No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home FCPA

Book-Ending FCPA Compliance: The Importance of Risk Assessments and Monitoring

by Matteson Ellis
January 12, 2015
in FCPA
Book-Ending FCPA Compliance: The Importance of Risk Assessments and Monitoring

Over the last four years, at ACI’s winter International Conference on the FCPA, enforcement officials have repeatedly placed special emphasis on two specific compliance areas: risk assessments and monitoring.

To be sure, these officials have discussed many of the essential elements of an effective anti-corruption compliance program, including tone from the top, internal reporting mechanisms, trainings and third-party due diligence. But this year, as in the past, they spent an inordinate amount of time talking about the “bookends” of compliance; namely, (1) the risk assessments from which companies should design their compliance programs and (2) the monitoring and testing that should occur after implementation to ensure that the programs are implemented effectively.

Enforcement emphasis on these areas makes sense, since they are actions that provide key assurance that corporate compliance systems are more than words on paper. For the same reason, these should be key areas of focus for compliance officers. The following comments made at 2014’s ACI conference offer more detail about what SEC and DOJ officials hope to see.

The Importance of Risk Assessments. Patrick Stokes, the Deputy Chief of the FCPA Unit of the Fraud Section of the DOJ’s Criminal Division, said, “We expect companies to be thoughtful about risk assessments. What we want are companies that are thoughtfully identifying where their real FCPA risks are and focusing on those.”

He said that companies should think critically about how they engage third parties in high-risk jurisdictions, where they contract with the government sector and where they have relationships with foreign officials. He said that the DOJ does not go into a meeting expecting to see specific compliance measures. Instead, the DOJ wants companies to identify for themselves their highest risks and explain how they are addressing those risks: “Just as we don’t want companies to have a check-the-box program, we don’t have one for evaluating them.”

Mr. Stokes added, “We have no expectation that a compliance program will be perfect and is going to catch all bad conduct. We understand that bad actors will try to work around controls and try to evade them. But we expect that programs are well thought-out to prevent this.”

The Chief of the FCPA Unit of the SEC’s Enforcement Division, Kara Brockmeyer, explained further that companies need to “get out into the field” and talk to their people about how they are doing business, where they touch the government and other risks at play. She added that companies’ risk profiles often change over time. For example, a company might have a foreign-based manufacturing facility that only sells back to the United States, but then purchases another facility with significant sales to foreign government officials: “At that point risks change, and [companies] need to be focused on them.” Such changes can be detected through periodic risk assessments.

The Importance of Monitoring. In 2014, enforcement authorities once again stressed the importance of monitoring and testing compliance programs. Mr. Stokes said, “Many times companies have designed a… robust program, but [failed] to test it. What we expect is to not only have on paper a program, but to test it, to make sure it is working.”

Ms. Brockmeyer discussed how a company can leverage its internal audit department to test its compliance program. For example, a heavy reliance on petty cash creates a high risk of off-the-book payments, and internal audit can be leveraged to address this type of risk. It can check if certain third parties are included on approved vendor lists and have been subject to due diligence. It can look at reimbursements related to gifts, travel and entertainment. She said that companies can “tack on” these types of tests to regular audits, and that they do not necessarily require a separate FCPA component.

What if risk assessments and monitoring are missing? From statements made by enforcement officials, it appears that they would consider a lack of a serious risk assessment to suggest a lack of commitment, or a program that is merely paper in nature. If there is a violation, it makes it less likely that companies will get the full benefit of a compliance program. A lack of monitoring would have a similar effect – it suggests to law enforcement that a company is more interested in saying that it has a compliance program than it is in addressing actual corruption risks.

Risk assessments and monitoring are not the most talked about elements of FCPA compliance programs, but they are fundamental to getting FCPA compliance right.  Enforcement officials have repeatedly made it clear that they think these issues belong in the foreground of corporate compliance efforts. In case that message has not been received, there is an excellent chance that enforcement officials will be saying it again at this year’s conference. 

 


Tags: MonitoringRisk AssessmentTone at the Top
Previous Post

Tips and Traps in Managing Social Media at Work

Next Post

Change Management Checklist for HR: An Essential Tool for HR and Organizational Transformation

Matteson Ellis

Matteson Ellis

Matteson Ellis serves as Special Counsel to the FCPA and International Anti-Corruption practice group of Miller & Chevalier in Washington, DC.  He is also founder and principal of Matteson Ellis Law PLLC, a law firm focusing on FCPA compliance and enforcement. He has extensive experience in a broad range of international anti-corruption areas. Previously, he worked with the anti-corruption and anti-fraud investigations and sanctions proceedings unit at The World Bank. Mr. Ellis has helped build compliance programs associated with some of the largest FCPA settlements to date; performed internal investigations in more than 20 countries throughout the Americas, Asia, Europe and Africa considered “high corruption risk” by international monitoring organizations; investigated fraud and corruption and supported administrative sanctions and debarment proceedings for The World Bank and The Inter-American Development Bank; and is fluent in Spanish and Portuguese. Mr. Ellis focuses particularly on the Americas, having spent several years in the region working for a Fortune 50 multinational corporation and a government ethics watchdog group. He regularly speaks on corruption matters throughout the region and is editor of the FCPAméricas Blog. He has worked with every facet of FCPA enforcement and compliance, including legal analysis, internal investigations, third party due diligence, transactional due diligence, anti-corruption policy drafting, compliance training, compliance audits, corruption risk assessments, voluntary disclosures to the U.S. government and resolutions with the U.S. government. He has conducted anti-corruption enforcement and compliance work in the following sectors: agriculture, construction, defense, energy/oil and gas, engineering, financial services, medical devices, mining, pharmaceuticals, gaming, roads/infrastructure and technology. Mr. Ellis received his law degree, cum laude, from Georgetown University Law Center, his masters in foreign affairs from Georgetown’s School of Foreign Service, and his B.A. from Dartmouth College. He co-founded and serves as chairman of the board of The School for Ethics and Global Leadership in Washington, D.C. He is a member of the District of Columbia, Texas, New York, and New Jersey bar associations. Mr. Ellis is also author of The FCPA in Latin America: Common Corruption Risks and Effective Compliance Strategies for the Region.

Related Posts

ai policy

Planning Your AI Policy? Start Here.

by Bradford J. Kelley, Mike Skidgel and Alice Wang
May 7, 2025

Effective AI governance begins with clear policies that establish boundaries for workplace use. Bradford J. Kelley, Mike Skidgel and Alice...

business relationship concept hands

Relationship (Owner) Goals: Why Half Your TPRM Red Flags Stay Hidden

by Chris Audet
April 9, 2025

The front-line staff who manage vendor relationships are uniquely positioned to spot problems before they escalate, yet many organizations fail...

farm silos

Siloed Thinking, Scattered Compliance: The Leadership Challenge in GRC

by Anna Muzalska
April 7, 2025

Strong leadership and integrated communication prove as critical to compliance success as policies and procedures alone

cute robot looking at financial volumes

AI’s Dual Role in FinServ Risk Management

by Nalini Priya Uppari
March 28, 2025

As technology evolves, so do the tools that help banks and investment firms maintain stability amid uncertainty

Next Post
Change Management Checklist for HR: An Essential Tool for HR and Organizational Transformation

Change Management Checklist for HR: An Essential Tool for HR and Organizational Transformation

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights