|In February 2017, the U.S. Department of Justice (DOJ) Fraud Section published its latest guidance on corporate compliance programs with the release of the very useful document titled “Evaluation of Corporate Compliance Programs.”
While many legal and compliance scholars have rightly stated that this latest publication isn’t anything radically different than prior authoritative guidance issued by the DOJ and other organizations, what jumps out is the reframing of the well-worn expression, “tone at the top,” with the potentially more insightful, and arguably much scarier, “conduct at the top.” In a just-released Flash Report, we put forth questions and insights that illustrate the degree to which the DOJ is examining senior management and the board of directors while evaluating a corporate compliance program.
by Scott Moritz and Scott Wisniewski
Scott Moritz and Scott Wisniewski are Managing Directors with Protiviti. Moritz leads the firm’s Investigations and Fraud Risk Management practice, while Wisniewski is the head of Protiviti’s Risk Technologies group.
Honesty and trust aren’t what we want to be thinking about when it comes to the global partner ecosystems we are building out today. We’d rather be thinking about economies of scale, increased efficiency and agility, and a time to value that blows away the competition. Unfortunately, third parties represent a major and constant risk, and are the source of the majority of violations of the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act and other international anti-corruption laws. Because of this, an effective third-party anti-corruption program is now an essential component of the overall corruption program at many companies. An effective third-party anti-corruption program helps you to understand the risk that each third party represents, identify potential bad actors, and apply a heightened standard of care to these organizations, or even terminate the business relationship.
A successful program is all about designing sustainable, consistent global processes based on an understanding of which parties should be included in the program; applying a risk-scoring methodology to group the parties into high-, medium- and low-risk categories; and applying standard due diligence processes to all parties and enhanced due diligence processes to those that fall into the high-risk group.
Implementing a successful program also requires a global technology platform that centralizes – and can scale – all third-party anti-corruption activities across the global ecosystem. This is why Protiviti has just released the Governance Portal for Third-Party Anti-Corruption v4.1, a new Protiviti Governance Portal solution that makes it simpler, faster and easier to reduce risk and ensure compliance on a global scale. From creating a centralized repository for all program data and activity, to creating the required scorecards for vendors and partners, to managing workflow and maintaining an audit trail of activities, the Governance Portal for Third-Party Anti-Corruption enables key stakeholders to identify third parties with heightened risk and track investigations and resolutions – regardless of where the stakeholders or third parties are located.
By centralizing the third-party anti-corruption program and managing the processes more effectively, companies can more confidently focus on the business benefits of their ecosystems. For more information about third-party anti-corruption programs, check out “Are Third Party Vendors Putting Your Company at Risk?” a July 15, 2014, webinar featuring Chris McClean, principal analyst and research director with Forrester Research, Inc. The webinar provides a detailed account of how to effectively apply best practices to identify potentially problematic commercial partners and the importance of an enabling technology platform.
If it’s true you can’t legislate morality – and all evidence, including but certainly not limited to corporate malfeasance such as the Enron and Worldcom scandals or the questionable corporate behavior of reckless risk-taking to maximize short-term profits and compensation (under “heads I win, tails you lose” compensation structures that left shareholders with the short stick) that contributed to the financial crisis, supports this hypothesis – why do companies bother with ethics policies?
I know Section 406 of Sarbanes-Oxley requires publicly traded companies to disclose whether they have ethics policies and whether their executives are bound by them. But Enron had a beautiful 64-page ethics policy, suitable for framing – for all the good it did them. So what’s the big deal?