Features of national compliance, or how to ensure transparency and compliance in Ukrainian companies
By Olga Hipwood, Senior Tax Consultant at Otten Consulting
We are often applied by clients from abroad with a request to check whether the functioning of their subsidiary in Ukraine is transparent and whether it complies with internal corporate requirements and standards. The fact is that in the countries of Europe and North America such compliance verification has long become commonplace, since any misuse, both in the company itself and in the enterprises relating to it, can have a negative impact on the image of the company, its financial performance and share price.
Unfortunately, Ukrainian companies mainly still do not consider compliance to be one of the factors for business success, therefore, verification of transparency and compliance are generally exceptions rather than the rule. Such checks are usually initiated by foreign owner investors, who understand that timely compliance verification helps to form added value.
Compliance allows the investor to check how effectively the management of his Ukrainian subsidiaries controls the implementation of internal corporate policies and standards, and is able to minimize cases of misuse of company resources. In addition, in Western Europe, compliance regulation is enshrined at the legislative level and provides rather strict liability for economic offenses.
For example, if the management of a Ukrainian company offers a bribe or the so-called “kickback” to a third party, the manager of the parent company, for example, in Germany, where such actions are considered to be a “white-collar” crime, will be responsible for that.
Based on the experience of our work, we can distinguish several typical conditions that may indicate the need for a compliance verification:
- the company does not have an internal audit and/or a compliance department;
- the company has not conducted an official and/or internal audit and/or compliance verification for a long time;
- the company has no budgeting process;
- the parent company does not have proper control over the bank account (the right to sign bank transfers is fully transmitted to the local management);
- the company does not have management reporting or it is not automated.
According to studies conducted by international organizations on compliance issues, the most common types of misuse in the world practice are inefficient use or appropriation of company assets, bribery and corruption, manipulation of the company’s financial reporting. Studies conducted in Russia also add fraud in the procurement of goods and services to this list, while the most vulnerable stage in the procurement process is usually the choice of a supplier, at which there is the greatest possibility of misuses.
Cybercrime is also considered to be a modern type of misuse, which is becoming an increasingly common way of appropriating company assets in the world.
In practice, when conducting compliance checks in Ukrainian companies, we most often encountered cases of such misuses:
- violation of the suppliers selection procedure — non-compliance with internal policies with the work of the tender committee, which led to misuses in the procurement division;
- fictitious agreements for the provision of services with enterprises/persons related to company management;
- providing extremely long deferrals of payment or selling certain types of products at a below market price to customers related to company management;
- conducting atypical transactions without coordination with the parent company, for example, selling fixed assets at a below market price to persons related to management;
- payment of additional bonuses and rewards to company management, which were not provided for by employment contracts;
- inconsistency between the reported number of employees who were paid out the wages and the number of employees actually working for the company;
- opening of the additional bank accounts, without notifying the parent company about such accounts, and using these accounts to make transfers in favor of private entrepreneurs related to the company management;
- executing by the management of bank payments in an amount exceeding the restrictions established by the Charter, without obtaining the necessary permission of the owners of the company, etc.
Misuse of company resources can be detected during an internal audit through obtaining information from company employees or from other sources. Based on our experience, we can identify some indirect signs that may indicate the presence of misuse in the company and the need for compliance check:
- a negative financial result and/or a low level of gross profit that local management receives for several years in the event that there are no actual market reasons for this (except when negative financial indicators are the result of an internal corporate transfer pricing policy);
- high level or extraordinary growth during a certain period of administrative expenses exceeding budget norms, or in the absence of a budget;
- high level or extraordinary growth during a certain period of administrative expenses exceeding budget norms, or in the absence of a budget;
- absence of a tender committee and an approved procedure for the suppliers selection;
- significant discrepancies between sales prices indicated in the official price lists of the company and in invoices issued to customers (providing high discounts);
- high level of arrears of any local buyers;
- a high level of cooperation with private entrepreneurs, especially with regard to the acquisition of marketing or other services, etc.
To identify potential threats, it is very important to conduct a timely assessment of the of possible misuse risks in the company.
Most often, experts identify three factors that cause misuses in companies (the so-called “Triangle of Fraud”).
First of all, this is the person’s opportunity and ability to implement a misuse, that is, the person is in conditions that give him the opportunity to implement misuse (for example, he has access to company resources, there are no control and verification conducted by the company, etc.). The factor of opportunity and ability is the most common, which once again emphasizes the critical importance of implementing a compliance system at an enterprise.
Two other factors that also play a role in committing fraud are external pressure and the possibility of self-justification, that is, when a person does not consider his actions to be a violation or finds certain justifications for them. As for the latter, the preventive method can be timely informing company employees about internal corporate policies on compliance issues that describe how it is necessary and allowed to act in a particular business situation, and which particular actions of employees will be considered to be a violation.
Thus, the misuse and fraud become possible when the company has weaknesses in the system of compliance control or the system of compliance control at the enterprise is completely absent.
How to prevent possible misuses and ensure transparency and compliance in the company functioning?
First of all, it is necessary to develop and communicate to the management and employees of the company internal policies and standards aimed at minimizing compliance risks, for example, the Code of Conduct, which regulates the rules of conduct for employees when in contact with customers, suppliers, and others company employees, public authorities, etc.
Additionally, the company Code of Conduct may also include the Code of Ethics, Supplier Selection and Procurement Policies, Gift Policy, Whistleblowing Policy, (Financial Crime/Fraud Prevention), Conflict of Interest Policy, and Confidentiality and Privacy Policy (Chinese Walls), etc.
It is also imperative to introduce compliance control, that is, conduct regular compliance checks (at least once a year). For this, it may be advisable to create special internal services in the company or to attract external specialists.
Compliance checks will help the investor (owner) to ensure whether the local management is acting in accordance with internal corporate policies and standards, the basic principles and legal requirements of Ukrainian legislation, whether all business operations of a subsidiary in Ukraine are conducted transparently, and whether the company reported financial results are true, whether the company has any facts of misuse, bribery or corruption.
As a result, such checks reduce the risk of losses of the company, which are a consequence of violation of compliance requirements, increase the profitability and market value of the company, increase the confidence of investors and customers in the company’s functioning and its top management, and improve the business reputation of the company. The presence of compliance control is also extremely important for Ukrainian companies planning to enter international capital markets, as this significantly increases their level of investment attractiveness for foreign partners.
Therefore, for an effective owner seeking to ensure transparency and compliance in his companies, to protect the assets and reputation of his business, the need to implement a compliance system should undoubtedly become one of the priority tasks.