Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Risk-Based Compliance

Guest blogger Scott Moritz (left) from Daylight Forensic & Advisory LLC says:

In response to Halliburton’s proposed acquisition of Expro, the U.S. Department of Justice recently thrust the concept of “a risk-based approach” to the forefront of anti-bribery compliance with Opinion Procedure Release 08-02. A risk-based approach has been a regulatory expectation in anti-money laundering (AML) for years. Now, with Release 08-02, it’s moving to the FCPA as well.

The concept is simple: certain customers, vendors, and intermediaries represent a higher compliance risk than others. Geography, nexus to government officials, business type, method of payment, dollar volume — all are risk indicators. A Kazakhstan-based customs broker owned by the brother of the country’s oil minister, with million-dollar payments directed to an account in Cyprus, represents a high risk of corruption. That’s clear. The hard part is making appropriate distinctions and parsing them across a global, decentralized vendor system. It’s that aspect that often requires the use of sophisticated technology.

Companies looking to strengthen their FCPA compliance can learn from successful AML programs. In fact, proven AML techniques are already part of some of the more progressive FCPA programs. The key to any risk-based approach? It’s the strategic use of information technology, tracking and sorting the critical elements — including risk-ranking, as well as enhanced due diligence and ongoing monitoring of high-risk parties proportionate to their risk profiles.

To mitigate risk, the first step is knowing where it comes from. That’s why the DOJ instructed Halliburton in its Opinion Procedure Release to apply a risk-based approach to due diligence. As the financial institutions have learned, deploying the right technology can be the key to making that happen.


Share this post


Comments are closed for this article!