I am always surprised at creative links between compliance principles and major historical events and concepts. Tom Fox, my colleague, is particularly adept at drawing these connections, especially in his recent series describing the link between the Gettysburg battles and specific compliance topics.
In his shadow, I would offer another such analogy. Einstein’s theory of relativity has a direct application to compliance, or at least a cutting-edge issue in compliance – the importance of relative risk ranking.
The FCPA Guidance, which I will continue to defend against all detractors and critics as an important and valuable source for compliance and ethics programs, repeatedly cites the importance of measuring relative risks. “Everything is relative” is a common phrase in life, and it applies with equal force to specific elements of a compliance program.
Starting with a company’s risk assessment, the identification of relevant corruption risks is only the beginning step. It is one thing to say that a company faces risks from its third-party agents along with its active merger and acquisition strategy which involves potential acquisition of an FCPA violation. It is important not only to identify the risks but rank them relative to each other and then even try to measure them in terms of potential impact to the company.
Relative risk ranking is important for several reasons – the company must get a handle on the magnitude of the risk in order to efficiently respond to the risk by allocating sufficient resources. The only way in which a company can respond to multiple risks is to measure the risks and then rank them against each other so that the company can develop a cost-benefit model for assigning compliance resources.
This may sound complicated but in practice it really is not. Every company should be able to estimate or even calculate the amount of money earned by third parties, the countries in which they make sales and the potential amount of money available for bribes in various countries. If you assume that a third-party is likely to misappropriate company money to fund a bribery scheme, the amount of money available for such a scheme can be counted.
Similarly, acquisition targets are valued using multiples of relevant streams of revenues and profits, along with detailed revenue figures in certain countries or regions. Moreover, acquisition targets are usually identified with a specific financial objective in mind so that estimating potential increases in revenues in certain regions or even countries can be addressed.
My point is that there are more creative ways to identify financial measures and calculations which can be used to estimate relative risks, or available company money for bribery schemes.
Perhaps an even better example of relative risk analysis is the calculation of relative risks among third-party agents and distributors. Again, the amount of “company” money which passes through the hands of a distributor or a third-party agent is a good indicator of potential risk, along with many other factors including: annual increases in revenues; existence of a written contract with anti-corruption compliance provisions; the country of operation; the extent of sales to foreign officials; the length of the relationship between the third-party and the company.
The trick to this process is to increase the number of comparisons which can be made between apples and apples, versus comparisons of apples and oranges. Knowing the creativity and dedication of compliance professionals, this process is one that they can quickly develop and promote as another tool for ensuring compliance.