Professional Documents
Culture Documents
Lockheed Martin Ethics Supplier Mentoring Program: How To Use The Supplier Self-Assessment Tool
Lockheed Martin Ethics Supplier Mentoring Program: How To Use The Supplier Self-Assessment Tool
Lockheed Martin Ethics Supplier Mentoring Program: How To Use The Supplier Self-Assessment Tool
Disclaimer
Lockheed Martin Corporation has prepared the information contained in this document for general information purposes only. This information is not intended to provide guidance or advice on
ethics and business conduct, and we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, or suitability of this information for any
purpose. The information is not contractual direction or interpretation, and it does not affect your contractual obligations under subcontracts or purchase orders received from LMC. You are solely
responsible for determining the content and scale of your ethics and business conduct program.
Instructions
1. Start on the SELF-ASSESSMENT CHECKLIST tab.
Column A lists the twelve elements of an effective ethics program. Each cell contains a hyperlink, marked with " »", to a one page infographic guide on that element.
The questions in Column B are designed to help you identify possible gaps in your program.
You can use Column C to make notes about the current state of your ethics program, planned improvements, etc. These notes are for your own reference, and Lockheed Martin does not
need to see any of your responses.
Column D summarizes Lockheed Martin's practices related to each program element. Some of the cells, marked with " »", link to Lockheed Martin resources.
2. Answer the questions about each element of an effective ethics program in Column B of the SELF-ASSESSMENT CHECKLIST and make any notes in Column C, in order to document which elements
of an effective ethics program you already have, and whether you may need to adjust or add elements for a more effective program.
3. Refer to the STANDARDS tabs for a comparison of the guidance provided as of April 2018 by different organizations on the elements of an effective ethics and/or anti-corruption program. The
SELF-ASSESSMENT CHECKLIST is based on the standards shown in these tabs.
The standards are divided into three tabs: Legal, Industry and International Organizations.
• The standards listed in the Legal tab may be required for your company (i.e. U.S. Federal Acquisition Regulation) and/or could be used to evaluate the effectiveness of your ethics program
in the event of an incident of serious misconduct, for sentencing purposes (i.e. U.S. Federal Sentencing Guidelines, U.K. Bribery Act Guidance).
• The standards in the Industry tab were developed by aerospace and defense industry groups (i.e. DII for U.S. firms and IFBEC for international firms).
• The standards in the International Organizations tab were developed for reference by firms in any industry.
It is up to your organization to determine which standards are most relevant. You can choose to 'Hide' columns that are not applicable to your organization.
Please remember that this is not an exhaustive list of all the standards related to ethics and compliance.
Program Element Self-Assessment Questions Supplier Notes Lockheed Martin Practices and Resources
» Company Values Does your company have a values statement? » Lockheed Martin's core values are Do What's Right, Respect Others, Peform with Excellence.
» Risk Assessment How often does your company conduct an assessment » The risk areas identified by Lockheed Martin are addressed in our Code of Ethics and Business Conduct, Setting the Standard, and
of its ethics and compliance risks?
» Policies & Procedures Do your company's policies and procedures address the » Most of Lockheed Martin's policies and procedures are considered proprietary information, but we publish documents related to
topics identified by your risk assessment?
» Code of Conduct Does your company have a code of conduct or other » Lockheed Martin's Code of Ethics and Business Conduct, Setting the Standard, details the high expectations we set for employee
written expectations for employee behavior? Is it
available to all employees and others who act on behalf
of the company?
» Training How often does your company train employees on their » Lockheed Martin requires all employees to participate in our annual Voicing Our Values Ethics Awareness Training and to comple
ethics and compliance responsibilities? Does the
training address the topics identified by your risk
assessment?
» Communications Does your company communicate with employees » Lockheed Martin uses a wide variety of methods to communicate with employees and external audiences. For example, we prod
about ethics and compliance, in addition to training? Do
these communications address the topics identified by
your risk assessment?
» Leadership Commitment How do your company's leaders demonstrate their Lockheed Martin's President, CEO and Chairman introduces our annual Ethics Awareness Training module, as well as our
support for ethics? Code of Ethics and Business Conduct. She also frequently refers to ethics in internal and external presentations.
