PACS STANDARD 1:

Anti-Corruption Management of the Project

PACS Standard 1 forms part of GIACC’s Project Anti-Corruption System (PACS), which comprises 15 PACS Standards (see links at foot of this webpage).

[NOTE: The webpages on PACS Standards 1 to 15 are being updated until 20th October 2021, during which time the page content may not be complete, and there may be inconsistencies on these pages.]

Requirements

Responsibility for anti-corruption management of the Project: The Project Owner should, in accordance with the requirements of this PACS Standard:
1. have overall responsibility for the anti-corruption management of the Project
2. design and implement the Project Procedures (paragraph 2 below)
3. ensure that the Anti-corruption Obligations (paragraph 3 below) are complied with in relation to the Project by the Project Owner, Suppliers, and Sub-suppliers, and the personnel of each of these bodies.
Project Procedures: The Project Procedures should be written anti-corruption procedures in relation to the management of the Project which:
1. comply with relevant anti-corruption laws and regulations
2. incorporate the requirements of PACS Standards 1 to 15
3. have the purpose of preventing corruption in relation to the Project and dealing appropriately with any corruption which occurs.
4. (Note: In the event of any conflict between relevant anti-corruption laws and regulations and the requirements specified in PACS Standards 1 to 15, then the relevant anti-corruption laws and regulations should prevail.)
Anti-corruption Obligations: The Anti-corruption Obligations comprise:
1. relevant anti-corruption laws and regulations
2. the Project Procedures (paragraph 2 above)
3. the anti-corruption contractual commitments (PACS Standard 4)
4. the Project Code of Conduct (PACS Standard 8).
Top management responsibility: The top management of the Project Owner (i.e. the managing board or equivalent) should have the following responsibilities:
1. Overall responsibility: have overall responsibility for ensuring that the Project Owner’s obligations in paragraph 1 above are effectively carried out
2. Allocation of responsibilities to managers: allocate specific responsibilities for carrying out the Project Owner’s obligations in paragraph 1 above to appropriate managers
3. Communication: communicate, at commencement of the Project, and at least every six months for the duration of the Project, the necessity and importance of compliance with the Anti-corruption Obligations to all relevant individuals and organisations involved in the Project
4. Public statement: issue, at commencement of the Project, and maintain for the duration of the Project, a public statement on the Project Owner’s website that corruption in relation to the Project is prohibited and will be appropriately prevented and dealt with by the Project Owner
5. Reviewing reports: review, as and when they are received:
  1. reports as to improvements required to the Project Procedures received from the compliance manager (paragraph 5 below)
  2. reports as to suspected corruption and breach of the Anti-corruption Obligations received from the compliance manager (paragraph 5 below), the independent monitor (PACS Standard 11), the independent auditor(s) (PACS Standard 12), or from Project participants or the public (PACS Standard 13)
6. Investigation and enforcement: ensure that reports as to suspected corruption and breach of the Anti-corruption Obligations are investigated, and that appropriate enforcement action is taken in accordance with PACS Standard 14
7. Informing monitor: ensure that the independent monitor (PACS Standard 11) is kept informed of any such reports, investigation and enforcement action
8. Implement improvements: ensure the prompt implementation of improvements to the Project Procedures where such improvements are necessary or appropriate.
Project compliance manager: A senior manager of the Project Owner should be designated as Project compliance manager with responsibility for the following actions:
1. Oversight: overseeing on a continuing basis:
  1. the design and implementation of the Project Procedures
  2. whether the Anti-corruption Obligations are being complied with
2. Assessment: assessing on a continuing basis whether the Project Procedures give effect to relevant anti-corruption laws and regulations and to PACS Standards 1 to 15, and are effective in preventing corruption in relation to the Project and in dealing appropriately with any corruption which occurs, and, if not, identifying the improvements required
3. Reporting failures and improvements: reporting, as soon as possible, the following to top management (paragraph 4 above) and to the independent monitor (PACS Standard 11):
  1. any failure by the Project Owner or its personnel to design and implement the Project Procedures
  2. suspected breaches of the Anti-corruption Obligations
  3. suspected corruption in relation to the Project
  4. improvements to the Project Procedures which have been identified as necessary
4. Routine reports: providing, at least once every three months, to top management (paragraph 4 above) and to the independent monitor (PACS Standard 11), a summary of the ongoing effectiveness of the design and implementation of the Project Procedures.
