The management of risk is as important in the Foreign Corrupt Practices Act (FCPA) arena. (Well maybe not $2.3bn in alleged losses but still it is important.) Number Two in McNulty’s maxims is “What did you do to detect it?” meaning what systems did your company put in place to detect violations of your compliance program. Obviously appropriate internal controls are critical to such detection. As pointed out by the ‘Explainer’ column, in the September 16 edition of the online magazine Slate, in the context of a trading company such as UBS, “Every trader is allowed to take on a certain amount of risk, and if he wants to exceed that value he must get the permission of his supervisors.” However, a best practices compliance program should employ more than simply a books and records based internal controls and front line approval request.