adb/oecd anti-corruption initiative for asia and the pacific … › site ›...

ADB/OECD Anti-Corruption Initiative for Asia and the Pacific


CORPORATE MEASURES TO PREVENT AND DETECT CORRUPTION IN ASIA AND THE PACIFIC Frameworks and Practices in 31 Jurisdictions Thematic Review – Final Report



CORPORATE MEASURES TO PREVENT AND DETECT CORRUPTION IN ASIA AND THE PACIFIC Frameworks and Practices in 31 Jurisdictions Thematic Review – Final Report

Afghanistan – Australia – Bangladesh – Bhutan – Cambodia – P.R. China Cook Islands – Fiji – Hong Kong, China – India – Indonesia – Japan Republic of Kazakhstan – Republic of Korea – Kyrgyz Republic Macao, China – Malaysia – Mongolia – Nepal – Pakistan – Palau Papua New Guinea – Philippines – Samoa – Singapore – Solomon Islands Sri Lanka – Timor-Leste – Thailand – Vanuatu – Viet Nam

Asian Development Bank

Organisation for Economic Co-operation and Development


Publications of the ADB/OECD Anti-Corruption Initiative for Asia and the Pacific

– Corporate Measures to Prevent and Detect Corruption in Asia and the Pacific, Manila: ADB/OECD, 2014.

– Fighting Corruption and Building Trust: Proceedings of the 8th Regional Anti-Corruption Conference. Manila:

ADB/OECD, 2014.

– Building Multidisciplinary Frameworks to Combat Corruption: Proceedings of the 7th Regional Anti-Corruption

Conference: Paris, ADB/OECD, 2011.

– Criminalisation of Bribery: Proceedings of the 10th Regional Seminar for Asia and the Pacific. Paris, ADB/OECD, 2010.

– Strategies for Business, Government and Civil Society to Fight Corruption in Asia and the Pacific: Proceedings

of the 6th Regional Anti-Corruption Conference. Paris, ADB/OECD, 2009.

– Supporting the Fight against Corruption in Asia and the Pacific: ADB/OECD Anti-Corruption Initiative Annual Report 2007. Paris, ADB/OECD, 2008.

– Fighting Bribery in Public Procurement in Asia and the Pacific: Proceedings of the 7th Regional Technical Seminar. Paris: ADB/OECD, 2008.

– Asset Recovery and Mutual Legal Assistance in Asia and the Pacific: Proceedings of the 6th Regional Technical Seminar. Paris: ADB/OECD, 2008.

– Managing Conflict of Interest: Frameworks, Tools, and Instruments for Preventing, Detecting, and Managing Conflict of Interest: Proceedings of the 5th Regional Technical Seminar. Manila: ADB/OECD, 2008.

– Mutual Legal Assistance, Extradition and Recovery of Proceeds of Corruption in Asia and the Pacific: Frameworks and Practices in 27 Asian and Pacific Jurisdictions. Paris: ADB/OECD, 2008.

– Curbing Corruption in Public Procurement in Asia and the Pacific: Progress and Challenges in 25 Countries. Manila: ADB/OECD, 2006.

– Denying Safe Haven to the Corrupt and the Proceeds of Corruption: Enhancing Asia-Pacific Co-operation on Mutual Legal Assistance, Extradition, and Return of the Proceeds of Corruption: Proceedings of the 4th Master Training Seminar. Manila: ADB/OECD, 2006.

– Knowledge-Commitment-Action against Corruption in Asia and the Pacific: Proceedings of the 5th Regional Anti-Corruption Conference. Manila: ADB/OECD, 2006.

– Anti-Corruption Policies in Asia and the Pacific: Progress in Legal and Institutional Reform in 25 Countries. Manila: ADB/OECD, 2006.

– Anti-Corruption Action Plan for Asia and the Pacific with country endorsing statements. Manila: ADB/OECD (2002; reprinted 2005).

– Curbing Corruption in Tsunami Relief Operations. Manila: ADB/OECD/TI, 2005 (available in English, Bahasa, Sinhala, and Tamil languages).

– Controlling Corruption in Asia and the Pacific: Proceedings of the 4th Regional Anti-Corruption Conference. Manila: ADB/OECD, 2005.

– Anti-Corruption Policies in Asia and the Pacific: The Legal and Institutional Frameworks. Manila: ADB/OECD, 2004.

– Effective Prosecution of Corruption. Proceedings of the 1st Regional Training Seminar. Manila: ADB/OECD, 2003.

– Taking Action against Corruption in Asia and the Pacific: Proceedings of the 3rd Regional Anti-Corruption Conference. Manila: ADB/OECD, 2002.

– Progress in the Fight against Corruption in Asia and the Pacific: Proceedings of the 2nd Regional Anti-Corruption Conference. Manila: ADB/OECD, 2001.

– Combating Corruption in Asian and Pacific Economies: Proceedings of the Manila workshop held in 1999. Manila: ADB/OECD, 2000.

These documents are available for download from the Initiative’s Web site at www.oecd.org/site/adboecdanti-corruptioninitiative/publications.htm.

http://www.oecd.org/site/adboecdanti-corruptioninitiative/publications.htm

6 Corporate Measures to Prevent and Detect Corruption in Asia and the Pacific


2014 Organisation for Economic Co-operation and Development, Asian Development Bank

All rights reserved

This publication was prepared by J. Patrick Meagher on behalf of the ADB/OECD Anti-Corruption Initiative for Asia and the Pacific under the supervision of its Secretariat, composed of Asian Development Bank (ADB) and Organisation for Economic Co-operation and Development (OECD) staff. The findings, interpretations, and conclusions expressed in it do not necessarily represent the views of ADB, its Board of Governors or the governments it represents, or of the OECD or its member countries. ADB and OECD do not guarantee the accuracy of the data included in this publication and accept no responsibility whatsoever for any consequences of their use. The term “country” does not imply any judgment by the ADB or the OECD as to the legal or other status of any territorial entity.


Contents

Main Abbreviations and Acronyms ...................................................................... 9

Foreword ............................................................................................................ 11

Scope and Methodology .................................................................................... 13

Part I – Overview of Corporate Measures to Prevent and Detect Corruption in Asia-Pacific ........................................................................ 17

1. Introduction............................................................................................... 17

2. General efforts to prevent corruption involving the private sector ............ 17

3. Internal controls ........................................................................................ 21

3) Integrity of financial statements ................................................................ 35

4) Conclusion................................................................................................ 56

Annex 1 .......................................................................................................... 63

Annex 2 .......................................................................................................... 67

Annex 3 .......................................................................................................... 68

Part II - Frameworks and Practices in 31 Jurisdictions 1 ................................... 69

Afghanistan .................................................................................................... 71

Australia ......................................................................................................... 93

Bangladesh .................................................................................................. 119

Bhutan ......................................................................................................... 143

Cambodia .................................................................................................... 167

P.R. China ................................................................................................... 191

Cook Islands ................................................................................................ 219

Fiji ................................................................................................................ 239

Hong Kong, China ....................................................................................... 263

Indonesia ..................................................................................................... 293

Japan ........................................................................................................... 315

Republic of Kazakhstan ............................................................................... 347

Republic of Korea ........................................................................................ 369

Kyrgyz Republic ........................................................................................... 395



Macao, China ............................................................................................... 417

Malaysia ....................................................................................................... 445

Mongolia ...................................................................................................... 471

Nepal ........................................................................................................... 497

Pakistan ....................................................................................................... 521

Palau ............................................................................................................ 543

Papua New Guinea ...................................................................................... 561

Philippines ................................................................................................... 585

Samoa ......................................................................................................... 613