Managers: In relation to each Project process which they manage, the Project Owner’s managers should ensure that:
1. the Anti-corruption Obligations are complied with in relation to such process by the managers, the Project Owner, relevant Suppliers and Sub-suppliers, and the personnel of each of these bodies
2. they are alert to any suspicions of corruption or breach of the Anti-corruption Obligations, and they report any such suspicions, as soon as possible:
  1. to the compliance manager, and/or
  2. under the reporting system in PACS Standard 13.
Risk Assessment: The Project Owner should undertake periodic risk assessments as follows:
1. Initial risk assessment: Prior to selecting a Project, the Project Owner should undertake an initial assessment of the risk of corruption in relation to the proposed Project, and assess whether the Project Procedures would be adequate to reduce those risks to an acceptable level.
2. Ongoing risk assessment: For the duration of the Project, the Project Owner should at least annually, and in the event of any material change to the Project structure or circumstances, re-assess the risk of corruption in relation to the Project, and assess whether the Project Procedures are adequate to reduce those risks to an acceptable level.
3. Matters to be assessed: The matters which should be assessed by the Project Owner under the initial and ongoing risk assessments include:
  1. the specific types of corruption which could occur (e.g. bribery, extortion, fraud, cartels, abuse of office, embezzlement, money laundering)
  2. the specific corruption risks posed by or in relation to the different categories of potential or actual participant in the Project (e.g. public officials, the Project Owner, Suppliers, Sub-suppliers, and the personnel of each of these bodies)
  3. the different phases in the Project where these types of corruption could occur (e.g. Project selection, design, procurement, contract execution)
  4. the likelihood of these different types of corruption occurring
  5. the potential impact on the Project Owner, the Project and the public of each type of corruption occurring.
4. Due diligence:
  1. As part of the initial and ongoing risk assessments, the Project Owner should undertake such further enquiries (due diligence) as are appropriate in order to learn more about the matters being assessed, and the possible specific corruption risks they may pose.
  2. Due diligence on potential Suppliers should be undertaken as part of the procurement process in accordance with paragraph 9 of PACS Standard 3.
5. Managing inadequacy of the Project Procedures: Where any of the initial and ongoing risk assessments establish that the Project Procedures are not adequate to reduce any specific corruption risks to an acceptable level, the Project Owner should enhance the Project Procedures or take other appropriate steps (such as changing the nature or contractual structure of the Project) to enable the Project Owner to reduce the corruption risks to an acceptable level.
6. “Acceptable level” of corruption risk: For the purposes of the initial and ongoing risk assessments, an “acceptable level” of corruption risk means that, on the assumption that the Project Procedures have been effectively implemented, it is reasonable to believe that the relevant assessed corruption risk is unlikely to occur.
Resources: The Project Owner should provide sufficient resources to enable it effectively to comply with its obligations in PACS Standards 1 to 15.
Employment procedures:
1. In relation to all of the Project Owner’s personnel involved in the Project:
  1. conditions of employment should require personnel to comply with:
    1. applicable anti-corruption laws and regulations
    2. the Project Code of Conduct
    3. relevant Project Procedures
  2. disciplinary procedures should entitle the Project Owner to take appropriate disciplinary action against any personnel who breach their conditions of employment.
2. In relation to all of the Project Owner’s personnel positions in relation to the Project which are exposed to more than a low corruption risk:
  1. personnel should be vetted before they are employed in or transferred or promoted to such positions to ascertain as far as is reasonable that it is appropriate to employ or redeploy them, and that it is reasonable to believe that they will comply with their conditions of employment
  2. personnel should declare any conflict of interest
  3. personnel should have the necessary competence to undertake the responsibilities entrusted to them, based on their experience and/or training
  4. performance bonuses, performance targets, and other incentivising elements of remuneration should be reviewed periodically to verify that there are reasonable safeguards to prevent these bonuses, targets or elements from encouraging corruption.
No conflict of interest:
1. No manager of the Project Owner should participate in any activity, or make any decision, in respect of which that manager has a potential or actual conflict of interest.