Discipline & Incentives How does your company discipline employees who At Lockheed Martin, if an investigation of alleged misconduct is substantiated, an employee may be subject to discipline, up
violate laws, regulations or company policies? How to and including termination from employment. Employee performance evaluations include discussion of whether
does your company incentivize ethical behavior? employees model the Corporation’s core values. Employees can also receive small tokens of appreciation or verbal
recognition from their leadership for specific actions that demonstrate their commitment to ethical behavior.
Notes FAR Clause 52.203-13 requires certain elements of an effective ethics program The U.S. Federal Sentencing Guidelines for Organizations provide elements of an In addtion to the Federal Sentencing Guidelines, the U.S. Department of Justice The UK Ministry of Justice Guidance provides six principles and associated
for organizations involved in U.S. federal government contracts or subcontracts "effective compliance and ethics program," which the Department of Justice will and U.S. Securities and Exchange Commission "Guide to the FCPA" provides the procedures that should be considered in determining whether an organization
that have a value in excess of $5.5 million and a performance period of more consider in determining penalties for violations of the US Foreign Corrupt "Hallmarks of an Effective Compliance Program," which the agencies assess had "adequate procedures" in the context of a violation of UK Bribery Act 2010.
than 120 days. Practices Act. when considering enforcement and penalty actions.
Company Values
Program Structure & (c) (2) (ii) At a minimum, the Contractor’s internal control system shall provide (2) (A) The organization's governing authority shall be knowledgeable about the In appraising a compliance program, DOJ and SEC also consider whether a
Oversight for the following: content and operation of the compliance and ethics program and shall exercise company has assigned responsibility for the oversight and implementation of a
(A) Assignment of responsibility at a sufficiently high level and adequate reasonable oversight with respect to the implementation and effectiveness of company’s compliance program to one or more specific senior executives within
resources to ensure effectiveness of the business ethics awareness and the compliance and ethics program. an organization. Those individuals must have appropriate authority within the
compliance program and internal control system. (B) High-level personnel of the organization shall ensure that the organization organization, adequate autonomy from management, and sufficient resources to
(B) Reasonable efforts not to include an individual as a principal, whom due has an effective compliance and ethics program, as described in this guideline. ensure that the company’s compliance program is implemented effectively.
diligence would have exposed as having engaged in conduct that is in conflict Specific individual(s) within high-level personnel shall be assigned overall Adequate autonomy generally includes direct access to an organization’s
with the Contractor’s code of business ethics and conduct. responsibility for the compliance and ethics program. governing authority, such as the board of directors and committees of the board
(C) Specific individual(s) within the organization shall be delegated day-to-day of directors (e.g., the audit committee). Depending on the size and structure of
operational responsibility for the compliance and ethics program. Individual(s) an organization, it may be appropriate for day-to-day operational responsibility
with operational responsibility shall report periodically to high-level personnel to be delegated to other specific individuals within a company. DOJ and SEC
and, as appropriate, to the governing authority, or an appropriate subgroup of recognize that the reporting structure will depend on the size and complexity of
the governing authority, on the effectiveness of the compliance and ethics an organization. Moreover, the amount of resources devoted to compliance will
program. To carry out such operational responsibility, such individual(s) shall be depend on the company’s size, complexity, industry, geographical reach, and
given adequate resources, appropriate authority, and direct access to the risks associated with the business. In assessing whether a company has
governing authority or an appropriate subgroup of the governing authority. reasonable internal controls, DOJ and SEC typically consider whether the
(3) The organization shall use reasonable efforts not to include within the company devoted adequate staffing and resources to the compliance program
substantial authority personnel of the organization any individual whom the given the size, structure, and risk profile of the business.
organization knew, or should have known through the exercise of due diligence,
has engaged in illegal activities or other conduct inconsistent with an effective
compliance and ethics program.
Risk Assessment Assessment of risk is fundamental to developing a strong compliance program, The commercial organisation assesses the nature and extent of its exposure to
and is another factor DOJ and SEC evaluate when assessing a company’s potential external and internal risks of bribery on its behalf by persons
compliance program. One-size-fits-all compliance programs are generally ill- associated with it. The assessment is periodic, informed and documented.
conceived and ineffective because resources inevitably are spread too thin, with • Commonly encountered external risks can be categorised into five broad
too much focus on lowrisk markets and transactions to the detriment of high- groups – country, sectoral, transaction, business opportunity and business
risk areas. Devoting a disproportionate amount of time policing modest partnership.
entertainment and gift-giving instead of focusing on large government bids,
questionable payments to third-party consultants, or excessive discounts to The commercial organisation applies due diligence procedures, taking a
resellers and distributors may indicate that a company’s compliance program is proportionate and risk based approach, in respect of persons who perform or
ineffective. A $50 million contract with a government agency in a high-risk will perform services for or on behalf of the organisation, in order to mitigate
country warrants greater scrutiny than modest and routine gifts and identified bribery risks.
entertainment.