Singapore .................................................................................................... 633

Solomon Islands .......................................................................................... 659

Sri Lanka ...................................................................................................... 679

Timor-Leste .................................................................................................. 703

Thailand ....................................................................................................... 729

Vanuatu ....................................................................................................... 765

Viet Nam ...................................................................................................... 785

NOTES

1 India was unable to review and comment on its draft report in time for this publication.

Its report will be added to the publication when finalized


Main Abbreviations and Acronyms

ACA Anti-Corruption Agency

ACC Anti-Corruption Commission

ACU Anti-Corruption Unit

ADB Asian Development Bank

APESB Accounting Professional and Ethical Standards Board

CEO Chief Executive Officer

CFO Chief Financial Officer

CGDC Corporate Governance Development Code

CPA Certified Public Accountant

EITI Extractive Industries Transparency Initiative

FATF Financial Action Task Force

GAAP Generally Accepted Accounting Principles

IAS International Accounting Standards

ICA Institute of Chartered Accountants

ICAC Independent Commission Against Corruption

IFC International Finance Corporation

IFRS International Financial Reporting Standards

IIA Institute of Internal Auditors

ISA International Standards of Audit

MOU Memorandum of Understanding

NGOs non-government organizations

OECD Organisation for Economic Co-operation and Development

SEC Securities and Exchange Commission

SMEs small- and medium-sized enterprises

TI Transparency International

UK United Kingdom

UNCAC United Nations Convention against Corruption

UNODC United Nations Office on Drugs and Crime

US United States

USD United States Dollar


Foreword

The ADB/OECD Anti-Corruption Initiative for Asia and the Pacific (the “Initiative”) was established in 1999 with the support of the Asian Development Bank (ADB) and the Organisation for Economic Co-operation and Development (OECD). The Initiative is a regional network through which members cooperate in the fight against corruption. A total of 31 Asian and Pacific jurisdictions have endorsed the Initiative's Action Plan and committed to taking concrete actions toward implementing reforms to deter, prevent, and combat corruption. The Initiative's Steering Group, comprised of the member jurisdictions, defines the Initiative's priorities and activities, which are guided by the Strategic Principles and Future Activities of the Initiative, adopted in 2010. For the Thematic Reviews, the Steering Group in each case chooses an area of anti-corruption activity for analysis, following the Initiative’s Strategic Principles. The Review assesses each Initiative member's anti-corruption efforts in the chosen area, identifies challenges facing each member, and makes recommendations for overcoming these difficulties. The Review also identifies trends and common obstacles that cut across the Asia-Pacific region. The Review's final report consists of individual reports on each member of the Initiative, and a horizontal report on regional trends and obstacles. Members are invited to provide written comments on multiple drafts of the report. Each country report is finalized with that country’s input and approval. The final report is then discussed and adopted at a Steering Group meeting. It is also published on the Initiative’s website and in print. Two years after the completion of a Thematic Review, members are asked to report the steps that have been taken to implement the Review’s recommendations. Thereafter, in their periodic self-reports, members are expected to discuss any further steps taken to implement the recommendations. The Initiative's past three Thematic Reviews covered the following topics: Curbing Corruption in Public Procurement (2006); Mutual Legal Assistance, Extradition and Recovery of Proceeds of Corruption (2007); and Criminalization of Bribery Offences (2010). At its 15th Meeting in September 2010, the Steering Group agreed to conduct a Thematic Review on Corporate Compliance, Ethics and Internal Controls, Including Accounting and Auditing Measures for Preventing and Detecting Corruption. At its 17th Meeting in October 2012, the Steering Group agreed that the Thematic Review should commence in 2013 and be completed by the 19th Steering Group Meeting in 2014.



This Thematic Review Report was prepared by J. Patrick Meagher, consultant to the secretariat of the ADB/OECD Anticorruption Initiative for Asia and the Pacific, with comments by William Loo, Joydeep Sengupta and Elizabeth Owen at the Anti-Corruption Division, Directorate for Financial and Enterprises Affairs, OECD, and Elizabeth Fischelis at the Poverty Reduction, Social Development and Governance Division, Regional and Sustainable Development Department, ADB. It was copyedited by Marilyn Pizarro, consultant to the secretariat. The Report was adopted by the Initiative‘s Steering Group at its 19

th Steering Group meeting in September 2014.

The findings, interpretations, and conclusions expressed in this report do not necessarily represent the views of ADB‘s Board of Governors and members or those of the OECD and its member countries. ADB and OECD do not guarantee the accuracy of the data included in this publication and accept no responsibility whatsoever for the consequences of their use. The term “country” in this report refers also to territories and areas; the designations employed and the presentation of the material do not imply the expression of any opinion whatsoever concerning the legal status of any country or territory on the part of ADB‘s Board of Governors and members, and the OECD and its member countries. While all reasonable care has been taken in preparing the report, the information presented may not be complete or current.


Scope and Methodology

The global economic news reminds us daily of the need for companies to institute safeguards against corruption. This Thematic Review focuses on the status of measures taken in this area by member states of the ADB/OECD Anti-Corruption Initiative for Asia and the Pacific. Specifically, the Review deals with implementation of the articles on private sector-related corruption contained in the UN Convention against Corruption

1 (art.12) and the OECD Anti-Bribery

Convention2 (art.8). In this field, the overarching duty for each member state of

the Initiative is set forth in UNCAC (art.12(1)):

Each State Party shall take measures, in accordance with the fundamental principles of its domestic law, to prevent corruption involving the private sector, enhance accounting and auditing standards in the private sector and, where appropriate, provide effective, proportionate and dissuasive civil, administrative or criminal penalties for failure to comply with such measures.

From this primary duty flow the other obligations, stated in UNCAC

(arts.12-13) and in the OECD Anti-Bribery Recommendation3

(rec. X): to promote state-private cooperation; develop standards of good corporate governance, ethical business practice, and integrity in the accounting and audit professions; ensure that businesses have sufficient audit and internal controls to prevent and detect corruption; and prohibit the concealment of fraud and corruption in accounts and financial records.

4

The measures prescribed in UNCAC and the OECD Convention are

designed to combat corruption involving the private sector. Classically, the key elements here have been bribery of state officials and agents by the private sector, along with related offenses by which public office is used for private gain. The latter might include, for example, collusion in public procurement and privatization transactions for purposes of illicit enrichment, trading in favors and influence, and “revolving door” practices by which officials are rewarded with corporate positions after they leave office. In contrast, UNCAC (arts.21-22) defines corruption in the private sector as including the giving and receipt of bribes by business people, as well as embezzlement, which may involve a fraud or abuse of fiduciary obligation whereby one person illicitly benefits at the expense of another. Further, UNCAC (arts.23-24) requires states to take effective measures against money laundering and other means by which acts of corruption are concealed, and to ensure that legal persons such as companies can be held liable for the corruption offenses described in the Convention (art.26). Thus, corruption involving the private sector has a relatively expansive



definition, including public sector corruption in which the private sector participates as well as corruption within the private sector.

The preceding discussion should help clarify why UNCAC and the OECD Convention call for detailed rules and procedures for corporate governance and financial accountability in the private sector as anti-corruption measures. By extension, it should be clear why this Thematic Review appears to focus so little on bribery or undue influence per se. We are dealing here with necessary preventive and remedial measures to be taken by the private sector side, as stipulated in public laws and regulations as well as in codes developed by the relevant business and professional communities. The corporate governance and financial accountability provisions discussed here are expressly required by UNCAC and the OECD Convention, as part of member states’ overall obligations to take effective measures for the prevention and detection of corruption involving the private sector.

