June 2013

Raising the bar Good anti-corruption practices in defence companies

Part I: Seven practices that distinguish the best “Those defence companies that do take corruption risk seriously have the chance to be seen by their government clients as better companies with which to do business. As governments toughen their attitudes towards corruption, having a reputation for zero tolerance of corruption will be a distinguishing asset for a defence company.”

The Rt Hon Lord Robertson of Port Ellen KT GCMG honFRSE PC, Former Secretary General of NATO June 2013

Raising the bar Good anti-corruption practices in defence companies

Part I: Seven practices that distinguish the best 2 Executive Summary

Executive Summary

The Defence Companies Anti-Corruption These are demanding questions. This report Index (CI) was published on 4 October 2012. looks in some detail at each topic and gives This analysis, the first of its kind, provided examples. We think that companies scoring full comparative information on the disclosure and marks on these topics represent today’s good quality of anti-corruption systems in 129 major practice. defence companies. In Part II of this report—available as a Whilst the media focused primarily on the separate online document—we have extracted banding results, the analysis also contains 104 good practice examples in relation to all of many examples of good practice by defence the 34 questions in the Index. These examples companies. Our objective is to help raise are mostly in the public domain. However, there anti-corruption standards in the defence sector were also examples of good practice from the worldwide. Publicising such examples is a good companies who opened up their company- way to spread knowledge of good practice and confidential practices, policies and procedures raise these standards. to review by us. Where the company has given us permission, we quote such examples as well. In Part I of this follow-up report, we present and discuss the topics that distinguish the Part II of this report can be found at http:// better companies. Our conclusion is that the companies.defenceindex.org/good- following seven are the most discriminating: practice.

1. The extent to which the company publicly aPPLICATION BY DEFENCE PROCUREMENT reports information on its ethics and CHIEFS anti-corruption programme Government defence procurement chiefs 2. Company leadership speaking up against have also expressed significant interest in the corruption, internally and externally Index results and its analyses. For the first time, the CI gives them a list of questions they can 3. How the Board assure themselves of the use to compare in some detail the business effectiveness of their anti-corruption conduct practices of potential defence contract programme bidders. By reducing the list down to just seven demanding questions, and adding model 4. How the company carries out corruption answers, this represents a useful tool for risk assessments defence procurement chiefs to use in identifying those bidding companies that have the best 5. How the company manages corruption risk practice in ethics and anti-corruption. in third parties A draft of these questions and model 6. How the company trains its staff, answers, based on the good practice cited in especially those in exposed roles this report, is available online at http:// companies.defenceindex.org/good- 7. How the company follows up whistle- practice. blowing information Executive Summary 3

We hope that all defence companies will use this document, in conjunction with Part II Actions for companies Actions for Government of the report which has extracted 104 actual Defence Procurement good practice examples, to review their own We call on all defence companies to Chiefs systems and identify areas of improvement. contribute actively to raising standards in defence through good practice in the 1. Make this good practice report We encourage companies to discuss following seven measures: available to your current and these areas, and to share their own prospective defence additional good practices and approaches. 1. Reporting the whole of your contractors. Require that the We also welcome feedback from companies ethics and anti-corruption contractors see if they can so that we can further refine and improve programme publicly. incorporate these practices into this document in the spirit of raising company their own anti-corruption standards. 2. Encouraging your Board Chair, policies and processes. the rest of the Board, the CEO Companies can also significantly advance and senior executives to speak 2. Consider using these seven sector-wide improvement efforts. A good up strongly on your zero questions—and related model example is the recently formed defence tolerance of corruption in the answers—as a requirement for industry initiative ‘IFBEC’—the International company and the sector. bidders to respond to as part of Forum on Business Ethical Conduct for the their pre-qualification. and Defence Industry. This is a 3. Improving how your Board new forum, committed to promoting the reviews the effectiveness of the 3. Give consideration to applying development of global, industry-wide ethical overall anti-corruption the Defence Companies standards for defence and aerospace programme. Anti-Corruption Index (CI) companies. We recommend that all defence methodology to all their companies join it, and that defence ministries 4. Strengthening your corruption national defence contractors. encourage such participation. risk assessment process, and testing it against the good practice examples in the report.

5. Ensuring that your company has robust processes for flowing down your ethics and anti- corruption programme to all third-party representatives including partners, sub- contractors and agents.

6. Reviewing and improving your training practices, especially for staff in exposed positions like sales and government relations.

7. Improving your processes for following up whistle-blowing complaints—the experience of many is that they work well on paper but not in practice. Encouraging staff to raise matters before the offence takes place. 4 Table of Contents

Table of Contents

Executive Summary 2

Table of Contents 4

Introduction 5 The 2012 Defence Companies Index results in brief 8 The seven distinguishing areas of good practice 12 Public reporting of ethics & anti-corruption systems 16 Company leadership speaking up against corruption 20 Board assurance on the effectiveness of the programme 24 Corruption risk assessments 32 Managing corruption risk in third parties 37 Anti-corruption training 44 Whistle-blowing 50

Next steps 52 Introduction 5

Introduction

The purpose of this study is to help raise anti-corruption standards in the defence sector worldwide by spreading knowledge of good practice examples found in our Companies Index (CI).

www.defenceindex.org www.ti-defence.org 6 Introduction

This report In a time of record fines and debarments Ethics and anti-corruption systems from corruption-related prosecutions, focuses on companies are well aware of this risk to their Defence companies use a variety of terms to what we found bottom line. The defence sector faces unique describe their corporate system for promoting risks to corruption due to high-value contracts, integrity and reducing corruption risk. Such to be the areas requests for official secrecy, and close terms include business ethics, business distinguishing government interaction on the buyer and seller conduct, and compliance programmes. side. In 2012 alone, the press has reported better allegations of corruption in the defence industry TI-DSP believes that both compliance-based companies. in countries from Austria and Italy, to India, and values-based approaches are essential Indonesia, and China. It is very much in the parts of the overall system. We have used the interest of companies to prevent these corrupt phrase ‘ethics and anti-corruption systems’ to deals from happening. describe a company’s approach to promoting its ethical culture and reducing corruption risk. Some defence companies recognise this and devote great time and resources to developing This includes the values and principles that strong anti-corruption systems. There is plenty the company seeks to promote and build of guidance available on what constitutes good integrity, as well as the policies and procedures practice for corporations, such as the Global the company employs to ensure that each staff Reporting Initiative, UN Global Compact, OECD member abides by the company’s anti- Anti-Bribery Convention, and from Transparency corruption policy. International. We organise our understanding of an ethics Many other defence companies, however, and anti-corruption system into five “pillar have only recently put or are thinking about areas”: leadership, governance & organisation; putting systems in place; or have such systems risk management; company policies & codes; but without any real assurance that they are training; and personnel & helplines. We believe effective. The evidence for this was very clear in this represents the basic capability that an the Defence Companies Anti-Corruption Index international defence company should have in (CI), where only 10 out of 129 companies place. The typology opposite shows these scored in the top two bands (of six). pillars and the elements that comprise each.

This report is a follow-up to the CI and A second companion index - The TI focuses, in Part I, on what we found to be the Government Defence Anti- areas that distinguish the better companies. Corruption Index (GI)

We also give 104 good practice examples Defence corruption is a supply (companies) relevant to all 34 questions in the Index, which and demand (governments) problem—with can be found in Part II of this report—a both parties contributing to the issue. This is separate document available online at http:// why we look at both. companies.defenceindex.org/good- practice. We have extracted good practice In January 2013, we launched the sister examples from as wide a range of companies in index to the CI, the Government Defence as many different environments as possible. Anti-Corruption Index (GI), which analyses what Nonetheless, those scoring in higher bands are 82 countries do to reduce corruption risks. naturally the ones with the better practice, so These countries accounted for 94 per cent of they will appear more often. the global expenditure in 2011, equivalent to USD 1.6 trillion. Countries are scored in bands from very low risk (A) to critical risk (F), according to a detailed assessment Introduction 7

across 77 indicators that cover five prominent • TI-UK Diagnosing Bribery Risk (2013) risk areas in the sector: politics, finance, • The 2010 UK Bribery Act—Adequate personnel, operations, and procurement. Procedures (2010) • Anti-Bribery Due Diligence for The GI shows that only 15 per cent of Transactions governments assessed possess political • Assurance Framework for Corporate oversight of defence policy that is Anti-Bribery Programmes (2012) comprehensive, accountable, and effective. In • UN Global Compact—Transparency 45 per cent of countries there is little or no International Reporting Guidance on the oversight of defence policy, and in half of 10th Principle Against Corruption nations there is minimal evidence of scrutiny of (2009) defence procurement. For more information on the GI, visit http://government. The US Department of Justice’s FCPA defenceindex.org. Resource Guide and the UK Ministry of Justice’s 2010 Anti-Bribery Act Guidance also provide Other sources of ethics and good good information on the adequate anti- practice in anti-corruption corruption policies and processes governments expect companies to have in place. Each of the There has been a considerable amount of agencies, alongside others such as the US work on what constitutes good anti-corruption Securities and Exchange Commission and UK systems outside the defence sector, both within Financial Services Authority, provide other Transparency International, as well as by other advice on an on-going basis. Other resources organisations. For other Transparency include private sector firms such as accounting International guidance on ethics and anti- or law firms that advise clients on this corruption please see: information. Finally, the Global Reporting Initiative, UN Global Compact, PACI Principles • The Business Principles for Countering for Countering Bribery, and ICC Rules of Bribery (developed by a multi- Conduct also discuss anti-corruption reporting stakeholder group and led by guidelines for corporations. Transparency International—updated in 2013) 8 The Defence Companies Index results in brief

The 2012 Defence Companies Index results in brief

Methodology The band results are shown in two different ways: one based on public information only; The CI examines a company’s basic and another based on public and internal anti-corruption programmes and processes. All information for the thirty-four companies that the chosen defence companies are assessed by provided internal information. These results TI-DSP against 34 questions concerning their provide an opportunity for the industry, public, ethics and compliance programmes, and then academia, governments, and non-profit placed into one of six bands—from A to F— organisations to compare the anti-corruption based on their total scores. The questions cover policies and procedures of companies, based what TI-DSP regards as the basic capability on the evidence that they make available. that a global defence company should have in place. The questions are divided into five THE COMPANIES categories: leadership, governance & organisa- tion; risk management; company policies & Most of the companies included in this study codes; training; personnel & helplines. (See lie within the group of the top 100 global http://companies.defenceindex.org/ defence companies, as measured by defence methodology for the full methodology and revenue in 2010. In addition, in order to have a questionnaire). truly global range of companies, we added some that were of an arms-exporting national- The companies have also been given the ity, were not within the top 100, but which opportunity to provide commentary and nonetheless had either actual or estimated additional evidence on these questions. revenue of at least USD 100 million. This resulted in a final population of 129 companies from 31 countries.

