18. April 2023

Evolutions in anti-corruption compliance: hope for the future

Gemma Aiolfi in a team meeting
Gemma Aiolfi is known for her deep knowledge of compliance and Collective Action and for her irresistible sense of humour

Gemma Aiolfi is an international expert in anti-corruption compliance and a driving force behind the development of private sector-led Collective Action. Gemma helped to establish the Basel Institute on Governance in 2003 alongside Professor Mark Pieth. She served as the organisation's Head of Compliance, Corporate Governance and Collective Action from July 2013 until October 2022, when she transitioned to the role of Senior Advisor.

In this Q&A, she gives her personal perspective on the birth and evolution of anti-corruption compliance, plus the risks and challenges that compliance officers face today.

Where and how did compliance arise?

Anti-corruption compliance didn’t exist when I started my working life. Where compliance existed at all, it was mostly about regulatory health and safety standards.

The concept of compliance related to economic crime began in the banking industry with the focus on profits from illicit drugs. My early career in banking in Basel in the mid-1980s coincided with the start of globalisation and the development of self-regulation (via self-regulatory organisations) to protect investors. Meanwhile, the Bank for International Settlements was focusing on market stability so contributed to the development of compliance from a supervisory angle.

Internal banking compliance was based on the concept of “self-regulation within a regulated society”. In other words, those in the industry know best how to protect against risks and just need a stable framework to do so, based on some form of principles-based regulation.

As industry deregulation and globalisation started to spread in the 1990s, a series of scandals cast doubt on whether self-regulation was enough. This ongoing cycle of scandals triggering more regulations on banks and policy debates on how to change regulatory approaches still continues today.

How was compliance different to now?

Very. For a start, regulatory compliance prevailed in many industries, including for the banking sector. When I joined UBS in 2005, anti-money laundering compliance was still absorbing the expansion into terrorist financing following 9/11 in 2001.

Back in the early 2000s, banks only considered corruption risks related to the laundering of the proceeds through transactions or clients. The idea that bank employees themselves or intermediaries working for banks could be involved in corruption was barely considered.

Even with that limited scope, compliance officers didn’t have an easy job. For instance, tensions arose when compliance officers started to challenge business decisions that could lead to reputational or legal risks due to the types of transactions or clients involved. If the bankers and their compliance colleagues were not aligned, who should have the final say?

In 2010, the position of Global Head of Anti-Corruption was created in UBS. I was the lucky first holder of that position in the bank. This development coincided with an industry shift that included looking at employee-related risks involving corruption.

An important trigger was the realisation that intermediaries – “finders” who brought in wealthy clients for a fee – could present a risk to banks.

That’s banking – what about other industries?

The notion of anti-corruption compliance within companies only started to pick up internationally after the OECD Anti-Bribery Convention came into force in 1999. The way that many countries implemented the Convention shifted the responsibility onto companies for how their staff and intermediaries behave in foreign markets where bribery involving public officials is a serious problem.

For companies that have ridden this wave and now have mature and well-functioning compliance programmes, the benefits are clear. Not only are they much better able to adapt to evolving legal and reputational risks, but they can also defend themselves should a bribery issue arise. They are better placed to demonstrate to new generations of activist shareholders, customers and other stakeholders that they are not exacerbating bribery and kleptocracy in foreign markets.

Those that continue to believe that they have everything under control without an anti-corruption compliance programme may find customer and investor pressure will cause them to rethink, even if the risk of prosecutions and fines seems remote. This “stick” would be a lot stronger if states were to enforce their foreign bribery laws more effectively.

Even so, the growth of compliance beyond banking is still evolving today. Some companies and state-owned enterprises are still at a very low level of maturity. And corruption remains a serious problem.

What principles have guided the Basel Institute’s work with the private sector?

Pragmatism has been a driving force. If you want compliance programmes to be accepted and implemented, they need to work from a business perspective while still effectively addressing legal and reputational risks.

We also focus on the culture within an organisation above all. Slapping more controls and checks on an organisation where the top management are indifferent to how business is won and employees are not encouraged to speak up about bribery won’t create an effective anti-corruption programme. Changing that culture to one of empowerment and “speaking up” is foundational for any anti-corruption compliance programme. It is sometimes also a huge challenge.

Setting an example through actions is what brings the culture of an organisation to life. Leaders at the top, and throughout the organisation, need to give a strong, clear and constant message that bribery is not the way to do business even if it means missing out on some opportunities. Staff have to be provided with practical tools and management support when putting robust anti-corruption programmes into practice.

And they should feel assured that if they do the right thing – refuse to pay a bribe to win a lucrative deal, for example – they will be praised and protected, not penalised.

Last, individual compliance programmes help a company protect itself from risks, but alone they can’t change the environment in which they are working. That is why we have constantly promoted Collective Action between companies and other stakeholders as a practical and effective way to achieve systemic change in the fight against corruption in business.

What developments in compliance are you seeing now?

Compliance has never ceased to evolve and for many businesses it’s now recognised as the conduit to promote values and embed the right culture throughout an organisation.

I am heartened by the inspiring compliance officers and company leaders we work with, both individually and through Collective Action initiatives.

Over the last year, we have accompanied many such professionals as they expand values-based compliance into topics like human rights and environmental sustainability. They have broken silos and reached out to the civil society organisations that have traditionally dominated these areas. Some are working hard to raise standards of integrity across their industry, from metals technology to banking.

And we have celebrated some real successes against deeply ingrained corruption challenges, like protecting seafarers from corruption in Nigerian ports.

Another positive development in compliance is closer integration with other business functions, from HR to antitrust and export controls. In many companies, HR departments now actively screen people based on their values, not only at onboarding but also as a prerequisite for promotion. They include ethics, culture and other compliance topics in staff onboarding.

This will gradually reinforce better organisational cultures over time – but only if the same approaches are also applied to those responsible for the oversight of compliance and the risk appetite of an organisation, including board members and CEOs.

What challenges does compliance face?

Despite greater integration, compliance still competes within an organisation for scarce resources. When times are tough, such as during the pandemic, managers might find it easy to cut compliance programmes. But the responsibilities and risks remain. Collective Action can help compliance officers do more with less, by co-developing guidance and sharing experiences with others.

Business practices are changing fast and compliance needs to stay abreast. For companies with complex global supply chains, compliance and due diligence are expected to extend all the way to the end of those. And it’s not necessarily any easier for companies that are moving towards end-to-end control of supply chains.

The rise in new technologies and social media runs both ways. On the one hand, they raise ethical questions and bring reputational risks that are mostly beyond a compliance officer’s control.

On the other hand, new technologies offer opportunities to enhance compliance. These might be external, such as e-government to reduce discretion and improve transparency in processes like licence approvals and customs documentation. Or internal, such as streamlined workflows and safe reporting channels.

Artificial intelligence for routine compliance checks could bring efficiency – though a compliance department without humans is not something I could envisage for the time being.

Looking forward

The evolution of anti-corruption compliance is a fascinating and transforming discipline. Courageous and forward-thinking individuals and organisations have driven step changes in how compliance interacts with business functions and its power to drive cultural and behavioural shifts. I am glad to see such individuals emerging among new generations and to see young entrepreneurs embedding compliance into their companies from day one.

What will magnify their efforts is Collective Action in its many forms. If there is one thing I hope for, it is that Collective Action becomes embedded in companies’ compliance programmes and the anti-corruption strategies of national governments.

Gemma Aiolfi

Senior Advisor, Legal and Compliance