2. All potential or actual conflicts of interest should be declared by managers and recorded on a register maintained by the Project Owner.
Decisions: The following is applicable to any decision in relation to the Project made by or on behalf of the Project Owner:
1. Separation of functions: In relation to any Project Contract:
  1. All transactions: the same person, or persons from the same department, should not make more than one of the following decisions:
    1. selecting the Supplier
    2. approving the Supplier’s performance
    3. approving payment to the Supplier
  2. High value transactions: in cases of high value transactions where there is potential for significant loss caused by corruption, the same person should not make more than one of the following decisions, and these persons should come from at least three different departments
    1. agreeing the need for work, products or services (including the initial need or the need arising under modifications to or under a Project Contract)
    2. selecting the Supplier
    3. approving the Supplier’s performance
    4. recommending payment to the Supplier
    5. approving payment to the Supplier
    6. making payment to the Supplier.
2. Number, skill and seniority of decision-makers:
  1. Decisions should be made by a person(s) of a number, skill and seniority which is appropriate to the value and corruption risk of the relevant activity.
  2. Decisions relating to activities above a reasonable value threshold, or which carry more than a low corruption risk, should be made by more than one appropriate person.
  3. In the case of activities of high value or high corruption risk, the decision of top management should be required.
Communications and dealings:
1. The Project Owner should promptly communicate all necessary information, notices, and decisions to Suppliers.
2. All communications and dealings by the Project Owner with Suppliers should:
  1. be only as necessary for the legitimate purposes of the Project
  2. ensure fair treatment of all Suppliers.
Records:
1. All of the Project Owner’s procedures, actions, decisions and communications in relation to the Project and their outcomes should be recorded in writing. If initially made orally, they should as soon as possible be confirmed in writing.
2. Records of procedures should state the purpose of the procedures and specify all material steps and requirements involved in the procedures.
3. Records of actions, decisions, communications and outcomes should:
  1. state all material information, including the underlying facts, the reasons for the action, decision, communication or outcome, and the procedures and evidence on which it was based
  2. be signed by the person(s) taking the action, giving the decision, making the communication, or achieving the outcome
  3. record the date of the action, decision, communication, or outcome.
4. All Project records should be securely stored and retained by the Project Owner for at least the relevant legal limitation period for prosecuting corruption offences, so that such records are, as far as possible, available for any future prosecution. In cases where there is a risk of corruption and where there is no limitation period for corruption offences, records should be retained indefinitely or for as long as practicable.
Specific anti-corruption measures: The Project Owner should implement the following specific anti-corruption measures in relation to the Project:
1. controls over Project selection and design should be implemented in accordance with PACS Standard 2
2. procurement controls should be implemented in accordance with PACS Standard 3
3. provisions should be included in Project Contracts in accordance with PACS Standard 4
4. contract management controls should be implemented in accordance with PACS Standard 5
5. financial management controls should be implemented in accordance with PACS Standard 6
6. Major Suppliers and Major Sub-suppliers should be required to implement an anti-corruption management system and appoint a Project compliance manager in accordance with PACS Standard 7
7. the Project Owner, all Suppliers, all Sub-suppliers, and all of their personnel should be required to comply with the Project Code of Conduct in accordance with PACS Standard 8
8. all relevant personnel of the Project Owner, Suppliers and Sub-suppliers should receive appropriate anti-corruption training in accordance with PACS Standard 9
9. the Project Owner should facilitate the obtaining of government permits by Suppliers and Sub-suppliers in accordance with PACS Standard 10
10. the Project should be independently monitored in accordance with PACS Standard 11
11. the Project should be independently audited in accordance with PACS Standard 12
12. a system should be provided which enables the reporting of corruption and breach of the Anti-Corruption Obligations in accordance with PACS Standard 13
13. in relation to any reports or suspicions of corruption, or breach of the Anti-Corruption Obligations, appropriate investigation and enforcement action should be taken in accordance with PACS Standard 14
14. information in relation to the Project should be promptly published on a freely accessible public website in accordance with PACS Standard 15.