A FLUOR CORPORATION B HEWLETT-PACKARD, NORTHROP GRUMMAN, UNITED TECHNOLOGIES C

BECHTEL, . CSC, DAY & ZIMMERMANN, DYNCORP, , GE AVIATION, GOODRICH, HARRIS, HONEYWELL, ITT EXELIS, JACOBS ENGINEERING, KBR, L3 COMMS., LOCKHEED MARTIN, OSHKOSH CORP., RAYTHEON, ROCKWELL COLLINS, SAIC, TELEDYNE TECH., TEXTRON, URS, VSE

D AAR CORP., ALION, ATK, BOOZ ALLEN HAMILTON, CACI, CAE, CUBIC, CURTISS-WRIGHT CORP., FLIR SYSTEMS, MANTECH, NAVISTAR E – F ARINC, BATELLE, GENERAL ATOMICS, MC DEAN, SRA, SRC, WYLE LABORATORIES

NORTH AMERICAN COMPANIES (BANDS BASED ON PUBLIC INFORMATION - 45 CO.) The Defence Companies Index results in brief 9

The 2012 Defence Companies Index results in brief

THE SCORING

Bands A or B mean that we have seen plentiful or good evidence that basic ethics and compliance systems and processes exist. Bands C and D are intermediate results—either because of a mix of good and poor evidence across the index questions, or because of more uniformly average evidence. Bands E and F represent scores from 33 per cent down to 0 per cent, indicating there is only poor or no evidence of anti-corruption processes.

Only one company, Fluor, received an A based solely on publicly available information. Over two-thirds of companies provided little public information on their anti-corruption companies, receiving a D or below. A – B C FUJITSU (JP) – D DAEWOO SHIPBUILDING AND MARINE ENGINEERING (KR), ELBIT SYSTEMS (IL), S.A. (BR), HINDUSTAN AERONAUTICS (IN), NEC CORPORATION (JP), RAFAEL ADVANCED DEFENSE SYSTEMS (IL)

E GORKY AUTOMOBILE PLANT (RU), IHI MARINE (JP), MITSUBISHI ELECTRIC CORPORATION (JP), MITSUBISHI HEAVY INDUSTRIES (JP), RTI SYSTEMS (RU), SAMSUNG TECHWIN (KR) A – B F ACCENTURE (IE), BAE SYSTEMS (UK), (UK), (UK), THALES (FR)

C ABU DHABI SHIPBUILDING (AE), ALMAZ-ANTEY (RU), CHEMRING (UK), , (UK) EADS (NL), ANTONOV ASTC (UA), KHARKOV (UA), ARAB ORGANISATION FINMECCANICA (IT), GKN (UK) INDRA (ES), FOR INDUSTRALISATION (EG), AVIATION INDUSTRY KONGSBERG (NO), QINETIQ (UK), ROLLS ROYCE CORPORATION OF CHINA (CN), AVIBRAS INDÚSTRIA (UK), SAAB (SE), THYSSENKRUPP AG (DE) AEROSPACIAL (BR), BHARAT EARTH MOVERS LIMITED - BEML (IN), BHARAT ELECTRONICS (IN), BOUSTEAD NAVAL D SHIPYARD (MY), CHINA SHIPBUILDING INDUSTRY AVIO (IT), BABCOCK (UK), DIEHL STIFTUNG (DE), CORPORATION (CN), DENEL SOC (ZA), DOOSAN DST (KR), MBDA (FR), MTU AERO ENGINES (DE), NAMMO HEAVY INDUSTRIES TAXILA (PK), IRKUT CORPORATION (NO), SAFRAN (FR), TOGNUM (DE) (RU), ISRAEL AEROSPACE INDUSTRIES (IL), ISRAEL MILITARY INDUSTRIES (IL), KAWASAKI HEAVY INDUSTRIES (JP), LIG NEX1 (KR), NORINCO (CN), PAKISTAN ORDNANCE E ASELSAN (TR), DASSAULT (FR), DCNS (FR), FACTORIES (PK), POONGSAN (KR), RUSSIAN HELICOPTERS FINCANTIERI (IT), RHEINMETALL (DE), RUAG (CH), (RU), SAPURA GROUP (MY), SATUMA (PK), ST ENGINEERING (UK) (SG), SUKHOI (RU), TRV CORPORATION (RU), TULA KB F ARSENAL AD (BG), BUMAR GROUP (PL), DAMEN PRIBOROSTROYENIYA (RU), UNITED ENGINE CORPORATION SCHELDE (NL), KRAUSS-MAFFEI WEGMANN (RU) (DE), NAVANTIA (ES), NEXTER (FR), OTOKAR (TR), PATRIA (FI), TATRA (CZ), ZODIAC SA HOLDING (FR) EUROPEAN COMPANIES REST OF THE WORLD (BANDS BASED ON PUBLIC INFORMATION - 41 CO.) (BASED ON PUBLIC INFORMATION - 43 CO.) 10 The Defence Companies Index results in brief

Overall results including internal information

We also asked companies to provide internal information on their anti- corruption systems. 34 companies chose to do so. With the inclusion of internal information, the average band improved from D to B, with 16 of 34 companies in Band A.

A 16 Companies B 12 Companies C 6 Companies

Bechtel Corporation (C) BAE Systems (B) Cubic (D) Boeing (C) (C) Daewoo Shipbuilding Day & Zimmerman (C) CSC (C) & Marine Engineering (D) DynCorp International (C) General Electric Aviation (C) Diehl Stiftung & Co. KG (D) Fluor Corporation (A) Indra (C) Mitsubishi Heavy Industries (E) Fujitsu (B) Jacobs Engineering (C) FLIR Systems (D) Harris Corporation (C) Kongsberg Gruppen ASA (C) Tognum (D) Hewlett-Packard Company (B) MTU Aero Engines (D) Honeywell International (C) NEC Corporation (D) KBR Inc. (C) QinetiQ Group (C) Lockheed Martin (C) Saab AB (C) Meggitt (B) SAIC (C) Raytheon Company (C) Rockwell Collins (C) Serco Group (B) Thyssen Krupp AG (C) The Defence Companies Index results in brief 11

D 0 Companies E 0 Companies F 0 Companies

– – –

This table shows the band for each company that provided internal information. It is based on what their score would be if the company-internal information were made public. The letter in parenthesis represents the company’s band based on public information only. 12 The seven distinguishing areas of good practice The seven distinguishing areas of good practice The seven distinguishing areas of good practice 13

• Public disclosure • Leadership speaking up • Board assurance • Corruption risk assessments • Third party risk management • Specialised training • Effective whistle-blowing 14 The seven distinguishing areas of good practice

The seven topic areas that most distinguish The identification of these topics came from the better companies are: three different exercises. The first one was looking at which topic areas got the lowest 1. The extent the company publicly scores from companies in the three ‘better’ reports information on its ethics bands—Bands A, B and C. The results, shown and anti-corruption programme. in the table opposite, picked out five of the seven questions. Gifts and hospitality, whilst 2. The extent the company leadership being one of the worst ranking elements, were speaks up against corruption, not included as a distinguishing area since internally and externally. companies can draw upon the plentiful public evidence in this sphere to improve their internal 3. How the Board assure themselves practices and processes. of the effectiveness of their anti-corruption programme. The second was to review the results of all the participating companies—those that 4. How the company carries out provided internal information. These were corruption risk assessments. companies with which TI-DSP had detailed discussions on what systems and processes 5. How the company manages were in place inside the company for every corruption risk in third parties. question. It was evident from these discussions that some questions were noticeably more 6. How the company trains its staff, demanding than others, especially questions A2 especially those in exposed roles. through to A6, which focused on leadership engagement. 7. How the company follows up whistle-blowing information. The third analysis was our own, looking at the overall results, the feedback we received, and what we believe to be essential for the advancement of ethics and anti-corruption in the industry. This particularly brought in the need for public reporting of the whole ethics and anti-corruption programme, and the need for better ways to follow up whistle-blowing.

