Compliance must be an active part of the organization and culture to prevent and detect corruption, bribery and fraud. This continuous and ongoing process must be monitored, maintained and nurtured. The challenge is establishing corruption prevention and detection activities that move the organization from a reactive fire-fighting mode to one that actively manages, monitors, prevents and detects risk.
The distributed and dynamic nature of business makes anti-bribery, corruption, and fraud compliance a challenge. Compliance in the context of a complex and dynamic business environment is particularly challenging as organizations face broadening anti-bribery and corruption laws and regulations. Ultimately, the best offense is a good defense. Regardless of the models, technologies and strategies enabled to help, organizations must be prepared to show they have a strong compliance program in place to mitigate or risk exposure to investigations, penalties and possible prosecution. This is the example that the DoJ and SEC put forward when they praised Morgan’s Stanley’s compliance program in result of their FCPA investigation.
This requires technology to manage anticorruption compliance. Technology can help organizations manage and monitor anti-bribery, corruption, and fraud compliance by enabling and automating:
- Compliance program management: The organization needs a 360-degree view of compliance activities and reporting. This requires a system for managing compliance activities, metrics and reports. From this system the organization should be able to produce reports and metrics relevant to the board of directors and executives, to assure them they are meeting fiduciary obligations to have a compliance program for anticorruption in place. All compliance management personnel and employees should be able to access the system and see contextually relevant tasks and items.
- Regulatory intelligence and change management: The integration of regulatory content feeds and technology enables the compliance program to determine how new developments — such as new anti-bribery and corruption laws, requirements, enforcement actions, and other matters and decisions — impact business. Organizations should leverage technology to integrate legal and regulatory feeds and route them to the correct subject matter expert for review and business impact analysis.
- Compliance risk assessment: Risk assessments are mandatory for compliance initiatives. The organization needs technology to manage risk surveys, assessments, and related risk information to report, analyze, model, and treat anti-bribery and corruption risk.
- Policy management: A core component of a compliance program is the ability to document policies and procedures to maintain a state of compliance. All policies for anti-bribery, corruption and fraud should be documented, maintained, communicated and attested to, with a robust audit trail and content management. This includes code of conduct, anticorruption and other related policies.
- Training and communication: It is not enough to make written policies available — the organization also needs to train individuals on policies. Organizations increasingly use online training to deliver courses on anticorruption and to test employee understanding of policies and requirements. Some organizations are building portals of anti-bribery and corruption information that integrate policies, training, games, scenarios, and more in an intuitive interface to educate employees.
- Third-party management and due diligence: Central to an anti-bribery and corruption compliance program is the ability to manage risk presented by third-parties such as agents. Due diligence processes are built upon review of third-parties and checking against databases of known politically exposed persons. Technology and integration of content feeds enables ongoing due diligence to monitor and score vendor and third-party risk, communicate policies, deliver training, track attestations and deliver surveys and assessments.
- Internal Control Monitoring: Anti-bribery and corruption also requires (e.g., FCPA enforcement has a books and records and internal control provisions) that the organization have defined and operating controls over financial reporting. This includes a control environment that covers approvals, authorizations, reconciliations, transactions, master data, and segregation of duties.
- Forms processing and automation: A critical component of an anti-bribery and corruption program is the ability to process and automate forms related to policies and procedures. Transactions and requests for gifts, entertainment, travel, customs and cross-border shipping, charitable giving, political contributions, conflicts of interest, and facilitated payments should be managed through online forms and workflow for approvals with integration into the transaction environment to review history in the course of approval.
- Issue reporting & investigations management: Technology enables the organization to manage and monitor issues and incidents and collaborate and document investigations. This includes the ability to record issues reported from hotlines and other mechanisms, what actions were taken and the results of the investigation.
Some related GRC 20/20 events happening in October are:
New York: Addressing Anti-Bribery and Corruption Workshop, October 07, 2014 7:00 am to October 07, 2014 11:00 amAt New York, NY, USA Categories: Workshops
New York: Effective 3rd Party Management Workshop, October 07, 2014 12:00 pm to October 07, 2014 4:00 pmAt New York, NY, USA Categories: Workshops
The Intersection of Legal and Compliance, October 15, 2014 12:00 pm to October 15, 2014 1:00 pmAt Online Webinar Categories: Webinars