No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home FCPA

Book-Ending FCPA Compliance: The Importance of Risk Assessments and Monitoring

by Matteson Ellis
January 12, 2015
in FCPA
Book-Ending FCPA Compliance: The Importance of Risk Assessments and Monitoring

Over the last four years, at ACI’s winter International Conference on the FCPA, enforcement officials have repeatedly placed special emphasis on two specific compliance areas: risk assessments and monitoring.

To be sure, these officials have discussed many of the essential elements of an effective anti-corruption compliance program, including tone from the top, internal reporting mechanisms, trainings and third-party due diligence. But this year, as in the past, they spent an inordinate amount of time talking about the “bookends” of compliance; namely, (1) the risk assessments from which companies should design their compliance programs and (2) the monitoring and testing that should occur after implementation to ensure that the programs are implemented effectively.

Enforcement emphasis on these areas makes sense, since they are actions that provide key assurance that corporate compliance systems are more than words on paper. For the same reason, these should be key areas of focus for compliance officers. The following comments made at 2014’s ACI conference offer more detail about what SEC and DOJ officials hope to see.

The Importance of Risk Assessments. Patrick Stokes, the Deputy Chief of the FCPA Unit of the Fraud Section of the DOJ’s Criminal Division, said, “We expect companies to be thoughtful about risk assessments. What we want are companies that are thoughtfully identifying where their real FCPA risks are and focusing on those.”

He said that companies should think critically about how they engage third parties in high-risk jurisdictions, where they contract with the government sector and where they have relationships with foreign officials. He said that the DOJ does not go into a meeting expecting to see specific compliance measures. Instead, the DOJ wants companies to identify for themselves their highest risks and explain how they are addressing those risks: “Just as we don’t want companies to have a check-the-box program, we don’t have one for evaluating them.”

Mr. Stokes added, “We have no expectation that a compliance program will be perfect and is going to catch all bad conduct. We understand that bad actors will try to work around controls and try to evade them. But we expect that programs are well thought-out to prevent this.”

The Chief of the FCPA Unit of the SEC’s Enforcement Division, Kara Brockmeyer, explained further that companies need to “get out into the field” and talk to their people about how they are doing business, where they touch the government and other risks at play. She added that companies’ risk profiles often change over time. For example, a company might have a foreign-based manufacturing facility that only sells back to the United States, but then purchases another facility with significant sales to foreign government officials: “At that point risks change, and [companies] need to be focused on them.” Such changes can be detected through periodic risk assessments.

The Importance of Monitoring. In 2014, enforcement authorities once again stressed the importance of monitoring and testing compliance programs. Mr. Stokes said, “Many times companies have designed a… robust program, but [failed] to test it. What we expect is to not only have on paper a program, but to test it, to make sure it is working.”

Ms. Brockmeyer discussed how a company can leverage its internal audit department to test its compliance program. For example, a heavy reliance on petty cash creates a high risk of off-the-book payments, and internal audit can be leveraged to address this type of risk. It can check if certain third parties are included on approved vendor lists and have been subject to due diligence. It can look at reimbursements related to gifts, travel and entertainment. She said that companies can “tack on” these types of tests to regular audits, and that they do not necessarily require a separate FCPA component.

What if risk assessments and monitoring are missing? From statements made by enforcement officials, it appears that they would consider a lack of a serious risk assessment to suggest a lack of commitment, or a program that is merely paper in nature. If there is a violation, it makes it less likely that companies will get the full benefit of a compliance program. A lack of monitoring would have a similar effect – it suggests to law enforcement that a company is more interested in saying that it has a compliance program than it is in addressing actual corruption risks.

Risk assessments and monitoring are not the most talked about elements of FCPA compliance programs, but they are fundamental to getting FCPA compliance right.  Enforcement officials have repeatedly made it clear that they think these issues belong in the foreground of corporate compliance efforts. In case that message has not been received, there is an excellent chance that enforcement officials will be saying it again at this year’s conference. 

 


Tags: MonitoringRisk AssessmentTone at the Top
Previous Post

Tips and Traps in Managing Social Media at Work

Next Post

Change Management Checklist for HR: An Essential Tool for HR and Organizational Transformation

Matteson Ellis

Matteson Ellis

Matteson Ellis serves as Special Counsel to the FCPA and International Anti-Corruption practice group of Miller & Chevalier in Washington, DC.  He is also founder and principal of Matteson Ellis Law PLLC, a law firm focusing on FCPA compliance and enforcement. He has extensive experience in a broad range of international anti-corruption areas. Previously, he worked with the anti-corruption and anti-fraud investigations and sanctions proceedings unit at The World Bank. Mr. Ellis has helped build compliance programs associated with some of the largest FCPA settlements to date; performed internal investigations in more than 20 countries throughout the Americas, Asia, Europe and Africa considered “high corruption risk” by international monitoring organizations; investigated fraud and corruption and supported administrative sanctions and debarment proceedings for The World Bank and The Inter-American Development Bank; and is fluent in Spanish and Portuguese. Mr. Ellis focuses particularly on the Americas, having spent several years in the region working for a Fortune 50 multinational corporation and a government ethics watchdog group. He regularly speaks on corruption matters throughout the region and is editor of the FCPAméricas Blog. He has worked with every facet of FCPA enforcement and compliance, including legal analysis, internal investigations, third party due diligence, transactional due diligence, anti-corruption policy drafting, compliance training, compliance audits, corruption risk assessments, voluntary disclosures to the U.S. government and resolutions with the U.S. government. He has conducted anti-corruption enforcement and compliance work in the following sectors: agriculture, construction, defense, energy/oil and gas, engineering, financial services, medical devices, mining, pharmaceuticals, gaming, roads/infrastructure and technology. Mr. Ellis received his law degree, cum laude, from Georgetown University Law Center, his masters in foreign affairs from Georgetown’s School of Foreign Service, and his B.A. from Dartmouth College. He co-founded and serves as chairman of the board of The School for Ethics and Global Leadership in Washington, D.C. He is a member of the District of Columbia, Texas, New York, and New Jersey bar associations. Mr. Ellis is also author of The FCPA in Latin America: Common Corruption Risks and Effective Compliance Strategies for the Region.

Related Posts

credit score gauge

Sales at All Costs? Unified Credit Risk Management Can Squash Bad Deals Before They Happen

by Matthew Debbage
March 15, 2023

The collapse of a business doesn’t usually happen all at once. There are warning signs. Late payments, legal filings and...

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

personnel management

Preparing for Budget Cuts in 2023? Be Sure Personnel Management Isn’t on the Chopping Block

by Vera Cherepanova
March 1, 2023

For compliance departments that need to do more with less, it’s tempting to lean into automated systems. Compliance and ethics...

red flag warnings

Fostering Risk Transparency in the Organization

by Jim DeLoach
November 9, 2022

Serious risks to your company’s financial and reputational health probably aren’t going to walk up and introduce themselves. Protiviti’s Jim...

Next Post
Change Management Checklist for HR: An Essential Tool for HR and Organizational Transformation

Change Management Checklist for HR: An Essential Tool for HR and Organizational Transformation

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT