arrangement is legal and not corrupt.

(4) Assess whether payments to be made to the organisation by a client are reasonable and proportionate to the work, services or supplies to be carried out

This control should be designed to ensure that the organisation is not receiving some unusual or unexplained payment from a client which could indicate a corrupt transaction.   In most cases, the organisation will be fully aware of how its contract price is broken down, and which work items the payments from the client relate to.  In a competitive market, these payments will normally be reasonable and proportionate to the work, services or supplies to be carried out by the organisation, as they will be market prices.  However, examples of potentially suspicious circumstances are as follows:

  • A client requires the organisation to add a sum to its contract price, and informs the organisation that it will instruct the organisation at a later date how that payment should be used by the organisation.  It then instructs the organisation to pay this amount to a supplier which has no contract with the organisation.  If the organisation were to agree to this arrangement, it must firstly assess the legitimacy and necessity of this arrangement (as per paragraphs 2 and 3)In addition, the organisation also needs to assess whether the payment being made to the supplier is reasonable and proportionate to the work, services or supplies to be carried out by the supplier.  If the payment is excessive, some surplus may be a corrupt payment to be passed on by the supplier to a client official or other party.  The organisation’s involvement with this arrangement could implicate the organisation criminally.  In addition, the payment may be money laundering.
  • A sales manager of the organisation achieves a sale with an unusually high profit margin taking into account the competitive environment.  This could be the result of very effective but legal selling by the sales manager, or of the particular circumstances of that project.  However, it could also indicate a corrupt arrangement.  For example, the sales manager may receive a large bonus on the sale, and may be corruptly sharing that bonus with a client manager, or the sales manager may have managed to build a bribe for a client manager into the contract price.

(5) Ensure that the work, services or supplies for a client have been properly carried out by the organisation

If any defects, or quality or quantity issues (“defects”) which are the organisation’s responsibility are identified in the organisation’s work, services, or supplies for a client, they should be rectified.  Defects should not be concealed by the organisation from the client.  If the organisation hands over work, services or supplies to the client knowing that they are defective, or being reckless as to whether or not they are defective, then the organisation could be committing fraud against the client.  In addition, there is a risk that a manager of the organisation may bribe the client’s supervisor to accept defective work.  To help prevent this risk, the organisation should implement appropriate quality and quantity inspection measures in relation to key actions or milestones.

(6) Ensure that any claims made by the organisation against a client for approvals, certifications, extensions of time, variations, payments etc. are honestly and accurately calculated

If the organisation makes a claim against the client which the organisation knows is inaccurate or is reckless as to whether or not it is inaccurate, then the organisation could be committing fraud against the client.  In addition, there is a risk that a manager of the organisation may bribe the client’s supervisor to accept an inflated claim (e.g. if the manager’s bonus depends on a successful outcome).  To help prevent this risk, the organisation should implement appropriate checking and approval measures in relation to claims submitted by the organisation to the client.  The same approach of honest and accurate dealing should be taken in relation to any claims made by the client against the organisation.

Commercial controls in relation to business associates

(The term “business associates” in this section includes joint venture partners, sub-contractors, suppliers, consultants, agents; but not clients which are dealt with in the above section).

(7) Only work with approved business associates that have undergone a pre-qualification or approval process

A suitable pre-qualification or approval process should assess, in relation to potential business associates, their technical and financial capacity to undertake the work, any possible conflicts of interest, and the likelihood of their participating in corruption.  This should be undertaken prior to the organisation agreeing to contract with them.  (See Business Associate Risk Assessment).

(8) Assess the legitimacy of the appointment of, and work, services or supplies to be undertaken by, a business associate for the organisation

This control should be designed to take reasonable and proportionate steps to prevent the organisation from entering into a transaction which may be illegal.  For example:

  • The organisation may be requested by a client to appoint a joint venture partner or supplier nominated by the client.  It may be illegal, or a breach of the relevant procurement regulations, for the client to make such a request.
  • The organisation may wish to appoint a local sales agent to help it with a sale, but it may be illegal in that territory to use a sales agent.

In the event of such illegal appointment, the organisation may be liable for breaching the relevant law and/or the appointment may be unenforceable or subject to termination. In addition, if the appointment is for a corrupt reason (e.g. if the agent or joint venture partner pays a bribe in relation to their appointment), then the organisation may also be liable for the corrupt act.