Both UNCAC and the OECD Convention have evolved since their adoption, reflecting the implementation guidance provided by organizations such as the UN and OECD, as well as best practice around the world. A major advance in best practice came in 2002 with the United States’ (US) adoption of the Sarbanes-Oxley Act of 2002. This was a response to a spate of major corporate fraud scandals, in which elaborate accounting manipulations played a leading role. Key components of the Sarbanes-Oxley legislation include independent oversight of public company external audits; strengthened rules on audit committees and corporate governance; enhanced transparency, executive accountability, and investor protection; and safeguards of external auditor independence.

5 (A more detailed summary is provided in Annex 2 below).

Several of these provisions are reflected in international codes and standards,6

and are cited in the tables of international standards below. Among others, Japan and the People’s Republic of China (“P.R. China”) adopted quite similar rules. The relevant provisions of Japan’s Financial Instruments and Exchange Act and P.R. China’s Basic Standard for Enterprise Internal Control went into effect in 2008. Hong Kong, China also implements best-practice standards in this area through modules of the Hong Kong Monetary Authority’s Supervisory Policy Manual, the Securities and Futures Commission’s Code of Conduct, and the Office of the Commissioner of Insurance’s guidance notes. (See the relevant country reports.)

7

The present Thematic Review deals with measures against corruption

involving the private sector, as described above. The review is, however, somewhat selective rather than comprehensive. The main components of financial reporting, audit (internal and external), internal control, and related features of corporate governance are covered. We also deal with the efforts of the public and private sector to put appropriate measures in place, and to disseminate them, especially where there are joint efforts or mutual influence. In

Scope and Methodology 15


the interest of manageability, the review leaves out some important aspects of corruption control as it affects the private sector, deferring those topics to later studies. Thus, we set aside the issues addressed in UNCAC 12(2)(c-e), namely disclosure of beneficial owners, abuse of state policies (e.g. licensing) with respect to the private sector, and “revolving door” issues involving former state officials. We also deal in only a limited way with whistle-blowing, a large and complex topic. These areas would be worth at least one, and perhaps several, separate studies.

This review covers all 31 member countries of the Initiative. As with prior reviews, this one strives to be as comprehensive, accurate, and nuanced as possible – but the scale of the undertaking precludes a very detailed analysis of each country. A further complication arises from constraints to information. Current materials are not available in English for all the countries and all the matters covered. In order to obtain as much useful information as possible, the Secretariat sent detailed questionnaires to government officials in all of the member countries, and asked them to forward additional questionnaires to businesses and accounting professionals. We received responses from about half the member countries, of which most were reasonably complete, and several included laws and regulations or links to them. We used this material and also carried out research on each country, primarily by internet search. Government websites, research databases, and international standards bodies were particularly helpful, although material available in this way (especially in translation) is not always kept fully up to date.

Using these methods, we compiled 31 country studies, each of which has been shared with the relevant member country for purposes of comment, correction, and adding information. Each country report contains the same thematic sections and tables (with country-specific columns added) presented in the horizontal report presented in Part 1 below. In addition, each country report contains an introduction with background material setting the context for the review of measures on private sector corruption, and each contains a conclusion with country-specific recommendations.

NOTES

1 United Nations Convention against Corruption, UN Office on Drugs and Crime, 2004.

2 Convention on Combating Bribery of Foreign Public Officials in International Business

Transactions, OECD 1997, in OECD (2011), Convention on Combating Bribery of Foreign Public Officials in International Business Transactions and Related Documents.



3 Recommendation of the Council for Further Combating Bribery of Foreign Public

Officials in International Business Transactions, OECD 2009 (“OECD Recommendation”), in Id.

4 Additional excerpts of relevant portions of UNCAC and the OECD Convention and

Recommendation are provided in Annex 1. 5 Ernst & Young (2012), The Sarbanes-Oxley Act at 10: Enhancing the reliability of

financial reporting and audit quality. 6 For example, the APEC Anti-Corruption Code of Conduct for Business, Asia-Pacific

Economic Cooperation, 2007. 7 The OECD has undertaken significant work in in this area, notably the reports by the

Asian Roundtable on Corporate Governance. Several of these are cited in the individual country reports below. Also see the report Public Enforcement and Corporate Governance in Asia: guidance and good practices, http://www.oecd.org/daf/ca/Public-Enforcement-Corporate-Governance-Asia.pdf. Further, the OECD Principles are in the process of revision, with completion expected in the first half of 2015.

http://www.oecd.org/daf/ca/Public-Enforcement-Corporate-Governance-Asia.pdf


Part I – Overview of Corporate Measures to Prevent and Detect Corruption in Asia-Pacific

1. Introduction

This report provides an overview of the key issues and findings of this

Thematic Review. It is structured as follows. The next section addresses public-private cooperation and related efforts to raise awareness and standards with respect to private sector corruption prevention. Section 3 addresses the overall topic of internal controls, comprised of internal audit, the audit committee, and the other rules and procedures providing for internal control and compliance. Section 4 deals with several topics under the heading of financial accountability. These include financial record-keeping, financial reporting, external auditing, and auditor duties with respect to disclosing certain offenses. The part also addresses the standards and governance mechanisms for the accounting and audit profession, as well as the means by which the rules and standards in this area are enforced. Section 5 concludes with a consideration of findings and patterns that have region-wide implications.

2. General efforts to prevent corruption involving the private sector

We begin with a review of member country practices in the area of

outreach by government and cooperation with the private sector. General efforts along these lines to strengthen the prevention and detection of business-related corruption can be categorized as follows: (i) legal or policy steps to encourage members of the private sector to self-report corruption offenses or to institute effective measures to prevent them; (ii) public-private efforts to strengthen, and increase awareness of, relevant standards and methods in this area; and (iii) the use of integrity pacts, by which the business community and others collectively monitor compliance with voluntary anti-corruption standards. The relevant international standards, based on the UN and OECD Conventions as well as best practice guidance, are provided in the table below.



The first approach uses the instruments of criminal law and procedure to provide incentives for companies to self-report corruption offenses or to ensure that they have effective systems of prevention in place. As in the practice of plea-bargaining used in certain legal systems (notably in the US), the self-reporting of an offense before it is discovered is considered as a possible mitigating factor in criminal prosecution and sentencing. This practice is sometimes formalized in the law, but as often is implicit in prosecutorial and regulatory discretion. In either case, the scope of mitigation generally remains under the discretion of the administrative agency or law enforcement body, allowing for the necessary tailoring of remedies to each situation.

A step beyond this is to provide legal/regulatory incentives encouraging companies to adopt stronger internal control systems. For example, in the US, having an effective compliance system in place before the commission of an offense is a mitigating factor in sentencing (notably under the Foreign Corrupt Practices Act of 1977 – see below). This has contributed to the widespread adoption of compliance programs by publicly traded companies. In Italy, a legislative decree recognizes as a criminal law defense a company’s adoption of an effective “organizational model” to ensure compliance with legal norms including laws against corporate bribery. The Italian Ministry of Justice has the authority under the decree to approve corporate guidelines and codes of conduct drawn up by business associations, and works proactively in assisting companies to establish corporate compliance measures in accord with the approved models. The latter include provisions that prohibit illicit payments to foreign officials (directly or through intermediaries) and recommend reporting, control, and sanction mechanisms.

1 Similarly, the United Kingdom’s Bribery Act

penalizes commercial organizations that fail to establish adequate procedures to prevent bribery. By implication, having an effective compliance program appears to be a defense against prosecution.

2

Cooperative public-private initiatives provide further alternatives.

