Money-laundering. Child labor. Wire fraud. Not only are they scary phrases, but some of the growing concerns business leaders face as governments step up their regulatory efforts. Failure to comply can be catastrophic. While no compliance program is perfect, establishing a strong compliance infrastructure can help protect your organization when the Department of Justice comes knocking on your door.
More aggressive enforcement of the Foreign Corrupt Practices Act (FCPA) has prompted many executives to reevaluate their compliance endeavors. Fines totaling hundreds of millions of dollars and prison sentences of up to 15 years are not uncommon. One recent fine surpassed $1 billion; in another case, a pharmaceutical firm was fined $29 million for improper payments to foreign government officials. Federal prosecutors are pursuing some 150 investigations into alleged FCPA violations across different industries. All told, the scrutiny on bribery, money laundering, wire fraud, and other business crimes has cast compliance in a stark light. Business leaders can prevent disastrous outcomes using best practices to reduce regulatory risk.
How do business leaders create cost-effective compliance programs that reduce their risk and exposure in such a strict regulatory climate? A one-size-fits-all approach won’t work. Compliance measures have to be tailored to individual needs, risks, and challenges. But several essential components are necessary to be effective: general compliance oversight; internal controls and behaviors; audit, reporting, and accounting; and third-party management. Oversight requires senior management commitment. Internal controls and behaviors include clearly articulated compliance policies, employee training, reporting mechanisms, and enforced disciplinary measures. The audit component is comprised of risk assessment and internal audit procedures. And third-party management hinges on comprehensive due diligence on partners, mergers and acquisitions, and other transactions.
Together, these components provide a good framework for building a stronger, more efficient compliance program. With that framework in place, a business can begin to develop a compliance culture that strives for meaningful results instead of simply “checking the box.” But a framework is merely a framework until you take three critical next steps: build it, connect the dots, and enhance discovery.
Build It
First, develop a dynamic, compliance program that allocates investment and resources based on measured risk across your organization. A robust compliance program can minimize the risk of infractions, fines, legal fees, brand damage, and other negative impact. As the Department of Justice and SEC suggest, a compliance program should encompass education and training, incentives and disciplinary measures, internal auditing and risk assessment, and continuous review and improvement. Tailor your program to your unique requirements, but make it nimble enough to respond to changes on your risk landscape.
Government officials give meaningful credit to genuine efforts by companies to establish strong compliance programs – even when those programs fail – when determining whether to prosecute for regulatory violations. In contrast, failure to show strong commitment to compliance can attract federal scrutiny. A “check-the-box” mentality to third-party due diligence can result in millions, even billions, of dollars in fines, significant prison sentences, and revenue impact.
Connect the Dots
Converge and coordinate your compliance efforts to address the FCPA, anti-money laundering, and other regulations governing your foreign and domestic transactions. Conduct that violates the FCPA could violate other laws as well. For instance, anti-money laundering statutes are implicated whenever organizations funnel bribes through financial institutions to foreign government officials or third-party intermediaries. Bribes or money laundering activities facilitated through wire transfers can similarly constitute wire fraud. Such conduct can further amount to tax violations and spur criminal charges from the IRS.
The pitfalls underscore the importance of complying with the complex maze of statutes and controls that govern global supply chains. Rather than having separate groups address fraud, sanctions, and the FCPA, consider consolidating those resources under one compliance umbrella. Converged resources provide access to larger data sets and more tools for analyzing that data. Legal violations and business fraud share many common elements, so a red flag in one area may reveal a crime in another. Just the same, multiple compliance functions that collaborate are more likely to spot anomalies or find clues that independent investigations might miss.
Connecting these compliance dots means carefully managing your organizational transformations to ensure groups work well together to achieve your goals and protect your business. Convergence opens up new opportunities for cross-pollination of best practices, not to mention potential new career paths, efficiencies, and reduced risk.
Enhance Discovery
Make third-party due diligence a cornerstone of your compliance program. Third parties are a common vehicle for transmitting bribes and other illicit conduct. Agents, consultants, and distributors are commonly used to conceal bribe payments to foreign officials in global business transactions.
But third-party due diligence doesn’t focus solely on agents and other representatives. It is also critical for mergers, acquisitions, and joint ventures to avoid inheriting potential FCPA-related violations. Financial institutions must carefully monitor sovereign wealth funds to remain compliant with the FCPA, anti-money laundering laws, and the Patriot Act. And in some cases, companies are required by statute to screen customers and suppliers against lists of known terrorists as well as sanctioned parties and countries.
A rigorous third-party compliance process begins with onboarding and identification, followed by thorough screening against databases of relevant compliance information on companies and individuals. Analysis and risk assessment may prompt further investigation of certain third parties. Robust case management and workflow capabilities also help this process; for many companies, data visualization can reveal risks on an enterprise scale. And last but not least, an effective workflow that documents decisions and provides an audit trail can help you demonstrate your adherence to the compliance program.
A program that coordinates compliance activities across your organization and exploits new technologies to reveal once-hidden partner relationships and risks is vital to protecting your business. Dependability and consistency are key – not perfection. With your comprehensive compliance framework in place, you can build your program, connect the dots, and enhance discovery to minimize changing risk profiles and compete aggressively in the global marketplace.
Kelvin Dickenson leads Compliance Solutions for D&B and has over 25 years experience managing risk and compliance in financial services. He has worked at D&B for the past 8 years and prior to that he directed regulatory compliance, credit, loss prevention/risk management and collections activity for a major credit card bank. Kelvin’s body of work ranges from designing compliance procedures to writing lending policies. He is now focused singularly on regulatory compliance relative to third parties and is a member of the advisory board at the Association of Certified Financial Crime Specialists.
Loading...