Guidance

G1: What is the purpose of PACS Standard 1?

PACS Standard 1 establishes the overall general obligations in relation to implementing PACS on the relevant Project. In particular, it:

imposes on the Project Owner the overall responsibility for the anti-corruption management of the Project
requires the design and implementation of written anti-corruption procedures in relation to the management of the Project which comply with relevant anti-corruption laws and regulations and incorporate the requirements of PACS Standards 1 to 15
allocates the responsibility for implementing the Project Procedures and ensuring compliance with the Anti-Corruption Obligations to the Project Owner’s top management, compliance manager and managers
requires the Project Owner to implement the general management measures set out in paragraphs 7 to 13 of PACS Standard 1 which include, for example, undertaking periodic risk assessments, and implementing controls over decision making, employment of personal, communication and records
requires the Project Owner to implement the specific anti-corruption measures contained in PACS Standards 2 to 15 (as listed in paragraph 14 of PACS Standard 1).

The Project Owner is the obvious organisation on which to impose the overall responsibility for implementing PACS on the Project as it owns the Project, can design the appropriate anti-corruption procedures, and can ensure that these procedures and the other anti-corruption obligations are implemented and enforced.

G2: How are the PACS Standards implemented on the Project?

As the Project Owner is an organisation, it acts though its managers. PACS Standard 1 therefore allocates responsibility for carrying out the Project Owner’s obligations as follows:

Overall responsibility for the effective implementation of the Project Owner’s responsibilities is allocated to the top management of the Project Owner (i.e. the Board or equivalent) (paragraph 4).
Top management is supported in this responsibility by the compliance manager, who is allocated specific oversight and reporting obligations (paragraph 5)
Top management allocates specific responsibilities to appropriate managers, who are responsible for ensuring that the Anti-corruption Obligations are being complied with within the process they are managing (paragraph 6). For example, finance managers would therefore be responsible for ensuring effective compliance in the finance department, and procurement managers in the procurement function.

The consequence of paragraphs 4 to 6 of PACS Standard 1 is that the Project Owner’s top management (supported by the compliance manager) retains ultimate responsibility for the effective design and implementation of the Project Procedures and compliance with the Anti-corruption Obligations, but individual managers also have responsibility for ensuring compliance within their functions.

The PACS Standards impose obligations not only on the Project Owner, but also on Suppliers and Sub-suppliers and their personnel. Therefore, as part of the Project Procedures, the Project Owner should ensure that:

the requirements of the PACS Standards relevant to Suppliers are imposed on them through the contracts between the Project Owner and the Suppliers. (PACS Standard 4)
the requirements of the PACS Standards relevant to Sub-suppliers are imposed on them through the contracts between the Suppliers and Sub-suppliers, and similarly down the contractual chain (as the definition of “Sub-suppliers” includes organisations entering into contracts with Sub-suppliers). (PACS Standard 4).

These obligations include that:

Major Suppliers and Major Sub-suppliers must implement an anti-corruption management system and appoint a compliance manager (PACS Standard 7)
all personnel of the Project Owner, Suppliers and Sub-suppliers are obliged to comply with the Project Code of Conduct (PACS Standard 8) which prohibits involvement in corruption and contains specific anti-corruption conditions
all relevant personnel of the Project Owner, Suppliers and Sub-suppliers must receive anti-corruption training (PACS Standard 9).

The Project Owner, and each Supplier and Sub-supplier should ensure that they comply with their relevant obligations, and that they require their relevant personnel to comply. Accordingly, the relevant requirements of the PACS Standards are mandated and enforced throughout the Project contractual structure.

G3: No conflict of interest (paragraph 10 of PACS Standard 1)

Corruption can occur, or be perceived to occur, when a manager has a conflict of interest. For example:

A relative of the Project Owner’s procurement manager or project manager may work for a Supplier, and the manager may deliberately or instinctively make decisions which are unduly favourable to the Supplier.
A manager of the Project Owner may have a secret ownership interest in a Supplier, and may ensure that the Supplier gets awarded contracts and receives preferential contract terms and payments.

