Compliance management
Initiative description: Embedding a culture of compliance and implementing a compliance management structure with dedicated resources across the organisations of the primary delivery partners, covering risk assessment and management; policies and procedures; training; and performance monitoring and testing.
FIFA’s Compliance Programme
The FIFA Statutes and FIFA’s regulations provide the basic constitutional rules of FIFA as world football's governing body, set out its structures and define the rights and obligations of FIFA’s members associations, and the confederations, officials, players and agents.
The presence of independent judicial bodies and the introduction of a separation of powers between the judicial bodies and the other bodies of an association are basic principles of good governance and essential to the proper functioning, integrity and reputation of football. FIFA has continuously implemented good governance mechanisms in order to meet the evolving needs of the game and ensure that its operations and values adhere to the best governance standards possible.
FIFA bears a special responsibility to safeguard the integrity and reputation of football worldwide. To ensure the separation of powers, FIFA has established the FIFA Ethics Committee, an independent judicial body governed by the FIFA Statutes, FIFA’s regulations and the FIFA Code of Ethics, which outlines the core values for behaviour and conduct within the football community. It pays particular attention to those that jeopardise the integrity of football as a result of illegal, immoral or unethical methods and practices, such as bribery and corruption, misappropriation and misuse of funds, abuse of position, and discrimination, as well as other prohibited conducts. Under the Code of Ethics, disciplinary sanctions can be imposed on offending football officials, including among others, players, football agents and match agents licensed by FIFA.
The FIFA Code of Conduct for Third Parties sets out FIFA’s standards for ethical business practices and applies to everyone who does business with FIFA, such as suppliers, freelance workers and business partners, including their employees. This code forms an integral and legally binding part of the contracts with these third parties.
FIFA has also established a comprehensive due diligence process for its suppliers. All suppliers are subject to compliance screening before onboarding. These checks cover the ultimate beneficial owner, sanctions and embargoes, bribery and corruption concerns.
FIFA staff members, including those involved in tournament management, are obliged to read and confirm agreement with the FIFA Team Handbook and all the “Rules of Play”. These are available on the FIFA staff intranet and include rules about upholding a culture of respect; zero tolerance for harassment, abuse, corruption, and match manipulation; accepting gifts and hospitality; how to treat confidential information; FIFA’s intellectual property and brand; communication guidelines; and how to deal with conflicts of interest and report misconduct.
All new joiners at FIFA receive an introduction to compliance matters as part of the official induction process followed by a longer, more in-depth, compliance training session within the first few months at FIFA. Specific ad hoc training is also organised for FIFA employees with a higher risk exposure than others, for example staff working in the Finance Division. Other FIFA staff members are also required to take regular compliance refresher courses and have access to pocket guides on the staff intranet on topics such as anti-bribery and corruption, conflict of interest, gifts and hospitality, raising concerns, and reputational risk. Furthermore, an annual conflict-of-interest questionnaire needs to be submitted by each staff member.
FIFA launched its reporting and whistle-blowing mechanism in 2013, which is accessible online in four languages (English, Spanish, French and Arabic), for reporting concerns related to football or FIFA regarding match manipulation, corruption, human rights, safeguarding or any other form of misconduct. Users can create an anonymous postbox that allows them to correspond with FIFA and attach support documentation without submitting personal information. FIFA takes a zero-tolerance approach to such matters, and all issues raised are handled in line with its statutory rules, codes of conduct and internal guidelines.
FIFA operates a risk management system aligned with ISO 31000:2018 (the international standard on risk management), providing guidance to identify, measure, manage, monitor and report significant risks to the achievement of FIFA’s objectives and to identify opportunities to pursue. The Audit, Risk & Advisory Subdivision provides senior management and the Governance, Audit and Compliance Committee with objective and independent information about FIFA’s key risks and measures to address them, including compliance risk.
