The need for international and domestic agencies to do more to combat corruption has been reiterated by G7 nations, and increasingly supported by international legislative and regulatory instruments.
Extraterritorial anti-bribery legislation, such as the UK Bribery Act and the US Foreign Corrupt Practices Act, demands that organizations implement adequate procedures to prevent bribery. This is the only defence to corporate criminal liability. To satisfy this requirement, an effective, risk-based and proportionate anti-bribery and corruption (ABC) framework is critical.
Does your company have a satisfactory framework in place? The financial crime skeletons in your organization could be hiding where you least expect.
Do you know where your biggest risks are?
Organizations should maintain a broad focus when it comes to preventing bribery and corruption, looking not only at customer and client relationships but also considering “associated persons” including employees, suppliers, contractors, agents, consultants and customers.
As anti-financial crime measures do not only concern what's going on within the walls of your organization, it is essential to do a global risk assessment to understand where risks may materialize.
You may be monitoring activity within your organization to near perfection, but what about third-parties? Do you know who they do business with? What about who does business on your behalf? What about the external interests of individual employees; could there be any potential conflict of interest resulting from their third-party interactions?
In my view, building third-party surveillance procedures that allow you to pro-actively review where issues might arise is essential to help keep your business protected.
Reacting to a breach
A financial crime incident can undo months and years of otherwise fantastic work that has positively impacted society. Costs, both financial and reputational, can be severe; you may be fined, incur significant expenditure to remediate the breach, lose investors, and face reputational damage, thereby jeopardizing your relationship with your client or customer base.
When regulators find a breach, they require organizations to make changes to remedy and prevent future issues. Monitors may be appointed to watch over and report on the continued improvement efforts. Annual reports provided to regulators by the monitors may show that the organization has failed to satisfy its requirements.
It is therefore important to evaluate activities within your organization, unearth skeletons, assess risk-based transactions, and consider what needs to be remediated. I also believe it is fundamental to educate employees in their own responsibility and accountability.
Whether you're concerned about operational risks from third-party exposure or helping to ensure your network of third-parties don't create legal or reputational risks for your brand, you should put the procedures in place to help reduce your risk exposure.
Shaping your approach to ABC risk management is not an easy task and you may require some assistance. KPMG professionals can help ensure your compliance framework is robust and fit for purpose, or they can provide support to investigate potential issues.
Read additional blogs in our Financial Crime series.