Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Joseph Spinelli: Risk assessments should be functional and geographical

In our 2015 ABC Report, Kroll asked respondents to identify what they considered to be the type of corrupt behavior the chief compliance officer must guard against.

The primary answers are bribery (93%), money laundering (61%), bid-rigging (60%), and price fixing (56%).

Trailing further behind “the big four” corruption risks are conflict minerals (27%) and human trafficking (26%).

When focusing on the main concern — bribery — best practice is to incorporate six principles: proportionality, top level commitment, organizational risk assessment, due diligence, communication, and monitoring.

These principles form a framework for assessing relevant policies, procedures and controls.

Typically, the types of misconduct uncovered during bribery risk assessments include:

1. Slush funds that enable off-books payments by agents

2. Agent payments to foreign officials

3. Concealment of bribes to foreign officials

4. Agents providing goods and services to a charitable group owned or operated by a foreign official as a bribe, and

5. Misappropriation of funds due to control weaknesses.

Kroll also asked compliance officers about their confidence in their companies’ financial controls to detect books-and-records violations of the FCPA. Those violations often point to potential issues involving bribery.

While 48% are very confident or confident in those controls, that leaves more than half feeling less than confident.

Among that group, the most common reason cited (71%) is poor reporting relationships or collaboration, where finance department employees might not know to bring concerns about improper payments to the compliance officer.

Not surprisingly, then, training still appears to be a weakness in most companies. In our survey for the 2015 ABC Report, barely one-third of respondents rate their training as effective or very effective.

Antibribery compliance should also involve the use geographic risk assessment to help determine the nature, scope and breadth of the protective measures that will be deployed to mitigate potential location-specific corruption risks.

While the BRIC countries (Brazil, Russia, India and China) pose a heightened risk of bribery and corruption, an organization should assess the geographic risk in every country in which it operates.

One respondent for our 2015 ABC Report said, “Transparency remains key for our expansion and we blacklist countries that are known for a lack of it.”

Another said, “We have a Global Code of Conduct, required for all of the territories in which we conduct business. The local codes of conduct may go further, but no less, than the Global Code.”

The known risks in certain regions and countries are multiplied when third-parties are involved as partners and agents.

Despite that, 48% of our respondents admitted they never train third parties on their anti-bribery policies. That’s an alarmingly high number considering how often third parties figure into FCPA or other anti-
corruption enforcement.

In the next post, I’ll discuss how the risk assessment process should address third-party risks.


Joseph Spinelli is a Senior Managing Director at Kroll. He was the first Inspector General for New York State and has enjoyed a career spanning more than 30 years in private and public service across many fields, including in FCPA, anti-bribery and corruption, monitorships and white collar investigations. He can be contacted here.

Share this post


Comments are closed for this article!