Compliance

Compliance risks: Beware of the men in black hats

Is your company exposed to compliance risks? Are you mitigating against financial crime and reputational damage? Four steps to mastering the challenge.

As a child growing up in the 1970s, I watched more than my fair share of Westerns: The Magnificent Seven, High Noon, Butch Cassidy and the Sundance Kid, and everything and anything featuring John Wayne.

In the classic Westerns of the 1930s and 1940s, it was easy to identify the villain. He was the guy in the black Stetson. The heroes wore white hats, of course: The Lone Ranger atop his white horse, Silver, being the archetype. And, you knew that the man in the black hat would get his comeuppance in the final scenes of the movie. That was the way it worked.

Simple.

Identifying compliance risks: the challenges

Sadly, it’s not so simple these days. No reputable company (that is, where the staff metaphorically wear white hats 😉) would want to become – either directly or indirectly – involved in financing terrorism, using child labor, money-laundering, or bribery. However, identifying such risks in business can be tricky.

Companies often have complex international supply chains that include many third parties. They may deal with partners, customers, suppliers, and other third parties such as banks and freight forwarders in a wide range of countries. You may have a tight rein on what happens within your own company – but what about the companies in your network?

Avoiding reputational damage

Monitoring and managing these relationships effectively is important because the actions of companies in your network can impact your own business. Strict regulations govern business practices in a wide number of areas and it is crucial that you’re aware of the ones applicable to you. And it’s of equal importance that you have effective and holistic compliance programs in place to ensure that you stay within the law.

The price of violations can include fines and criminal charges. But, satisfying regulators is just one view on this. Reputational damages are perhaps of even greater importance given that corporate social responsibility is a key requirement from shareholders and customers. Plus, I’m sure you want to be one of the men in white hats, anyway. 😉

Let’s look at some areas you need to focus on to mitigate risk…

Four steps to mitigating risk

Step 1: Screen your business contacts against restricted party lists

Companies are prohibited from making financial funds or economic resources available to parties suspected of involvement in terrorist activities. Furthermore, it is prohibited to have contractual agreements with, or salary payments to, certain specified parties. Many nations maintain restricted party lists and it is incumbent on companies to screen their business contacts against these.

Restricted party screening involves checking your contact addresses against official sanctions lists such as the US OFAC SDN or the EU Consolidated list of sanctions. The specific lists you should screen depend on a variety of factors including the nature of your business (a defense company is at much higher risk, for example, than a confectionery manufacturer), where your business is located, and in which countries you trade.

Step 2: Check the ownership structure of your business partners

In addition to the bans on direct provisions against companies, persons, and organizations set forth in the restricted party lists, there are also bans on indirect provisions. An indirect provision is present if funds or economic resources are provided not directly to a listed company (or person) but instead to another company that is controlled by the listed company (or person).

Both the EU and US have regulations in place that define “control” as an ownership share of more than 50 percent. The dilemma with bans on indirect provisions: Neither the EU nor the US publishes lists of entities subject to bans on indirect provisions. The expectation is that law-abiding companies will always know the ownership structures of their business partners, but in practice, few organizations have the resources to track this, especially if their customer base is large and/or very international.


Step 3: Be cautious about dealings with politically exposed persons

Nearly every country in the world has laws against bribing officials – for example, the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act. But who is considered an official? Which companies are owned by such officials? Which organizations are under their influence? And who is considered part of their extended family?

A “PEP” list (PEP = politically exposed person) can be helpful here. A PEP list includes politicians and political officeholders as well as people in their immediate environment. PEP lists also include church officials, judges, ambassadors, military officers, executives in state-owned companies, and executives in international organizations. It’s not illegal to conduct business with such persons. But the position and influence of people on PEP lists make them common targets for bribery and corruption. Proceed with caution when transacting business with anyone on a PEP list.

Step 4: Track media coverage relating to your business partners

Is your supplier under fire in the media for using child labor? Are you extending loans to a company under investigation for corruption in several countries? Or are you importing agricultural goods produced by a company accused of squeezing small farmers in its home country?

Then you may be exposing yourself to the risk of negative media coverage and temporary or even permanent damage to your reputation.

Help is at hand: Software automation

Protecting your business against compliance risk and reputational damage is challenging. It’s not so easy to distinguish the men in black hats from the men in white hats.

But, don’t worry. The good news is that the steps listed above can be automated with software. AEB now partners with content specialist Dow Jones to provide more than just restricted party screening:

  • Sanctioned Ownership Relations: This package covers the obligations under the OFAC 50% Rule and the EU’s bans on indirect provisions.
  • Collection of watchlists, including PEP lists: Comprehensive collection of risk-related data to facilitate compliance with money-laundering laws and know-your-customer rules. The worldwide data includes politically exposed persons (PEP lists) and their immediate environment as well as government sanctions.
  • Adverse Media: Collection of negative media coverage from around the world relating to companies’ finances, manufacturing practices, anti-trust and anti-competitive behavior, and environmental and social standards.
  • State Owned Companies: List of state-owned companies, which in many countries are subject to stricter anti-corruption regulations.
bitte eintragen
bitte eintragen

Fact sheet on exposing compliance risks

Would you like to learn more about compliance risks? Do you want to protect your business reputation and be one of the men in white hats? 😉

AEB has published a new fact sheet with information and advice on this topic – you can download it free of charge here.

If you have any comments or remarks, I’d be happy to exchange with you via LinkedIn.