Beyond Compliance: Building a Robust Ethics and Compliance Program

Beyond Compliance: Building a Robust Ethics and Compliance Program

Overview Risks are increasing and organizations are called to develop effective compliance risk mitigation programs Today, the explosion of social media, new mobile technologies and big data has brought about a new era of transparency, exposing illegal transactions and raising new ethical questions in the way business is conducted. While ethics and compliance executives have progressed immensely in developing sophisticated measures to prevent, detect and mitigate risks, the same also holds true for those who wish to gain unfair advantage and violate the law. Risks are increasing and organizations are called to develop effective compliance risk mitigation programs and internal safeguards to protect against internal and external threats of corruption and fraud. Companies need to work on building capabilities that allow them to evaluate their corruption risks and embed controls that address them responsibly. Prosecutions and fines under the US Foreign Corrupt Practices Act (FCPA) have increased dramatically over the last decade¹, as well as under the UK Bribery Act, which is more restrictive than the FCPA. On top of increasing regulatory fines and legal costs, ethics and compliance problems can entail significant reputational risks if the public begins to question a company's ethics. These risks can be costly for organizations as information and misinformation travel through social media in an unprecedented rate. Additionally, these costs can be amplified as companies navigate tough economic conditions and emerging unfamiliar markets. At a time when risks are increasing, building a robust ethics and compliance program that not only protects from internal and external threats, but also enhances the brand is a key differentiator. ¹Shearman and Sterling, FCPA Digest: Recent Trends and Patterns in the Enforcement of the Foreign Corrupt Practices Act (New York: Shearman and Sterling, July 2012)

New studies, surveys and empirical evidence reveal that stock prices are higher, costs are lower and employees are more satisfied with companies demonstrating reputable ethical business practices and good governance.

Building Capabilities Effective ethics and compliance program as cornerstone for operational excellence and good governance There is a need for renewed focus on ethics and compliance programs in light of regulators ramping up enforcement in many areas, bribery among others. Because of increased enforcement and the resulting hefty fines as cost of noncompliance, organizations have redirected their efforts to ensuring effective anti-corruption compliance programs. At 360factors, we have dedicated an entire practice to assist our clients in this manner. Following are the steps to building a robust ethics and compliance program. Corporate Culture. An effective ethics and compliance program begins with the people and how they behave. The entire organization itself must be one in their underlying values, beliefs, attitudes and expectations towards unethical practices and corruption, and this culture is derived from the tone at the top. The board and senior management should set the tone and ensure that it permeates throughout the entire organization by espousing accountability. The board and senior management through actions should empower personnel to mitigate risks and build organizational trust. Everyone should be held accountable in what can be described as zero tolerance for any unethical behavior regardless of magnitude. And in the same breath, any act of upholding company values should be met with positive reinforcement. Understanding Key Laws. Building an ethics and compliance program requires a thorough understanding of key laws that govern companies with regard to corruption and unethical practices. The FCPA and UK Bribery Act are the most expansive in terms of prohibitions are jurisdictional reach, with the FCPA as the most aggressively enforced by several orders of magnitude. These are the laws that most global companies use as the standards for their ethics and compliance programs. Consult with your legal department about local bribery laws that might apply to the areas where you operate, but know and understand the FCPA and UK Bribery Act, and use them as the basis for your ethics and compliance program, including anticorruption policies, procedures, controls and training activities.

Foreign Corrupt Practices Act (FCPA) Defined² Enacted in 1977, the FCPA is a federal law that proscribes US persons and companies from paying bribes to foreign government officials for the purpose of obtaining or retaining business. The FCPA has two provisions that work in tandem: the anti-bribery provisions enforced by the Department of Justice and the accounting provisions enforced by the Securities and Exchange Commission. The accounting provisions require issuers to make and keep detailed books and records that accurately and fairly reflect the company s transactions and to have in place sound and adequate internal accounting controls. Risk Assessment. Essential to building an effective ethics and compliance program is risk identification and analysis. This entails a thorough assessment of risks posed by the company s nature of operations, the extent of business with governmental entities, agents and other intermediaries, its areas of operations and the regulatory environment. An assessment of the company s policies and controls for risk mitigation should also be conducted to either ensure effectiveness or identify gaps. Risk assessment lends efficiency and credibility to a company s ethics and compliance efforts should unforeseen issues arise as it demonstrates that the company is able to perform due diligence in assessing its risks. Design and Implementation. While the elements of ethics and compliance programs may vary per company, it should at least need to consist of the following: Operational guidelines on how compliance will be achieved in certain high-risk areas of operations Employee training and education Third-party monitoring Accurate financial recordkeeping Mechanism for reporting violations Ongoing monitoring of risks An effective ethics and compliance program should be a clear and unambiguous statement of the company s stand that bribery of any scale governmental or commercial will not be tolerated. ²See http://www.worldcompliance.com/

