Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Karen E. Gray: A plan for risk-based monitoring is essential

The award-winning films “Spotlight” and “All the President’s Men” both chronicled investigative journalism that uncovered huge scandals. But in re-watching those movies, I’ve noticed something else they have in common — journalists who kept following the bread crumbs.

Gathering background information was just one part of the process. The Boston Globe’s Spotlight team and the Washington Post’s Woodward and Bernstein then stayed on the trails despite some misdirection and dead-ends, to finally uncover the bigger picture.

Both movies therefore presented a powerful case for compliance professionals when it comes to mitigating risk. Due diligence alone is not enough. You also need to conduct on-going risk monitoring to spot potential signs of risk sooner.

Ironically, it was the Watergate reporting and subsequent political fall-out that initiated the United States’ tough stance on bribery and corruption. By 1977, Congress had passed the Foreign Corrupt Practices Act, making the U.S. the first country to ban companies from bribing foreign government officials. Since then, many other nations have joined in the effort, and additional anti-bribery and corruption laws are expected.

Moreover, if 2016 is any indication, enforcement agencies are expanding cross-border coordination on bribery and corruption investigations. The TRACE International 2016 Global Enforcement Report found a significant year-over-year increase in the number of U.S. and non-U.S. enforcement actions related to bribery of foreign officials. It’s a trend that is not lost on corporate leaders.

According to the 2017 Top Risks Report produced by the Enterprise Risk Management Initiative at NC State University, 66 percent of corporate board and C-suite members surveyed placed regulatory change and heightened regulatory scrutiny in the top five significant risks they face this year.

The journalists depicted in “Spotlight” and “All the President’s Men” persevered, despite a significant disadvantage that contemporary reporters — and compliance risk professionals — don’t face. Unlike in decades past when research required a painstaking process of reviewing paper or microfiche archives, today’s digital media landscape offers real-time, convenient access to breaking news, company information, legal records, sanctions and PEPs.

Good news, considering that DOJ-SEC FCPA guidance (pdf) indicates that proactive risk assessment and monitoring are crucial components of corporate compliance programs to ensure ongoing relevance in the dynamic regulatory landscape. Unfortunately, the volume of data has risen exponentially as well, so companies need a strategy that enables them to narrow the focus of monitoring while still capturing critical insights on which to base decisions. 

Establishing a PESTLE-based approach to risk monitoring can help companies overcome data overload. PESTLE is a handy memory aid that stands for six categories of risk.

Political—Focuses on a wide range of issues that can elevate compliance risk exposure, including sanctions and trade restrictions, political instability and government corruption.

Economic—Includes macro-economic factors such as embargoes, wage rates and taxes, which can directly and indirectly expose organizations to compliance risk. For example, low wage rates may reflect a higher likelihood of human rights abuses, like forced labor, that finance corrupt enterprises.

Socio-Cultural—Population and cultural dynamics can lead to higher compliance risk, particularly in emerging markets or regions where bribery has historically been part of the ‘cost of doing business.’ 

Technological—Ranging from the reliability of a region’s power grid to the availability of modern technology, this category may seem removed from compliance risk, however some of the biggest FCPA fines over the years have been levied against organizations that used bribery to win lucrative contracts to bring technology — power, telecommunications and more — to emerging markets.

Legal—Laws, especially those related to anti-bribery and corruption, anti-money laundering and human trafficking are top-of-mind considerations for any company, but particularly those operating in a global arena where cross-border awareness of changing regulations is crucial.

Environmental— While not directly linked to compliance risk, environmental factors such as natural disasters, contamination of natural resources and other ecological considerations can lead to compliance risk when money changes hands to facilitate — or hide — activities related to the environment.

Monitoring sanctions, watch lists and PEPs alone isn’t enough. With PESTLE-based risk monitoring, companies are better positioned to address emerging risks.

Just as journalists slowly but surely follow the breadcrumbs wherever they lead, tracking adverse news mentions can help companies see potential problems — like those exposed by the more recent journalistic investigations into the Panama Papers — sooner.


Karen E. Gray is a 22 year LexisNexis veteran where she’s a Sr. Entity Due Diligence and Monitoring Specialist. Karen serves as LexisNexis’ expert and central point person for all due diligence and third-party monitoring solutions. She focuses on efforts to improve profitability and cash flow, risk mitigation and
operational efficiencies with regard to vendor selection and monitoring. She can be contacted at [email protected]

Share this post


Comments are closed for this article!