This is an adapted example of a scheme that the World Bank Group’s (WBG) Integrity Vice Presidency (INT) stopped before the project coordinator managed to award two contracts to the consortium through collusion, fraud, and possibly bribery.1 Another similar example unfolded in a fragile and conflict-affected jurisdiction.2
The latest Annual Report of the WBG’s Sanctions System is a reminder that internal reporting is crucial; misconduct has many facets; and crises beget integrity risks.
The many faces of misconduct
Unscrupulous actors usually do not set out to violate a particular law or regulation. Inappropriate conduct does not always fit the definitions of criminal, civil, and regulatory violations. One allegation may unravel a far-reaching scheme.
The WBG Sanctions System investigates and sanctions instances of fraud, corruption, collusion, coercion, and obstruction in WBG-financed projects. INT casts a wide net and alleges multiple types and counts of sanctionable practices against respondents.
Companies operating in high-risk jurisdictions should adopt a like approach to internally investigate and remediate misconduct. An investigative approach that follows the evidence instead of the initial allegation, while being reasonably scoped, can identify systemic or endemic integrity challenges and compliance program gaps. Such issues tend to be of interest to national regulators beyond the WBG or other multilateral development banks in assessing sanctionable conduct and remediation.
The many faces of the whistleblower, literally
Experience shows that, most often, whistleblowers first raise integrity challenges internally. But they do not shy away from raising them to national regulators when they consider a company’s response inadequate. In the WBG context, INT received 4,646 reports last year, almost 1,300 more than in the year before. Although INT determined only 292 to be actionable, the 25 percent increase compared to the previous year and almost 100 percent increase since 2019,3 illustrates that stakeholders globally are willing to report misconduct.
Companies should respond to this trend by reassessing what they consider a high-risk jurisdiction. The contemporary global crises, including armed conflicts, humanitarian emergencies, the climate crisis, food insecurity, access to clean water, and pandemic preparedness, have caused integrity risks to evolve and new ones to emerge.
Companies should also assess their formal and informal internal reporting systems, including their intake strategies to evaluate incoming reports. Experience suggests that the vast majority of internal reports focus on labor issues. But even of those that contain allegations related to integrity and compliance issues, not all reports are reliable, investigative resources are finite, and compliance leaders must maintain internal and external credibility.
Forests and trees
A broad investigative approach means seeing both the forest and the trees. Companies need to focus their resources on reports that have indicia of reliability. Reports can be credible on their face because they attach verifiable evidence or contain specific allegations. Reports without such content should not be discarded, though. The intake team should engage with the reporter, if possible, and request such information. Proactive engagement may provide additional details and even dissuade a reporter from reporting externally, thus allowing the company to investigate and remediate with less business disruption. And if the reporter declines to engage further, that fact may be helpful in determining whether additional steps can or should be taken.
Reports may also be credible even if they contain limited details or secondhand knowledge, per research published in the Harvard Business Review.4 Limited details appears to mean that a reporter simply wishes to have a discussion and assess the reliability of the response:
“These employees are in effect reaching out to see who will show up and talk to them. When they finally have a personal conversation, they then unload the information.”5
Secondhand reports often contain less bias and emotion than firsthand reports. Of course, final investigative conclusions should not be drawn based on secondhand knowledge only.6
Companies should also analyze key data points from report intake, draw conclusions, and introduce these conclusions into the analysis of report credibility. A large volume of reports that does not appear actionable but is geographically concentrated and concerns similar practices or actors may be reflective of a larger issue.
INT’s intake team has been leveraging such data points and assessment methods for several years. Procurement data in INT’s possession may inform the assessment of a report.7 Risks that were first identified at the design stage of a WBG project may shed light into a report several years later. INT’s investigations in similar geographies, industries, or types of companies can provide background into a new report.8
Companies that receive WBG financing can adopt such techniques to mitigate the risk of an investigation by INT or other regulators.
Don’t use a sledgehammer to crack a nut
A broad approach also means an approach that is appropriately scoped to the issue. Companies often do not need to initiate a full investigation and engage external counsel.
