For almost two decades the Basel Institute on Governance has advised corporations large and small, first in Europe and now around the globe, on how to develop a robust anticorruption compliance program. One that will prevent the company from becoming entangled in a corruption scandal while at the same time neither compromising its ability to compete nor dampening its entrepreneurial energy. Gemma Aiolfi, who has headed the Institute’s corporate compliance work for the last seven years, presents the Institute’s collective experiences in a new volume from Elgar, Anti-Corruption Compliance for Small and Mid-Sized Organizations.

What sets Aiolfi’s book apart from the many fine volumes already on the market (examples here, here, and here) is that it is leavened with literally dozens of examples drawn from the Institute’s work. How should a company establishing a compliance program handle personnel used to doing business “the old way”?  What should a manager do if she discovers police in a developing country are threatening to shut down critical operations if the company’s low-level frontline personnel don’t pay them off? How should a company deal with senior government officials’ requests for lavish travel and entertainment allowances when visiting a company’s operations? Discussions of how to handle each, with suitably anonymized case studies explaining how management actually dealt with them, is what makes the volume so useful.

Aiolfi makes as good a case as a compliance professional will find for why a company should have a compliance program no matter whether the law where it operates requires one or not.  Not only does an effective program protect the company from the risk of a criminal prosecution, but, she explains in the introductory chapter, it also contributes to a healthy, productive corporate culture.  More reasons why companies should have a compliance programs are offered in chapter two. There she shows that in today’s world, where investors, customers, and suppliers all expect their corporate partners to have an effective compliance program, it can be quite costly if a company does not have one.

The starting point for a compliance program is an assessment of the corruption risks the company faces, and Aiolfi describes the nuts and bolts of conducting one, from determining who in the company should lead the effort, to ensuring no risks are overlooked in the process, to identifying those meriting priority treatment.  While a risk assessment can chew up enormous amounts of staff and consultant time, true to the book’s title the emphasis is on how small and medium-sized companies can develop one that meets their needs without blowing a hole in their budget. One key antifraud/anticorruption measure is segregating duties, separating for example the responsibility for ordering goods and the process of confirming receipt and issuing payment. In smaller firms such a division of labor simply may not be economically feasible, and where it is not, Aiolfi suggests risk-based alternatives.

Every company should have a code of conduct.  While it should not be a lengthy tome, depending on the firm’s business relationships, there are certain critical issues it should cover.  Chapter five discusses how to develop a code and how to cover the issues that matter to the firm. Ways to ensure employees at all levels, from the executive suite to the shop floor, buy into the code are also discussed.

If there is one point I wish Aiolfi had stressed, it would be the appointment of the compliance officer.  Too many times when a company decides to establish a program, it turns to an outsider to head it, often someone from the “compliance industry.” While this can work, much better is to hire from within, someone who understands the company’s operations and, more importantly, is respected and trusted by fellow employees. Compliance officers’ most important role is as a father (or mother) confessor, an individual an employee is willing to consult on such sensitive matters as whether in following a supervisor’s order they will be committing a crime. Employees are far more likely to confide in someone they have known for years, who has come up through the company’s ranks, than in a person new to the organization.  The point is implicit in several of the examples Aiolfi cites but is important enough that it bears emphasis.

A second quibble I have is with the publisher. In putting the words “small” and “medium-sized” into the book’s title, Elgar may be limiting readership. Surely one of its strengths is its step-by-step explanation of how even a very small firm can develop and maintain an effective compliance program. But that is no reason why compliance personnel at very large multi-national enterprises shouldn’t find room on their shelf for a copy too. The practical, common sense advice found on every page will be of value to anyone seeking to ensure their corporate employer or a corporate client observes the requisite ethical standards.