The next sections discuss what we found to be good practice in each of these seven areas. The seven distinguishing areas of good practice 15

Topic areas scoring lowest for companies banded A, B, and C in the CI

Area % of companies to receive Ranking of worst full marks in these bands performing areas

Internal leadership commitment 7% 1

Specialised anti-corruption 13% 2 training

Corruption risk assessment 20.5% 3

Gifts & hospitality 27% 4

Board monitoring of effectiveness of anti-corruption 29.5% 5 programmes

General anti-corruption 33% 6 training

Third party due diligence 34.8% 7 16 The seven distinguishing areas of good practice

An important area of good practice is to In conversations we have had with publicly report information on the policies and companies, institutional investors and 1. processes of a company’s ethics and anti- governments, we heard similar reasons: corruption systems. PUBLIC REPORTING • Broad reporting on anti-corruption During the course of our study and after systems—both internally and OF ETHICS & ANTI- publication, some companies asked us why externally—signals the serious CORRUPTION they needed to explain to the public their commitment of the company to approach to ethics and anti-corruption. This prevent corruption. SYSTEMS was surprising as there is an existing corporate consensus of why disclosure is important from • It drives performance within the both an adequate procedures perspective and company so employees understand from a public reporting standard. For instance the values and standards they must the Global Reporting Initiative is well developed uphold. and has been important in encouraging organisations to report on sustainability on a • Public declaration of this routine basis. Similarly, the UN Global Compact commitment deters employees, requires regular reporting on the company’s public officials, and third parties anti-corruption efforts and has published a engaging with the company from reporting guidance document to assist participating in corrupt activities. companies in this endeavour. • It allows governments, investors, Transparency is a matter of good corporate and the public to assess the risks of practice, and is a way for companies to engaging with a company. compare and improve practices, thereby raising overall industry standards. Good reporting cannot ensure good company behaviour, but it is an indication of a company’s commitment, awareness and action towards it.

The seven distinguishing areas of good practice 17

Transparency Only one company, Fluor Corporation, scores Nine companies scored in Band B: in Band A based on public information. Fluor is Accenture, BAE Systems, Fujitsu, Hewlett- is important a large engineering and construction company, Packard Company, Meggitt, Northrop Grumman as a matter of not usually thought of as a defence company. Corporation, Serco Group, Thales, and United However, it draws 11.7 per cent of its revenue Technologies Corporation. Based on their good from defence according to the 2012 Defense assessments using just public information, all of corporate News Top 100 list, and this is sufficient to place these reveal a good level of reporting of their it in the Top 100 defence companies globally. ethics and anti-corruption systems. Their practice, and summary results are shown in the next pages. as a way for The summary page of Fluor’s Index results from the CI website (below) shows how they are All company summary pages can be found at companies to strong on public reporting. The percentage http://companies.defenceindex.org/ compare and figures show their total score on the questions results/overall. in each of the five pillar areas. The first row is improve their score based on public information only. Through their overall Band scores of A and practices. The second row shows the score including B, these companies publicly demonstrate that it internal information. The only area where there is possible to report the values, systems and is a significant increase in the score once procedures that they have in place to prevent internal information is included is in training; corruption. This is to their credit and shows and even that area scores 70 per cent on public there is no confidentiality or secrecy barrier to information alone. The company also discloses good public reporting about anti-corruption in a comprehensive risk assessment system. the defence industry. Examples of how companies publicly report on their anti- corruption systems can be found in Part II of this report. 18 The seven distinguishing areas of good practice

Band B Company Summary Results based on public information

Four companies scored in Band B based solely on what they make publicly available. These companies show there is no confidentiality or secrecy barrier to good public reporting about anti-corruption in the defence industry. The seven distinguishing areas of good practice 19

based on PUBLIC + INTERNAL INFORMATION

Five companies that scored in Band B also provided internal information. Scrutiny of the results for each company shows that the two areas where there was least public disclosure were in risk assessment and training. These are both areas where the industry is collectively weak; these A and B companies represent less than ten per cent of the companies studied. Most of the companies in Bands D, E and F fail to disclose at all what they do on training and risk assessment. This includes some of the world’s largest defence companies. 20 The seven distinguishing areas of good practice

It is a truism that ‘tone from the top’ is a vital Just what constitutes ‘tone from the top’ and part of a strong ethics and compliance how might you measure it? In the CI, we 2. programme. A crucial part of the success of any focused on three questions: two on the extent anti-corruption system is clearly communicating to which top executives speak out externally on COMPANY the values and ethics employees are expected the issue of corruption and the stance of their to uphold, and leaders demonstrating they are company; and one that analyses this same LEADERSHIP following this advice themselves. Leadership engagement internally within the company. SPEAKING UP taking responsibility to go beyond mere Demonstrating a leader’s commitment against compliance with the law and promoting integrity corruption visibly is a good indicator of ‘tone AGAINST across the corporation is one of the best ways from the top’. CORRUPTION to instil these values. Findings In our analysis for the CI, however, we came across numerous companies where there was However, the analysis of the CI results no visible evidence of any such tone. In reveals that very few CEOs or Board members discussions with professionals in this field, one made serious public declarations against of the most common bits of feedback is dismay corruption. Just 13 out of 129 CEOs at how some senior executives undermine their demonstrated strong external engagement own programmes by professing how against corruption. Speaking up internally was unconvinced they are of the need for any ethics also the worst scoring section in the Index, as and compliance programmes in their respective shown in the table on page 15. company. Staff is very quick to recognise when their own leaders do not support such systems. Many CEOs had statements in the preface to their Code of Ethics, but these tend not to be Leadership plays a central part of setting the very convincing: most read as if they were expectations of acceptable behaviour across the written by the HR or legal department and do company, and of how the industry is viewed by not go into any depth about their convictions. society. Repeatedly speaking up in public and internally about corruption not being tolerated is If a company wants to be taken seriously a central ingredient in preventing corruption about its efforts to fight corruption, we think before it happens, and more convincing than that senior leadership— the Chair of the Board apologising if or when it does. of Directors, Board members, the CEO and the senior executives—should speak up publicly Whilst CEOs may feel exposed talking so and internally about the problem and about publicly about corruption, this should not be an what it does on this front. excuse not to speak out. Such external engagement—for example, at industry conferences and to the media—demonstrates to governments, the public, and other companies as well as to the company’s own staff that corruption will not be tolerated. The seven distinguishing areas of good practice 21

Good practice

Since so few CEOs and Boards of Directors Likewise, the CEOs of Accenture and Bechtel actually speak up publicly against corruption, also have engaged with the Global Compact there are few examples of good practice. and the World Economic Forum’s PACI principles. Leaders clearly need to determine what works for them personally and for their The CEO of Thales provides an in-depth company. They can look at the good practice interview in the company’s 2011 Corporate examples in Part II of this report for ideas on Social Responsibility report on the company’s how to communicate the ways in which they commitment to ethics. Specifically, he spoke prevent corruption to their employees, about the company’s engagement in anti- governments, investors, and the public. corruption initiatives such as the G20.

Some leaders publicly discuss their approach The companies that scored well on the to anti-corruption at global conferences such as relevant questions in the Index (A1, A2, A3) are the G20 and World Economic Forum (WEF); for noted in the boxes on the next page. example, the CEO of Fluor discussed his company’s anti-corruption position at the 2012 Other examples of what these companies WEF meeting in Davos and is the 2013 chair of have been doing can be found in the detailed Partnering Against Corruption Initiative (PACI). examples in response to questions A1, A2 and In his talk in 2009 as group president at WEF, A3 in the Part II report online: http:// he provided five recommendations on how to companies.defenceindex.org/good- develop ethical behaviour and an effective practice. anti-corruption programme, such as: “limit the number of third-party agents, and when they are involved, exercise due diligence and watch for signs of inappropriate behaviour.” 22 The seven distinguishing areas of good practice

Speaking up against corruption is good practice. The boxes below show companies which received a 2 (the highest score) on the following three questions in the CI:

• publishing CEO or Chair of the Board statement on anti-corruption

• evidence of strong personal external commitment by the Chair of the Board

• evidence of strong personal, internal BASED ON PUBLIC commitment to the anti-corruption INFORMATION principles of the company, actively promoting the Integrity Building and Accenture Anti-Corruption (IBAC) agenda Alliant Techsystems (ATK) BAE Systems Bechtel Corporation CACI International Day & Zimmermann, DynCorp International Fluor Corporation General Dynamics Corporation based on public + internal information Jacobs Engineering KBR Inc. BAE Systems BASED ON PUBLIC Kongsberg Gruppen ASA Bechtel Corporation INFORMATION Meggitt Day & Zimmermann NEC Corporation DynCorp International Accenture Northrop Grumman Fluor Corporation Bechtel Corporation Corporation Jacobs Engineering CACI International Raytheon Company, KBR Inc. Day & Zimmermann Rockwell Collins Kongsberg Gruppen ASA Fluor Corporation Saab AB Meggitt Meggitt SAIC NEC Corporation Northrop Grumman Serco Group Raytheon Company Corporation Textron Rockwell Collins Raytheon Company Thales S.A. Saab AB Rockwell Collins ThyssenKrupp AG SAIC Thales S.A. Tognum Serco Group ThyssenKrupp AG United Technologies ThyssenKrupp AG EADS Corporation Tognum Lockheed Martin

Leadership statements External leadership engagement The seven distinguishing areas of good practice 23

based on public + internal information

Bechtel Corporation Day & Zimmermann Meggitt Rockwell Collins ThyssenKrupp AG Lockheed Martin KBR Inc. NEC Corporation based on public + SAIC internal information Serco Group Tognum Bechtel Corporation Boeing Day & Zimmermann BASED ON PUBLIC Harris Corporation Fluor Corporation INFORMATION Honeywell International Meggitt DynCorp International Raytheon Company Day & Zimmermann Jacobs Engineering Rockwell Collins Northrop Grumman Daewoo Shipbuilding & Saab AB Corporation Marine Engineering ThyssenKrupp AG Lockheed Martin MTU Aero Engines GmbH Lockheed Martin Tognum QinetiQ Group

External leadership engagement Internal leadership engagement 24 The seven distinguishing areas of good practice

This topic is the subject of a single question Findings in the Index (A8). It is not focused on the 3. myriad elements of a good ethics and anti- Overall, this is an area where few companies corruption programme, but on the overview and reported in detail how they regularly assured BOARD ASSURANCE periodic review of effectiveness of the themselves that the anti-corruption system was programme. Typically, assurance focuses on the working effectively. Sixteen companies ON THE existence of anti-corruption measures, but what disclosed good evidence of a monitoring and EFFECTIVENESS OF is more important is whether those systems reporting system. A further 55 companies actually work. Specifically, if you were the Chair mention that they do have some level of a THE PROGRAMME of the Board of the company, what would review process of the anti-corruption system constitute assurance that your programme was but this often occurred on an ad hoc basis or working effectively? only reviewed part of the system at a very high level. In our discussions with the companies, they themselves voiced some of the challenges: Good practice

• What constitutes ‘effectiveness’? Companies take a variety of different approaches to ensure that the anti-corruption • How much time do you allocate to system is effectively preventing corruption and programme effectiveness at the empowering employees to speak up with (very busy) Board or its questions or concerns. committees? The starting point is having in place an • How much weight do you give to appropriate formal organisational structure and monitoring by the ethics/ a clear scope of activities. The charts opposite compliance department? show the scope of Textron’s activities and the reporting structure of Fluor. Both give an idea of • How do you ensure that oversight how companies can structure their ethics and is effective in all geographies? anti-corruption governance.

