A Call To Arms: Conduct A Risk Assessment


http://corruptioncrimecompliance.com/wp-content/uploads/2012/12/imagesCAZ5DBU3.jpgThe FCPA Guidance includes some important reminders for compliance practitioners.  Most significantly, DOJ and SEC want companies to reinvigorate their risk assessment process. 

In the absence of an effective risk assessment, companies are likely to allocate compliance resources without proper regard for specific risks.  Such a deficiency will permeate every element of a compliance program.  As a result, companies will develop “paper” compliance programs which lack any tailoring to risks.

A company’s compliance structure is designed to analyze and rank risks.  It is a fundamental operation of a compliance program.  Without some ranking of risks, companies cannot develop a relative response to significant risks.

The FCPA Guidance points this out in its discussion of the importance of an “effective” compliance program.  Initially, the FCPA Guidance cites the frequency in which it confronts “paper” compliance programs – meaning a compliance program which is written down but is not carried out. 

In determining whether a compliance program is “effective,” the FCPA Guidance cites the importance of companies conducting a risk assessment and then tailoring its program to respond to relative risks.  Companies often spend too much time focusing on specific expense situations (e.g. gifts, meals, entertainment) to the detriment of due diligence of third parties or other specific risks.

The FCPA Guidance cites an important example of the skewing of priorities – a company which devotes significant time to expense review and ignores significant risks created by a potential $50 million contract with a foreign government.  This inappropriate response to relative risks is common in today’s compliance environment.   

Part of this trend is the result of structural deficiencies – compliance officers are not given full authority over a compliance program, and instead have to carve out areas of authority from issues from company lawyers.  A company should adopt a prospective expense policy, set certain levels for approvals, and establish a protocol.  It is not necessary to hand wring over such expenses unless they are keyed to a separate and significant risk (e.g. medical conference sponsorships for drug and medical device companies). 

If a chief compliance officer has its own C-level spot in the corporate hierchy, along with a corporate compliance committee at the board level, this problem of misallocation is unlikely to occur.

DOJ and SEC have gone on record with an important warning to companies.  Do not expect to receive full credit for a compliance program if it is not keyed to a risk assessment. 

The FCPA Guidance holds out an important carrot for compliance – if you have an “effective” compliance program, you will receive significant credit, and even may earn a pass for a violation.  This is an important policy and one which should cause companies to redouble their compliance efforts.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Michael Volkov, The Volkov Law Group | Attorney Advertising

Written by:


The Volkov Law Group on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.