Corruption and third-party risk were certainly hot topics at this year’s Compliance Week conference. Following on the heels of the conference comes a report from Kroll showing that fifty percent of companies expect corruption risk to increase in the next 12 months—most of those companies cite market expansion as the reason. Don’t think that FCPA regulators aren’t seeing this, too. They are and they’re telling organizations to be very wary of third-party risk in their anti-corruption efforts.
While we might see the DOJ and SEC as strict governing bodies waiting for us to make a mistake, speakers at this year’s conference painted a different picture. Charles Duross, Deputy Chief of the FCPA Unit at the DOJ, stated matter of factly, “investigators do not expect a pristine environment… what matters to the government is that a program was in place and it was followed.” Companies can score points with FCPA investigators – they call it “meaningful credit,” but it’s more like “compliance cred”—when they can demonstrate exactly how they responded to a concern.
As for the expected rise in risk, what does the DOJ suggest as the cause? This year regulators predict third party risk and risk from mergers and acquistions will be key pain points for many companies. Third-party risk is prevalent, because it can be hard to enforce and verify that your vendors have completed compliance training. Likewise for companies expanding globally, an acquisition could mean that you are now operating in countries or regions where bribery is seen as part of the regular business process.
Identify your trouble areas! Knowing where you can expect increased compliance risk will help you target your anti-bribery and corruption efforts. Tackling the problem by fighting the symptoms is one solution (and it can and does make a difference), but having an “enhanced” compliance program, as regulators and investigators want to see, requires more integration across your entire compliance program. Robust reporting and tracking are essential, providing the intel to certify which employees and third parties have received proper training, and certified having read the right policies—and which ones have not.
Remember, zero hotline reports does not mean zero problems. Kara Novaco Brockmeyer, Chief of the SEC’s FCPA unit said, “One of the best signs of a successful program is that concerns rise to the surface” and that an organization responded to a concern and implemented remediation.
It is no longer enough to ensure a commitment to ethics and compliance within your own company. The new global expectation is that you know who your third parties are, have vetted them, and are consistently monitoring for misconduct and remediating incidents that occur.
Request a Demo!