(9) Assess the necessity of the appointment of, and work, services or supplies to be undertaken by, a business associate for the organisation

If a business associate is to undertake work which on the face of it appears to be unnecessary, then this can be a warning sign of possible corruption. For example:

  • As per the example under paragraph (3) above, where the client requests the organisation to appoint a consultant whose work appears to be unnecessary.  This could be a corrupt arrangement between a client manager and the consultant, with the organisation acting as a conduit for the payment.
  • A project manager of the organisation may request the appointment of a sub-contractor to a project whose work is loosely defined or not necessary.  This could be a corrupt arrangement involving the project manager and a friend.
  • The organisation may be informed that it is more likely to win a competitive tender if it appoints a sales agent to lobby the client on its behalf.  The agent requests a success fee which is disproportionate to the actual work which it is to undertake.  This is suspicious, as it should not be necessary to appoint an agent to lobby, as the award should be based on objective criteria such as the skill of the organisation and its price.  In addition, the inflated success fee could be funding a bribe paid by the agent to a client representative or government official.

(10) Assess whether payments to be made by the organisation to a business associate are reasonable and proportionate to the work, services or supplies to be carried out by the business associate

This control should be designed to take reasonable and proportionate steps to ensure that the organisation is not paying some unusual or unexplained payment to a business associate which could indicate a corrupt transaction. This is particularly important where there is a risk that the business associate may use part of the payment made to it by the organisation to pay a bribe on behalf of or for the benefit of the organisation.  For example, if an agent has been appointed by the organisation to assist with sales and is to be paid a commission on award of a contract to the organisation, then the organisation needs to be reasonably satisfied that the commission payment is reasonable and proportionate to the legitimate services actually carried out by the agent and to the risk assumed by the agent in case the contract is not awarded. If a disproportionately large commission is paid, there is an increased risk that part of it could be improperly used by the agent to induce a government official or employee of the organisation’s client to corruptly award the contract to the organisation.

(11) Enter into contracts with a business associate, where possible and reasonable, only after a fair competitive process between at least three competitors

A competitive process assists in the reduction of corruption, in that a corrupt organisation may seek to ensure that it is the only organisation which can be appointed to the contract, and it will normally ensure that any bribe it has to pay to ensure this preferred status is included in its contract price.  As a result, a corrupt contract price will normally be higher than a non-corrupt contract price, and the quality may not be as good as its competitors.  Therefore, having a competitive process where several organisations can compete on price, programme and technical expertise makes it more difficult for corruption to occur, and normally improves price and quality.  Where the organisation is putting work out to tender, it should ensure that as many organisations as is reasonable can compete, so as to reduce the risk of a cartel between the competitors.  If, for example, only three organisations are ever asked to tender, the risk increases that over time those three organisations will agree to share the work between them.  The risk of corruption is further reduced if the competitive process is as open and transparent as possible (e.g. is advertised on the organisation’s web-site, and the results are published on the web-site).  For further guidance on competitive processes, see Procurement Controls.

(12) Protect the integrity of tenders and other price sensitive information by restricting access to appropriate people

Tender information can be valuable.  For example, a manager may sell information on the competitors’ pricing or the organisation’s budget or evaluation process to a competitor.

(13) Ensure that the work, services or supplies have been properly carried out by a business associate

There is a risk that there may be defects or quality or quantity issues (“defects”) in the work, services, or supplies which are the business associate’s responsibility. If the business associate hands over work, services or supplies to the organisation knowing that they are defective, or being reckless as to whether or not they are defective, then the business associate could be committing fraud against the organisation.  In addition, there is a risk that a manager of the organisation may be bribed by the business associate to accept defective work.  If the business associate is undertaking work for the organisation which is in turn part of the organisation’s work for the organisation’s client, then there is a risk that any such defective work undertaken by the business associate could become the organisation’s responsibility to the client (see paragraph (5) above).  To help prevent this risk, the organisation should implement appropriate quality and quantity inspection measures in relation to key actions or milestones.

(14) Ensure that any claims made by a business associate against the organisation for approvals, certifications, extensions of time, variations, payments etc. are honestly and accurately calculated

If the business associate makes a claim against the organisation which the business associate knows is inaccurate or is reckless as to whether or not it is inaccurate, then the business associate could be committing fraud against the organisation.  In addition, there is a risk that a manager of the organisation may be bribed by the business associate to accept an inflated claim.  If this claim by the business associate forms part of the organisation’s claim against the organisation’s client, then there is risk that any such inflated claim by the business associate could become the organisation’s responsibility to the client (see paragraph (6) above).  To help prevent this risk, the organisation should implement appropriate checking and approval measures in relation to claims submitted by the business associate to the organisation.  The same approach of honest and accurate dealing should be taken in relation to any claims made by the organisation against the business associate.

