We recently wrote, and provided a list of examples, Red
Flags in the anti-corruption, anti-bribery, anti-money laundering context and
in the area of international economic sanctions. As we indicated, we do
not believe that the mere presence of a Red Flag means that a transaction is
violative of the Foreign Corrupt Practices Act (FCPA) or even that the
transaction must not go through. The presence of a Red Flag does mean that
there should be additional follow up, due diligence and investigation to ensure
that any party or transaction which raises a Red Flag is valid. This
investigation must be thoroughly documented and in a form which readily creates
an audit trail should your company need to provide such data to the Department
of Justice (DOJ) or other investigatory body.
We recently read an article by ACL Services entitled "Don't Get Bitten by the FCPA",
which advocated the use of audit analytics to assist in the creation of an
effective compliance program. They promote audit analytics as a core component
as it demonstrates a consistent process and follow up for any issues which are
identified as Red Flags. It also provides the necessary documentation to enable
your company to continue to compare and update its compliance program and
provides a readily assessable written record to present to any DOJ official.
The authors also noted several issues which make
implementation of such a system challenging. Your compliance program must
understand business culture and local language. The system you utilize should
support language characters from writing systems outside the United States
(think Chinese here). Your audit team should also have access to local
resources on business operations, language and culture. The culture of gift
giving is wider in some Asian countries than in the US, so special care must be
taken to identify and understand such issues.
The centralization of data is critical. Many companies
may have different Enterprise Resource Planning (ERP) systems across the world.
The laws of many countries vary in terms of the capture and correlation of data
and if such information can be transmitted outside a country's borders. While
such issues can be overcome with multiple servers or other hosting solutions,
it may increase the difficulty of capturing such data.
The authors provide a framework for the deployment of
analytics. They begin with suggesting the prioritization of risk. Recognizing
that a risk assessment is now viewed a mandatory first step in any effective
FCPA or Bribery Act compliance program; you must prioritize your risks with
regards to any issues raised as Red Flags. The authors list a four step
approach, which includes:
The authors end the paper with some questions which we
believe every organization should ask itself on an ongoing basis to help keep a
compliance program dynamic and not static. These questions include:
This white paper provides an excellent overview of using the
tool of audit analysis analytics in your FCPA or Bribery Act compliance
program. We recommend it to you as method to analyze your company's program and
to assist in documenting your compliance procedures.
Visit the FCPA Compliance and Ethics Blog,
hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and
other forms of risk management for a worldwide energy practice, tax issues
faced by multi-national US companies, insurance coverage issues and protection
of trade secrets.
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other
professional advice or services. This publication is not a substitute for such
legal advice or services, nor should it be used as a basis for any decision or
action that may affect your business. Before making any decision or taking any
action that may affect your business, you should consult a qualified legal
advisor. The author, his affiliates, and related entities shall not be
responsible for any loss sustained by any person or entity that relies on this
publication. The Author gives his permission to link, post, distribute, or
reference this article for any lawful purpose, provided attribution is made to
the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2011
For more information about LexisNexis
products and solutions connect with us through our corporate site.