UK Bribery Act Defined³ The UK Bribery Act details offences in relation to the four types of unethical activity: Bribing another person Accepting a bribe Bribing a foreign government official (non-uk) Failing to prevent a bribe The UK Bribery Act is one of the biggest changes in the areas of business and commerce. Unlike the FCPA, it introduces a new crime of failure to prevent bribery and companies must be able to demonstrate that they have implemented adequate procedure to prevent corrupt practices within the organization or by third parties on your behalf. Failure to do so could mean exposure to hefty fines as well as other collateral consequences, such as debarment from doing business with governments. Monitoring. Monitoring is a crucial element in an effective ethics and compliance program. Compliance programs that are not monitored are generally not very effective. Monitoring means anti-corruption compliance audits, data mining and analytics. It also means having the right people, processes and resources. As systems become more automated, companies are turning more and more to analytics or compliance management systems as a tool for monitoring. As with audits the key is to have the right tools in place as well as having the right personnel trained to analyze, interpret and spot anomalies. Anti-corruption audits send a powerful message that the board and senior management is committed to compliance and ensuring it is achieved. As risks change over time, comprehensive risk assessments should also be conducted periodically to make sure that the program is evolving and equipped to meet emerging risks. An extensive review of operational and enterprise risks should be done every few years or so to ensure the relevance of controls in place. ³See http://www.pwc.co.uk/forensic-services/issues/bribery-act-2010-an-introduction.jhtml

How we can help 360factors Ethics and Compliance Risk Management Solutions 360factors uses cognitive technology and analytics to make ethics and compliance risk initiatives more effective and efficient through a simple yet comprehensive regulatory risk and compliance management model and methodology. Rise to regulatory challenges. Through our industry-focused approach, and using unique mapping and cognitive technology, we help companies manage their ethics and compliance programs based on FCPA and the UK Bribery Act regulations through a single platform. Drive high performance. Our experts use a unique risk, compliance and quality management platform that help capture real-time, relevant data to aid in the decision-making process to ultimately improve business outcomes. GRC automation. Our platform further allows companies to streamline GRC as a competitive differentiator, automating the entire risk process to protect them from a host of liabilities and enforcement action as well as streamlining the risk assessment process to manage operational and regulatory compliance. The best way to ensure anti-corruption compliance is with compliance software. Predict360 is a revolutionary regulatory risk and compliance management software that helps organizations stay in compliance. Organizations can document their operational controls and map them back to the corresponding requirements in Requirements Knowledge Base. When regulations are changed or updated, the organization is alerted on which policies and procedures need to be updated. It also provides the ability to manage risk and analyze the effects of operational controls on the risk index of the organization.

Learn how Predict360 can transform your compliance management process. Call 866-385-2341 today. Schedule a FREE TRIAL and DEMO online at www.360factors.com Headquarters 1380 Burnet Road, Suite 100 Austin, Texas Global Offices Canada Pakistan Philippines Connect with us and stay in touch Bobby O Neal Director of Sales T: 512-773-3364 E: bobby.oneal@360factors.com Sajjad Gul Director of Business Development T: 512-904-3127 E: sajjad.gul@360factors.com Rosanna Lyn Director for Product Management T: 512-539-2749 E: rosanna.lyn@360factors.com Operational Excellence. Sustainability. Increased Margins. 360factors is a cloud-based Regulatory Risk and Compliance Management Software Company specializing in Oil & Gas, Power & Utilities and Banking & Financial Services industries. 360factors platform, Predict360, uses unique mapping and cognitive technology to provide regulatory insight, predict risks and increase sustainability and margins. Predict360 helps break down silos and overlapping costs through multiple tools to improve operational excellence, visibility to risk and quality data that executives can use to make decisions in a timely manner. Additionally, it provides functional compliance managers with an out-of-the-box solution with industry-specific regulations or standards, workflows and policy & procedure templates so they can perform the day-to-day regulatory and operational risk and compliance tasks at a functional level.