Decide  

Understand CAC certification process:

Private companies registered in Thailand, including listed Thai state-owned enterprises, are eligible to join the CAC. There are basically two steps in joining the CAC. The first is to simply sign our Declaration to conduct clean business free from all forms of corruption, to help the private sector promote anti-corruption and to collectively drive change in the Public Sector. Once signed, the company will become a member of CAC and be called a Signatory company.

The second step is for the Signatory company to apply for certification. The company will have 18 months to complete the 71 checklists for Large Companies or 17 checklists for SME Certification Program, implaement anti-corruption policies and obtain verification from an external auditor. This certification process is an essential element of the CAC initiative, which ensures that CAC members actually make real efforts to fulfill their pledges and implement clean business practices.

Qualification and size

Companies eligible for SME certification program must not hold a listing status in the Stock Exchange of Thailand, must not be a subsidiary of a listed company and the annual revenue must not exceed 1 billion Baht. Companies that meet the SME criteria can choose to apply for either the certification program for Large Company with 71 checklists or for SMEs with 17 checklists.

Membership duration

After receiving certification, companies will have the renew again every 3 years.

Cost

There is no cost to Declare intentions. However, in submitting documents for CAC Certification, CAC charges a minimal cost of 8,000 Baht for Large Companies and 4,000 Baht for SMEs. The certification cost is to cover the administration and verification of all the documents submitted to us.

Declare  

How to declare

During the Declaration or Declaration of Intention stage, the company’s top executive (either CEO or Chairman) only needs to sign a form to indicate the company’s intention to perform the three following tasks:

1. Work internally to assess risks related to corruption, implement anti-corruption policies and compliance programs, and provide business conduct guidance to managers and employees.
2. Disclose and share internal policies, experiences, best practices and success stories to foster ethical, clean, and transparent business transactions in Thailand.
3. Reach out to industry peers, suppliers and other stakeholders via the CAC and participate in joint activities to fight corruption.

As part of the Declaration process, the CAC will run background checks to see if there were any corruption-related news about the company or its key executives within two years prior to the submission of the Declaration form. Companies that have not been involved in any corruption-related news or companies that can adequately explain new controls in place after a previous corruption incident, will be considered for a Signatory company status.

Signatory company status:

Our silver badge

Signatory companies  can use CAC silver badge to communicate internally and externally.

Other privileges

Signatory companies will receive:

• Special discount on our training programs
• Free access to CAC SME online anti-bribery e-learning portal for your employees. 
• News and invitation for events such as CAC National Conference and Knowledge Sharing sessions

About CAC Checklists for Large Companies

In 2012, the CAC, in collaboration with PwC Thailand, has developed a self-evaluation tool that comprises  71 checklists to enable companies to appraise the strength, completeness and effectiveness of their anti-bribery policies and procedures. It was a shortened version of a similar tool developed by Transparency International for companies to self-evaluate on the anti-bribery  program, comprising a more thorough 241 checklists. The adaptation was meant to pave way for Thai companies to start employing anti-corruption good practices and prepare them for future compliance with stricter international standards.

The CAC’s checklists are in alignment with the 2009 edition of Business Principles for Countering Bribery, a voluntary counter-bribery code for private firms developed through a multi-stakeholder process led by Transparency International comprising a steering group of companies, business associations, non-governmental organizations, trade unions, and other consultations. To emphasize the impact of the country’s overall corruption, the checklists are intentionally designed to focus mainly on bribery and not internal fraud cases.

Completing the checklist will reassure companies that their policies and practices are adequate to meet assessed risks, live up to its values and stakeholders can be confident with the company’s approach and performance. The checklist also provides guidance on indicators that can be used for external reporting and these can also serve as performance indicators for internal measures of progress and provide a basis for internal audit and external assurance.

CAC SME Checklists

In 2018, CAC has launched a separate standard, guidance, and self-training tools that specifically target SMEs. The introduction of tailor-made toolkit for Thai SMEs will help bring smaller business operators on board, expanding clean business network and enhance both the spirit and the power of collective action in tackling corruption.