• How do you prove to employees that the company’s programme is effective?

• How do you assure shareholders and the public that the company’s programme is effective?

• How do you ensure that the programme is not just one big ‘box-ticking’ machine and that employees are communicating issues openly? The seven distinguishing areas of good practice 25

Company example: Textron’s Ethics & compliance program elements

Source: A Gagne, Auditing your ethics and compliance programme, Textron Systems Corporation, retrieved May 2013, http://dii.prod2.classfive.com/files/Gagne_DII_Panel.pdf.

Company example: Fluor’s Compliance and ethics program structure

Source: Fluor, Program Structure, retrieved May 2013, http://bit.ly/fluor-program.

Full-size versions of these examples can be downloaded at http://companies.defenceindex.org/good-practice 26 The seven distinguishing areas of good practice

How do Responsibility & assurance

companies Companies usually allocate responsibility for Almost half (60 of 129) of companies state make sure the programme with the CEO and a senior that they appoint a senior individual that is individual, with periodic Board overview of the responsible for monitoring the day-to-day anti- programme and its performance. The Board activities of the anti-corruption system. The corruption overview would be by the main Board or by one better companies provide this individual with of the Board Sub-Committees (Ethics, Audit, direct access to both the CEO and the Board, so systems are Risk, or Corporate Responsibility Committees). that they can directly raise corruption and other effective? ethics/compliance issues with senior The CI shows that for almost half of defence leadership. They bring up these topics through companies (56 of 129), the Board recognises reporting on issues such as number of hotline its overall responsibility for the company’s reports, number of investigations, and the anti-corruption system. This typically entails a results of those investigations. specific agenda item on the Board meeting to discuss developments related to corruption, Finally, within the ethics/compliance such as results of hotline reports, investigations, department, the better companies hold a and employee discipline. regular review of the programme. For example, General Electric Aviation’s ethics and Bechtel and DynCorp International’s Boards, compliance staff meet at least once a month to for instance, meet at least four times a year to review the programme, which includes review company-wide ethics, and compliance discussing current reports, why they may have performance. Among items they review are occurred, and any actions that need to be taken anti-corruption training, group ethics and to prevent them from occurring again. compliance activities, helpline statistics and trends, and customer and employee survey The leading companies also took additional data. Where there is a dedicated sub- steps to assure themselves about the committee, the Board may meet more effectiveness of their programme. What they did frequently and are able to review programme fell into the following eight categories: performance in more depth. For example, Honeywell International, Fluor, and Day & Zimmermann each have a dedicated ethics and compliance committee that focuses on the company’s anti-corruption programme and other ethics issues. The seven distinguishing areas of good practice 27

a. Board assurance of risk assessment effectiveness

Regularly updated corruption risk assessments are the foundational element of any good assurance system. Without understanding the corruption risk that each business unit faces, the company cannot develop a coherent and effective anti-corruption risk management programme. A good corruption risk assessment system that tracks internal risks, country risks, business area risks and transaction risk is essential material for the Board review of the programme. A good example of such risk categories is from American-based Jacobs Engineering (see below).

Company example: Jacobs’ risk categories

Internal risk • Lack of knowledge of the substantive rules • Integrity weakness • Misalignment of people or resources • Over-managed or under-managed risks.

Transaction risk • Improper review, approval, or inadequate documentation • Violations of expenditure type or amount • Overridden controls

Country risk • The economic and social context • Corruption perception index • Local customs, norms, needs, and practices • Armed hostilities, violent upheaval, geopolitical forces, health crises, business interruption.

Partnership risk • Improper selection criteria or hidden information • No shared values/difficult execution • Inability to control the enterprise • New acquisitions: slow integration of our culture, deficient financial controls, dissimilar risk silos.

Residual risk • Criteria determines whether residual risk is acceptable or unacceptable • Thresholds settle compensating controls, escalation, and reporting.

Source: Internal company document provided to TI-DSP.

Full-size versions of these examples can be downloaded at http://companies.defenceindex.org/good-practice 28 The seven distinguishing areas of good practice

b. Board committee structure and twice a year that includes details such as reporting investigations and its results. Whilst this, in the past, used to be largely a quantitative data Companies with good monitoring systems report, currently the company is doing more to have a clear understanding of what the role of incorporate qualitative data on emerging the Board should be. Specifically, the whole corruption risks and trends across the company. Board must take overall responsibility for They then discuss the follow-up action plans assuring the system is working effectively, that the managers are taking to mitigate the allocate necessary and appropriately trained risk. If the Board is not satisfied, they will set resources to conduct an effective risk further actions in place. assessment, and actively participate in the risk assessment process by lending their experience c. Assurance statements and expertise so as to signify a strong tone from the top. Often known as “operational assurance statements”, these test the implementation of a This includes a clear reporting structure particular policy or procedure against a set of through the hierarchy, up to the Board or one of criteria. A hierarchy of assurance statements its committees, which requires assurance that from all areas of the business are essential for the system is working well. Sometimes there is someone on the Board to have an overview of a fixed agenda. One of the Board Committees, the totality of the corruption risks in the for example, has a specific agenda item to company, and see that legitimate action plans review whether/when/how they should are in place to mitigate the risks. A good self-disclose any investigation to the reference document, even though it provides government. Although a subcommittee may guidance only on assurance of design rather receive more frequent reports of the ethics and than effectiveness, is the Transparency anti-corruption system, in the better companies, International Assurance Framework for the main Board still holds overall responsibility Corporate Anti-Bribery Programmes. and receives reports. At BAE Systems, line leaders of each entity A good but unusual practice we saw was of the company—across all geographies—are companies that took the issue to two different responsible for completing a biannual assurance Board Committees. For example, the BAE assessment and submitting a report to the CEO. Systems Board has both an Audit and a Assessments for each policy area against Corporate Responsibility Committee, each defined criteria result in ratings (e.g. “traffic receiving reports on the anti-corruption system. lights” of green, yellow, or red) to signal These groups come together twice a year to compliance or where risks exist. For review major issues and cross-report at assessments that are not green, an action plan meetings throughout the rest of the year. with details of person responsible and timeline for how to bring it back to green is also The compliance chiefs of United required. Technologies and Fluor report to the Board Subcommittee on Ethics and Compliance four times a year. They receive an ethics report The seven distinguishing areas of good practice 29

Leading d. Internal audit e. Tracking trends and indicators

companies Assurance statements are buttressed by the The leading companies have developed a set have work conducted by internal audit. From our of indicators that they find to be useful in discussions with companies, they see auditing identifying trends and giving advance warning of developed as an expensive but necessary assurance step problems. Companies such as Honeywell quantitative they must take to check the anti-corruption International, Serco Group and Fluor all follow programme is working properly. At the same both quantitative and qualitative indicators. and qualitative time, a challenge internal auditors face is to indicators to unearth the information unreported in self- Quantitative indicators include number/ audits. The CI did not focus on internal audit but nature of hotline calls; percentage of most give advance very few companies publicly report on even how employees at risk who are trained; quarterly warning of they approach internal audit in general. movement on ‘red flags’ and risk assessment metrics, number of current investigations and problems. According to a public presentation,2 United number of follow-up investigations, staff survey Technologies Corporation has an internal audit results, and disciplinary results. They also follow programme that annually reviews for corruption, qualitative indicators on ethics and indicators of fraud, and other such items through methods culture, such as ethics officers’ opinions in such as site interviews, and monitoring different businesses/geographies, or survey anti-corruption training completion data. results of staff confidence that the company will act on a report of corrupt activity. Other companies also expressed concern with internal audit when it focuses solely on investigations. These companies said that they use outside counsel to investigate corruption cases to mitigate any potential conflict of interest. This is an area where defence companies could do more collectively, so more good practices could be shared.

e. e.