Regional and local compliance leaders can frequently reach their operational peers much more effectively and promptly. They rely on trust and rapport that they build over time. These leaders can also gather information from their industry peers through professional associations or similar fora.
Established compliance audit/review programs also enable companies to gather facts from their local operations and business partners without the formalities of an external investigation. Many successful internal investigations teams team up with audit teams and leverage those teams’ expertise to do financial analysis.
WBG Sanctions System stakeholders understand this. They seek to build early warning and investigative capacity in the ecosystems where they operate. Historically, they have coordinated formally and informally with national regulators and through periodic meetings with their multilateral peers.
Since the early 2010s, the Integrity Compliance Office (ICO) pioneered peer-to-peer integrity capacity building by connecting local stakeholders in developing countries. These efforts culminated last year with the adoption of the harmonized Multilateral Development Bank Principles for Business Integrity Programmes9 and the launch of the Integrity Compliance Knowledge Sharing Platform, a publicly available platform that will include integrity compliance-related guidance tools, resources, and learning programs.10
The not-so-many faces of WBG enforcement, yet
Last year, the WBG sanctioned 23 firms and individuals (down from 35 the year before), of which 20 were debarred with conditional release (down from 32). Most of the debarments were ordered pursuant to OSD determinations (11), while the remainder were imposed as part of a settlement (6) or a Sanctions Board decision (6).
The downward enforcement trend therefore continues from last year and is consistent with fewer enforcement actions at the national levels, such as by the U.S. Department of Justice or the Securities and Exchange Commission.
But companies receiving WBG financing should not discount the risk of enforcement. The WBG Sanctions System may still be recovering from pandemic delays. INT reports that it returned to full operational travel only last year and that about 85 percent of the investigations completed took over 12 months to complete.
These figures suggest a large pipeline of cases. Indeed, INT opened 64 new investigations, up from 48 the year before. And over the last few months, INT has been hiring new investigators and attorneys.
Conclusion
The WBG is seeking to address a convergence of global crises that hit the developing world the hardest. Companies operating in these jurisdictions face the same crises. The conditions that these crises cultivate can lead to misconduct. Companies, the WBG, and other public sector institutions seek to respond to these crises while also mitigating integrity risks. These risks coupled with the increase of whistleblowers can precipitate regulatory inquiries and enforcement actions by the WBG and beyond. The best advice for a company to navigate these rough seas: risk mitigation.
References
1 The Annual Report of the World Bank’s Sanctions System for fiscal year 2023 covers the period from July 1, 2022 until June 30, 2023 and is accessible here: https://www.worldbank.org/en/about/unit/integrity-vice-presidency/annual-reports. This example was adapted from p. 13.
2 Id., p. 15.
3 The Annual Report for fiscal year 2022 states that INT received 3,380 complaints and is accessible here: https://documents1.worldbank.org/curated/en/099015010072236926/pdf/BOSIB0e55589950540afa70abefa9afb38a.pdf. The Annual Report for fiscal year 2022 states that INT received 3,380 complaints and is accessible here: https://documents1.worldbank.org/curated/en/782941570732184391/pdf/World-Bank-Group-Sanctions-System-Annual-Report-FY19.pdf. We selected 2019 to draw a comparison against a pre-pandemic year, which may have distorted the metrics.
4 Kyle Welch, Stephen Stubben, Throw Out Your Assumptions About Whistleblowing, Harvard Business Review (2020), accessible here: https://hbr.org/2020/01/throw-out-your-assumptions-about-whistleblowing
5 Id.
6 Id.
7 World Bank’s Sanctions System Annual Report 2022, supra note 4, p. 22.
8 World Bank’s Sanctions System Annual Report 2023, supra note 1, p. 20.
9 Multilateral Development Bank Principles for Business Integrity Programmes accessible here: https://thedocs.worldbank.org/en/doc/528f96bfd7a3991fba23747e20ed6dc0-0530012023/original/MDB-General-Principles-for-Business-Integrity-Programmes.pdf
10 Integrity Compliance Knowledge Sharing Platform accessible here: https://www.integritycomplianceknowledgehub.org/