Tue, Oct 8, 2013

Independent Monitors: Not Just for Enforcement Actions Anymore

Enhanced government scrutiny in the global regulatory environment has incentivized companies to strengthen their anti-money laundering and anti-corruption practices. Penalties are increasing, with exposure for violations under the Foreign Corrupt Practices Act (“FCPA”) and other laws and regulations in some cases running upwards of hundreds of millions of dollars. The consequences of non-compliance are not only monetary; associated negative publicity can also severely damage a company’s reputation and decrease its ability to do business.

FCPA enforcement actions are usually resolved through deferred prosecution agreements and non-prosecution agreements, which often impose an independent monitor to ensure the company’s previous failures are not repeated and that adequate safeguards are put in place to ensure compliance with Bank Secrecy Act (“BSA”) and anti-money laundering requirements. Such monitors are becoming increasingly utilized at the federal, state and even local level of government.

Effective Compliance Requires Focus on Implementation and Enforcement

Although companies may have a compliance structure in place, such existing intended safeguards are often inadequate: Employees need to be trained on compliance with the FCPA, reporting structures must be properly aligned, and the system of internal financial controls needs to be audited and periodically re-assessed and re-evaluated. FCPA anti-bribery provisions, as well as the books and records and internal control requirements, necessitate very specific training. An appropriate external monitor already has the team infrastructure, skills and expertise to provide education; track expense reports and transactions; audit financials; and impose controls necessary to prevent, deter and detect improper payments.

Companies frequently do not have adequate internal controls to ensure compliance with applicable policies, procedures and practices. Even if such controls do exist, they are often unenforced. According to a separate survey conducted for Kroll’s recent Anti-Bribery and Corruption Report, 18% of respondents said they either do not have an anti-corruption policy, or have an anti-corruption policy but do not require their employees to read it. Further, 47% of all respondents said they conduct no anti-corruption training with their third parties. Of those who do train their third parties on anti-corruption, only 30% believe their efforts are effective.

In some of the most high-profile cases to date, Kroll has been tasked with the implementation and testing of compliance programs designed to ensure compliance with the BSA and anti-money laundering requirements. In relevant cases, Kroll typically employs a sampling and risk assessment approach to investigate potential issues, such as monitoring employee payroll records for unusual activity and performing spot-audits of various subcontractors. For example, Kroll was retained by a major metropolitan housing authority to conduct management reviews and assessments of performance using best practices and appropriate levels of internal control. In Asia, Kroll led an FCPA compliance review on an acquisition target for a dual Hong Kong and U.S.-listed company. Kroll’s investigation and review led to the implementation of a comprehensive compliance program.


Safeguards Must Go Beyond Reliance on Internal Controls

Companies that think their internal audit teams are an adequate safeguard need to look no further than one major financial company, which agreed to pay a nine-figure sum to settle charges of LIBOR manipulation. These charges were largely attributed to a lack of oversight by the firm’s compliance program and internal audit, as well as failure on the part of the New York Federal Reserve to adequately monitor the integrity of LIBOR rates. Another big bank recently reached an approximate $2 billion settlement with the Department of Justice to settle claims of anti-money laundering and counter terrorism financing. The settlement included the position of Independent Compliance Monitor.


Independent Monitors Play Key Role for Ongoing and Future Compliance

As recently as May 2013, the Securities and Exchange Commission (“SEC”) charged a European company with FCPA violations of bribing intermediaries of a foreign government official to obtain contracts. The company agreed to a very significant payment to settle the SEC and criminal charges and to hire a corporate compliance monitor to assist with implementing and testing a compliance and ethics program.

The utilization of monitors is becoming more common in the construction industry. For example, a major U.S. city decided the best course of action was for the general contractor on certain construction projects to designate a small percentage of the contract price for a monitor to help prevent safety violations, abuse of workers or other violation of law on-site. Less than 1% of the contract price is set aside to ensure compliance with construction, banking, anti-money laundering, safety and environmental laws and regulations. For that relatively small cost of having an independent monitor on-site, the benefit to the City and the general contractors is significant.

An appropriate external monitor will be in a good position to prevent FCPA violations, construction fraud, labor law violations and other legal and financial exposure. Monitors can provide an independent assessment and are often better suited than an internal compliance department to develop, implement, test, analyze and improve the compliance controls and programs in place, in addition to identifying and addressing areas of non- compliance. It is important to take proactive measures to address FCPA, BSA and other legal compliance and potential fraud. If a company is cited for FCPA or other violations, having had an effective compliance program will often reduce the ultimate penalties.

Learn more about fraud statistics and trends in Kroll’s annual Global Fraud Report.


Compliance Risk and Diligence

The Kroll Investigations, Diligence and Compliance team partners with clients to anticipate, detect and manage regulatory and reputational risks associated with global ethics and compliance obligations.