Tuesday, January 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Breaking Down Silos to Improve Risk Assessments in Foreign Jurisdictions

4 Ways to Conduct Effective Assessments in Other Countries

by Ken Jones and Lindi Jarvis
September 3, 2020
in Featured, Risk
die in place of globe

Too often, companies are siloed in their approach to assessing risk in foreign jurisdictions. FTI Consulting’s Ken Jones and Lindi Jarvis explore what companies should keep in mind when developing and refining their overarching risk assessment methodologies.

For many companies, breaking down the organizational barriers that impede seamless interactions and operations is a clear priority. However, this is easier said than done, which is why many organizations have not figured out how to effectively collapse these walls.

In risk management, silos prevent management from having a view into all the risks impacting a business at any given time. Far too often, companies are siloed in both their organizational structure and their approach to assessing risk, especially in foreign jurisdictions, resulting in management being unsure about the true risks and if they are funding the right programs. This leads to confusion regarding how to prioritize certain risks, which is inefficient and costly.

For example, a pharmaceutical company may have research and development operations in six countries, processing facilities in nine countries and sales and distribution in another 20. Similarly, financial services firms may have some combination of retail banking, broker-dealer and asset management in various countries. Understanding the risks associated with the types of facilities, products and services – while at the same time considering the global and local country regulatory requirements – is a daunting task, especially when management doesn’t have a clear view of risk across all operations.

Far too often, companies develop siloed strategies for one risk, such as fraud or money laundering. However, by looking at related risks (fraud, anti-bribery and corruption, money laundering, export sanctions and cyber) simultaneously, management can have a true understanding of the entire risk landscape and a roadmap to address top priority risks.

Instead, companies should focus on developing a global risk strategy that might include annual risk-based rotations, surprise assessments, proper exchanges and coordination between the first, second and third lines of defense.

The Benefits of Holistic Risk Management

The benefits of reviewing related risks in tandem are plentiful. Companies can determine which risk assessments make sense for each country based on knowledge of investigations, regulations, products, services and operations in that specific country.

For example, a company might be planning a Foreign Corrupt Practices Act (FCPA) risk assessment of offices in foreign jurisdictions. But by simultaneously conducting a fraud and FCPA risk assessment, the company will be more likely to succeed in identifying the greatest risks for that country and addressing related procedures and controls. The result is that the company will spend time, effort and resources on the areas in greatest need of remediation.

Understanding the full risk landscape allows companies to prevent incidents proactively or help improve a compliance program after a criminal or ethical violation. Regulators are far less tolerant of repeated risk failures in their country. For example, if a company addresses control failures after an insider fraud incident, then later experiences a bribery and corruption scandal, regulators might believe the broader compliance program is sub-par.

A second incident has a significantly larger impact, ranging from regulatory fines, enhanced scrutiny, diminished reputation, reduced ability to expand operations and other costs. Conducting a cross-functional risk assessment can reduce the likelihood of a repeated offense and the related impacts and costs.

Well, how do we get there?

Organizations have struggled to break down barriers and silos for years. However, there are ways to assess risk in other countries that can be fruitful, efficient and cost-effective. Here are four examples:

1. Evaluate the Current Risk Assessment Methodology

For many organizations, it will be critical to review and refine the current risk assessment methodology to be more comprehensive. Risk assessors should completely understand the business environment, including products, services, locations, workforce and clients. They should know related policies (fraud, anti-money laundering, bribery and corruption, export controls and sanctions), procedures and past assessments. Additionally, it’s important for companies to have an understanding of the most pressing regulatory guidance – including both within the country of the assessment and the regulations with global reach.

2. Cross-Training

Sending a team to execute a risk assessment in a foreign country is expensive and often these individuals may not have the in-depth knowledge of domestic laws, regulations and customs. Without cross-training, cross-functional risk assessments generally require several people, which increases costs even more.

