If we take a closer look at what constitutes an effective compliance programme, a good place to start is with the 10 hallmarks identified in A Resource Guide to the U.S. Foreign Corrupt Practices Act (FCPA Guide):
- Commitment from senior management and a clearly articulated policy against corruption
- Code of conduct and compliance policies and procedures
- Oversight, autonomy, and resources
- Risk assessment
- Training and continuing advice
- Incentives and disciplinary measures
- Third party due diligence and payments
- Confidential reporting and internal investigation
- Continuous improvement: periodic testing and review
- Mergers and acquisitions: pre-acquisition due diligence and post-acquisition integration
While the case can be made that automation can support most hallmarks, third party due diligence and risk assessment are two areas in particular where employing a compliance technology portal can be very beneficial. An automated solution can screen and filter results; assist with risk assessments and rankings; signal when users should consider enhanced due diligence; and carry out ongoing monitoring.
Companies are increasingly incorporating technology and automation into their anti-bribery and corruption compliance programmes. However, studies and anecdotal evidence suggest that these efforts are often disjointed or even non-existent. For example, a survey of compliance professionals commissioned by Kroll reveals that: 29 percent of respondents do not automate any of their anti-corruption compliance efforts at all; and only 26 percent use automation for vetting third parties.
Given the potential for efficiencies and high-quality results, leveraging technology to its fullest extent, in our experience, should be a priority for compliance officers contending with the complexities of anti-bribery and anti-corruption legislation. The US Department of Justice and the US Securities and Exchange Commission certainly provide a strong incentive for automation. According to the Principles of Federal Prosecution of Business Organisations mentioned in the FCPA Guide, “Nine factors are considered in conducting an investigation, determining whether to charge a corporation, and negotiating plea or other agreements,”; two of which are: the existence and effectiveness of the corporation’s pre-existing compliance programme; and the corporation’s timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents.
Taking advantage of automation within the context of a compliance platform offers many benefits to organisations, especially their compliance teams grappling with limited resources and multiple jurisdictions. For example, automation enables compliance officers to manage multiple facets of their compliance programmes, and to quickly and more easily satisfy reporting and documentation requirements, addressing the principle of “timely disclosure” described above. Moreover, by capitalising on synergies between the various components in a compliance portal, organisations can potentially also spot red flags earlier.
When considering a compliance portal and automation solutions, we recommend that the following key questions be considered:
- Is the full spectrum of due diligence available through the portal?
- Does the portal offer analyst-driven research that goes beyond off-the-shelf data solutions?
- Is the portal configurable and scalable?
- Can it manage the third party life cycle end-to-end?
- Does it facilitate the audit of third parties over time?
- What kind of data security architecture does it employ?
As the spotlight on anti-bribery and anti-corruption laws continues to intensify, the sooner automation is integrated into the compliance programme, the sooner companies will reap the benefits.
Originally posted on In-House Community.com, December 2015