In the February 10, 2012 edition of the Houston Business Journal, in an article entitled “In order to solve a problem, it must first be identified”, author Harvey Mackay wrote “People don’t usually buy products and services. They buy solutions to problems.” He notes that successful sales people “tailor their products and services to meet a demand”. However, in compliance the ‘demand’ that often needs to be satisfied is risk. In your role as a compliance professional, you need to be able to identify risk and then design a system to manage it. If you review a proposed transaction and concluded it would violate the Foreign Corrupt Practices Act (FCA) and then reported that to senior management, you may well be told that it is the job of compliance to manage compliance risks, now go back and figure out a way to manage that risk so that the transaction can be done within the law. The question is how to determine the compliance risk so that it can be managed. The answer is by performing a risk assessment.
In three enforcement actions in early 2011, the Department of Justice (FOJ) indicated FCPA compliance risk areas which should be evaluated for a minimum best practices FCPA compliance program. In both Alcatel-Lucent and Maxwell Technologies, the Deferred Prosecution Agreements (DPAs) listed the following seven areas of risk to be assessed.Geography – Where does your Company do business. Interaction with types and levels of Governments. Industrial Sector of Operations. Involvement with Joint Ventures. Licenses and Permits in Operations. Degree of Government Oversight. Volume and Importance of Goods and Personnel Going Through Customs and Immigration.
However, the British government has gone further in providing guidance around the parameters of a risk assessment. The UK Ministry of Justice (MOJ), in Principle III of the Six Principles of an Adequate Procedures compliance program, discusses risk assessment ...Zum vollständigen Artikel