By Emanuel Batista – Senior Director, Compliance Risk and Diligence – Kroll, A Division of Duff and Phelps
Edwin Broecker – Partner – Quarles & Brady LLP
Fernanda Beraldi – Senior Director, Ethics and Compliance, Cummins Inc.
Isabel Simmerman – Ethics and Compliance Counsel – The AES Corporation
Patricia Colombo – Legal, Compliance and Regulatory Affairs – Fujifilm Brasil
Between September 15 and September 18, the Society of Corporate Compliance and Ethics (SCCE) hosted its annual Compliance Ethics Institute in National Harbor, MD. One of the largest events ever organized by the SCCE, the conference gathered over 1,900 compliance and ethics professionals from all corners of the globe to share experiences, challenges, lessons learned, and trends in the industry in an effort to provide the tools, skills, and strategies necessary to promote a culture of ethics, compliance, and corporate governance when conducting business in the US and internationally.
In an ABC News press release, the SCCE noted that its annual event is the primary education and networking platform for compliance and ethics professionals across all industries globally and regularly features 150+ speakers, 100+ sessions, and several networking opportunities. Given the recent regulatory spotlight on global third-party corruption, the SCCE hosted several sessions addressing the topic. This year’s event included several opportunities to explore themes related to anti-corruption and third-party risks as well as FCPA-related investigations. Specific sessions focused on the practicalities of managing third-party due diligence, monitoring and leveraging political risk analysis to help reveal compliance risks, next-generation anti-corruption compliance programs, and anti-corruption metrics and measurements, among related topics. I was honored to have been selected to sit on two panels at this year’s Compliance Ethics Institute concerning managing risks with third parties internationally.
Last year, I had the pleasure of speaking with my colleagues, compliance professionals Isabel Simmerman, the ethics and compliance counsel at the AES Corporation, and Patricia Colombo, the legal and compliance director at FUJIFILM Brasil. We provided an overview of the corruption landscape in Latin America during our panel, “Dancing with Danger: How to Respond to the Changing Risk Environment in Latin America.” We reviewed recent events and news regarding anti-corruption efforts developed in the region in 2018, highlighted positive changes, and discussed upcoming compliance trends.
In our first session for 2019, Colombo, Simmerman, and I again joined forces to update last year’s session with “How to Dribble Corruption Risks in Latin America: Learn How to Avoid Faults, Penalty Kicks, and Score Compliance Goals,” a fun soccer-themed presentation held Sunday morning. Simmerman provided an overview of the actions taken by newly elected Latin American presidents. She detailed how a strong anti-corruption agenda helped the new Mexican and Brazilian heads of state win their positions and how this stance may impact future elections. Colombo discussed the importance of compliance programs that provide a global overview but also focus on local impact. She addressed the recent guidelines provided by the Department of Justice (DOJ) regarding the management of third-party risks as a means of establishing an effective corporate compliance program. For my part, I reviewed Latin American FCPA violations over the past year and the key lessons organizations could learn from them to avoid repeat errors and stay ahead in the game against corruption.
The last session of the conference, “Same but Different: How to Effectively Manage Your Third-Party Corruption Risks Globally,” featured me alongside Fernanda Beraldi, the senior director of ethics and compliance at Cummins Inc., and Ed Broecker at Quarles & Brady’s Business Law Practice Group. We addressed global trends in third-party risks, with the ultimate goal of emphasizing the importance of having a robust third-party risk management program that can prevent, detect and mitigate risks. We also highlighted the need for adequate policies and procedures that identify red flags and take appropriate action. Broecker started the dialogue by reviewing several recent global third-party anti-corruption violations. He provided insight into the infractions, described the lessons learned, and led a lively discussion with the audience about key takeaways from the enforcement actions. Beraldi, relying on her experience as a senior compliance professional, shared ideas for implementing third-party compliance programs and specifically what has worked for her organization. She also led a discussion on technology-based versus human-based compliance program mapping. A key takeaway was that technology, while increasingly important, can never replace the human role. To elaborate: technology should be used to create efficiencies in otherwise tedious and repetitive compliance activities, giving back time for compliance professionals to do high-skill, judgment-based work.
My contributions to the discussion revolved around the importance of having a risk-based program to effectively identify risks and conduct the proper level of due diligence. I highlighted the importance of knowing your third parties well before making business-relationship decisions. For instance, the geography, industry, types of services, and local reputations of third parties play a role in determining potential risks. Once these factors are assessed, it becomes easier to sort by risk and conduct the right level of due diligence. One of the main challenges of conducting third-party due diligence lies in the availability, or lack thereof, of knowledge in certain jurisdictions.
Some global regulatory and litigation databases may not be user-friendly, noncomprehensive, or even not publicly available. In those cases, it is necessary to go in-country to retrieve records to garner a broader understanding of potential litigious matters not detailed in publicly available sources. With about 90% of corruption investigations being associated with the use of third parties, there is a global need for compliance officers to effectively institute a third-party compliance program that allows them to gather information from third parties, conduct risk assessments, perform risk-based due diligence, and create an ongoing / recertification program. Establishing such a program allows an organization to stay up-to-date on potential changes in the third-party risk profile.