Outreach programs by government agencies and joint state-private initiatives are of long standing, and were common practice in such areas as health and agriculture before being applied to corruption and corporate governance. Leading innovators in this area include anti-corruption agencies (ACAs) in at least two of the Initiative member countries – Australia and Hong Kong, China.

3

In addition to training and awareness-raising, efforts in this area sometimes take the form of agreements by public and private sector entities to work jointly to improve corporate governance and corruption prevention in the private sector. In France, for example, the Central Department for Corruption Prevention, under the supervision of the Ministry of Justice, has entered into partnership agreements with large companies to strengthen prevention, notably in the arms, construction, and hotel industries. In addition, the government has, working through the largest national business association, actively encouraged French enterprises to set up internal control mechanisms for detecting bribery.

4

Overview of Corporate Measures 19


Cooperation within the public or private sector can also play an important role. This is perhaps most obvious with regard to cooperation between government departments such as the securities regulator and law enforcement actors such as prosecutors. Cooperation within the private sector may also be important in promoting collective action against corrupt practices in business. A leading example of this is the integrity pact, a method brought to global prominence by Transparency International. The method requires participants (in this case, companies) to make a public pledge to support and comply with certain integrity standards (e.g. prohibition of corporate bribery). The private sector, often with support from non-governmental watchdog groups, monitors the compliance of pact members. This may involve periodic reviews, reports, and/or audits. A leading global example of this method is the Extractive Industries Transparency Initiative (EITI), in which several Initiative member countries are participants. The EITI differs from the private sector initiatives described above in that governments are the main signatories, but the mechanism is essentially the same.

International standards: general prevention efforts

Promote public-private cooperation to prevent private sector corruption (UNCAC 12(2)(a)).

Encourage self-reporting and self-help by companies: 1) Provide official channels, guidelines, or assistance for self-reporting of

corruption offenses.5

2) Sentence mitigation for self-reporting, effective response to suspected corruption, preventive measures.

6

Public-private sector cooperation: 1) To enhance corruption prevention, detection, and reporting, e.g.

partnerships in vulnerable sectors 2) To increase awareness of ethics standards and compliance procedures

by companies and the professions e.g. seminars or disseminating guidelines.

3) To improve standards of corporate governance and ethical commercial practices.

7

Encourage public commitments – e.g. integrity pacts – by businesses and private sector associations to strengthen transparency in accounting, improve corporate governance, and prevent corruption.

8



Member country compliance

In several member countries of the Initiative, there are only limited efforts by government, the private sector, or local civic organizations to address corruption involving business. Where there are anti-corruption efforts involving some or all of these sectors, they most often focus on bringing transparency and reform to the public sector, placing little emphasis on prevention from the private sector side. A number of member countries do have anti-corruption initiatives that span the public and private sectors, some of them also involving NGOs. Again, the emphasis is largely on the public sector, but in some of these cases the private sector dimension is given significant focus (see the box below). Indonesia and Hong Kong, China, for example, have frameworks of public-private cooperation to support corruption prevention, whistle-blowing, and related matters in the business sector. In other cases, anti-corruption efforts are principally led by the donor agencies (Afghanistan), the government (Cambodia, Malaysia, P.R. China, Sri Lanka), or by the NGOs (Bangladesh, Nepal).

Virtually all member countries provide some channel for complaints and reports on corruption, and many countries provide multiple channels. These channels are designed to receive whistle-blower reports from within companies or government institutions. Most countries do not have formal arrangements to encourage self-reporting or preventive measures against corruption by companies, such as reduction of penalties or sentences in cases of prosecution. However, a substantial minority of member countries (see below) report that these factors are, in practice, taken into account in sentencing.

Virtually every member state reports having some form of outreach or

cooperation between the public and private sector on corruption prevention. In most cases, the activities, such as awareness-raising and training seminars, touch on private sector concerns – though to varying degrees. Typically, the lead anti-corruption agency takes the initiative in providing guidance and

Member countries that consider self-reporting and preventive measures in enforcing sanctions against corruption:

Australia – Hong Kong, China – India – Japan – Kazakhstan – Korea – Macao, China – Malaysia (for witnesses) – Mongolia – Nepal – Singapore – Sri Lanka – Viet Nam

Member countries with anti-corruption initiatives involving significant public-private cooperation:

Australia – Hong Kong, China – India – Indonesia – Japan –Kazakhstan –Korea – Kyrgyz Republic – Macao, China – Mongolia – Philippines – Singapore – Solomon Islands – Thailand – Timor-Leste



organizing events, with the cooperation of civic, business, and/or professional organizations. In some cases, the private sector or the accounting profession plays the lead role, as reported in Bangladesh. In other cases, the main government role is taken on by economic policymakers or financial regulators, as in Japan and the Cook Islands. In some cases, government enters an agreement with the private sector to support and monitor anti-corruption efforts, as in Cambodia’s MOU with a leading multinational company.

Most countries also have corporate governance standards that are developed by government, private sector associations, professional bodies, or a combination. Usually, the securities regulator or stock exchange issues the main corporate governance standards. In other cases, as in India, Kazakhstan, Nepal, and P.R. China, chambers of commerce or other business or sector associations take the lead. Further, anti-corruption agencies sometimes contribute significantly to the setting of corporate governance standards, particularly with respect to prevention of bribery – as in Fiji; Hong Kong, China; Macao, China; and Singapore.

Integrity pacts are less frequently used. Several member countries belong to the EITI, which uses an international mechanism that incorporates the features of an integrity pact. They include Australia, Kazakhstan, the Kyrgyz Republic, the Solomon Islands, and Timor-Leste. Other sector-specific pacts deal with procurement (in India, Korea, Malaysia) or construction (in Viet Nam). Thailand and Hong Kong, China create a similar framework of incentives by providing public awards for good corporate governance (in addition to imposing sanctions on unethical contractors). Korea has amended its laws on public procurement (national and local) so as to require all bidders to sign integrity pacts.

3. Internal controls

Under the rubric of internal controls, this review considers three major

features of corporate governance systems. These features aim to ensure that companies are operating efficiently, keeping proper accounts, complying with legal-regulatory norms and principles of good practice, and managing key risks. The internal control and compliance system, which we treat as one of the features, focuses exclusively on these goals. The other two features, internal audit and the audit committee (or equivalent body), play a central role in internal control but are also involved in the other main branch of corporate governance reviewed here – financial reporting. The relevant international standards are given in the tables below. Only one of these corporate governance features is addressed by name in UNCAC: “sufficient internal auditing controls” (art. 12(2)(f)). The other two features are central to good corporate governance



practice (including the prevention of private sector corruption) and are addressed in guidance documents issued by the UN, the OECD, and others.

It is worth clarifying in what sense these three features of internal corporate control are anti-corruption measures. As explained previously, corruption involving the private sector includes bribery of public officials by businesses, as well as other forms of public corruption in which enterprises may be engaged, such as collusion with officials to engage in procurement or tax fraud. It also includes bribery among private enterprises, along with embezzlement and related forms of corporate fraud. Just as inspectors general and public auditors oversee government officials’ compliance with legal and ethical rules of integrity in carrying out state functions, companies must ensure the proper conduct of their personnel. Thus, company internal auditors, general counsel, audit committees, and compliance officers monitor and verify adherence to applicable norms by corporate officers, managers, professionals, and other employees and agents. These norms include not only company policies and procedures but also the laws, regulations, and codes of conduct generally applicable to the company. Thus, an important dimension of corruption control is the internal governance of companies consistent with the external rules just mentioned. If companies and their executives face serious penalties for complicity in fraud or bribery, then internal control mechanisms that prevent such behavior take on critical importance for top management and the board of directors. In turn, governments and regulators have a corresponding duty to protect the public by requiring companies to maintain effective internal controls.

