Anti-corruption risk has far-reaching consequences for organizations if not managed correctly, including large fines and reputational damage from non-compliance with the FCPA or UK Bribery Act. A Refinitiv webinar examined the benefits of a risk-based approach and pivotal role of technology in enhanced due diligence.
- Managing anti-corruption risk is not straightforward, with greater global co-operation among regulators posing a major enforcement threat to organizations.
- By focusing resources on those identified, through an RBA, as posing a higher risk, compliance teams can ensure that overstretched resources are used in the most efficient manner.
- It is crucial to combine data and technology with trusted human intelligence for the best and most comprehensive solution to managing anti-corruption risk.
A recent webinar hosted by Refinitiv has looked in detail at the UK Bribery Act (UKBA) and the Foreign Corrupt Practices Act (FCPA), including the severe consequences of the legislation for any organization that fails to manage its anti-corruption risk.
The session heard from Ruby Hamid, Counsel — Disputes, Litigation & Arbitration at Freshfields, and Sylwia Wolos, Head of Enhanced Due Diligence at Refinitiv.
Hamid said reasons to avoid anti-corruption risk included large fines, the threat of individual convictions, as well as the potentially negative impact on a share price and morale, and possibly worst of all, reputational damage.
Avoiding anti-corruption risk, however, is not straightforward.
In particular, the trend towards extensive international collaboration among regulators poses a major enforcement threat to compliance teams.
Another factor to consider is the expanding scope of the meaning of a bribe. The heart of a bribe is linked to giving or receiving a benefit, and this can extend even to the level of hospitality offered by a company.
Hamid notes that financial services firms have been a recent target of enforcement activity and that there is now a stronger emphasis on reporting, cooperation and, importantly, remediation.
Prevention of future wrongdoing has become crucial.
Looking specifically at the UKBA, Hamid says that two separate offenses — general offenses and a corporate failure to prevent an offense — mean that the legislation has broad application, but also points out the extended reach of the Act.
Wherever the bribery occurs, if the company or individual implicated has enough of a link to the UK then the UKBA applies.
When it comes to compliance defense, what matters is being able to demonstrate that you have adequate compliance procedures in place to prevent bribery and corruption in the normal course of business.
In terms of winning the war on corruption, Hamid says: “When working towards eradicating corruption, we need to look at both the financial and the human aspects.
“A combination of corporate fines and individual accountability will yield the best results in the end.”
Managing third-party risk
A staggering 96 percent of FCPA investigations from 2005 to 2016 involved third parties.
Extensive international collaboration and the global reach of legislation mean that it is now more important than ever for compliance teams to identify and monitor the risk inherent in often vast third-party networks.
Organizations should therefore perform thorough risk assessments on all third parties to identify those that require additional scrutiny in the form of enhanced due diligence (EDD).
Two key components of a rigorous risk assessment include analyzing country risk and industry risk, although Wolos is quick to point out that no sector is immune from risk.
Other factors to consider are whether there is any political exposure, the commercial value of the relationship, potential government exposure, and inclusion on sanctions or blacklists.
A third-party risk assessment should result in a classification of high, medium or low risk, so that organizations can determine the appropriate level of due diligence that should be applied to that third-party relationship in line with the risk-based approach.
By focusing resources on the highest risk relationships, compliance teams can ensure that overstretched resources are used in the most efficient manner.
Obtaining EDD data
When conducting EDD, available sources of data include open sources, such as the internet; databases such as PEP or sanctions blacklists; and public records or official government sites such as company registers.
In-house due diligence teams, particularly smaller ones, may struggle to access these data sources, particularly in remote jurisdictions or where information is difficult to acquire.
Wolos explains: “Very often the challenge for in-house compliance teams working with third parties across the globe is understanding which sources are the best and most reliable in a particular jurisdiction.
“Obtaining information can be a slow and tedious process in many countries and you need to have a resource on the ground to manually collect non-digitized information.
“This is difficult for smaller in-house teams who may benefit from having a trusted EDD partner who can offer on-the-ground local business knowledge and can help with efficient information collection in difficult jurisdictions.”
The role of technology in EDD
Technology has a pivotal role to play in EDD and can deliver operational efficiencies, streamline data, and result in a better customer experience.
For example, machine learning can help the research process by collecting and collating content more quickly and precisely than manual processes allow.
Wolos is, however, quick to remind us that it is crucial to combine data and technology with trusted human intelligence for the best and most comprehensive solution to managing anti-corruption risk and remaining compliant in the face of ever-expanding legislation.