As a company’s risk for FCPA violations increases, that business should consider
increasing its compliance procedures, including due diligence and periodic
internal audits. The degree of appropriate due diligence is fact-specific and
should vary based on industry, country, size, and nature of the transaction, and
the method and amount of third-party compensation. Factors to consider, for
instance, include risks presented by: the country and industry sector, the
business opportunity, potential business partners, level of involvement with
governments, amount of government regulation and oversight, and exposure to
customs and immigration in conducting business affairs. When assessing a
company’s
© 2018 Lockheed Martin Corporation. All Rights compliance program, DOJ and SEC take into account whether and to
Reserved.
PIRA #: CHQ201608006 what degree a company analyzes and addresses the particular risks it faces.
Guidance on the Elements of an Effective Ethics Program
Updated April 2018
Policies & Procedures
Lockheed Martin Ethics Supplier Mentoring Program
Whether a company has policies and procedures that outline responsibilities for A commercial organisation’s procedures to prevent bribery by persons
compliance within the company, detail proper internal controls, auditing associated with it are proportionate to the bribery risks it faces and to the
practices, and documentation policies, and set forth disciplinary procedures will nature, scale and complexity of the commercial organisation’s activities. They
also be considered by DOJ and SEC. These types of policies and procedures will are also clear, practical, accessible, effectively implemented and enforced.
depend on the size and nature of the business and the risks associated with the
business. Effective policies and procedures require an in-depth understanding of Note: The full text of UK Bribery Act Guidance provides indicative, not
the company’s business model, including its products and services, third-party exhaustive lists of topics that should be covered in bribery prevention policies
agents, customers, government interactions, and industry and geographic risks. and procedures.
Among the risks that a company may need to address include the nature and
extent of transactions with foreign governments, including payments to foreign
officials; use of third parties; gifts, travel, and entertainment expenses;
charitable and political donations; and facilitating and expediting payments. For
example, some companies with global operations have created web-based
approval processes to review and approve routine gifts, travel, and
entertainment involving foreign officials and private customers with clear
monetary limits and annual limitations. Many of these systems have built-in
flexibility so that senior management, or in-house legal counsel, can be apprised
of and, in appropriate circumstances, approve unique requests. These types of
systems can be a good way to conserve corporate resources while, if properly
implemented, preventing and detecting potential FCPA violations. Regardless of
the specific policies and procedures implemented, these standards should apply
to personnel at all levels of the company.
Code of Conduct (b) (1) (i) The Contractor shall have a written code of business ethics and conduct A company’s code of conduct is often the foundation upon which an effective The commercial organisation seeks to ensure that its bribery prevention policies
(b) (1) (ii) The Contractor shall make a copy of the code available to each compliance program is built. As DOJ has repeatedly noted in its charging and procedures are embedded and understood throughout the organisation
employee engaged in performance of the contract. documents, the most effective codes are clear, concise, and accessible to all through internal and external communication, including training, that is
employees and to those conducting business on the company’s behalf. Indeed, it proportionate to the risks it faces.
would be difficult to effectively implement a compliance program if it was not
available in the local language so that employees in foreign subsidiaries can Note: The full text of UK Bribery Act Guidance includes recommendations
access and understand it. When assessing a compliance program, DOJ and SEC related to Code of Conduct, Training, Communications, Leadership Commitment
will review whether the company has taken steps to make certain that the code and Inquiry & Reporting Mechanisms under “Principle 5 Communication
of conduct remains current and effective and whether a company has (including training).”
periodically reviewed and updated its code.