A. Internal audit

The internal audit function has evolved from a focus on accounting records to embrace a wider range of risk management, control, and governance processes. The internal auditor advises management with regard to all of the control systems that enable organizational objectives to be met. Internal audit is an assurance function that primarily provides an independent and objective opinion on the degree to which the internal control environment supports the achievement of organizational objectives. This function is necessary in companies with sufficient scale and differentiation that a founder or senior manager cannot gain this assurance through personal observation. This principal-agent problem, typical of state bureaucracies, arises as companies grow and become publicly owned. Thus, internal audit is usually not required for smaller and private companies. Indeed, legislative standards and uniform models for internal audit have not been the norm, at least until recently.

9

The UN’s guidance on implementation of UNCAC art. 12 states that

member nations should apply laws and standards of corporate governance affording clear guidance and procedures on the core functions of internal audit



in the private sector. The components of this (ranging from basic processes to more evolved processes for complex organizations) are as follows:

a basic audit process reviewing the effectiveness with which assets are controlled, income is accounted for, and expenditure is recorded;

a system-based audit reviewing the effectiveness of financial, operational, and management control systems;

audits reviewing the legality of transactions and the safeguards against fraud and corruption; and

a full risk-management-based audit.10

The standards issued by the Institute of Internal Auditors (IIA) state that internal auditors have a professional duty to prevent and detect “illegal acts” in the books and records of companies. This suggests that they should seek to prevent and detect fraud and corruption, including bribery of foreign public officials (at least where such foreign bribery is a criminal offense). Internal auditors are also well positioned to encourage management and the board to combat fraud and corruption, given their close relationship with management and internal control. Internal auditors might also provide a safety-net for preventing, detecting, and reporting improprieties, including the bribery of foreign public officials, in companies that are not required to submit to an external audit. For companies that are also externally audited, the internal audit function provides the basis for an effective external audit.

11

International standards: internal audit

Companies have sufficient internal auditing controls to assist in preventing and detecting corruption. (UNCAC 12(2)(f)).

12

Professional standards for internal auditors: 1) Defined by law or by membership in a professional association. 2) Include a duty to prevent and detect “illegal acts” in the books and

records of companies, including bribery and other forms of corruption.13

Requirements for conduct of internal audit: 1) Basic audit to review financial statements, asset control, accounting for

income and expenditure. 2) Risk-based system audit to review financial, operational and

management control systems. 3) Review of legality of transactions and of safeguards against fraud, conflict

of interest, corruption. 4) Internal auditor reports directly to the board of directors or

audit/supervision committee.14




Internal audit appears to be practiced in all member countries, but not

all of these countries impose it by means of a legal requirement or regulatory standard (see the box and graph below). In some countries where it is not required by law (e.g. Japan), there is nonetheless a longstanding practice of internal audit, which is considered a necessary feature of effective corporate governance and accountability. Such has often been the case in other leading economies as well. The requirement of internal audit in those countries is indirect or implied, since it would be difficult for a company to meet management goals, regulatory standards, or investor demands for accurate financial disclosure without an internal audit function. In several member states, internal audit is required by law, or at least strongly recommended by regulators or corporate governance codes, for listed companies and financial institutions (in many cases including insurers). Only Mongolia reports an internal audit requirement for all companies, although compliance appears to be difficult to achieve for most. Bhutan applies internal audit to companies controlled by the state holding company.

Member country internal audit provisions: Internal audit required by law or advised by corporate governance code For financial institutions: Afghanistan – Cambodia – P.R. China – Cook Islands – Fiji – Hong Kong, China – Macao, China – Malaysia – Nepal – Philippines – Papua New Guinea – Thailand – Timor-Leste (per anti-money laundering law) – Vanuatu For large or public interest entities (whether listed or not): Indonesia (public companies) – Japan (large companies) – Viet Nam (public interest entities) For listed companies: Australia – Bangladesh – Cambodia – Fiji – Hong Kong, China – India – Kazakhstan – Korea (large listed companies) – Malaysia – Pakistan – Singapore – Thailand Professional standards (IIA or domestic) Australia – Cambodia – P.R. China – Hong Kong, China (recommended) – India – Indonesia – Japan – Malaysia (voluntary) – Pakistan – Philippines – Papua New Guinea – Singapore (recommended) Review legal compliance or detect fraud/corruption Australia – P.R. China – India – Japan – Pakistan – Philippines – Vanuatu – Viet Nam Review internal controls Australia – Cambodia – P.R. China – Cook Islands – India – Korea – Macao, China – Malaysia – Philippines – Vanuatu Report exclusively to audit committee or board of directors Australia – Bangladesh – Cambodia – P.R. China – Fiji – India – Indonesia – Japan – Kazakhstan – Macao, China – Malaysia – Nepal – Philippines – Thailand



Often, there is no organized internal audit profession as such. However, practice standards for internal auditors are sometimes provided by a national chapter of the IIA or by internal auditors’ membership in the licensed accountancy profession. In some of the countries, it is mandatory for internal auditors to meet professional standards (IIA or domestic standards), and in a few cases membership in a professional body is mandatory. In Japan and Korea, internal audit is performed in large companies by statutory or company auditors who have a mixture of audit-related functions. Only P.R. China reports having its own separate domestic institute on internal audit. Quality control of financial reporting and audit, as performed by professional bodies or regulators (e.g. in the banking and securities sectors), touches on internal audit. In a few cases such as Papua New Guinea, this oversight of internal audit is an explicit requirement.

Internal audit functions include basic oversight of accounting and financial reporting. Some systems also specify that the internal auditor must supervise internal controls more generally, often using risk-based criteria. A further function specified in some of the member countries (and in IIA standards) is to check the legal compliance of company operations. This in a few cases includes explicit mention of detecting fraud or corruption, or of money laundering (in the case of the Cook Islands). In order to serve as an effective check, internal audit must be independent of management functions. In several cases, a safeguard of independence is provided by requiring the internal audit function to report directly to the audit committee or board of directors. In the case of Vanuatu, the provision simply states that the internal audit function should be independent. In the case of Bangladesh, independence is emphasized by giving the internal auditors express authority to demand information or action by management. In other cases such as Pakistan and Singapore, internal auditors report jointly to the audit committee and to top management.



B. Audit committee

The OECD Anti-Bribery Recommendation (see the table below) advises the creation of monitoring bodies independent of management, such as audit committees (of the board of directors) or supervisory boards. The audit committee or an equivalent body is often designated to supervise the internal audit function, and should also be charged with overseeing the relationship with the external auditor, including any activities that hold the potential to create conflicts of interest (e.g. provision of non-audit services by the auditor to the company). The OECD also recommends that companies provide channels for persons to report breaches of the law or professional standards occurring within the company, including instances of undue pressure on employees or contractors to violate standards of professional ethics. Companies are encouraged to take appropriate action based on such reporting. These are functions that can, and frequently do, devolve upon the audit committee or similar body. Further, it is increasingly common for the audit committee to identify and recommend the external auditors to be retained for independent audits.

Observers stress the importance of the audit committee being fully independent of management. Thus, the Treadway Commission in the US proposed that any listed company should have an audit committee composed of non-executive directors. Globally, most stock exchanges require listed companies to have audit committees, and these are usually expected to include independent or non-executive directors, and in many cases persons with accounting or audit expertise.

Over the last decade many jurisdictions, including

most member countries of the Initiative, have adopted rules that increase the powers and duties of the audit committee, and require a charter that defines the

0% 20% 40% 60% 80% 100%

Required by law / advised by code

Detect legal non-compliance, fraud/ corruption

Review internal controls

Report to board / audit committee

Professional standards

Internal audit in member countries



committee’s duties. Some countries, including the US and the UK, mandate an annual performance evaluation of the audit committee.