2 R Muli, Self auditing your ethics programme, United Technologies, retrieved May 2013, http://dii. prod2.classfive.com/files/Muli_Self_Auditing_Your_ Ethics_Program.pdf. 30 The seven distinguishing areas of good practice

f. Public reporting ThyssenKrupp has a good variant on this: they alternate external review between different Some companies publicly report the results independent bodies, such as a law and auditing of their investigations. For example, General firm. They believe that by relying on one Electric Aviation states3 the number of company or one type of external reviewer, such investigations, the topic areas (e.g. conflicts of as an auditing firm, the company risks interest and improper payments) covered, the becoming too close to the firm and not number of disciplinary actions taken (e.g. identifying serious issues as a result. employee separations, warnings, job changes, and financial implication), and the geographic We also think there is significant scope for location of the disciplinary actions. They also companies and governments to innovate and mention whether they reviewed the programme collaborate on developing new ways to conduct for existing weaknesses and the actions they external reviews of anti-corruption systems. For took to remedy the same. example companies could develop a robust peer review methodology to analyse the companies’ Northrop Grumman similarly publishes4 the ethics and anti-corruption programmes. results of their investigations in their Corporate Social Responsibility report, and even circulates g. Certification programmes these statistics in a quarterly ethics newsletter to employees. An emerging topic in this field is external certification of anti-corruption programmes, for g. External review instance through certification agencies such as BSI or ISO. This concept was not covered in the The final component of effective monitoring CI but is an area that many companies raised is external review. with us. In particular, companies discussed that they were interested in suppliers signing up to a From information shared with TI-DSP, two globally recognised certification process before companies regularly conduct external reviews of companies engaged in due diligence processes. their anti-corruption systems: BAE Systems5 and ThyssenKrupp.6 Both commission external reviews of their programmes and both publish the recent results on their websites.

3 General Electric, Ombusdperson process, retrieved May 2013, http://www.ge.com/investor- relations/governance/ombudsperson-process. 4 Northrop Grumman, Corporate responsibility reports, retrieved Mar 2013, http://www. northropgrumman.com/CorporateResponsibility/ Pages/Reports.aspx. 5 BAE Systems, Ethical leadership group review, retrieved May 2013, http://www.baesystems.com/ our-company-rzz/corporate-responsibility/working- responsibly/meeting-high-ethical-standards/ethical- leadership-group-review. 6 ThyssenKrupp, Compliance program, retrieved May 2013, http://www.thyssenkrupp.com/en/ konzern/compliance.html. The seven distinguishing areas of good practice 31

The boxes below show companies which received a 2 (the highest score) on the question regarding monitoring the effectiveness of their programme in the CI.

BASED ON PUBLIC INFORMATION

Accenture Alliant Techsystems (ATK) Group BAE Systems based on public + Day & Zimmermann, internal information DynCorp International Finmeccanica S.p.A. BAE Systems Fluor Corporation Bechtel Corporation General Dynamics Day & Zimmermann Corporation DynCorp International L3 Communications Fluor Corporation Holdings General Electric Aviation Lockheed Martin Honeywell International Northrop Grumman Jacobs Engineering Corporation Lockheed Martin QinetiQ Group QinetiQ Group Sapura Group Raytheon Company Serco Group Serco Group ThyssenKrupp AG ThyssenKrupp AG

Monitoring effectiveness of programme 32 The seven distinguishing areas of good practice

Assessing corruption risk is the platform The US Department of Justice’s FCPA upon which an effective ethics and anti- Guidance argues that corruption risk 4. corruption programme is founded. assessments that are not focused and Understanding the scale of the risk enables customised to the company’s areas of highest CORRUPTION RISK companies to develop and put in place risk are “ill-conceived and ineffective.” The sufficient mitigation plans to manage these guidance suggests that: “Devoting a ASSESSMENT risks. disproportionate amount of time policing modest entertainment and gift-giving instead of According to the UK Bribery Act Guidance, focusing on large government bids, there are five different categories of corruption questionable payments to third-party risk: Sectoral risk (e.g. defence or extractives), consultants, or excessive discounts to resellers Transaction risk for actual and potential deals, and distributors may indicate that a company’s Country risks in different countries, Business compliance program is ineffective. A USD 50 opportunity risk associated with new projects, million contract with a government agency in a and Business contractor/partner risk. Without high-risk country warrants greater scrutiny than corruption risk assessments, the company modest and routine gifts and entertainment.” potentially could leave itself open to wide financial and reputational risks. Given that both the US FCPA Guidance and the UK Bribery Act Guidance state the In the defence sector, business opportunity authorities will take into account company (e.g. high value contracts and contracts with efforts to mitigate risk in the highest areas, it is many contractors or intermediaries) and thus very much in the interest of defence business contractor/partnership risk (e.g. companies to focus their priorities on assessing contracts that involve the use of intermediaries corruption risk. It could be the case for many of or interaction with government officials) are them that the risk associated with contracting is highly significant given how frequently they the most important, this requiring the institution occur. of strict contractual and monitoring terms to apply high anti-corruption standards to third parties, such as agents and suppliers. The seven distinguishing areas of good practice 33

Understanding Findings

the scale of Overall, companies reported very little public The good practice companies review all corruption information on how their risk assessment ethics and compliance risks on a regular basis, processes prevent corruption. Only 11 out of up to six times per year. They have templates risks enables 129 companies had good public evidence of and methodologies for analysing the relative companies to how they conducted a corruption risk severity of the risks so these can be prioritised assessment. Very few of these companies, against one another. These look across the develop and though, reported the results of these entire company and include all geographies no put in place assessments: specifically, what they perceived matter the size of the business unit. They as their major risks and the mitigation plans measure the risk of many different aspects of mitigation they had in place to tackle the same. This could the business ranging from corruption to plans to be a key way to demonstrate to the public, disruption of the supply chain. The risks are governments, and investors that the company is often prioritised based on ratings (e.g. manage them. aware of its risks and has a robust plan in place “stoplights” of green, yellow, or red) to signal to tackle them. This dramatically changed when whether they are at-risk. The company then we reviewed internal information: 26 out of 34 assigns responsibility for monitoring and companies had good internal evidence of preventing the risk. Each risk is assigned to a corruption risk assessments. senior person, who is then responsible for taking whatever action is needed to mitigate the In these companies, a corruption risk risk, and a timeline by which they need to assessment was seen as the foundational tool complete these actions (e.g. to improve to structure their anti-corruption programmes company communications, update a policy or and develop mitigation plans. For example, a provide a targeted training to an employee good corruption risk assessment will inform how group that is at risk). Frequently, the Board is a company should invest its training and audit also provided with a summary of these resources to various geographic locations or assessments and the actions taken to prevent business units. Many companies referred to the risk. their corruption risk assessment as part of the company’s “Enterprise Risk Management” or For example, Jacobs Engineering has a one ERM. page summary sheet that describes their corruption risk assessment process, including their plans for mitigating the risk once it is identified (see box on next page). 34 The seven distinguishing areas of good practice

Company example: Jacobs’ ‘How do we manage risk’ poster

Source: Internal company document provided to TI-DSP.

Full-size versions of these examples can be downloaded at http://companies.defenceindex.org/good-practice The seven distinguishing areas of good practice 35

Good practice

Corruption risk was assessed across the Boeing also conducts an operation-wide entire company and all operations on at least a compliance risk process. The senior executives yearly basis. The operation-wide corruption risk from each business unit are responsible for assessment allowed a company to allocate determining compliance risk areas and resources for monitoring and training through- implementing compliance risk monitoring and out the year. mitigation plans. These leaders formally come together as a board six times a year to discuss For example, each operation unit of Textron2 and review existing internal controls, report on conducts an ethics and compliance risk-based areas of improvement and to share best action plan on an annual basis. Textron has practices. Overall, Boeing monitors more than identified a number of potential legal and 35 compliance risks and uses COSO (Commit- compliance risks including accuracy of business tee of Sponsoring Organisations of the records, anti-bribery and corruption, conflicts of Treadway Commission) standards as a guide to interest, suppliers, intermediaries, and gifts and assess and prioritise risks. The senior vice entertainment. Each operation assesses the risk president of the Boeing Office of Internal associated with these potential corrupt Governance annually reports on the company- activities. They then identify “process owners” wide status to the Boeing Board of Directors or “subject matter experts” within each with more frequent updates to the company’s operation unit to develop mitigation plans, such Executive Council. as monitoring and training programmes. They also use performance checks and internal audit All of these companies use their corruption to monitor that these are on target. risk assessments as input into how they structure and monitor their anti-corruption Fujitsu has a risk management structure programme. For example, they use these which the CEO for each business unit oversees. assessments as drivers for their internal audit Each business unit has a dedicated Chief Risk units and training—with the internal audit and Management Officer who is responsible for training focusing first on the areas deemed to organising the assessment of the corruption risk be most at risk. (along with other metrics) and the respective actions to be taken.

2 A Gagne, Auditing your ethics and compliance programme, Textron Systems Corporation, retrieved May 2013, http://dii.prod2.classfive.com/files/Gagne_ DII_Panel.pdf. 36 The seven distinguishing areas of good practice

Good practice companies review all ethics and compliance risks up to six times per year.

The boxes below show companies which received a 2 (the highest score) on the corruption risk assessment question in the CI.

based on public + internal information

Fluor Corporation General Electric Aviation Honeywell International QinetiQ Group Raytheon Company Serco Group ThyssenKrupp AG Boeing KBR Inc. Meggitt MTU Aero Engines GmbH BASED ON PUBLIC SAIC INFORMATION Mitsubishi Heavy Industries BAE Systems Serco Group Bechtel Corporation Textron Day & Zimmermann Thales S.A. Jacobs Engineering Accenture Chemring Group BAE Systems CSC Finmeccanica S.p.A. Cubic Corporation Fluor Corporation FLIR Systems MTU Aero Engines GmbH Fujitsu Saab AB Harris Corporation Ultra Electronics Hewlett-Packard Company Holdings Saab AB Chemring Group NEC Corporation

Corruption risk assessment The seven distinguishing areas of good practice 37

Many companies identify working with third What, then do companies do to mitigate the parties—agents, intermediaries, suppliers, risk associated with these third parties? 5. distributors, and sub-contractors—as the biggest area of corruption risk. US DOJ FCPA Findings MANAGING Guidance and UK Bribery Act Guidance also cite third parties as a corruption risk, and advise More companies report that they took efforts CORRUPTION RISK IN companies to concentrate their resources on to maintain ethical relations with suppliers than THIRD PARTIES the highest risk ones. with agents. Twenty-three companies state that they make clear to suppliers through policy and Agents and intermediaries pose the biggest contractual terms their policies against risk of corruption for defence companies, since corruption. However, few companies (9) have they interact closely with high risk parties such publicly available statements on their as government officials (e.g. procurement or contractual terms with agents, and how they customs & immigration officials). This risk only monitor agents through audit and other increases when third parties work with mechanisms to ensure they are following these government officials where there is little terms to prevent corruption. meaningful oversight and regulation. Given the significant risks posed by agents Given government offset requirements with and the myriad of government guidance defence contracts, joint ventures are more encouraging companies to focus on this area attractive and often require the use of local especially, it is very surprising that companies suppliers and contractors. This is an area that do not disclose more on what they do on this poses a unique corruption risk for defence front. This is a view echoed by the institutional companies. investors who contacted TI-DSP after the publication of the CI. When taking internal information into account, this number increased greatly with 29 out of 34 companies stating they have contractual and monitoring controls in place for agents.

