Since the beginning of the COVID-19 pandemic, governments have been allocating massive resources to fight the virus and its economic consequences. Simultaneously, most governments and international organizations have been adopting measures to mitigate and remediate financial misconduct risks.
When crises arise, most governments adopt some level of risk mitigation and remediation measures, focusing on transparency, accountability, and education. However, governments do not often implement a full suite of measures to adequately address financial misconduct risks, such as risk assessments, third-party risk management, robust record keeping, dynamic ex post facto reviews, and continuous improvement.
This full suite of measures, however, is commonly found as part of an integrity compliance program (ICP), required by governments for private sector companies. Curiously, instead of adhering to their own standards, governments typically seek to address only specific risks when they manifest, often during crises.
Governments should leverage the integrity compliance knowledge, experience, and tools that the private sector has developed over time. One tool to help governments in this task is the ISO 37001 on Anti-bribery Management Systems (the ISO 37001), developed by the International Organization for Standardization (ISO), which offers a comprehensive framework to address ever-present bribery risks and can be leveraged to manage other financial misconduct risks. ISO is an independent, nongovernmental international organization with a membership of 165 national standards bodies. It brings together experts to share knowledge and develop voluntary, consensus-based, market-relevant International Standards that support innovation and provide solutions to global challenges.
The Typology of Financial Misconduct in Times of Crises
- Corrupt practices flourish: Usually, corrupt schemes involve bribery, kickback, facilitation payments, conflicts of interest, collusion with government officials, favoritism, patronage in tailoring bid requirements, and otherwise steering business to a particular recipient.
- Fraudulent practices taint relief efforts: Procurement fraud manifests through inflated prices and ghost vendors or service providers. Ineligible vendors mislead procurement officials with fraudulent financial statements, past experience, “bait and switch” schemes, and counterfeit or defective supplies. Ineligible applicants file fraudulent applications for benefits, such as unemployment insurance, low-interest loans, or grants.
- There is inconsistent application of emergency procurement procedures: Emergency procurement procedures are not consistently implemented even when existent. Sometimes, the procurement of goods or services not related to the crisis is unjustifiably processed under the less-rigorous emergency procedures.
- Relief resources are misappropriated: Politically motivated diversion of goods and services due to patronage and favoritism is not uncommon.
- Government officials use extortive practices for personal enrichment: Financial misconduct is never victimless, but, during a crisis, the nexus between the misconduct and the victims is more direct, as governmental resources are often the only lifeline of those most vulnerable.
- Whistleblowers are subject to politically motivated prosecutions: Reports of prosecutions and harassment of whistleblowers have surfaced in connection with COVID-19.
Some governmental responses to several recent crises, which have been tainted by malfeasance, include the following:
- After the 2004 tsunami disaster in Sri Lanka, half a billion US dollars in relief aid were reported missing.
- Cases of corruption, fraudulent charities, and benefits fraud arose during the 2005 Hurricane Katrina relief efforts and the 2010 Haiti earthquake.
- Reports of embezzlement, expense fraud, and extortive practices were raised during the ongoing refugee crisis in the Mediterranean.
- Politically motivated diversion of resources and extortive practices surfaced during the 2013–2016 Ebola crisis in West Africa, as well as during the current COVID-19 crisis in African and South American countries.
- Some South American and East Asian countries have deviated from applicable procurement procedures during the current COVID-19 crisis, with some reportedly procuring inadequate medical supplies.
- In East Asia, some government officials have sought to silence individuals who presented evidence of underreported COVID-19 patient numbers.
Mitigation and Remediation Measures
The following is a nonexhaustive list of financial misconduct risk mitigation and remediation measures. Governments that seek to prevent, detect, investigate, and remediate financial misconduct risks should implement such measures:
- Risk assessment. The basis for governmental action should be guided by a financial misconduct risk assessment at the project, agency, sector, or country level, specifically referencing vulnerabilities during crises.
- Continuity and emergency response plan. Governments should develop emergency response plans that acknowledge and address financial misconduct risks. Mitigation and remediation plans should seek to repurpose existing processes to allocate emergency resources.
- Proper policies and procedures. Governments should adopt specific policies and procedures that address identified financial misconduct risks, including emergency hiring and procurement procedures, focusing on robust documentation.
