Nearly every corporate anti-bribery violation reveals problems with internal controls.
Again and again SEC enforcement actions describe devious employees who were able to subvert the controls and thereby create slush funds and pay bribes, or controls that were weak to begin with and incapable of detecting or stopping the corrupt actors.
So here’s the great opportunity — internal controls enhanced with artificial intelligence that will detect and correct systemic weaknesses and, when needed, outsmart those employees who have bad intentions.
The FCPA’s internal control provisions attract less attention than the flashier anti-bribery provisions. But they’re crucial to preventing bribery. That’s why they were included as part of the FCPA.
What are the internal control provisions? They require issuers (SEC-registered companies) to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that–
(1) transactions are executed in accordance with management’s general or specific authorization
(2) transactions are recorded as necessary (i) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (ii) to maintain accountability for assets
(3) access to assets is permitted only in accordance with management’s general or specific authorization, and
(4) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.
The joining together of internal controls with artificial intelligence has already started, particularly in financial institutions. But these are early days. The pace of development will accelerate in 2019 and beyond. And one day — probably very soon — we’ll realize how AI-enhanced internal controls have drastically changed and improved compliance, and raised expectations about preventing corporate bribery.
Am I putting too much faith in technology? I don’t think so. This morning when I was driving into work an app on my phone told me where I’d pass a concealed policeman, how to avoid a pothole a half mile ahead, and where to park my car. A block from the office, I turned on the lights there by talking into my watch. A few hours later, when I headed for the gym, the watch reminded me to take my earphones.
AI-enhanced internal controls aren’t going to replace compliance officers or due diligence. I talked earlier this month about the critical role compliance officers now play in corporate governance and operations. Companies where that isn’t true are behind the times and aren’t using best practices. Just ask the DOJ and SEC.
Due diligence? No one seriously questions the need for a blend of automated and manual (human) due diligence systems that are embedded deep in the corporate-wide compliance program, upstream from internal controls.
But AI-enhanced internal controls will impact compliance officers by forcing even more integration with other parts of the corporation. Compliance departments and technical groups will have to team up with HR, travel, marketing, sales, purchasing, logistics, accounts payable, internal audit and so on, to design and deploy the systems and keep them working.
AI-enhanced internal controls won’t become best practices all at once. They’ll arrive through a process of trial and error, with gradual improvements here, a few missteps there, and some big leaps forward. Eventually — maybe sometime this year, who knows? — the right technology that’s cost-effective will be fitted to the tasks internal controls are supposed to perform, and it will work.
That, I think, is the big compliance story of 2019.
Richard L. Cassin, pictured above, is the publisher and editor of the FCPA Blog.