By cross-training risk assessors, companies can reduce costs and further develop compliance personnel by broadening their understanding of inter-related risks, such as fraud, money laundering, bribery and corruption. By expanding the knowledge of individuals, barriers are inherently broken down as people can take on more tasks and greater understanding of risk.

Risk assessors who have experience conducting fraud, money laundering, anti-bribery and corruption, sanctions and cyber risk assessments across a broad industry spectrum bring an added benefit to companies, such as a knowledge in a variety of schemes, governance, controls, data, intelligence, analytics, alerting and management information, which is adaptable and highly beneficial to any company.

3. Tap into Outside Resources

The daunting task of maintaining familiarity with both global regulations and local laws is essential to understand the true regulatory risks impacting global corporations (such as the U.S. FCPA and the U.K. Bribery Act) and local laws, such as Brazilian Antitrust laws.

Many companies seek external support simply because it can be difficult to keep up with the changing regulatory environment if the company has operations in a large number of countries. Additionally, peer comparisons can be extremely helpful. While they might not always be available, in some cases industry associations, regulatory guidance and regulatory orders can reveal risk failures and best practices to consider.

4. Create a Risk Radar

Companies should align compliance risks with broader operational and regulatory risks by creating risk radars. These risk radars can provide leadership with a coherent roll-up of risks on a broader organizational level. Risk radars start with a singular risk, like money laundering, then a broader radar can show comparative risks, such as fraud, export sanctions, bribery/corruption and cyberattacks. An even broader radar can show all operational or regulatory risks. Radars can be adapted to also demonstrate country-specific risks and multiple jurisdictional risks.

Conclusion

It’s easy to understand how siloes create barriers to efficient and effective risk management programs. However, there are practical strategies for overcoming these barriers and creating a holistic view of the global risk landscape for any given organization. By cross-training individuals, leveraging third-party resources and creating risk radars, organizations have the opportunity to truly understand the risk landscape across their operations.


The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates or its other professionals.


Tags: risk assessment
Previous Post

Smarsh Enterprise Discovery Now Available Through Microsoft’s One Commercial Partner Program

Next Post

4 Unhelpful Assumptions Damaging Business Security

Ken Jones and Lindi Jarvis

Ken Jones is a Senior Managing Director in the Global Risk & Investigations Practice within the Forensic & Litigation Consulting segment at FTI Consulting, supporting clients with expert witness testimony, compliance, risk, investigative and remediation strategies. His federal law enforcement career spanned more than 20 years from line agent to senior executive and included a wide variety of global risk management, investigative, compliance, security and leadership experiences. His expert witness testimony engagements include fraud-related areas and criminal and corporate investigative expertise. Prior to joining FTI Consulting, he was at UBS Global Wealth Management, where he managed AML investigations, fraud risk management and investigations, the financial intelligence unit and he was the cyber/cyber-fraud crisis incident manager for the Americas Region.
Lindi Jarvis is a Senior Managing Director at FTI Consulting and is based in Seattle and New York. She has international experience in a wide range of large-scale financial investigative assignments and litigation assistance, including matters involving SEC financial reporting, violations of the U.S. Foreign Corrupt Practices Act (“FCPA”), the UK Bribery Act and other fraudulent activities. In addition, Ms. Jarvis has experience leading global teams in support of several U.S. government-appointed monitors subsequent to an anti-corruption investigation. She regularly works with companies to review their compliance programs, policies and procedures and implement stronger internal controls.

Related Posts

digital cybersecurity and network protection

Vetting Vendors’ Cybersecurity

January 26, 2021
RiskMap 2021: Legal and Compliance Outlook

RiskMap 2021: Legal and Compliance Outlook

January 25, 2021
illustration of man on ladder with binoculars, 2021 outlook concept

Financial Services Compliance in 2021

January 25, 2021
illustration of mafia man in silhouette with red tie

The Mafia’s Jackpot: How Criminal Organizations are Profiting from COVID-19

January 22, 2021
Next Post
illustration of foot stepping on buried landmine

4 Unhelpful Assumptions Damaging Business Security

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights