2017 proved to be a blockbuster year for the FCPA and anti-bribery and corruption (ABC) enforcement at large.
From sustained record levels of enforcement (some 11 penalties levied, totaling $1.92 billion; the second largest year on record) to significant developments via the newly announced FCPA Corporate Enforcement Policy by the Department of Justice in late November, businesses are on notice that this remains a significant regulatory priority.
One need not look further than comments National Security Strategy document, which in December re-affirmed the fight against corruption as a key tenet of US foreign policy.
There’s a lot to reflect on, including an evolved expectation surrounding presumptive declinations, self disclosure, individual liability and stronger collaboration between international enforcement agencies. Not to mention the DOJ’s Evaluation of Compliance Programs Guidelines, increasing adoption of ISO37001, and so much more.
But just as the policy and regulatory environments have catalyzed an evolution in ABC and third party risk, so too have the fancy new tools that compliance teams have available to them. A second key evolution seems to be underway, one that centers on data-technology and automation.
ABC is just the beginning, as compliance functions are navigating more risk types than ever before. As a starting point, consider sanctions, PEP’s, human rights and labor crimes, legal entities, beneficial ownership, cyber security vulnerabilities, adverse media, geo-political risk… the list goes on.
A survey in 2017 by the Ethisphere Institute and Convercent said that “firms use up to 10 different sources of data” and that the vast majority “log onto multiple systems and manually extract the data”. Which is to say that compliance departments have had a manual and difficult time obtaining and synthesizing data to form a holistic risk profile and treatment across their third parties.
Chief Compliance Officers are feeling the pinch. In a recent interview, the CCO of a $10 billion dollar energy and industrial firm lamented that compliance departments “need a good system for bringing together many sources of data”, a sentiment echoed by dozens of other market leading firms across North America.
As David Castrucci, CEO of 319 Insights, points out, “it is also critical now to perform complete due diligence on the entire third-party base and not only your high risk third parties. The need to do more and faster is putting serious strains on the compliance department, requiring superior and effective automation.”
It’s easy to be overwhelmed by these challenges, especially when compliance departments are increasingly being asked to do more with less, amid volatile and complex international geopolitical markets. And yet expectations continue to grow, from governments, regulators, boards and executives, investors, consumers, and the public at large.
In the next post, I’ll run through a practical view of how various risk categories intersect, how technology helps synthesize these, and why automation is something to look forward to, not fear.
Kevin Bogdanov, pictured above, is Director of Market Development, Americas for Thomson Reuters’s ‘Customer and Third Party Risk Management’ business. He has spent 12 years leading international teams and programs in the Enterprise Information Services, Technology, Finance, Risk and Compliance sectors. He’s currently exploring how data, technology, automation and AI will disrupt and redefine the practice of KYC and Third Party Risk Compliance. He can be contacted here.