Training & Communications (c) (1) (i) This program shall include reasonable steps to communicate (4) (A) The organization shall take reasonable steps to communicate periodically Compliance policies cannot work unless effectively communicated throughout a The commercial organisation seeks to ensure that its bribery prevention policies
periodically and in a practical manner the Contractor's standards and procedures and in a practical manner its standards and procedures, and other aspects of the company. Accordingly, DOJ and SEC will evaluate whether a company has taken and procedures are embedded and understood throughout the organisation
and other aspects of the Contractor's business ethics awareness and compliance compliance and ethics program, to the individuals referred to in subparagraph steps to ensure that relevant policies and procedures have been communicated through internal and external communication, including training, that is
program and internal control system, by conducting effective training programs (B) by conducting effective training programs and otherwise disseminating throughout the organization, including through periodic training and certification proportionate to the risks it faces.
and otherwise disseminating information appropriate to an individual's information appropriate to such individuals' respective roles and responsibilities. for all directors, officers, relevant employees, and, where appropriate, agents
respective roles and responsibilities. (B) The individuals referred to in subparagraph (A) are the members of the and business partners. For example, many larger companies have implemented Note: The full text of UK Bribery Act Guidance includes recommendations
(c) (1) (ii) The training conducted under this program shall be provided to the governing authority, high-level personnel, substantial authority personnel, the a mix of web-based and in-person training conducted at varying intervals. Such related to Code of Conduct, Training, Communications, Leadership Commitment
Contractor's principals and employees, and as appropriate, the Contractor's organization's employees, and, as appropriate, the organization's agents. training typically covers company policies and procedures, instruction on and Inquiry & Reporting Mechanisms under “Principle 5 Communication
agents and subcontractors. applicable laws, practical advice to address real-life scenarios, and case studies. (including training).”
Regardless of how a company chooses to conduct its training, however, the
information should be presented in a manner appropriate for the targeted
audience, including providing training and training materials in the local
language. For example, companies may want to consider providing different
types of training to their sales personnel and accounting personnel with
hypotheticals or sample situations that are similar to the situations they might
encounter. In addition to the existence and scope of a company’s training
program, a company should develop appropriate measures, depending on the
size and sophistication of the particular company, to provide guidance and
advice on complying with the company’s ethics and compliance program,
including when such advice is needed urgently. Such measures will help ensure
that the compliance program is understood and followed appropriately at all
levels of the company.
In short, compliance with the FCPA and ethical rules must start at the top. DOJ
and SEC thus evaluate whether senior management has clearly articulated
company standards, communicated them in unambiguous terms, adhered to
Inquiry & Reporting (c) (2) (ii) At a minimum, the Contractor's internal control system shall provide (5) The organization shall take reasonable steps— An
themeffective compliance
scrupulously, program should
and disseminated include
them a mechanism
throughout for an
the organization. The commercial organisation seeks to ensure that its bribery prevention policies
Mechanisms for the following: (C) to have and publicize a system, which may include mechanisms that allow for organization’s employees and others to report suspected or actual misconduct and procedures are embedded and understood throughout the organisation
(D) An internal reporting mechanism, such as a hotline, which allows for anonymity or confidentiality, whereby the organization's employees and agents or violations of the company’s policies on a confidential basis and without fear of through internal and external communication, including training, that is
anonymity or confidentiality, by which employees may report suspected may report or seek guidance regarding potential or actual criminal conduct retaliation. Companies may employ, for example, anonymous hotlines or proportionate to the risks it faces.
instances of improper conduct, and instructions that encourage employees to without fear of retaliation. ombudsmen.
make such reports. Note: The full text of UK Bribery Act Guidance includes recommendations
related to Code of Conduct, Training, Communications, Leadership Commitment
and Inquiry & Reporting Mechanisms under “Principle 5 Communication
(including training).”
Investigations & Disclosures Refer to (b)(3)(i), (b)(3)(ii), (b)(3)(iii) and (c)(2)(ii)(F) of FAR Clause 52.203-13 for
exact wording of mandatory disclosure requirements.
DOJ and SEC recognize that positive incentives can also drive compliant
behavior. These incentives can take many forms such as personnel evaluations
and promotions, rewards for improving and developing a company’s compliance
program, and rewards for ethics and compliance leadership. Some organizations,
for example, have made adherence to compliance a significant metric for
management’s bonuses so that compliance becomes an integral part of
management’s everyday concern. Beyond financial incentives, some companies
have highlighted compliance within their organizations by recognizing
compliance professionals and internal audit staff. Others have made working in
the company’s compliance organization a way to advance an employee’s career.
Company Values Your company values will be the foundation of your ethics and business conduct program.
Program Structure & Your company’s policies and procedures (and other command media) should include a written policy on
Oversight ethics and business conduct. This formalizes your company’s commitment to the highest ethical conduct in
all aspects of your business.
Risk Assessment Your company should conduct a comprehensive risk assessment by looking closely at your particular
business to determine areas of business and legal risk.
Policies & Procedures Your company’s policies and procedures (and other command media) should include a written policy on Note: The full text of IFBEC's Global Principles of Business Ethics for the Aerospace and Defence Industry
ethics and business conduct. This formalizes your company’s commitment to the highest ethical conduct in includes guidance on policy considerations related to corruption; use of advisors; conflicts of interest;
all aspects of your business. and proprietary information.
Code of Conduct
The purpose of your company’s code of conduct is to set forth your company values and important business
conduct information for your employees. It is important that your code is a straightforward, brief,
understandable, and useful tool for your employees. Many companies choose a relatively general employee
code of conduct or handbook that provides brief descriptions of various company policies, with references
to the more expansive policies for more detailed information on topics relevant to their specific work
situations or issues.
Training Employee awareness can be achieved through something as formal as one hour of live ethics training each Companies that endorse these Global Principles commit to have comprehensive policies and integrity
year or through a variety of ethics awareness initiatives that can be presented to employees periodically on programmes, and to foster effective practices within their aerospace and defense business operations to
a more informal basis (such as incorporating ethics discussions into regular staff meetings, safety meetings implement these Global Principles which shall include:
or employee forums). promoting awareness and compliance with the integrity policies of the Company consistent with the
Global Principles through appropriate communication and training.
Leadership Commitment The visible commitment of your company’s leadership at all levels is imperative to the success of your
program. Leaders set the tone and culture of an organization, including its attitude about ethics. It is
imperative that employees see that leaders are committed to the highest ethical standards.
Inquiry & Reporting It is important that your ethics and business conduct program includes a place for your employees, Companies that endorse these Global Principles commit to have comprehensive policies and integrity
Mechanisms suppliers, customers and others who do business with your company to ask questions or raise areas of programmes, and to foster effective practices within their aerospace and defense business operations to
concern. implement these Global Principles which shall include:
encouraging their employees, directors and officers to report all specific concerns that they may have
concerning compliance with the integrity policies of the Company consistent with the Global Principles
without fear of retaliation.
Investigations &
Disclosures
Discipline & Incentives Companies that endorse these Global Principles commit to have comprehensive policies and integrity
programmes, and to foster effective practices within their aerospace and defense business operations to
implement these Global Principles which shall include:
applying appropriate, proportionate and dissuasive sanctions for evidenced cases of non-compliance.
Program Assessment & Part of maintaining an effective Ethics and Business Conduct Program is conducting regular program
Evaluation assessments and evaluations. In addition to your company’s values and culture, there are various program
elements to be measured – for instance, your company’s code of conduct and related policies, inquiry and
reporting mechanisms, training and communication, and leadership actions. The design, implementation
and impact of these important program elements and activities should be evaluated.
Notes The International Chamber of Commerce (ICC)'s Rules on Combating Corruption The Organization for Economic Co-operation and Development (OECD)'s Good Transparency International (TI)'s Business Principles provide a framework for
provides a compliance model applicable to companies of all sizes. The self- Practice Guidance provides non-legally binding guidance to companies, organizations interested in developing, benchmarking or strengthening their
regulatory document is not legally binding, but it reflects key international legal particularly small and medium enterprises in OECD member countries, on anti-bribery programmes. TI-UK also publishes the Defence Companies Anti-
instruments, such as the OECD Anti-Bribery Convention and the UN Anti- developing effective internal controls, ethics, and compliance programmes or Corruption Index, which assesses the ethics and anti-corruption programs of
Corruption Convention. measures for preventing and detecting foreign bribery. firms in the global defense industry using publicly available information.
Company Values 3.1 The enterprise should develop a Programme that clearly and in reasonable
detail, articulates values, policies and procedures to be used to prevent bribery
from occurring in all activities under its effective control.