Assessing the risks

(15) Assess the risks in a reasonable and proportionate manner

The organisation should assess the above risks in a manner which is reasonable and proportionate to the size and risk profile of the relevant project or contract.  For example:

  • On a major project, the organisation may undertake enquiries to satisfy itself in relation to the above issues as part of a formal Project Corruption Risk Assessment. 
  • In relation to smaller contracts, the organisation may undertake a lower level of enquiry as part of its contract approval process, and the relevant manager in charge of the contract may be required to certify as part of the approval process that s/he has considered the relevant risks and has identified no corruption issues of concern. 
  • In relation to a large number of small routine contracts with the same risk profile, the organisation may assess these issues in relation to the category of contracts, and not for each individual contract.

Examples of the successful operation of commercial controls in preventing corruption

(16) The following are two examples of how the operation of a combination of some of the above commercial controls may successfully prevent a potential corrupt act.

Example 1:

A procurement manager of the organisation wishes to appoint a supplier owned by a member of the procurement manager’s family to provide equipment to the organisation.  The family member promises the manager a share of the supply contract profits. The organisation’s procurement procedures require all suppliers to pass the organisation’s pre-qualification requirements.  One of these requirements is the obligation (both on the procurement manager and the supplier) to disclose any conflict of interest, such as a family connection.  Therefore, the family connection and consequent conflict of interest should be identified at an early stage, and as a result prevent the manager from being personally involved in this tender.  Even if the connection is kept concealed, the organisation’s procedures also require that no contract can be placed unless there has been a competitive process between at least three pre-qualified suppliers.  So, the connected supplier still needs to show that it has the technical and financial capability to undertake the project, and needs to win a competitive process.  In addition, the requirement that no contract should be placed without a second approval by another manager with knowledge of the circumstances should help prevent this conflicted contract being placed, as the second manager is likely to be aware of the connection (unless it has been very well hidden, which is difficult when frequently the industry participants are relatively well known).  All these controls therefore help prevent a potentially corrupt contract from being entered into.  Therefore, unless there is agreement with knowledge of the circumstances by all of the managers involved above, or unless some of them are negligent in their review, it is difficult for the procurement manager to favour this supplier.

Example 2:

The organisation is constructing a building.  An excavation sub-contractor on site excavates the foundations only to minus 1.5 metres when it should excavate to minus 2 metres.  The sub-contractor offers a bribe to the organisation’s site supervisor to certify that the excavation was to minus 2 metres.  The organisation has identified in its Project Corruption Risk Assessment that excavation levels are a high risk area, and requires that a second senior supervisor must counter-sign the excavation depth after on-site inspection.  The second supervisor identifies that the excavation depth is incorrect, and requires the excavation sub-contractor to rectify it.

Implementation checklist for Measure 16

  1. The organisation should identify from its Organisation Corruption Risk Assessment the categories of corruption risk which could be minimised by good commercial controls.
  2. The organisation should assess whether its existing commercial controls are effective in reducing these corruption risks to an acceptable level. 
  3. In cases where the organisation assesses that its existing commercial controls do not reduce the corruption risk to an acceptable level, the organisation should consider whether enhanced commercial controls would reduce the risk appropriately.  If yes, and if reasonable and proportionate, the organisation should implement these enhanced commercial controls.
  4. In undertaking the above assessment, the organisation should measure its commercial controls against the suggested controls in paragraphs 1 to 15 above.  It should also take account of the effect of other applicable controls (e.g. Procurement Controls and Financial Controls), as it may be the cumulative effect of these controls which reduces the corruption risk to an acceptable level.
  5. The organisation should ensure that an appropriate manager(s) is responsible for implementing and managing its commercial controls.  Different managers may be appointed in respect of different aspects.  For example:
    • a sales manager may be responsible for verifying sales to clients
    • a procurement manager may be responsible for pre-qualification and procurement controls in relation to business associates
    • a project manager may be responsible for verifying work done by business associates.
  6. The organisation should document and implement the commercial controls.
  7. The organisation should monitor and periodically audit that the commercial controls are being correctly followed

Updated on 10th April 2020

© GIACC