- Oversight responsibility. Adequately resourced independent bodies should be tasked with monitoring the implementation of emergency plans, conducting ex post facto reviews, and investigating allegations of impropriety.
- Data analytics. Governments should analyze procurement data and other information associated with addressing the crisis, which may indicate financial misconduct.
- Transparency. Governments should publicly disclose the foregoing data in machine-readable format. Media and civil society organizations can analyze them for the betterment of public financial management independently or in collaboration with the government.
- Ex post facto reviews. Ex post facto reviews of emergency procurement should be distinguished between short-cycle reviews while the crisis is ongoing and comprehensive post-crisis audits of projects, programs, or agencies.
- Whistleblower channels and grievance redress mechanisms. Governments should leverage existing whistleblowing channels or establish crisis-specific channels to enable interested parties to safely submit complaints of financial misconduct and ensure the whistleblowers’ protection.
- Accountability and penalties. Governments should adopt administrative sanctions frameworks that enable them to discipline unscrupulous government officials or emergency service providers and to debar or otherwise sanction unethical companies.
- Third-party risk management. Procurement agencies should proactively map their supply chain to identify limited suppliers of vital products and services, diversify their supply base, and avoid the superior bargaining power that monopolies and oligopolies can exert, especially during times of crisis. Procurement agencies should establish shortlists of emergency suppliers that have been thoroughly and proactively vetted in advance.
- Education and communication. In collaboration with civil society, governments should offer emergency procurement training internally and raise the general public’s awareness on financial misconduct risks and whistleblowing and redress mechanisms. Governments should establish dedicated hotlines to aid participants in emergency procurement.
- Continuous improvement. At all times, governments should conduct comprehensive reviews of the performance of implemented measures to address gaps and preserve institutional memory.
The ISO 37001 on Anti-Bribery Management Systems
Governments implement only some of the foregoing measures, in a fragmented and reactive fashion, instead of following holistic programs that prevent, detect, investigate, and remediate financial misconduct or other integrity risks.
A summary of principles and leading practices that governments can follow to implement holistic ICPs at all times is the ISO 37001. The ISO 37001 provides anti-bribery guidance, a roadmap for improvements, and a benchmark framework for both governments and the private sector.
While only bribery falls within ISO 37001’s scope, bribery is not the only form of financial misconduct governments face. However, the ISO 37001 prescribes minimum requirements, which ISO 37001–compliant organizations can exceed to address other risks with no or limited customization.
The ISO 37001 requires the adoption of demonstrable and quantifiable antibribery measures that reflect the mitigation and remediation measures discussed above. Governments can benefit from aligning these measures with the ISO 37001: first, by leveraging the private sector’s integrity compliance experience to fight bribery and other financial misconduct, with necessary modifications for the government sector, and, second, by incentivizing the private sector to invest in integrity compliance and ethical business practices because ISO 37001–compliant government agencies would have to require their business partners to implement similar antibribery measures.
Governments would no longer only require ICPs reactively in the context of enforcement, but also proactively as an eligibility criterion to partner with the government. As more companies would be incentivized to implement such measures, the state of integrity in entire jurisdictions and markets would improve. Accordingly, implementation by governments of the ISO 37001 can gradually improve the ethical posture of a country, leading to better rankings in indices such as the Transparency International Corruption Perception Index and the World Bank Governance Indicators.
Soft and Hard Implementation
Governments can invest in soft or hard ISO 37001 implementation. In soft implementation, governments would self-assess the effectiveness of the ISO 37001 measures. In hard implementation, governments would additionally seek ISO 37001 certification by independent reviewers, who would test and affirm the effectiveness of implemented measures.
Through certification, governments can avoid a common pitfall of antibribery reforms: the dwindling and often punctual political will to fight bribery. The ISO 37001 certification is valid for three years, after which recertification is necessary. Poor performance can lead to retracting the certification. The reputational repercussions of a government agency losing its certification would likely be severe.
The ISO 37001 is not a panacea against bribery, and critics have highlighted limitations regarding the reliability of the certification process and the breadth of ISO 37001’s requirements. Nevertheless, the systematization of risk mitigation and remediation measures in governments can bolster a country’s financial misconduct enforcement at times of crisis and beyond, and enhance government and private sector integrity and reputation, domestically and internationally.