Many businesses and businesspeople are exposed to potential legal liability for a wide variety of financial crimes. Minimizing financial crime risk or exposure is critical and requires strict compliance with the state and federal laws and regulations that apply to your industry and business practices.
In this article, Dr. Nick Oberheiden, a corporate compliance attorney at Oberheiden P.C., provides an overview of financial crime compliance mechanisms.
Legal Exposure to a Wide Variety of Financial Crimes
Banks, financial institutions, securities firms, executives, and other business people occupy an important place in society – one that would be extremely lucrative to use for personal gain. To keep this from happening, states and the federal government have crafted a wide array of laws and regulations, such as the Anti-money laundering (AML) laws, that prohibit financial crime and are designed to detect it, should it ever happen. Many of these laws even put legal obligations on companies, particularly financial institutions, to take appropriate steps to deter, prevent, or detect financial crimes committed by their customers.
Complying with these laws and fulfilling those legal obligations is essential. Breaking a law can lead to civil and criminal penalties while failing to uphold a legal obligation can lead to fines, administrative sanctions, and reputational damage to your company.
Just a few of the financial crimes that you have to avoid, and sometimes take steps to detect, include:
In many cases, it is not enough to simply not commit the infraction or crime. When it comes to money laundering, for example, financial institutions are expected to take a lot of significant steps to keep their customers from using their bank to launder ill-gotten funds or move them around in ways that facilitate further crimes or even terrorism. They are then expected to turn over any information that appears to indicate money laundering and terrorist financing to law enforcement, pursuant to a host of federal statutes, like the Bank Secrecy Act.
The First Step Should Always Be a Risk Assessment
While the range of financial crimes is extremely broad, that does not necessarily mean that all of them pertain to you or your company. For example, securities fraud is not something you will have to worry too much about if your company does not handle securities.
To assess risk or to determine your financial crime risks is always the first step in a successful financial crimes compliance strategy and financial crime risk management. Skipping it and going straight to creating a compliance policy for your company would be inefficient – you would spend time making measures to comply with a law that does not apply to your company – and would miss areas of heightened importance for your company.
Generally, risk assessment involves an extremely close review of all of your business practices to address emerging risks and to determine which financial criminal laws and legal obligations even apply to your company. The good news is that this can eliminate large swaths of compliance requirements from your list of things to worry about. The better news is that it can identify the core transactions and practices for you and your company to target with especially tight compliance protocols and insulate them from misconduct.
Create a Compliance Protocol That is Tailored to Your Needs and Risks
Based on the needs and concerns identified in the risk assessment, the next step is to craft regulatory compliance protocols or internal controls that plug those holes and strengthens those weaknesses. Special care should be taken to protect your company’s core business strategies, as well as those that are most likely to run afoul of the law and those that could lead to penalties that you most want to avoid.
Needless to say, a detailed understanding of the laws that apply to your company is essential. It is also crucially important to get the legal advice of an attorney who has brought other, similar companies into legal compliance for financial crimes before. That prior experience will have taught the attorney what compliance efforts work, and which do not when the proverbial rubber hits the road.
Compliance Measures Should Be Maintained, Audited, and Updated
Once an adequate compliance protocol is in place, many executives think that there is nothing more to do. Compliance has been achieved.
That is not the case at all.
Even the most professionally drafted compliance strategy still needs to be tested in the real world to ensure that it actually insulates your business practices from legal liability or suspicion. Until it has been tested and succeeded, a compliance strategy is an only theoretical protection for your company.
You can test your compliance techniques by using an internal audit, to stress the elements of the compliance protocol and find where it bends or breaks. Any weaknesses in the compliance system can be fixed so they withstand the pressure, should a real-life threat ever emerge.
But the value of an audit does not end there. An effective auditing program requires ongoing internal testing of your compliance strategy to ensure that the policies that you so carefully crafted are still doing their job. As corporate compliance attorney and founding partner of the white-collar criminal defense firm Oberheiden P.C., Dr. Nick Oberheiden, often tells his clients, “The best compliance strategies are not the ones that are created and then left to fend for themselves; they are the ones that are constantly tested, updated, and strengthened. In many cases, auditing your compliance protocols for financial crime prevention is the only way to detect potential breaches or oversights that can put the company at risk. For example, audits can uncover evidence that an employee is committing a financial crime, giving the company valuable time to take control of the situation before it becomes public, or can discover that workers are inadvertently failing to uphold their role in the compliance structure, putting the entire company at risk of legal exposure.”