This shows that there is a disclosure gap for these companies that provided internal information, regarding what they do to mitigate corruption risk in third parties. 38 The seven distinguishing areas of good practice

Good practice

a. Agents and intermediaries

A major question that companies raised with They then require formal justification of the us was how far down the supply chain should agent’s role and the proportionality of the the application of anti-corruption expectations commission. Finally, they require senior go. Some of the largest companies which have management sign-off at headquarter level for all complex and extremely long supply chains agent contracts worldwide. expressed concern that it was not feasible to manage corruption risk with all of them due to MTU Aero requires a formal approval process resource constraints. These same companies for every Sales Consultant proposed to be then stated they used a risk-based approach to contracted (and for contract renewals after prioritise which suppliers to focus their three years) worldwide. The applicant needs to resources on managing. For instance, some fill out a detailed questionnaire to be reviewed companies spent most of their efforts on agents by the Compliance Board. In parallel a TRACE or intermediaries, as the corruption risk (due diligence review, by a non-profit member assessment identified that area as the highest association, that provides anti-bribery risk. This is an emerging area of good practice compliance solutions for multinational that companies, governments, and Civil Society companies and their commercial intermediaries) Organisations (CSOs) are starting to discuss check is undertaken. In case no TRACE findings more openly, and will continue to improve. are being made and no satisfactory answers are being given in the questionnaire, the GKN, Lockheed Martin, Meggitt, MTU Aero, Compliance Board proposes to the CEO to Serco Group and Thales have policies and approve the new contract/the renewal of processes to manage the risk of corruption existing contracts. The CEO must approve every when engaging a particular agent or new sales consultancy contract, every renewal intermediary. Some companies—such as BAE before entering into new contracts, and renewal Systems and General Electric Aviation—even of existing contracts. stated that they have gone to great lengths to reduce the number of agents they employ given Due diligence is an important, but only one the great risks associated with them. part, of a component for mitigating corruption risk with third parties. Other mechanisms such The good practice companies publicly as the right to audit and anti-corruption training disclose what they do when they contract a are also relevant but less widely disclosed by third party, and refresh those contracts at least defence companies. GKN unusually discloses a every two years. Many of those companies that public set of guidelines that all its companies provided internal information stated they must follow when employing a sales consultant conducted due diligence on potential agents or agent. These include due diligence, and intermediaries before they entered into contractual compliance with GKN’s policies, and contract. Very few companies provided TI-DSP allowance for termination of the contract if a with detailed information on what this due sales consultant violates this; they also declare diligence looked like. The better companies the terms under which GKN can audit the sales state their due diligence was risk-based and consultant. Each member of the Executive thus customised for each agent they examined, Committee of GKN is then responsible for and took into account factors such as the ensuring that their group company follows this country, local anti-corruption regulation and policy and submits a written report to the Audit enforcement, interaction with government Committee on an annual basis to assure that officials, and potential conflicts of interest. this is done. The seven distinguishing areas of good practice 39

In good Meggitt states that its policy is to treat its agents as part of an “internal sales team,” and practice thus “demands regular reporting on existing and companies, potential customers, sales forecasting and specific activity reviews and target setting, all of due diligence which will provide a record of the success of the is customised relationship.”

for each agent. In the case of Serco Group, they have a standard due diligence questionnaire that includes detailed questions about an intermediary’s anti-corruption programmes, among other things.

Serco also provides a list of corruption indicators2 (red flags) and sample questions that employees can tailor to the particular risks depending on the type of business engagement they are entering (see box on next page).

Thales states that it only works with approved third parties which have gone through a “strict, multi-layer compliance and approval process” that includes the submission of company registrations and annual reports, and is independently verified by a third-party.

2 UK Serious Fraud Office (SFO), Corruption indicators, retrieved May 2013, http://sfo.gov.uk/ bribery--corruption/corruption-indicators.aspx. 40 The seven distinguishing areas of good practice

Company example: Serco’s corruption indicators

Source: Internal company document provided to TI-DSP.

Company example: Hewlett-Packard Electronic industry code of conduct

Full-size versions of these examples can be downloaded at http://companies.defenceindex.org/good-practice

Source: Hewlett-Packard, Electronic industry code of conduct, refrieved May 2013, http://bit.ly/HP-code.

Full-size versions of these examples can be downloaded at http://companies.defenceindex.org/good-practice The seven distinguishing areas of good practice 41

b. Suppliers

Suppliers also pose a corruption risk to part of the purchase agreement and sets out defence companies given the large number of the principles DCNS expects its suppliers to local suppliers in high-risk countries defence commit to, particularly governance, anti-bribery companies employ. Lockheed Martin has piloted and human rights. DCNS also reserves the right in the UK an in-depth questionnaire that to audit its suppliers to ensure they comply with suppliers must answer before entering into a and implement the Code. In addition, DCNS contract. The questionnaire includes questions requires that suppliers develop and implement on relevant allegations and legal proceedings, their own Corporate Social Responsibility (CSR) potential governmental conflicts of interest, and based on those principles. Further, DCNS company anti-corruption policies and practices. details in a two-page leaflet, the gifts and The questionnaire responses are to be hospitality expectations that suppliers must refreshed on a one to three-year cycle. follow. Additionally, suppliers in certain high-risk countries must sign an anti-corruption supplier Hewlett-Packard (HP) states3 that all declaration. Lockheed Martin tracks the suppliers “shall have a zero tolerance policy to completion of this process through an internal prohibit any and all forms of bribery, corruption, online system. extortion and embezzlement (covering promising, offering, giving or accepting any Some companies, such as DCNS and bribes).” Additionally, HP requires that all Hewlett-Packard, have separate and public suppliers adopt a management system to Codes of Conduct tailored to suppliers. These ensure compliance with these codes, including Codes have specific clauses covering the ethics the provision of training, whistle-blowing, and and business integrity standards they expect of non-retaliation against whistle-blowers. their suppliers. For example, DCNS has a Code of Conduct for suppliers2, which is an integral The companies on the next page scored the best on questions 11-13 which covered managing corruption risk with third parties.

2 DCNS, The code of conduct for suppliers, 3 Hewlett-Packard, Electronic industry code retrieved May 2013, http://en.dcnsgroup.com/group/ of conduct, retrieved May 2013, http://www.hp.com/ supplier-partnerships/code-de-conduite-des- hpinfo/globalcitizenship/environment/pdf/supcode. fournisseurs/. pdf. 42 The seven distinguishing areas of good practice

Thorough due diligence is good practice.

The boxes below show companies which received a 2 (the highest score) on the following three questions in the CI:

• due diligence when selecting agents

• anti-corruption agreements/ processes for agents

• anti-corruption policies and terms with contractors, subcontractors and suppliers

BASED ON PUBLIC INFORMATION based on public + internal information Serco Group Thales S.A. Fluor Corporation Accenture General Electric Aviation BAE Systems Honeywell International Fluor Corporation QinetiQ Group Saab AB Raytheon Company Chemring Group Serco Group QinetiQ Group ThyssenKrupp AG Meggitt Boeing, KBR Inc. Hewlett-Packard Company Meggitt United Technologies MTU Aero Engines GmbH Corporation Mitsubishi Heavy Industries Elbit Systems BAE Systems General Electric Aviation Bechtel Corporation BASED ON PUBLIC KBR Inc. DAY & Zimmermann INFORMATION Safran S.A. Jacobs Engineering DynCorp International Chemring Group Accenture CSC CSC Fluor Corporation Fujitsu Cubic Corporation Fujitsu GKN FLIR Systems General Electric Aviation Oshkosh Corporation Fujitsu GKN Rolls Royce Harris Corporation Hewlett-Packard Company Booz Allen Hamilton Hewlett-Packard Company Meggitt Jacobs Engineering Saab AB Safran S.A. Goodrich Corporation NEC Corporation ThyssenKrupp AG

Due diligence in agents Anti-corruption agreements for agents The seven distinguishing areas of good practice 43

based on public + internal information based on public + BAE Systems BASED ON PUBLIC internal information Bechtel Corporation INFORMATION Boeing Bechtel Corporation Chemring Group Accenture Boeing CSC Avio S.p.A. Chemring Group Day & Zimmermann Babcock International CSC Diehl Stiftung & Co. KG Group Daewoo Shipbuilding & Fluor Corporation Day & Zimmermann Marine Engineering Fujitsu DCNS S.A. Day & Zimmermann General Electric Aviation EADS DynCorp International Harris Corporation Finmeccanica S.p.A. FLIR Systems Hewlett-Packard Company FLIR Systems Fluor Corporation Honeywell International Fluor Corporation Fujitsu Indra Sistemas, S.A. Fujitsu General Electric Aviation Jacobs Engineering GKN Harris Corporation KBR Inc. Harris Corporation Hewlett-Packard Company Kongsberg Gruppen ASA Hewlett-Packard Company Honeywell International Lockheed Martin Hindustan Aeronautics Indra Sistemas S.A. Meggitt Indra Sistemas S.A. Jacobs Engineering Mitsubishi Heavy Industries KBR Inc. KBR Inc. MTU Aero Engines GmbH Lockheed Martin Kongsberg Gruppen ASA NEC Corporation Oshkosh Corporation Lockheed Martin QinetiQ Group Rafael Advanced Defense Meggitt Raytheon Company Systems Mitsubishi Heavy Industries Rockwell Collins Serco Group MTU Aero Engines GmbH Saab AB Teledyne Technologies QinetiQ Group Serco Group United Technologies Raytheon Company ThyssenKrupp AG Corporation Rockwell Collins Tognum VSE Corporation Saab AB

