As international and domestic regulators continue to focus on businesses operating in Asia, we at Kroll are regularly asked by general counsel and chief compliance officers (“CCOs”) for best practices on creating, enforcing and monitoring a global compliance program that connects employees, third parties and senior management.
A good foundation for building compliance programs can be found in a number of statutory guidelines that are currently in place, including:
Many of these statutory guidelines address the same broad issues, such as leadership, risk assessments, standards and controls, training and communication, and oversight. These themes are well-described, and the expectation from enforcement agencies is, in theory, clear though evolving. However, they do not take into account the commercial reality of doing business, especially in regions such as Southeast Asia where compliance standards have traditionally lacked the rigor of those in the West.
The realities of making a global compliance program work
To understand the realities and challenges that CCOs face, Kroll recently surveyed over 250 CCOs across the globe, exploring a wide range of issues affecting compliance programs. Respondents were from diverse industries, including business services, finance, manufacturing and insurance, with each respondent’s company averaging over 22,000 employees. Our findings, which were released in Kroll’s annual Anti-Bribery and Corruption Benchmarking Report (“ABC Report”), provide interesting insight across four main themes: key risks, third parties, due diligence processes and overall program effectiveness.
We have found that most of the main risks faced by companies today remain the same as in previous years, with bribery, money laundering, bid-rigging and price-fixing being named key issues. Human trafficking was also noted as a potential risk and is particularly relevant in Asia. Recent U.S. regulations, such as the California Transparency in Supply Chains Act and the Executive Order Against Trafficking in Persons in Federal Contracts, as well as the draft Modern Slavery Bill in the UK, signal an emerging regulatory framework that will require companies to actively assess and respond to labor-related issues within their supply chains.
The fundamentals of effectively addressing all of these risks remain the same, i.e., knowing your business partner, conducting effective due diligence, training those acting on your behalf and considering the use of technology to save time and streamline the process. We found that entities which have experienced regulatory issues have invested heavily in compliance programs. Otherwise, most companies appear to have held off on investing internal resources, possibly because the level of enforcement activity, high-profile cases and fines have not reached the market expectations of two years ago. However, enforcement actions, coupled with potentially significant financial costs and reputational damage, do present a real issue for clients in Asia. In fact, we often see Asian subsidiaries (often acquired inorganically) of multinational corporations facing the biggest issues of adhering to a central ABC policy.
Manage third party risks with technology
The ABC Report found that third parties continue to be a risk. No doubt, many organizations find the sheer number of third parties engaged daunting, especially if they have large distribution channels and supplier relationships.
The use of technology and platforms where third parties can self-certify adherence to an ABC policy has proved helpful, but there is still a gap when it comes to training. In particular, our finding that many different levels of training are being deployed is especially troublesome given how often third party payments are at the heart of FCPA and anti-bribery proceedings.
Companies are also challenged with undertaking enhanced due diligence on a third party, especially in their local language, which is of paramount importance where there is interaction with foreign officials. Likewise, monitoring existing third party relationships is equally important; a long-standing commercial relationship does not necessarily mean that a third party’s operating procedures won’t change and place a company at risk.
A risk-based approach that prioritizes key relationships by revenue and concurrently considers jurisdictional risk (where the third party operates) is therefore essential. It is in these areas where
technology can play a vital role in a robust, risk-based compliance program by helping an organization better manage often relatively scarce resources for a global program. Even though in-person training is always favored by regulators, it may not always be commercially viable for some remote regions where a company has operations. Using technology to train third parties (as well as employees) in their native language can be a cost-effective and productive way to deliver this training.
Automation can also mitigate other ABC risks. For example, detecting payment abnormalities by employing data analytics can flag high-risk transactions before the matter becomes a live issue. Such systems will require calibration depending on a client’s industry and its geographic operations; determining what is deemed high risk can be helpful in streamlining processes aligned to compliance.
The good news is that the ABC Report showed that many risks appeared to have plateaued; CCOs are also generally well-informed on the tools available to them to implement a coherent strategy. The challenge remains in deploying sufficient resources to be balanced with commercial realities in a manner which is seen as adequate when regulators come calling.
If you have any questions or would like to learn more about how Kroll can help with your compliance efforts, please contact us.