It is therefore vital that managers do not participate in activities or decisions in which they have a conflict of interest. Any actual or potential conflict of interest should be declared by the manager in advance, and be recorded by the Project Owner in a register.

G4: Separation of functions (paragraph 11 of PACS Standard 1)

Paragraph 11 of PACS Standard 1 provides that, in relation to any Project Contract, the same Project Owner manager, or managers from the same department of the Project Owner, should not make more than one of the following decisions:

selecting the Supplier
approving the Supplier’s performance
approving payment to the Supplier

To allow one manager to take all three decisions would be an obvious corruption risk. For example, a manager could arrange for a Supplier in which s/he has an ownership interest to be awarded a contract, and could then approve the work done by that Supplier, and then approve payment to that Supplier. This would give the manager plenty of opportunity to corruptly influence all of these processes without being discovered. In such circumstances, the Supplier may not be capable of undertaking the work, and may not actually undertake the work, or may carry out the work defectively, but may still get paid. It would be considerably more difficult for a manager to arrange a corrupt benefit for the Supplier if different managers took decisions in relation to the above three processes.

There is also a risk if three different managers from the same department make all of the above three decisions (e.g. if three managers from the contract management department select the supplier, approve the suppliers work, and approve payment). This is because working in the same department increases the risk that the three managers may collude.

Therefore, the risk is materially reduced if each of the above three decisions is made by a different manager from a different department.

Even if the separation of decision-making referred to above is implemented, there is nevertheless still a corruption risk which may necessitate further separation. However, this corruption risk and the loss it may cause, should be balanced against the financial and efficiency costs in further separating functions. Consequently, paragraph 11 provides that in high value transactions where there is potential for significant loss caused by corruption, there should be further separation of decision-making, namely, that the same person should not make more than one of the following decisions, and these persons should come from at least three different departments:

agreeing the need for work, products or services (including the initial need or the need arising under modifications to or under a contract)
selecting the Supplier
approving the Supplier’s performance
recommending payment to the Supplier
approving payment to the Supplier
making payment to the Supplier

G5: Appropriate number, skill and seniority (paragraph 11 of PACS Standard 1)

The number of managers approving a decision, and the seniority of the managers, should increase according to the value of the transaction and the corruption risk. This should reduce corruption risk (albeit that it is of course possible for a large number of senior managers all to be involved in the corruption).

G6: Value thresholds (paragraph 11 of PACS Standard 1)

Paragraph 11 of PACS Standard 1 states that decisions relating to activities above a reasonable value threshold, or which carry more than a low corruption risk, should be made by more than one appropriate person.

There is no one correct answer as to what these value thresholds should be. They should be high enough so as not to result in disproportionate management time and cost being incurred, but should be sufficiently low so as to reasonably safeguard against any corruption which could have a material adverse impact.

As part of its risk assessment under paragraph 7 of PACS Standard 1, the Project Owner should ensure that the value thresholds are appropriate bearing in mind the likelihood of the corruption occurring, and the severity of impact if it does.

G6: Do the provisions of paragraphs 4 to 13 of PACS Standard 1 apply to all the PACS Standards?

Yes, the provisions of paragraphs 4 to 13 of PACS Standard 1 apply to all of the PACS Standards. Therefore, the over-arching responsibility of top management under paragraph 4, the compliance manager’s and managers’ responsibilities under paragraphs 5 and 6, the risk assessment in paragraph 7, the provision of resources in paragraph 8, the employment controls in paragraph 9, the conflict of interest and decision making controls in paragraphs 10 and 11, and the requirements for communications and records in paragraphs 12 and 13 would also apply, as far as is relevant, to all of the PACS Standards. For example:

all decisions by or on behalf of the Project Owner in relation to the procurement, contract management and financial management processes referred to in PACS Standards 3, 5 and 6 should be made in accordance with paragraph 10 of PACS Standard 1
all personnel of the Project Owner, including those working in the procurement, contract management and financial management functions, should be employed in accordance with the requirements of paragraph 9 of PACS Standard 1.