Chapter VII Paragraph 2

Develop and adopt adequate internal controls, ethics and compliance programmes or measures for adequately preventing, detecting and addressing bribery and other forms of corruption, developed on the basis of a risk-based assessment, taking in to account the individual circumstances of an enterprise, in particular the enterprise risk factors related to bribery and other forms of corruption (including, inter alia, its geographical and industrial sector of operation, other responsible business conduct issues, the regulatory environment, the type of business relationships, transactions with foreign governments, and use of third parties). These internal controls, ethics and compliance programmes or measures should include a system of financial and accounting procedures, including a system of internal controls, reasonably designed to ensure the maintenance of fair and accurate books, conflict of interest registers, records, and accounts, to ensure that they cannot be used for the purpose of engaging in or hiding bribery or other acts of corruption. Such individual circumstances and risks should be regularly monitored and re-assessed as necessary to determine the allocation of compliance resources and to ensure the enterprise’s internal controls, ethics and compliance programme or measures are adapted and continue to be effective, and to mitigate the risk of enterprises becoming involved in bribery or other forms of corruption. These internal controls, ethics and compliance programmes or measures for preventing and detecting all forms of corruption should also include carrying out risk-based due diligence as described in Chapter II.