Program Structure & a) expressing a strong, explicit and visible support and commitment to the oversight of ethics and compliance programmes or measures regarding foreign The following section sets out the requirements that enterprises should meet at
Oversight Corporate Compliance Programme by the Board of Directors or other body with bribery, including the authority to report matters directly to independent a minimum when implementing the Programme.
ultimate responsibility for the Enterprise and by the Enterprise’s senior monitoring bodies such as internal audit committees of boards of directors or of 6.1 Organisation and responsibilities
management (“tone at the top”); supervisory boards, is the duty of one or more senior corporate officers, with an 6.1.1 The Board of Directors or equivalent body should demonstrate visible and
adequate level of autonomy from management, resources, and authority; active commitment to the implementation of the enterprise’s Programme.
c) mandating the Board of Directors or other body with ultimate responsibility 6.1.2 The Chief Executive Officer is responsible for ensuring that the Programme
for the Enterprise, or the relevant committee thereof, to conduct periodical risk is carried out consistently with clear lines of authority.
assessments and independent reviews of compliance with these Rules and
recommending corrective measures or policies, as necessary. This can be done
as part of a broader system of corporate compliance reviews and/or risk
assessments;
e) appointing one or more senior officers (full or part time) to oversee and
coordinate the Corporate Compliance Programme with an adequate level of
resources, authority and independence, reporting periodically to the Board of
Directors or other body with ultimate responsibility for the Enterprise, or to the
relevant committee thereof;
Policies & Procedures b) establishing a clearly articulated and visible policy reflecting these Rules and a clearly articulated and visible corporate policy prohibiting foreign bribery; Note: The full text of Transparency International's Business Principles for
binding for all directors, officers, employees and Third Parties and applying to all compliance with this prohibition and the related internal controls, ethics, and Countering Bribery includes guidance on policy considerations related to
controlled subsidiaries, foreign and domestic; compliance programmes or measures is the duty of individuals at all levels of the conflicts of interest; bribes; political contributions; charitable contributions and
d) making it the responsibility of individuals at all levels of the Enterprise to company; sponsorships; facilitation payments; gifts, hospitality and expenses; due
comply with the Enterprise’s policy and to participate in the Corporate ethics and compliance programmes or measures designed to prevent and detect diligence; mergers, acquisitions and investments; joint ventures and consortia;
Compliance Programme; foreign bribery, applicable to all directors, officers, and employees, and agents, lobbyists and intermediaries; contractors and suppliers; human
h) designing financial and accounting procedures for the maintenance of fair and applicable to all entities over which a company has effective control, including resources; and internal controls and record keeping.
accurate books and accounting records, to ensure that they cannot be used for subsidiaries, on, inter alia, the following areas:
the purpose of engaging in or hiding of corrupt practices; i) gifts;
i) establishing and maintaining proper systems of control and reporting ii) hospitality, entertainment and expenses;
procedures, including independent auditing; iii) customer travel;
iv) political contributions;
v) charitable donations and sponsorships;
vi) facilitation payments; and
vii) solicitation and extortion;
ethics and compliance programmes or measures designed to prevent and detect
foreign bribery applicable, where appropriate and subject to contractual
arrangements, to third parties such as agents and other intermediaries,
consultants, representatives, distributors, contractors and suppliers, consortia,
and joint venture partners (hereinafter “business partners”), including, inter alia,
Code of Conduct b) establishing a clearly articulated and visible policy reflecting these Rules and the following essential elements:
binding for all directors, officers, employees and Third Parties and applying to all i) properly documented risk-based due diligence pertaining to the hiring, as well
controlled subsidiaries, foreign and domestic; as the appropriate and regular oversight of business partners;
d) making it the responsibility of individuals at all levels of the Enterprise to ii) informing business partners of the company’s commitment to abiding by laws
comply with the Enterprise’s policy and to participate in the Corporate on the prohibitions against foreign bribery, and of the company’s ethics and
Compliance Programme; compliance programme or measures for preventing and detecting such bribery;
and
iii) seeking a reciprocal commitment from business partners.
a system of financial and accounting procedures, including a system of internal
controls, reasonably designed to ensure the maintenance of fair and accurate
books, records, and accounts, to ensure that they cannot be used for the
purpose of foreign bribery or hiding such bribery;
f) issuing guidelines, as appropriate, to further elicit the behavior required and to measures designed to ensure periodic communication, and documented training The following section sets out the requirements that enterprises should meet at
deter the behavior prohibited by the Enterprise’s policies and programme; for all levels of the company, on the company’s ethics and compliance a minimum when implementing the Programme.
j) ensuring periodic internal and external communication regarding the programme or measures regarding foreign bribery, as well as, where 6.6 Communication and reporting
Enterprise’s anti-corruption policy; appropriate, for subsidiaries; 6.6.1 The enterprise should establish effective internal and external
communication of the Programme.
6.6.2 The enterprise should publicly disclose information about its Programme,
including the management systems employed to ensure its implementation.