Anti-corruption agreements for agents Anti-corruption policies with contractors & suppliers 44 The seven distinguishing areas of good practice

Training is a key component of mitigating the Another choice companies face is between company’s exposure to corruption risk. Those developing customised training or buying “off 6. companies that keep training “fresh” and the shelf” training from an external training relevant to employees do it so as to derive the provider. Given that every company has ANTI-CORRUPTION maximum possible benefit from what is a time different policies and a different set of and resource intensive exercise. Companies corruption risks, the better companies opt for TRAINING with good practice make use of real past customising at least some part of “off the shelf” examples and create hypothetical scenarios to training, with the aim of providing the best bring to life real issues that employees have or training possible to their employees. could face in the field. Though customised training is more Findings expensive, it is an essential part of imparting knowledge to employees and mitigating the Overall, training is an area where companies chance for corruption violation. Many publicly reported little on what they did in detail. companies choose to work with an expert Forty-three companies stated that they provided external training company to provide the training that covered the Code of Ethics but only company training. These external providers 20 companies reported that this explicitly allow the opportunity to customise the training covered anti-corruption. Only seven companies beyond their standard packages. Other reported that they provided customised training companies, such as SAIC, choose to develop to employees or members of the Board most their own in-house training so that they can at-risk of corruption. select scenarios based on actual employee experiences. These companies believe this In our discussions with companies, a major makes the training more relevant to employees. choice they cite is finding the suitable balance between face-to-face and online anti-corruption Finally, some companies use third parties to training. They explain that face-to-face training conduct employee surveys. These surveys aim is more effective at imparting knowledge as it to get the temperature of the success of the allows employees to discuss questions and trainings and the attitude of the employees issues in-depth, but it is costly. about the company. For instance, these surveys can ask employees whether they feel One way that companies have chosen to comfortable raising concerns or potential prioritise the use of face-to-face training is to corruption cases with the appropriate people, provide customised anti-corruption training to and why. If they do not, then the company is in employees in the most sensitive and risky a position to understand and develop an action situations (e.g. staff working in sales and plan to remedy this concern. procurement or in countries that are perceived to have a high level of corruption). The Whilst costly, companies that use employee remaining staff, deemed to be at less risk for surveys believe that they help determine engaging in corruption receive online training whether they are using their training resources and have resources to ask follow-up questions most constructively. Those companies that use or voice concerns. employee surveys tend to conduct them every couple of years. The seven distinguishing areas of good practice 45

Good practice

Many companies, such as Meggitt, have The “EthicSpace” series provides short video companion ethics booklets that employees can clips that tell stories about ethical concerns consult after their training as a resource when faced by their employees. Episodes are they have questions that come up on a delivered to employees via email each quarter case-by-case basis. These booklets contain and cover topics such as use of social media, scenarios based on typical employee questions labour charging, competitive intelligence, and covering topics ranging from conflicts of interest reporting concerns. Raytheon conducts to facilitation payments and charitable follow-up surveys and small focus groups to contributions. improve the effectiveness of the training. In Raytheon provides an example of good addition to its in-person training, Raytheon also practice for anti-corruption training programmes provides desktop resources for employees to (see image below). Some of Raytheon’s training follow-up with any questions or concerns that is provided to all employees through video they may have. To illustrate, they have a vignettes based on actual cases, which “decision-making model” which asks a series of Raytheon argues is “powerful and relevant for questions (e.g. Does the action comply with the employees” (DII Best Practice Forum: Tailoring law? Does it feel comfortable? Is it the “right” Training to Address Trends 2011). thing to do? Could it be shared publicly?). This is in an effort to help guide employees when they are making a decision.

Company example: Raytheon’s ‘Tailoring Training...’ PPT

Source: T Schultz, Tailoring traiining to address trends , Raytheon presentation at DII Best Practices Forum, 2011.

Full-size versions of these examples can be downloaded at http://companies.defenceindex.org/good-practice 46 The seven distinguishing areas of good practice

Fujitsu also provides guidance to employees Northrop Grumman uses a training matrix Training is an on “red flags” or signs that they should be that “outlines ethics and compliance training area of poor aware of before taking a certain action.2 For requirements and provides links to subject example, a red flag for an improper payment experts and available on-line materials” for public could be being asked to make a political or employees to receive anti-corruption training. disclosure. charitable contribution or use a particular Northrop Grumman provides training through a subcontractor. If this occurs, Fujitsu advises variety of different means including “classroom employees to use “extra caution” and raise instruction, workplace meeting materials, questions with the CEO of the business unit. computer-based training, video, and self-paced learning guides.” Some companies provide targeted training to employees most at risk and use internal tools to An unusual good practice is that some track when employees undergo training and the companies provided anti-corruption training to type of training they should receive (see box their Boards. Given the recent corruption opposite). All employees receive general scandals at the Board level and recent FCPA anti-corruption training, while employees Guidance, it would seem prudent to provide deemed most at risk (e.g. sales or government anti-corruption training to these members. We contract employees) receive follow-up targeted were surprised to see that many companies training, on subjects such as procurement struggled to provide any evidence—internal or integrity. public—of such training being provided to Board members on a regular basis. QinetiQ Group provides in-person general and advanced anti-corruption training to all Board members.

2 Fujitsu, Fujitsu way code of conduct, retrieved May 2013, http://www.fujitsu.com/uk/Images/fujitsu- way-code-of-conduct.pdf The seven distinguishing areas of good practice 47

Company example: Compliance training assignment matrix sample

Source: Company example provided to TI-DSP.

Full-size versions of these examples can be downloaded at http://companies.defenceindex.org/good-practice 48 The seven distinguishing areas of good practice

Training is a key component in mitigating the company’s exposure

to corruption risk. The boxes below show companies which received a 2 (the highest score) on the following three questions in the CI:

• different levels of anti-corruption training for employees in sensitive positions

• targeted anti-corruption training for senior managers and members of the Board

• training explicitly covering anti- corruption

based on public + internal information

Bechtel Corporation Boeing Chemring Group CSC Cubic Corporation Day & Zimmermann Diehl Stiftung & Co. KG DynCorp International Fluor Corporation Fujitsu Harris Corporation Hewlett-Packard Company BASED ON PUBLIC Honeywell International INFORMATION Jacobs Engineering BASED ON PUBLIC KBR Inc INFORMATION Fluor Corporation Kongsberg Gruppen ASA Fujitsu MTU Aero Engines GmbH BAE Systems Goodrich Corporation QinetiQ Group Finmeccanica S.p.A. Jacobs Engineering Raytheon Company Fujitsu Northrop Grumman Rockwell Collins Hindustan Aeronautics Corporation Serco Group Meggitt Thales S.A. ThyssenKrupp AG Sapura Group ThyssenKrupp AG Tognum ThyssenKrupp AG

Training of employees at risk Training to board The seven distinguishing areas of good practice 49

based on public + internal information

BAE Systems Bechtel Corporation Boeing Chemring Group CSC Cubic Corporation Day & Zimmermann based on public + BASED ON PUBLIC Diehl Stiftung & Co. KG internal information INFORMATION DynCorp International FLIR Systems BAE Systems Accenture Fluor Corporation Bechtel Corporation BAE Systems Fujitsu Boeing Cobham General Electric Aviation CSC Finmeccanica S.p.A. Harris Corporation Day & Zimmermann Fluor Corporation Hewlett-Packard Company DynCorp International Fujitsu Honeywell International Fluor Corporation GKN Jacobs Engineering Fujitsu Goodrich Corporation KBR Inc. Hewlett-Packard Company Hewlett-Packard Company Kongsberg Gruppen ASA Honeywell International Hindustan Aeronautics Lockheed Martin Indra Sistemas S.A. Jacobs Engineering Meggitt KBR Inc Kongsberg Gruppen ASA Mitsubishi Heavy Industries Kongsberg Gruppen ASA Lockheed Martin MTU Aero Engines GmbH Lockheed Martin Meggitt NEC Corporation Meggitt Northrop Grumman QinetiQ Group MTU Aero Engines GmbH Corporation Raytheon Company NEC Corporation Raytheon Company Rockwell Collins QinetiQ Group Safran S.A. SAIC Raytheon Company Serco Group Serco Group Serco Group Thales S.A. ThyssenKrupp AG ThyssenKrupp AG ThyssenKrupp AG Tognum

Training to board Anti-corruption training 50 The seven distinguishing areas of good practice