FIFA’s risk management framework helps to ensure that this information is adequately reported via FIFA’s risk management portal and used as a basis for decision-making and accountability at relevant organisational levels. Changes in the risk environment, based on new information, may result in changing strategies employed to treat risk and exploit opportunities. Risks at FIFA are therefore continuously monitored and re-assessed when required.
Internal audits at FIFA are risk-based. This means that FIFA’s annual internal audit plan is developed and approved based on key risk areas identified by senior management and other risk owners during FIFA’s risk management process.
For FIFA, no fines or monetary/non-monetary sanctions in connection with the FIFA World Cup Qatar 2022™ were incurred up until the time of writing this report.
FIFA World Cup Qatar 2022 LLC Compliance Programme
Through a dedicated, locally appointed compliance officer, the FIFA World Cup Qatar 2022 LLC (Q22) joint venture mirrored FIFA’s Compliance Programme, while adapting to the specific needs of the local market. The pillars of the programme include the establishment of policies, training and the creation of a whistle-blowing channel. In addition, a compliance joint risk assessment was performed by the Q22 and FIFA Compliance teams for all relevant departments where compliance risks could exist. The scope of this risk assessment covered compliance risks such as bribery and corruption, fraud and conduct risk, sanctions, and money laundering.
Since the incorporation of Q22 in 2019, the Management Board adopted the Code of Ethics and Conduct Policy which covers whistle-blowing, anti-bribery and corruption, gifts and hospitality, as well as conflict-of-interest policies. It also adopted policies that covered complaints handling, data protection, finance, procurement and sustainability.
In early 2021, Q22 held a Compliance Week whereby a series of pocket guides that summarised Q22’s compliance policies on whistle-blowing, anti-bribery and corruption, gifts and hospitality, and conflicts of interests were circulated to all employees over the course of the week.
To help ensure that employees understood and adhered to these compliance policies, all employees were required to undergo mandatory compliance training. The training covered Q22’s regulatory and policy framework; anti-bribery and corruption; gifts and hospitality; conflicts of interest; whistle-blowing; data protection; and the complaints handling procedure. A total of 18 training sessions were held with over 600 employees (44% of all employees) between March 2021 and September 2022. Temporary staff that joined after September 2022, in the lead-up to the tournament, participated in induction sessions that covered professional ethics and referred to the Code of Ethics as well as compliance pocket guides. In addition to the training provided, reference to the compliance pocket guides as well as the Code of Ethics and Conduct Policy is incorporated within the Q22 Employee Handbook.
An internal compliance hotline was also launched in 2021 for employees to report any compliance concerns or violations. Additionally, a conflict-of-interest reporting mechanism was implemented, which allowed employees to report potential conflicts of interest and enabled managers to quickly identify and resolve any issues that arose.
In addition, the Q22 Compliance team carried out due diligence on suppliers from the perspective of sanctions and embargoes, and bribery and corruption concerns.
For Q22, no fines or monetary/non-monetary sanctions were incurred up until the time of writing this report.
Supreme Committee Compliance Programme
The Supreme Committee for Delivery & Legacy (SC) applied a Standards of Conduct Policy which set out the high standards of compliance and ethical business conduct expected from all employees. It included policies on the custody of information and assets; financial practices, preventing insider trading, record-keeping and record retention; representing the SC; anti-bribery and corruption (including gifts and hospitality); anti-money laundering; anti-discrimination and equal opportunities; conflicts of interest; and whistle-blowing and non-retaliation, as well as information on the mechanisms in place to report on non-compliances, such as an anonymous hotline and a dedicated compliance email address.
All employees were required to acknowledge that they had read and understood the core values of conduct set out in the Standards of Conduct Policy, and to complete any relevant mandatory training. Additionally, the SC developed a grievance mechanism that applied to each of the policies and has expanded the available reporting channels via an easy-to-use project disclosure portal.
The SC’s third-party tendering process also utilised a robust suite of documents as part of its third-party integrity management programme.