Compliance risks: Beware of the men in black hats
Is your company exposed to compliance risks? Are you mitigating against financial crime and reputational damage? Four steps to mastering the challenge.
Is your company exposed to compliance risks? Are you mitigating against financial crime and reputational damage? Four steps to mastering the challenge.
As a child growing up in the 1970s, I watched more than my fair share of Westerns: The Magnificent Seven, High Noon, Butch Cassidy and the Sundance Kid, and everything and anything featuring John Wayne. In the classic Westerns of the 1930s and 1940s, it was easy to identify the villain. He was the guy in the black Stetson. The heroes wore white hats, of course: The Lone Ranger atop his white horse, Silver, being the archetype. And, you knew that the man in the black hat would get his comeuppance in the final scenes of the movie. That was the way it worked. Simple.
Sadly, it’s not so simple these days. No reputable company would want to become – either directly or indirectly – involved in financing terrorism, using child labor, money-laundering, or bribery. However, identifying such risks in business can be tricky. Companies often have complex international supply chains that include many third parties. They may deal with partners, customers, suppliers, and other third parties such as banks and freight forwarders in a wide range of countries. You may have a tight rein on what happens within your own company – but what about the companies in your network?
Monitoring and managing these relationships effectively is important because the actions of companies in your network can impact your own business. Strict regulations govern business practices in a wide number of areas and it is crucial that you’re aware of the ones applicable to you. And it’s of equal importance that you have effective and holistic compliance programs in place to ensure that you stay within the law.
The price of violations can include fines and criminal charges. But, satisfying regulators is just one view on this. Reputational damages are perhaps of even greater importance given that corporate social responsibility is a key requirement from shareholders and customers. Plus, I’m sure you want to be one of the men in white hats, anyway. Let’s look at some areas you need to focus on to mitigate risk…
Companies are prohibited from making financial funds or economic resources available to parties suspected of involvement in terrorist activities. Furthermore, it is prohibited to have contractual agreements with, or salary payments to, certain specified parties. Many nations maintain restricted party lists and it is incumbent on companies to screen their business contacts against these.
Restricted party screening involves checking your contact addresses against official sanctions lists such as the US OFAC SDN or the EU Consolidated list of sanctions. The specific lists you should screen depend on a variety of factors including the nature of your business (a defense company is at much higher risk, for example, than a confectionery manufacturer), where your business is located, and in which countries you trade.
In addition to the bans on direct provisions against companies, persons, and organizations set forth in the restricted party lists, there are also bans on indirect provisions. An indirect provision is present if funds or economic resources are provided not directly to a listed company (or person) but instead to another company that is controlled by the listed company (or person).
Both the EU and US have regulations in place that define “control” as an ownership share of more than 50 percent. The dilemma with bans on indirect provisions: Neither the EU nor the US publishes lists of entities subject to bans on indirect provisions. The expectation is that law-abiding companies will always know the ownership structures of their business partners, but in practice, few organizations have the resources to track this, especially if their customer base is large and/or very international.
Nearly every country in the world has laws against bribing officials – for example, the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act. But who is considered an official? Which companies are owned by such officials? Which organizations are under their influence? And who is considered part of their extended family?
A “PEP” list (PEP = politically exposed person) can be helpful here. A PEP list includes politicians and political officeholders as well as people in their immediate environment. PEP lists also include church officials, judges, ambassadors, military officers, executives in state-owned companies, and executives in international organizations. It’s not illegal to conduct business with such persons. But the position and influence of people on PEP lists make them common targets for bribery and corruption. Proceed with caution when transacting business with anyone on a PEP list.
Is your supplier under fire in the media for using child labor? Are you extending loans to a company under investigation for corruption in several countries? Or are you importing agricultural goods produced by a company accused of squeezing small farmers in its home country?
Then you may be exposing yourself to the risk of negative media coverage and temporary or even permanent damage to your reputation.
Protecting your business against compliance risk and reputational damage is challenging. It’s not so easy to distinguish the men in black hats from the men in white hats. But, don’t worry. The good news is that the steps listed above can be automated with software. AEB partners with content specialist Dow Jones to provide more than "just" restricted party screening:
Bans on indirect provisions? PEP List? Adverse Media? Comprehensive security for your transactions with AEB software and extended content from Dow Jones.