Whistle-blowing is an extremely important recognition that a strong whistle-blowing part of the proper functioning of any anti- programme is an asset. Some companies and 7. corruption programme. There are many articles investors expressed concern that whistle- on how often it is whistle-blowing that identifies blowing actually undermines the strength of the WHISTLE-BLOWING problems, rather than internal audit or company, because it raises threats to the monitoring. What distinguishes leading company’s reputation and financial bottom line. companies is: But most companies argued the opposite: good companies want a strong whistle-blowing 1. their approach in encouraging programme since they want to learn of any employees to ‘speak up’ and raise potential wrongdoing before it leads to an even matters before the offence takes place; bigger hit to reputation and finances down the 2. empowering employees to report line. potential suspicious activities; 3. how they follow-up through To have a strong whistle-blowing investigations once these have been programme, companies should encourage their reported. employees to raise questions when they need more guidance or report potential corrupt Measuring the quality of a whistle-blowing activities. programme is very difficult. While procedures are important, it is really about effectiveness of It is hugely in a company’s interest for these procedures: Precisely, whether there are employees to feel comfortable asking tough advice lines where employees could seek questions or reporting any potential instances of further guidance. If employees feel comfortable corrupt activities. This will allow them to quickly reporting, how does the company follows up on take action to curtail or prevent the activity from the reports, and how the company protects the either occurring in the first place or getting employee from potential retaliation? The worse in the future. question therefore is what criteria could be used to differentiate quality whistle-blowing Whistle-blowing also helps point out programmes from those that are merely good weaknesses in the system that were not on paper? How do companies assure identified by risk assessments. If an employee themselves that their systems are working? does not feel comfortable asking questions or reporting any suspicious activity through the Findings appropriate channels, the company exposes itself to the risk that employees report their This is an area where we had much concerns to newspapers, citing the fact that the discussion with companies. The average band company chose to ignore them. score for all 129 defence companies on whistle- blowing (covered in personnel & helplines pillar) As many companies explained to us, one of was Band C, which meant that on average we their biggest challenges with employees is to saw moderate evidence of whistle-blowing convince them that if they do report potential hotlines in place. But many companies and corruption, the company will take action and the investors asserted that this relatively whistle-blower will be protected from retaliation. encouraging picture overstates the status of the industry. They said that our criteria for scoring Good practice on personnel and whistle-blowing were less stringent compared with other areas, since it Some of the companies with the most clear only assessed the existence of hotlines. After good practice in whistle-blowing are Accenture, further review, we agree with this assessment. BAE Systems, Daewoo Shipbuilding & Marine Engineering (DSME), Hewlett Packard, In our follow-up discussions with companies Lockheed Martin, QinetiQ Group, SAIC, (and investors), there was widespread Rockwell Collins, and ThyssenKrupp. The seven distinguishing areas of good practice 51

Leading In their public documents, both QinetiQ Monitoring ethics hotlines often falls to the Group and Rockwell Collins provide multiple ethics and compliance department. Some companies points of contact to whom employees can companies outsource their whistle-blowing encourage report misconduct and follow up for further systems to independent providers. Other clarifications on scenarios that might not be companies choose to set up a firewall between employees to clear. These points of contact ranged from their reporting/assistance personnel and their “speak up” managers and the legal department to investigation/internal audit personnel. dedicated ethics officers and human resources. before any For instance, ThyssenKrupp believe that offence takes Better practice constituted those companies employees are less likely to raise issues with which had additional points of contact who are departments that are also tasked with place. independent and separate from direct senior investigating and disciplining. They task one management, as the latter can potentially be group as “consultants” who are responsible the person(s) participating in the corruption. with providing guidance, anti-corruption training, and hotline monitoring. The other group Alternatively, DSME publicly states the investigates and reports any misconduct. The financial rewards it will pay whistle-blowers who companies recognise these departments must report credible instances of corruption (see box work together to mitigate risk. As a result, they below). meet at least once a quarter to discuss findings and raise issues as needed.

Company example: DSME’s Whistle-blower protection

Source: DSME, Whistle-blower rewards & protection, retrieved May 2013, http://bit.ly/DSME-whistle-blower. 52 Next steps

For the first time, the CI provides government defence procurement chiefs with a list of Actions for Government questions they can use to compare in some Defence Procurement detail the business conduct practices of Chiefs potential defence contract bidders. By reducing the list down to just seven demanding 1. Make this good practice report questions, and adding model answers, this available to your current and represents a useful tool for defence prospective defence procurement chiefs to use in identifying those contractors. Require that the bidding companies that have the best practice in contractors see if they can ethics and anti-corruption. incorporate these practices into their own anti-corruption A draft of these questions and model policies and processes. answers, based on the good practice cited in this report, is available online at http:// 2. Consider using these seven companies.defenceindex.org/good- questions—and related model practice. answers—as a requirement for bidders to respond to as part of their pre-qualification.

3. Give consideration to applying the Defence Companies Anti-Corruption Index (CI) methodology to all their national defence contractors. 53

We hope that all defence companies will use this document, in conjunction with Part II of the Actions for companies report which has extracted 104 actual good 4. Strengthening your corruption practice examples, to review their own systems We call on all defence companies to risk assessment process, and and identify areas of improvement. contribute actively to raising standards testing it against the good in defence through good practice in the practice examples in the We encourage companies to discuss these following seven measures: report. areas, and to share their own additional good practices and approaches. We also welcome 1. Reporting the whole of your 5. Ensuring that your company feedback from companies so that we can ethics and anti-corruption has robust processes for further refine and improve this document in the programme publicly. flowing down your ethics and spirit of raising company standards. anti-corruption programme to 2. Encouraging your Board Chair, all third-party representatives Companies can also significantly advance the rest of the Board, the CEO including partners, sub- sector-wide improvement efforts. A good and senior executives to speak contractors and agents. example is the recently formed defence industry up strongly on your zero initiative ‘IFBEC’—the International Forum on tolerance of corruption in the 6. Reviewing and improving your Business Ethical Conduct for the Aerospace and company and the sector. training practices, especially Defence Industry. This is a new forum, for staff in exposed positions committed to promoting the development of 3. Improving how your Board like sales and government global, industry-wide ethical standards for reviews the effectiveness of relations. defence and aerospace companies. We the overall anti-corruption recommend that all defence companies join it, programme. 7. Improving your processes for and that defence ministries encourage such following up whistle-blowing participation. complaints—the experience of many is that they work well on paper but not in practice. Encouraging staff to raise matters before the offence takes place. 54 Raising the bar

Raising the bar

Study authors: Tiffany Clarke, Mark Pyman Reproduction in whole or in parts is permitted, providing that full credit is Editors: Saad Mustafa, Maria Gili, Zachary given to Transparency International UK Mehan (TI UK) and provided that any such reproduc- tion, whether in whole or in parts, is not sold Design: SVIDesign Ltd., Maria Gili unless incorporated in other works.

This report has been printed on FSC certified Effort has been made to verify the accuracy of paper. the information contained in this report. Nevertheless, Transparency International UK ISBN number: 978-0-9574970-7-8 cannot accept responsibility for the conse- quences of its use for other purposes or in other Transparency International UK contexts. 32-36 Loman Street SE1 OEH This publication was made possible thanks to United Kingdom generous support from the UK Department for International Development (DFID). © Transparency International UK. All rights reserved. First published in June 2013.

Other reports from Transparency International

Defence Offsets: Addressing the Risks Military-Owned Businesses: Corruption of Corruption and Raising Transparency and Risk Reform (2012), http://www. (2010), http://www.ti-defence.org/ ti-defence.org/publications/997-military- publications/153-defence-offsets--address- owned-businesses--corruption-and-risk- ing-the-risks-of-corruption-&-raising-trans- reform parency Due Diligence and Corruption Risk in Building Integrity and Reducing Defence Industry Offsets Programmes Corruption in Defence and Security: 20 (2012), http://www.ti-defence.org/ Practical Reforms (2011), http://www. publications/1019-due-diligence-and-cor- ti-defence.org/publications/88-building- ruption-risk-in-defence-industry-offsets- integrity-and-reducing-corruption-in-de- programmes fence-and-security--20-practical-reforms [Also available in Russian and Ukrainian] The 3rd Line of Defence: How Audits Can Help Address Defence Corruption Codes of Conduct in Defence Ministries (2012), http://www.ti-defence.org/ and Armed Forces (2011), http://www. publications/1121-the-3rd-line-of-defence- ti-defence.org/publications/90-codes-of- -how-audits-can-help-address-defence- conduct-in-defence-ministries-and-armed- corruption forces [Also available in Arabic] Defence Companies Anti-Corruption A Review of Anti-Corruption Reform Index (2012), http://companies.defencein- Measures in the Defence Sector in dex.org/report Colombia (2011), http://www.ti-defence. org/publications/102-a-review-of-anti- Arresting Corruption in the Police corruption-reform-measures-in-the-defence- (2012), http://www.ti-defence.org/ sector-in-colombia publications/1431-arresting-corruption-in- the-police Organised Crime, Corruption, and the Vulnerability of the Defence and Government Defence Anti-Corruption Security Forces (2011), http://www. Index - main + Middle East & North ti-defence.org/publications/858-organised- Africa reports (2013), http://government. crime,-corruption,-and-the-vulnerability-of- defenceindex.org/report defence-and-security-forces Transparency International Assurance The Transparency of Defence Budgets Framework for Corporate Anti-Bribery (2011), http://www.ti-defence.org/ Programmes (2012), http://www. publications/893-the-transparency-of- transparency.org/whatwedo/pub/assur- defence-budgets ance_framework_for_corporate_anti_brib- ery_programmes Counter Corruption Reforms in Post- Conflict Countries (2011), http://www. UN Global Compact - TI Reporting ti-defence.org/publications/907-counter- Guidance On The 10th Principle Against corruption-reforms-in-post-conflict-countries Corruption (2009), http://www.transpar- ency.org/whatwedo/pub/un_global_com- pact_ti_reporting_guidance_on_the_10th_ principle_against_corru Transparency International UK’S Defence and Security Programme works to reduce corruption in defence and security worldwide.

We engage with governments, armed forces, security forces, defence companies, international organisations, civil society and others to advance this goal.

We provide new tools, practical reforms, benchmarks and research to enable change. www.defenceindex.org www.ti-defence.org