15

The primary function of the audit committee is to assist the board in

fulfilling its oversight responsibilities by reviewing audit processes (internal and external), internal controls, and all of the financial information to be disclosed. In carrying out this responsibility, the committee is usually expected to:

provide open avenues of communication among internal auditors, the independent auditor, and the board of directors;

report actions to the full board of directors and make appropriate recommendations;

conduct or authorize investigations into matters within its scope of responsibilities, retaining independent counsel or accountants if necessary.

In the US, audit committees are often involved in assessing whether management has developed an effective compliance program to address corruption risk (under the Foreign Corrupt Practices Act).

16 Increasingly, audit

committees in other countries have a similar role in checking compliance with anti-bribery legislation. The OECD’s guidance (see the table below) incorporates these various functions.

International standards: audit committee

1) Encourage or require companies to establish audit committees (or equivalent).

2) Committee members to include:

Financial experts.

Independent directors.17

Audit committee terms of reference: 1) Supervise accounting methods, internal and external audit. 2) Review internal controls and ethics code, compliance of directors,

managers, employees, and agents. 3) Guidance to staff on compliance and on preventing corruption. 4) Respond effectively to information on possible corruption. 5) Provide confidential channel of communication for reports of suspected

irregularities, corruption.18


Virtually every member country requires the establishment of an audit committee or similar institution such as a supervisory board for certain types of companies – or at least recommends such a body in its corporate governance code. In the large majority of cases, the required body is an audit committee. Typically, audit committees are required for financial institutions, listed



companies, and/or companies meeting a size threshold. For other companies, such bodies are often recommended – and often used. In some cases, such as Australia and Korea, only large listed companies are required to have audit committees, while other companies may establish committees as a matter of good corporate governance (and in Korea, audit committees are also required for financial institutions). In some of the countries, these bodies are required for public companies (Indonesia) or for state enterprises (Nepal, Samoa). Finally, in some cases, the law simply allows the establishment of board committees (Kazakhstan, Papua New Guinea (apart from the financial sector)) rather than requiring any specific body to be established.

A majority of the member countries specify the membership of the audit committee (or supervisory board). Typically, the committees must include independent (or outside) directors and persons with financial or accounting expertise. In two cases, some or all of the independent directors must be non-executive (Hong Kong, China and Vanuatu). Sri Lanka specifies either a majority of independent directors or at least two non-executive directors. Timor-Leste requires audit committees to exclude directors, shareholders, and employees. A few countries require members with financial literacy rather than accounting credentials (India) or do not expressly require members to have a finance background (Afghanistan, Bhutan, Indonesia, Vanuatu). Countries in which audit committee functions are handled by a board of auditors (Japan and Macao, China) require that board to be comprised of professional auditors or an audit firm.

Nearly all the countries define the audit committee’s terms of reference to some extent, including the basic functions of supervising the accounting and auditing functions, and participating in the hiring of external auditors. In most countries, the committee terms of reference make specific mention of its role in

Member country provisions on audit committee (or supervisory board) role in addressing irregularities, fraud, corruption: Offer preventive guidance or take action: Australia (corruption) – Bangladesh (fraud: report to regulator) – Bhutan (fraud: report to regulator) – Fiji (corruption: prohibit in ethics code) – Japan (order to cease) – Macao, China – Malaysia – Pakistan – P.R. China – Singapore – Viet Nam Confidential channel for complaints and reports: Australia – Fiji (corruption) – Hong Kong, China – India – Macao, China – Malaysia – Pakistan – Philippines – Singapore – Sri Lanka – Thailand The provisions may be legal requirements or recommendations for companies having such committees or boards. In other countries, fiduciary obligations or whistle-blower provisions may create an equivalent company responsibility.



oversight of internal controls, which often includes monitoring compliance with laws and company codes. A minority of member states (about one-third) explicitly require audit committees (or supervisory boards) to provide guidance or to take action with respect to problems of integrity and corporate governance. A similar number specify a responsibility for the committee to provide a confidential channel for complaints and whistle-blowers (see the box above and the graph below). Among all of these cases, only standards in Australia and Fiji expressly mention corruption as a key concern of the audit committee, while those of Bangladesh and Bhutan mention fraud. Others use more general language to refer to non-compliance or irregularities.

C. Internal control and compliance systems

An important function of the board of directors is to oversee the internal control systems covering financial reporting and the use of corporate assets, and to guard against abusive related-party transactions. These functions are sometimes assigned to the internal auditor, who should report on these matters directly to the board or to the audit committee on the board’s behalf. Where other corporate officers are responsible such as the general counsel or compliance officer, it is important that they maintain similar reporting relationships. In fulfilling its control oversight responsibilities it is important for the board to encourage the reporting of unethical or unlawful behavior without fear of retribution. Having a company code of ethics aids this process, which should be underpinned by legal protection for the individuals concerned. Often, either the audit committee or an ethics committee is specified as the contact point for employees who wish to report such concerns, or other matters that may compromise the integrity of financial statements. Companies are also

0% 20% 40% 60% 80% 100%

Required or advised for some or allcompanies

Membership defined

Terms of reference defined

Guidance or action on fraud /corruption

Confidential channel for complaints,reports

Audit committees in member countries



advised to set up internal programs and procedures to promote compliance with applicable laws, regulations, and standards, including criminal laws on corruption. Compliance must also relate to other laws and regulations such as those covering securities, competition, and work and safety conditions.

19

Internal control has several components. These vary somewhat

between sectors and countries, and are also evolving over time as companies and standard-setting bodies address new challenges. According to the standard-setting body COSO,

20 there are five main components of internal

control:

The control environment, which sets the tone of an organization, influencing the control consciousness of its people. The factors here include the integrity, ethical values, and competence of the personnel; management’s philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the board of directors.

Risk assessment, i.e. the identification and analysis of risks relevant to the achievement of corporate objectives. This provides the basis for determining how the risks should be managed, and should include mechanisms to identify and deal with the special risks associated with change.

Control activities: the policies and procedures that help ensure management directives are carried out and that necessary actions are taken to address risks to achievement of the entity’s objectives. Control activities include approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets, and segregation of duties.

Information and communication—Information systems are needed to produce reports containing operational, financial and compliance-related information that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary for informed business decision-making and external reporting.

Monitoring of the internal control systems, including assessment of the quality of the system’s performance over time. This is accomplished through ongoing monitoring activities, separate evaluations or a combination of the two.

21



The core internal control function common to all systems is that of financial control. Depending on the size of the organization and transaction, the financial controls could include, for example:

separation of duties, so that the same person cannot both initiate and approve a payment;

ensuring that a payee’s appointment and work or services carried out have been approved by the organization’s relevant approval mechanisms;

requiring at least two signatures and supporting documentation for payment approvals;

restricting the use of cash;

ensuring that payment categorizations and descriptions in the accounts are accurate and clear;

periodic management review of significant financial transactions.22

Increased global concern about fraud and corruption has led to adjustments in the approach to internal control. Thus, in the US, the Sarbanes-Oxley Act introduced the requirement of including an internal control report in every issuer's annual report, according to rules adopted by the Securities and Exchange Commission (SEC). The report must state management's responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting, and provide an assessment of the effectiveness of that control system. In addition, an issuer's independent auditor must attest to, and report on, management's assessment, in accordance with accounting oversight standards. The assessment must be based on procedures sufficient both to evaluate design and to test operating effectiveness. Documentation and other evidence must be retained so as to provide reasonable support for management's assessment of internal controls. The assessment and report must address internal controls related to accounting and financial reporting, as well as controls related to the prevention, identification, and detection of fraud.

