About Us |
Contact Us |
LexisNexis Business Solutions
Companies are exposed to regulatory, financial, reputational and strategic risks, and the number of countries and NGOs with compliance expectations is on the rise. The best way to proactively manage these expectations? Risk-based due diligence and ongoing monitoring.
1—Regulatory risks on the rise
The number of countries and non-governmental organizations (NGOs) with compliance expectations—anti- bribery and corruption (ABC), anti-money laundering (AML) and terrorist financing, forced labor and human trafficking, environmental sustainability, data privacy and security—is on the rise. In addition, regulatory enforcement actions in recent years demonstrate two clear trends:
In 2017, for example, the U.S. Department of Justice (DOJ) announced the settlement of a case against the Swedish multinational telecommunications company, Telia for Foreign Corrupt Practices Act (FCPA) violations related to more than $331 million in bribes to a government official in Uzbekistan. The Deferred Prosecution Agreement (DPA) with the DOJ, along with civil judgments paid to the U.S. Securities and Exchange Commission (SEC) and the Public Prosecution Service of the Netherlands (PPS), resulted in $965,773,949 in criminal and civil penalties. But such fines don’t capture the full cost of compliance failures. Companies that fall short may face debarment from future business contracts, investor disapproval and sluggish growth - compounding the financial losses.
2—Financial risks climb for companies with global third-party networks
The financial risks that companies are exposed to are not limited to potential regulatory fines, of course. Missed signs of a critical supplier’s or a M&A target’s financial instability exact a toll on the corporate bottom line. Adverse weather events and natural disasters can disrupt critical supply chains, leading to shortages that have serious financial and reputational consequences.
When Puerto Rico was hit by a hurricane in September 2017, for example, the impact was felt by supply chains globally. Why? Puerto Rico was among the top five territories in the world for pharmaceutical manufacturing, and a key source for products ranging from cancer treatments to saline I.V. bags. Following the hurricane, The Washington Post noted that “More than four dozen FDA-approved drug-making facilities are in Puerto Rico, including ones owned by Pfizer Inc., Merck, Eli Lilly, Johnson & Johnson, Bristol-Myers Squibb and Amgen.” On the heels of this disaster, the U.S. entered one of its busiest flu seasons in recent years, putting extra pressure on the limited supply of saline I.V. bags used to rehydrate patients. By January 2018, several news outlets reported that the shortage had reached a critical point, and some hospitals temporarily halted elective surgeries—sacrificing their bottom lines in the process—to maintain adequate supplies for the sickest patients.
3—Mistrust in institutions spurs growth in reputational risks
Corporate reputations are also on the line more than ever, thanks to 24-hour-a-day news cycles and digital communications that enable bad news to circulate in minutes. Given the current trust crisis, the need to address reputational risk goes beyond having PR spin doctors on call. Increasingly, institutional investors are raising the bar for companies to meet ethical expectations to support sustainable, long-term growth. These expectations encompass regulatory compliance, of course, but they go even further.
Catalysts inspiring these expectations include the UN’s 2030 Agenda for Sustainable Development and its 17 Sustainable Development Goals (SDGs). InvestorDaily writes, “For institutional investors, the SDGs represent the globally agreed world’s most pressing environmental, social and economic issues and, as such, serve as a list of the material ESG factors that should be considered as part of an investor’s fiduciary duty.” Consumers, too, are taking closer look at how companies operate and rewarding or punishing corporate behavior with their wallets. As a result, developing robust risk mitigation processes can help companies meet expectations for transparent, ethical operations and deliver good profits.
A better risk mitigation process
While risk management advice varies across agencies, organizations and countries, key features remain consistent. From the ISO 37001 anti-bribery management system and Open Compliance and Ethics Group’s (OCEG) framework for ethics and compliance management to the guidance laid out by the U.S. Department of Justice and the UK Financial Conduct Authority—all agree that an ethical tone must come from the top and that companies should engage in risk-based due diligence and ongoing monitoring to enhance risk awareness and enable proactive risk management.
The best way for a company to manage these risks is to switch from a linear process to a continuous process. Doing due diligence is not enough. Companies must monitor their risks on an ongoing basis.