Yates Memo Will Be Among Next Year’s Important Compliance Factors
SAN FRANCISCO, CA – November 3, 2015 – Certain developments in 2015, such as the Yates Memo, the European Court of Justice ruling on the Safe Harbor agreement and the increasing number of regulations globally, will contribute to various shifts in how companies must think about third-party anti-bribery and corruption compliance, according to advisors at STEELE Compliance and Investigation Services (CIS), a global leader in due diligence programs that enable companies to comply with FCPA and other global anti-bribery regulations. They say these decisions and others will prompt an intensified focus on effective corporate compliance programs in 2016.
On September 9, 2015, Deputy Attorney General Sally Quillian Yates issued a memorandum advising DOJ prosecutors who identify corporate wrongdoing to shift the emphasis from a corporation or entity to the specific individuals committing the wrongdoing.
“The Yates memo will have an impact on company self-disclosure when there is known senior management involvement,” said Tony Charles, Vice President at STEELE CIS. “Now that the DOJ has been clear that companies will not be given credit for self-disclosure without identifying names in the breach, much more consideration must be given before a self-disclosure is made.”
Andy Lax, Director at STEELE CIS, commented, “This memo is creating a strong expectation in the compliance community that the implicit message, and implicit promise, is that more executives will be prosecuted and face jail time.”
One of the most significant challenges for U.S. companies doing business in Europe involves the October 6th European Court of Justice ruling that the U.S.-EU Safe Harbor agreement was no longer a valid data protection mechanism for transferring data from Europe to the United States. The outcome of this decision could result in a substantial level of effort for companies to establish new programs with vendors moving data on the company’s behalf across these borders. With EU regulators setting a January 31, 2016 deadline for review of alternative methods for companies to transfer data from the EU to the U.S., companies are under pressure to identify a suitable alternative to the Safe Harbor agreement so as not to be operating outside of the law at the end of the grace period.
Additionally, next year, the priority of third-party management will continue to escalate for multinational corporations across an array of compliance statutes. Mr. Charles said, “ABAC/FCPA continues to dominate as regulatory agencies globally are beginning to gain traction with their own ABAC statutory enforcement efforts. Because 70-80 percent of ABAC cases involve third-party intermediaries, any company that relies on third parties to conduct business overseas will remain at risk.”
Top Tips to Increase Corporate Compliance Confidence in the New Year:
- Conduct a comprehensive risk assessment of your business to determine if your current compliance program supports the latest changes in regulations.
- Identify the best reporting structure for your CCO — determining the right balance of reporting to C-Level, Audit Committee and the Board.
- Ensure that your compliance function is adequately staffed and resourced based on the size of your company and its potential risks.
- Stress test your compliance programs to include third-party, anti-bribery and corruption due diligence.
- Audit your current ABAC program to ensure it follows a risk-based approach — this is what regulators expect and it ensures that resources are used most efficiently.
- Recognize that compliance is a function of business — to that end, measure your compliance program’s effectiveness.
- Understand the life cycle of third-party management and establish program “renewal” policies — make this a proactive part of your program design.
- Automate your third-party compliance program to drive consistency and intentionality across the globe.
- Mitigate risk of third-party ABAC exposure by leveraging outside due diligence experts who can help you develop a risk-based approach to third-party due diligence, including local presence and local knowledge, language capability and a portfolio of products to help you create a program that fits your risk appetite and your budget.
“Many companies are behind the curve on developing a risk model and conducting risk-based due diligence on third-party business partners,” stated Dennis Haist, General Counsel of STEELE CIS. “Eventually they will migrate towards the middle of the pack. However, there are always those that wait for a noncompliance event before putting in place an effective compliance program.”
About STEELE CIS
STEELE Compliance and Investigation Services (CIS) is a global business advisory and compliance intelligence firm offering comprehensive third-party due diligence solutions that help organizations comply with regulatory requirements and align with best practices. With more than 26 years of experience, STEELE CIS provides Fortune 1000 companies and mid-sized businesses with pragmatic solutions, including Regulatory Due Diligence, Third-Party Program Advisory Services, Program Management Services and Compliance Analytics and Benchmarking Services. With engagements in over 190 countries, STEELE CIS delivers local and regional expertise with “on-the-ground” resources. For additional information regarding risk-based third-party management, please contact a STEELE CIS third-party compliance expert. Call +1.415.692.5000, email [email protected], or visit www.steelecis.com.