In response to Halliburton’s proposed acquisition of Expro, the U.S. Department of Justice recently thrust the concept of “a risk-based approach” to the forefront of anti-bribery compliance with Opinion Procedure Release 08-02. A risk-based approach has been a regulatory expectation in anti-money laundering (AML) for years. Now, with Release 08-02, it’s moving to the FCPA as well.
The concept is simple: certain customers, vendors, and intermediaries represent a higher compliance risk than others. Geography, nexus to government officials, business type, method of payment, dollar volume — all are risk indicators. A Kazakhstan-based customs broker owned by the brother of the country’s oil minister, with million-dollar payments directed to an account in Cyprus, represents a high risk of corruption. That’s clear. The hard part is making appropriate distinctions and parsing them across a global, decentralized vendor system. It’s that aspect that often requires the use of sophisticated technology.
Companies looking to strengthen their FCPA compliance can learn from successful AML programs. In fact, proven AML techniques are already part of some of the more progressive FCPA programs. The key to any risk-based approach? It’s the strategic use of information technology, tracking and sorting the critical elements — including risk-ranking, as well as enhanced due diligence and ongoing monitoring of high-risk parties proportionate to their risk profiles.
To mitigate risk, the first step is knowing where it comes from. That’s why the DOJ instructed Halliburton in its Opinion Procedure Release to apply a risk-based approach to due diligence. As the financial institutions have learned, deploying the right technology can be the key to making that happen.