23 Japan and P.R. China have adopted

parallel requirements in their legislation in this area (Japan’s Financial Instruments and Exchange Act and P.R. China’s Basic Standard for Enterprise Internal Control, see the relevant country reports).

In addition to addressing fraud, internal controls are increasingly concerned with bribery and other forms of corruption. An example of this is the US Foreign Corrupt Practices Act of 1977, which requires public companies to establish a system of internal accounting controls sufficient to provide reasonable assurance that:

transactions are executed in accordance with management’s authorization;



transactions are recorded as necessary to permit preparation of financial statements in conformity with accounting standards and to maintain accountability for assets;

access to assets is permitted only in accordance with management’s authorization; and

the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.

24

In similar fashion, the UK Bribery Act, 2010 (sec.7) imposes duties to

prevent bribery on a wide range of commercial organizations with ties to Britain – thereby ensuring that companies establish sufficient internal controls to prevent and detect corruption. Internal control provisions in this area are spelled out in some detail in the Guidance to the Act.

25 Among Initiative countries, Hong

Kong, China appears to provide the most comprehensive standards on internal controls to combat fraud and bribery. These are set forth in the modules of the Hong Kong Monetary Authority’s Supervisory Policy Manual and the Securities and Futures Commission’s Code of Conduct (see the relevant country report).

In light of the adoption of UNCAC and the OECD Convention, business associations have developed guidance on compliance with these instruments. The International Chamber of Commerce, for example, issued recommendations on corruption prevention.

26 The approach to third-party

agents and business partners is especially relevant to bribery concerns. The ICC advises, with respect to such third parties, that companies should instruct them neither to engage in nor to tolerate any act of corruption, and not to pay them more than an appropriate remuneration for their legitimate services. Contracts should empower the company to request an independent audit of the third party’s books to verify compliance with the company’s anti-corruption policies. Contracts should also include a provision allowing the company to suspend or terminate the relationship, if it has a good faith concern that a business partner has acted in violation of applicable anti-corruption law or company anti-corruption standards. The company should conduct appropriate due diligence on the reputation and the capacity of its business partners exposed to corruption risks to comply with anti-corruption law. The ICC provides a detailed framework for setting up an anti-corruption compliance program

27

(see Annex 2). Such guidelines illustrate the kinds of compliance programs that are likely to be effective. They may not be prescribed in detail by laws and regulations, but it is each company’s responsibility to establish systems that ensure compliance with legal standards.



International standards: internal control and compliance systems

Procedural requirements: 1) Companies to disclose internal control systems publicly, or justify their

absence. Disclosure includes explaining problems of implementation.28

2) Internal controls on financial reporting: management (or audit committee)

assesses; external auditor tests.29

3) Commitment and support across the company:

Senior management to signal company-wide support for all components.

Written undertakings and training on compliance required of all directors, officers, employees.

30

4) Risk-based approach: 1) Individualized assessment of risks to the enterprise, including corruption

risks. 2) Regular monitoring and re-assessment of corruption risks.

31

Substantive components: 1) Require adherence to all applicable laws and standards on behavior that

may affect the integrity of financial statements.32

2) Clearly prohibit bribery and other forms of corruption, and strongly

discourage actions that contravene good commercial practice.33

3) Provide guidance in such sensitive areas as gifts, entertainment, political

contributions, charitable donations.34

4) Require for third-party representatives, consultants, or agents:

Written contract, adherence to company ethics standards and anti-corruption laws.

Oversight, including independent audit.

Compliance with public disclosure rules on agent transactions with government.

35

Enforcement, including sanctions for failure to comply.


A large majority of member countries have provisions on internal controls, whether legal-regulatory mandates or non-binding standards. Even beyond any explicit standards, internal control is often practiced as a matter of good corporate governance. As for standards, these are often articulated in codes of corporate governance and sometimes in regulatory instruments. In both of these approaches, regulatory authorities may use the standards as the basis for decisions related to licensing and compliance. In some of those cases, the standards may be enforced by means of fines or other penalties. Only in a few cases is internal control adopted as a requirement in general legislation (company law in India, accounting law in Kyrgyzstan) or identified as an element in fixing criminal liability for corporate offenses such as fraud (Bhutan and Hong Kong, China). The majority of rules and standards on internal control



are applied to certain categories of companies only, such as financial institutions, listed companies, and large or public-interest entities.

The content of the internal control framework varies across the region (see the box and graph below). A majority of member countries encourage companies to disclose their internal control framework. This may be required or recommended, and in a few cases is mandatory regardless of whether internal controls themselves are required – i.e. a “comply or explain” rule. Where member countries have identified a corporate unit responsible for supervising internal control functions, this is most frequently the audit committee. A substantial minority of the countries require or recommend steps to demonstrate a commitment by management to company-wide compliance, such as designating a compliance officer, requiring training in this area for managers and/or staff, or adopting a corporate code of conduct. Most countries include compliance with laws and regulations as an element in the internal control standards. Also, a majority stipulate that internal controls should reflect assessment of operational and governance risk, with some of them calling for regular monitoring and/or periodic re-assessment. Lastly, over half of member countries identify corruption-related risks as key concerns of the internal control system. Some of these mention corruption explicitly, while others focus on fraud or money laundering, and a number of them deal with such corruption-related concerns as the giving of gifts and contributions (Fiji; Hong Kong, China; India; Thailand) and/or retention of third-party agents (Bhutan; Fiji; Hong Kong, China; India; Japan; Thailand).

Internal control provisions in laws, regulations, or codes of corporate governance

Disclosure of internal controls

Australia – Bangladesh – Bhutan – Fiji – Hong Kong, China – India – Japan – Korea – Macao, China – Malaysia – Mongolia – Nepal – Pakistan – Palau – P.R. China – Samoa – Singapore – Sri Lanka – Thailand – Vanuatu – Viet Nam

Internal controls address legal compliance and corruption risk

Australia – Bangladesh – Bhutan – Cambodia – Fiji – Hong Kong, China – India – Indonesia – Japan – Malaysia – Palau – P.R. China – Thailand – Solomon Islands

(i) legal compliance only

Afghanistan – Kazakhstan – Pakistan – Philippines – Papua New Guinea – Sri Lanka – Timor-Leste – Vanuatu – Viet Nam

(ii) corruption risk only

Korea – Macao, China – Mongolia



3) Integrity of financial statements

This part of the review addresses several topics relating to the financial

disclosures of companies to external parties, as contrasted with the internal company control policies dealt with in Part 2. The two are closely related, since a central concern of internal control is the completeness and accuracy of the accounting information that enters the processes of preparation and independent auditing of financial statements. Here, we consider the issues of financial record-keeping, financial reporting, and external audit. The latter two fields are subject to detailed international standards. Further, we review the standards applicable to the accounting and auditing professionals charged with ensuring the accuracy of financial reports. Last, we examine the institutional mechanisms and sanctions for enforcement of the rules in this area.

