Is your gifts and hospitality register fit for hybrid working?

Understanding pandemic-related challenges for bribery compliance

Hybrid working is here to stay. In between Covid-19 waves and rushes to and from the office, even as people return and restrictions are lifted, hybrid working is likely to be with us going forward. This has caused significant challenges for compliance, but businesses have adapted with online solutions. From due diligence checks to virtual happy hours, much of the in-person activity which takes place in an office has been replicated online.

But compliance challenges remain, particularly in the realm of bribery compliance, and gifts and hospitality. It was one of the first things to take a hit in the pandemic. If no one can go out, then there’s no risk in a supplier-paid meal infringing on bribery rules. With foreign travel more difficult and subject to greater restrictions, it is harder to bribe someone with an all expenses paid trip abroad.

Conventional wisdom would say that’s the case. Of all compliance matters, bribery and corruption, and gifts and hospitality, often receive the least attention. Particularly during the pandemic when so many other matters are more pressing. But in reality, bribery and corruption is a critical and much overlooked risk at the moment, and gifts and hospitality is the weakest link in the compliance chain.

How has COVID-19 affected gifts and hospitality?

Gifts and hospitality have always been a part of business and the ‘soft edge’ of bribery compliance. Improper gift-giving is often the highest bribery risk. Depending on timing, frequency and sources of gifts, circumstances can easily change a legitimate gift into a bribery risk.

During the pandemic, gift-giving changed. More gifts were sent home, directly to people’s houses. What might in normal times have been a fancy meal out morphed into sending home expensive wines or new technology. With every child needing a laptop and a smartphone for school these days, and home workers often needing to invest in extra screens or equipment, new tech sent home is often greatly welcomed by stressed-out parents.

That can lead to a significant bribery compliance risk. If all gifts from all sources are not logged into a gifts and hospitality system in accordance with the policy, this can lead to a bribery failure. Because the source of gifts as well as the timing is crucial. A new supplier sending an iPad before a deal is done is very different to once the business relationship has started. For anyone with an intent to bribe, the danger is that hybrid working creates many more opportunities for those who want to exploit the process. Repeated gifts, outlandish expenses or other inappropriate things which would not normally be allowed in an office environment can be a route to bribery if sent directly to someone’s home.

Are gifts and hospitality sent home allowed under bribery rules?

Since the pandemic, there has been an explosion of gifts and hospitality sent directly to peoples’ homes. With fewer options to go out, this has meant companies have to find more creative ways to spend their gifts budget. But normal gifts and hospitality rules still apply. A gift is not any more acceptable just because it is sent home as opposed to an office. 

In fact, this can make gifts and hospitality harder to track. If a supplier sends a gift to a procurement manager directly to their home, it is not physically in an office or even where anyone can see it. Hopefully the procurement manager would know to report the gift, but this can be more difficult to ensure across the wider business. 

The value is important. Any gift over a certain amount, often £25 or £50, is usually meant to be declared. The reason for declaring the value of a gift is also to ensure any repeated gifts of a lower value can also be tracked. For example a gift worth £1,200 might be seen as excessive. But 12 gifts of £100 sent once a month could slip under the radar. That’s why tracking the source, the value, to whom it is sent and if there is any purpose or reason, is so important. 

Similarly, a gifts register could also track gifts and hospitality which is sent from the business, in order to track potential risk areas or red flags. For instance £150 for a working dinner with a potential client may be acceptable. But that same amount spent three times a week for not just the potential client but everyone on their team could raise suspicion. Particularly when it comes to many people still hybrid working. Does the team spending that on hospitality have a justification if the same meeting can be done online with none of the cost? It is important a gifts and hospitality system can track incoming and outgoing expenses in order to spot potential problems. 

How can gifts and hospitality be tracked?

The gifts and hospitality process in Omnitrack leverages dynamic workflows to seek the level of information needed, turn approvals into a seamless process and automatically build the compliance register and audit trail. Any workflow and approvals process can be incorporated into Omnitrack, allowing you to manage bribery risk your way.

Core features

  • Central database to record, assess and monitor all gifts and hospitality in one central location
  • Best-practice workflow highlights red flags automatically
  • Customisable workflow allows you to add your questions, link to internal policies and set thresholds
  • Entries are sent automatically to the admin, who is guided through the approval process
  • Ensure staff remember to upload receipts to create a full audit trail with automatic reminder emails
  • Dynamic workflow adapts to the scenario and jurisdiction involved to comply with global bribery requirements

There are four simple steps to manage the workflow. 

Record: staff and third parties are sent forms with the data collected in a centralised place

Analyse: Get a full view of all collected data from one central dashboard

Manage: Flag any responses which require further action or investigation and delegate next steps

Review: Keep track of all timelines and when necessary steps should be completed by

Click here to learn more about VinciWorks Gifts and Hospitality Reporting Solution.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.