6.6.3 The enterprise should be open to receiving communications from and
engaging with stakeholders with respect to the Programme.
Leadership Commitment a) expressing a strong, explicit and visible support and commitment to the strong, explicit and visible support and commitment from senior management to
Corporate Compliance Programme by the Board of Directors or other body with the company's internal controls, ethics and compliance programmes or
ultimate responsibility for the Enterprise and by the Enterprise’s senior measures for preventing and detecting foreign bribery;
management (“tone at the top”);
Inquiry & Reporting m) offering channels to raise, in full confidentiality, concerns, seek advice or effective measures for: The following section sets out the requirements that enterprises should meet at
Mechanisms report in good faith established or soundly suspected violations without fear of i) providing guidance and advice to directors, officers, employees, and, where a minimum when implementing the Programme.
retaliation or of discriminatory or disciplinary action. Reporting may either be appropriate, business partners, on complying with the company's ethics and 6.5 Raising concerns and seeking guidance
compulsory or voluntary; it can be done on an anonymous or on a disclosed compliance programme or measures, including when they need urgent advice 6.5.1 To be effective, the Programme should rely on employees and others to
basis. All bona fide reports should be investigated; on difficult situations in foreign jurisdictions; raise concerns and violations as early as possible. To this end, the enterprise
ii) internal and where possible confidential reporting by, and protection of, should provide secure and accessible channels through which employees and
directors, officers, employees, and, where appropriate, business partners, not others should feel able to raise concerns and report violations
willing to violate professional standards or ethics under instructions or pressure (“whistleblowing”) in confidence and without risk of reprisal.
from hierarchical superiors, as well as for directors, officers, employees, and, 6.5.2 These or other channels should be available for employees to seek advice
where appropriate, business partners, willing to report breaches of the law or on the application of the Programme.
professional standards or ethics occurring within the company, in good faith and
on reasonable grounds; and
iii) undertaking appropriate action in response to such reports;
Discipline & Incentives f) issuing guidelines, as appropriate, to further elicit the behavior required and to appropriate measures to encourage and provide positive support for the
deter the behavior prohibited by the Enterprise’s policies and programme; observance of ethics and compliance programmes or measures against foreign
l) including the review of business ethics competencies in the appraisal and bribery, at all levels of the company;
promotion of management and measuring the achievement of targets not only appropriate disciplinary procedures to address, among other things, violations,
against financial indicators but also against the way the targets have been met at all levels of the company, of laws against foreign bribery, and the company’s
and specifically against the compliance with the Enterprise’s anti-corruption ethics and compliance programme or measures regarding foreign bribery;
policy;
n) acting on reported or detected violations by taking appropriate corrective
action and disciplinary measures and considering making appropriate public
disclosure of the enforcement of the Enterprise’s policy;
Program Assessment & c) mandating the Board of Directors or other body with ultimate responsibility periodic reviews of the ethics and compliance programmes or measures, The following section sets out the requirements that enterprises should meet at
Evaluation for the Enterprise, or the relevant committee thereof, to conduct periodical risk designed to evaluate and improve their effectiveness in preventing and a minimum when implementing the Programme.
assessments and independent reviews of compliance with these Rules and detecting foreign bribery, taking into account relevant developments in the field, 6.8 Monitoring and review
recommending corrective measures or policies, as necessary. This can be done and evolving international and industry standards. 6.8.1 The enterprise should establish feedback mechanisms and other internal
as part of a broader system of corporate compliance reviews and/or risk processes supporting the continuous improvement of the Programme. Senior
assessments; management of the enterprise should monitor the Programme and periodically
i) establishing and maintaining proper systems of control and reporting review the Programme’s suitability, adequacy and effectiveness and implement
procedures, including independent auditing; improvements as appropriate.
o) considering the improvement of its Corporate Compliance Programme by 6.8.2 Senior management should periodically report the results of the
seeking external certification, verification or assurance; Programme reviews to the Audit Committee, Board or equivalent body.
6.8.3 The Audit Committee, the Board or equivalent body should make an
independent assessment of the adequacy of the Programme and disclose its
findings in the Annual Report to shareholders.
6.10 Independent assurance
6.10.1 Where appropriate, the enterprise should undergo voluntary
independent assurance on the design, implementation and/or effectiveness of
the Programme.
6.10.2 Where such independent assurance is conducted, the enterprise should
consider publicly disclosing that an external review has taken place, together
with the related assurance opinion.