Again, it may be worth clarifying in what sense the safeguards of accounting, financial reporting, and external audit are anti-corruption measures. The previous section focused on the mechanisms for ensuring internal compliance with company rules, public laws, regulations, etc. Those mechanisms are designed to enforce the accountability of company officers, employees, and agents to senior management and the board of directors. By contrast, the mechanisms dealing with the integrity of financial statements are expected to enforce the external accountability of the company to its owners, as well as to potential investors and thus the public at large. If a company’s internal control systems fail to prevent or detect corruption, an additional check is provided by the external accountability mechanisms of financial reporting and independent audit. Just as public records and asset declarations afford the documentary basis for the accountability of government officials to the

0% 20% 40% 60% 80% 100%

Laws or standards requireinternal controls

Disclosure of control systemsrequired

Controls to address corruptionrisk

Controls to address legalcompliance

Internal control and compliance in member countries



population, audited financial statements furnish the essential evidence by which companies are judged not only on their business success but on their integrity as well. The state helps to safeguard public welfare by ensuring that companies compile and disclose their financial information, and submit it to independent audit, according to the most exacting standards. If an enterprise is involved in corrupt activity, an effective system of accountability in this area will ensure either that evidence of such activity is disclosed or that the enterprise is held liable for concealing the activity.

A. Accounting

1. Financial records

Accurate financial reporting critically depends on the integrity of the accounting records and source documents used to generate the financial reports. Both UNCAC and the OECD Convention recognize the importance of preserving complete and accurate records for the prevention and detection of corruption (see the table below). Most jurisdictions address this issue by means of legislation on taxation, corporations, and/or securities, although occasionally record-keeping provisions are included in anti-corruption laws.

36 Record-

keeping and accounting rules must contend with the multitude of ways in which bribes may be concealed in company accounts. Bribes have been mischaracterized, for example as commissions or royalties, consulting fees, sales and marketing expenses, and other legitimate cost items.

37 Other tactics

include destroying records or keeping account of illegal transactions in a separate, concealed, set of books.

International standards: financial records

Record-keeping requirements: form, method, and minimum time period for retention of financial records.

38

Prohibitions (UNCAC 12(3), OECD Convention 8(1), OECD Recommendation

39 X(A)(i))):

1) The use of false documents. 2) The intentional destruction of bookkeeping documents earlier than

foreseen by law. 3) Establishing off-the-books accounts. 4) Making off-the-books or inadequately identified transactions. 5) Recording non-existent expenditure. 6) Entry of liabilities with incorrect identification of their objects.

Member country compliance:

The most common record-retention period in the region is a minimum of ten years, required by 13 countries (including Bangladesh, which requires 12 years). A further eight countries require at least seven years’ retention



(including India, requiring eight), and 12 countries require at least five years (including two that set a minimum of six). Most of these minimum periods apply to all companies, although in several cases they apply only to listed companies or financial institutions, or to certain records. In the latter cases, shorter retention periods apply in other circumstances. Where specified, the retention rule usually applies to all records and primary documents such as receipts. In Korea, the ten-year period applies to accounting records, and a five-year minimum to back-up documents; in Viet Nam, a ten-year period applies to audit records only.

Most of the member countries have a specific legal-regulatory prohibition against the falsification of financial records and documents and/or the use of such false documents.

40 Even in the absence of such an express

prohibition, all or virtually all countries have an applicable prohibition in their general commercial or criminal laws. The specific rule in some cases applies to certain categories of firms such as listed companies or financial institutions, as in Bhutan and the Cook Islands. A majority of member countries also specifically prohibit the early or improper destruction of financial records and documents, although in all or nearly all countries the record retention rule can be applied so as to penalize such destruction.

41 In a few cases (e.g. Australia,

Korea), the specific prohibition also extends to the alteration or damaging of the records.

A substantial minority of member countries have express prohibitions in place against certain record-keeping and accounting practices that may be used to disguise fraud and corruption (see the box below). Most of this latter group of countries penalize inaccurate or misleading entries

42 (i.e. records that

are partially incorrect but shown to be deliberately falsified), while a few expressly prohibit unrecorded or concealed transactions, or the use of multiple sets of books.

Member countries expressly prohibiting practices that may conceal irregularities Inaccurate or misleading entries: Australia – Afghanistan – Bhutan – Cambodia – Cook Islands – India – Indonesia – Japan – Kazakhstan – Macao, China Malaysia – Mongolia –Philippines – P.R. China – Singapore – Sri Lanka – Thailand Concealment or non-recording of transactions, multiple sets of books: Japan – Macao, China – Philippines – P.R. China In countries that have adopted International Financial Reporting Standards (see below), the above manipulations should be impermissible for all entities to which those standards apply. Also, a legal provision that does not expressly prohibit specific actions may be understood in practice to include such actions (e.g. concealment or non-recording in Australia).



2. Financial reporting requirements

In addition to the record-keeping and accounting measures mentioned above, UNCAC (art.12(2)(f)) and the OECD Anti-Bribery Recommendation (rec. X) require member states to maintain sufficient financial reporting and auditing controls to prevent and detect corruption. Those measures need to be robust enough to counteract the various subterfuges discussed in the section above. OECD Recommendation X (see the table below) further requires financial reporting standards to include the disclosure of all material contingent liabilities, including those related to bribery. The OECD comments that this is intended to ensure that companies, in order to meet this disclosure requirement, must take into account the full potential liabilities under the OECD Convention (arts.3, 8) including all losses that might flow from conviction of the company or its agents for bribery.

43 Best practice in this area generally means adoption of the

International Financial Reporting Standards (IFRS), and their full application to companies whose size, sector, or ownership creates a need for public accountability.

The IFRS Conceptual Framework sets out basic qualitative characteristics for financial reports such as faithful representation, relevance, and materiality, along with enhanced characteristics that reporting systems should strive to achieve. The latter include comparability, verifiability, and timeliness. Thus, financial information must not only represent relevant phenomena, but it must also faithfully represent the phenomena that it purports to represent – i.e. it must be complete, neutral and free from error. International Accounting Standard (IAS)

44 1.15 provides another critical characteristic: fair

presentation. Financial statements must fairly present the financial position, financial performance and cash flows of an entity, while accurately representing the effects of its transactions. When IFRS are accurately applied, financial statements are presumed to give a fair presentation.

45 Thus, the use of false

documents, off-the-books accounts, inaccurate recording of transactions, fictitious liabilities or expenditures, and disguising improper activities are all in principle impermissible under IFRS.

Further, IFRS prescribe the appropriate treatment of contingent liabilities such as those that may arise from illegal transactions. In principle, this would include the results of the company having engaged in bribery and other forms of corruption, such as prosecution, administrative sanctions, loss of future contracts or damage to the company’s reputation or competitive position as a result of corruption investigations. Thus, IAS 37 requires the disclosure of “material contingent liabilities,” even though they can be recognized as having financial effects for accounting purposes only in limited circumstances. The point of disclosure is to note the potential financial impact of the liability – “materiality” refers to this impact, but this is left to the judgment of professionals rather than fixed as a quantitative threshold.



Under IAS 37.86, an entity must disclose its contingent liabilities unless the possibility of any financial outflow in settlement of such liabilities is remote. The financial report must provide a brief description of the nature of the contingent liability and, where practicable:

A. an estimate of its financial effect, B. an indication of the uncertainties relating to the amount or timing of

any outflow, and C. the possibility of any reimbursement.

The IFRS also state that such contingent liabilities should be continually

monitored, and if the outflow of resources becomes probable, they should be recognized as a more definite category of liability termed “provisions.”

The estimated losses due to an actual prosecution would have to be disclosed and recognized under IAS 37. But where there is only potential liability for future prosecution, and this possibility is not deemed remote, this would simply have to be disclosed in the financial statement notes without elaboration. In practice, this seems to mean the following:

1. Prosecution for bribery would generally be deemed remote unless

the bribery has somehow been revealed and investigations are underway or expected.

2. Therefore, no material liability of this kind is likely to be disclosed unless the allegations are already public.

3. However, once investigations are underway, the lack of any prior disclosure creates an additional opportunity for the prosecution: it can pursue the primary offense of bribery (domestic or fore