Combating Corruption,” InsideCounsel‘s January cover story, details how seven global legal departments of varying sizes are tackling the challenge of establishing and enforcing an ethical culture at a time when enforcement of anti-corruption laws is at an all-time high.

Outside counsel talked to InsideCounsel about steps they advise clients to take to avoid falling victim to the rising tide of prosecutions under the Foreign Corrupt Practices Act (FCPA) and anti-bribery laws in other countries.

Paul Friedman, a partner at Morrison and Foerster, says an important first step is understanding the company’s risk profile. “What is your business? What are your government touch points? Where do you do business? What is the corruption environment in those places? Then you start to build training and controls from there,” he says. “There is not a one-size fits all approach to these issues. To be truly effective, it must be company specific.”

Jonathan Drimmer, a partner at Steptoe & Johnson, agrees. He outlined four critical components for any anti-corruption program, which can be tailored to meet a company’s risks and resources.

The first component is having an effective infrastructure in place. The critical component of this step is making someone responsible, he says.

“I have found that it is vitally important to vest responsibility in an individual,” Drimmer says. “It needs to be a real and measurable part of someone’s job.”

The second step is establishing an effective way to disseminate information about the company’s policies. While training and communication resources differ depending on company size, Drimmer says using multiple channels, such as the company intranet, WebX trainings, annual company meetings, company newsletters and bulletin boards, can continually reinforce the message. He recommends making ethics and compliance training mandatory.

Next is auditing to see how effective the training and communication have been–what Drimmer calls “kicking the tires.” This can be accomplished through questionnaires or a formal certification process conducted by an outside agency. “Depending on budget capacity, this doesn’t have to be a big expense,” he says.

The final phase is reporting, to make sure people who need to know about any issues do know and that a process is in place for dealing with reports of wrongdoing.

Paul McNulty, a partner at Baker & McKenzie, suggests a similar program, with some additional specifics.

In creating infrastructure, McNulty advocates assuring a senior level person is in charge of the program. “We encourage real senior level commitment, so there needs to be a chief compliance person, whether it is the GC or another person,” he says. “We push for investing someone with compliance responsibility who has access to the board of directors.”

He also advises building in controls with tools to protect the company against unethical third parties or agents. These include a due diligence process; check lists for those who hire third parties; background checks; and provisions that must be included in contracts with vendors, joint venture partners, distributors and business agents.

Training, McNulty says, should be live and in the language of the people to whom the training is directed.

“People who are Chinese conducting business in China want someone who understands their culture (to conduct the training) and who can do it in Mandarin,” he says. “It’s not good enough to do it with a computer program.”

As for auditing, McNulty cites an example of a client who wanted to test the effectiveness of the communication of the company’s ethics policies. The chief compliance officer has picked 20 countries he will personally visit, to pull records and do interviews–a “hands on” monitoring approach, McNulty says.