This article was republished with permission from Michael Volkov’s Corruption, Crime & Compliance.
Sometimes people operate with blinders. I don’t mean to suggest that people deliberately put blinders on to ignore issues; they sort of just grow into a person’s personality.
John Lennon said its best: “Living is easy with eyes closed.”
The same applies to people who fail to listen. Deliberately or not, people avoid what they do not want to hear. There are numerous reasons for not listening.
In the relatively narrow field of anti-corruption compliance, it is interesting to see how many companies appear to be avoiding the very clear requirement of conducting a risk assessment as the foundation of a company’s compliance program.
The Justice Department and the SEC provided very useful guidance in November 2012 to the business community: an effective compliance program must be tailored to a risk assessment. In addition, the DOJ and the SEC advised companies to update the risk assessment as needed to ensure that its compliance program is tailored to a current assessment of risks.
Companies need to heed those words. They are important. Instead, some companies want to live with their “eyes closed” and ignore the risk assessment requirement and jump ahead to implementing a compliance program, with all of the usual elements.
The danger of this approach is readily apparent. It inevitably leads to a misallocation of compliance resources. This problem is not catastrophic on its face; the compliance program will appear to be operating quite well and addressing what are perceived as potential compliance issues.
As the Wizard of Oz famously bellowed, “Pay no attention to the man behind the curtain!” The same rings true for the company that never conducted a risk assessment, implemented a compliance program and marveled at its own creation.
The danger lies in a clear reality: the compliance program is not effectively addressing its risks. There will be large risks which are unattended and ignored in favor of smaller risks which may have overblown policies and procedures.
One important indication of a misalignment of resources is the resources, policies and procedures companies dedicate to gifts, meals, entertainment and travel expenses. Compliance officers love creating policies and procedures, forms and requirements, and seldom stopping to ask the question, is this really appropriate?
While creating this elaborate system for monitoring gifts that pose little to no risk of bribery, the compliance officer has no clue what the business development and sales staff, or the company’s third-party agents, are doing in their interactions with foreign officials on a set of RFPs for multimillion-dollar contracts.
The compliance officer is afraid to inject himself or herself into this risky interaction and ensure compliance. Instead, the compliance officer rationalizes to himself or herself that “training” the business development and sales staff (and possibly the third-party agents) is sufficient to address the risk in such interactions.
This is a very common scenario. Eventually, however, this system breaks down when company sales staff, business development officers and/or third-party agents are caught bribing foreign officials.
There may be many explanations for such conduct but one thing is for sure: the absence of a risk assessment is a major contributor to a failure to detect and prevent bribery.
Michael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services. He can be reached at 