A successful development of an anti-corruption platform that is more applicable to SMEs will not only help extend clean business practices but will also prepare SMEs to comply with stricter standard once their businesses expand in the future.

Realizing that SMEs may not be ready to embrace the level of compliance standard that larger companies can, the SME Checklists have been proportionately compressed to suit the compact organization structure. There are 17 checklists for SMEs, as supposed to 71 checklists for large companies.

Develop  

Align risks, controls & policies to your business

Assessing Risks

An effective anti-corruption program starts with a thorough corruption risk e.g. risk identification, impact and likelihood assessment. It is important that the working team identify corruption risks that are tailored to the business activities of the organization and pay attention to the areas where bribery may occur.

Corruption is likely to happen for 3 reasons:

• To speed up processes
• To fix or hide wrongdoings,
• To secure business opportunities, contracts, licenses, or approvals.

The risk assessment should reflect their business activities – for example, businesses with import or export activities should consider the corruption risks that may take place during the Port and Customs clearance process. The bribery may take place because the company wants to speed up the clearance or because the paperwork or product’s customs tariff was not correctly declared.

Tips:

• Do not include personal fraud or asset misappropriation in the risk matrix.
• Prioritize corruption risk that the company may bribe the public officials (Business to Government). CAC is aware that corruption risk can take place in the Business to Business manner, however, it is not the focus of CAC.
• In the case that the company uses third-party or agents (ie. shipping or freight forwarder) to perform work on their behalf, the company should still include third-party risk as their own corruption risk. It is important to record such “use of agents” risk, analyze the impacts/likelihood and put the proper controls in place.
• If not done before, the working team should feel free to work on other fraud risks such as personal fraud during the risk identification process, but only submit corruption-related risks to CAC.
• Include the corruption risks even when the team felt the likeliness is low, as effective controls already take place. The controls need to be reviewed periodically.

Building Controls

By identifying business activities that may involve bribery risks and understanding the three corruption motives, the working team can start to develop effective controls.

Most companies may already have financial controls to keep books & records, monitor cash payment, and other corruption channels such as gifts and hospitalities. It is essential to have “operational control”, built into your business process, where corruption risks are identified. For example, if the corruption risk is likely to take place in the import process because an employee declared the wrong product custom tariff code. Then, the employee may be tempted to pay bribery to Customs officials to correct the error. The company should consider putting in place operating controls to ensure that the employee enters the correct product customs tariff code and verification process.

Tips:

• Include Operating Controls, Environmental and Financial Control in the risk matrix form provided by CAC,
• If there are further controls that the company consider to adding, please specify the deadline for implementation in the form,
• Instead of disclosing operating control, many companies only include controls such as anti-corruption policies, communication & training as the controls. Those are considered environmental control that can be implemented corporate-wide, CAC would like to see the specific operating controls that are built-in to your business process where the corruption risks could take place.

Establishing Policies and Guidelines

Effective policies are the policies that have been carefully reviewed and approved by the Board of Directors.  Such policies must have clear guidelines for the employee to follow. The communication and training program must take place regularly. Proper control and monitoring processes must be audited and reported to the Board periodically.

There may be other policies in relations to corruption risks that the board should consider reviewing and revising – such as usage of third-party agents and joint-venture, government affairs, human resource, and CSR. For example, the Usage of Third Party Policy should contain the clause that prohibits suppliers from paying bribes on behalf of the company. The company should consider adding relevant guidelines as a mechanism for effective policy. In this case, the service contract with third-party agents should include such bribery prohibition clause.

Explore the Bribery Channels 

As the working team identifies corruption risks in the business process, the team should also explore the bribery channels. By identifying corruption risks, the bribery channels may present themselves in a clearer manner. There are several bribery channels that are considered widely practiced in Thailand – such as using gifts, entertainment, international trips, donations as well as sponsorships as bribes. While businesses are not prohibited to engage in such activities, it is important that the company has proper policies to prevent the misuse of such activities. For example, in giving gifts, the company should consider establishing the policy of acceptable gift-giving practices,  such as the acceptable value, the acceptable occasions and to whom the employee may give the gifts to.

Establishing the Guidelines

It is essential that a clear guideline should be established and communicated to the employee – ie. the approval process, books and records and other controls activities for the employee to follow.

Here are some of the guidelines for the working team’s consideration:

UNACCEPTABLE

The following examples are never acceptable:

• Anything illegal;
• Anything offered to someone who is about to make a business decision concerning the Company, for an example, the award of a contract;
• Cash or cash equivalents (gift vouchers or anything redeemable for cash), such as shares, regardless of the amount involved;

NEEDS SPECIAL CONSIDERATION

The following examples may be acceptable, but require special consideration, and must be authorized:

• Travel expenses of third parties involving flights and overnight stays;
• Invitations to particularly expensive cultural or sporting events, such as World Cup finals;
• Gifts on special occasions, such as births and weddings.

In cases where the gift or event places either party under an obligation to reciprocate, or where the exchange is (or appears to be) an attempt to influence a business decision, it should not be offered or accepted.

NORMALLY ACCEPTABLE

The following are normally acceptable when given to private third parties:

• Token seasonal gifts, where such gifts are a common cultural feature and the value of the modest gift is within the Company’s financial and the receiver’s limits;
• Modest, occasional business meals with a business partner that fall within the Company’s financial limits;
• Small corporate, promotional gifts, for an example, pens or notebooks marked with the company logo and similar items;

Monitoring and Reporting

A registration process must be set up to record and monitor all activities relating to gifts, hospitalities/entertainments, sponsorships, donations and political contributions. The register should be reviewed regularly. The employee should be reminded periodically of their obligation to declare information in accordance with this policy.

Get Employee and Stakeholders on Board

Communication and Training

Many large companies establish their own communication and training programs for employees and suppliers. Employee and suppliers should have a minimum awareness about corruption risks and, in particular, should be familiar with the company’s anti-corruption program. There is no “one size fit all” for the training format. The training courses can be implemented either face-to-face, online, or both. The working team may consider grouping employees according to the exposure level to corruptions and arrange the training format to fit each group. The executive level may be trained more intensively and in a face-to-face manner, while office employees use online training and employees in production lines may attend classroom-style training.

In a larger company, where there are larger groups of employees and suppliers, a “train the trainers” program can be effective. An employee goes through the training and is then are nominated as trainers to train their colleagues.

Certify  

Key criteria for a successful certification include:

• Proper indexing and referencing of checklist documents 
• Timely submission of all documents and certification payment at least 3-6 months before the deadline (6 months is recommended)
• Correct identification of corruption risks and development of operational controls
• Correct sign-offs by the Board and Audit Committee Chair (for Large Companies)

Once CAC receives all Checklist documents, the signoffs and payment from the company, CAC review process will start. The quarterly cutoffs date for certification reviews are on 31March, 30June, 30September and 31December. The review process includes:

• Preliminary review by CAC staffs to ensure all documents are in place
• Review by CAC’s third-party professional Auditors for adequacy against CAC guidelines
• Review by CAC Certification Committee for preliminary signoff (pass or fail)
• Review by CAC Council for certification approval

Companies can find out about their submission results approximately 8 weeks from the quarterly submission cutoff date. CAC may occasionally contact the companies to request additional information or documents, if there is a small discrepancy. If there are significant information or documents missing, the certification will likely be unsuccessful. Companies that fail certification will receive a letter from CAC describing the discrepancies so that can resubmit the required information for consideration before the next quarterly cutoff date.

Once a company has been certified, the Chairman of the Board or CEO will be invited to attend the CAC Certification Award ceremony, which is held twice a year.

…Recertification is required within 3 years. Recertification submission is recommended 6 months before expiration. If a company cannot pass recertification, a small extension is given to revise the checklist documents for compliance.