Let’s say that you’re a busy executive, and there’s an upcoming appointment on your calendar to talk about risk and compliance issues. There’s a decent chance that you might not be wildly excited about this meeting.
Jamila Jean, Vice President and Assistant General Counsel of Enterprise Compliance at Thomson Reuters, is well aware of this. She considers it a challenge to determine “how to best tailor information for people in a way that’s relevant and interesting for them, and that enables them to recognize and retain the information that they need to know.”
In her current position, Jean handles Thomson Reuters’ Code of Business Conduct and Ethics and is involved in various areas of global business compliance including anti-corruption, data privacy, and trade controls. She enjoys enabling colleagues to “do their jobs more effectively, and to know they don’t have to answer [risk and compliance] questions on their own.”
She says that whenever she does a briefing in person, she always gets follow-up calls. “In that way, I build a different kind of relationship, which is critically important in order for it to be effective.” For risk and compliance issues, “you can’t just have a paper policy that’s sitting in a drawer. It’s got to be a living and breathing concept.”
Corporate Risk, Ethics & Compliance
Jean will be among those speaking at the Legal Executive Institute’s Corporate Risk, Ethics & Compliance Forum, which will be held in Chicago on Sept. 26. Her panel, “Anti-Corruption, FCPA Compliance, and Managing Third-Party Risks in the Global Supply Chain,” will be moderated by Robert J. Zafft, of counsel for Greensfelder, Hemker & Gale. Her fellow panelists include Fernanda Beraldi, senior director of Ethics & Compliance for Cummins Inc., and Edwin J. Broecker, a partner at Quarles & Brady.
The panel will cover topics in an area of increasing importance to companies — how to create an effective global risk management strategy at a time when supply chains and regulations are growing in complexity. Supply chain compliance professionals now need to contend with a wide span of issues, whether it’s bribery, theft, logistical challenges, and force majeure, in order to protect their employers’ interests.
Never Underestimate the Requirements of Appropriate Risk Management
Yet some companies may still underestimate what’s going to be required of them in order to manage risk appropriately. For example, outsourcing pieces of the supply chain can seem very appealing — after all, it’s an easy way to increase efficiencies and reduce costs. But the risks of outsourcing may get overlooked. “Any time that you’re working with third parties, there are so many different areas of potential risk that need to be taken into account,” Jean says.
There are third-party risks involving companies’ suppliers, vendors, agents, consultants and others, Jean explains. “But we also need to know our customers, for reasons such as anti-money laundering compliance, trade control compliance, and export control compliance. And that’s not always what people think of first when they assess third-party risks.”
Complying with the Foreign Corrupt Practices Act
Companies also need to keep in compliance with such regulations as the Foreign Corrupt Practices Act (FCPA). Because the U.S. government has been so aggressive with enforcement, complying with the FCPA is many global companies’ biggest concern in the anti-corruption space. But it’s far from being the only anti-corruption law they have to contend with. The UK Bribery Act is another major rule package, for example, Mexico and Argentina enacted new anti-corruption legislation last year, and India amended and strengthened its anti-corruption laws just a few weeks ago.
“You have to stay up-to-date and constantly look for what’s coming on the horizon,” Jean says. “Not only the new laws being enacted, but which jurisdictions have become much more active in enforcing existing laws that were previously somewhat dormant. The U.S. is far from being the only game in town.”
One reason for the dominance of the FCPA in risk assessment practices is its extraterritorial nature, something that also applies to the UK Bribery Act. The FCPA is the most actively enforced, and thus the most mature of such regulations, in terms of guidance. “A lot of companies use it as a baseline and then do some local tailoring around that,” Jean says, adding that if your company’s operations fall within the jurisdiction of any other country’s regulations, the latter should also be in mind as well when assessing risk potential for vendors, third-party outsourcers, or potential customers.
“There are so many more jurisdictions all over the world that either are more active in enforcing anti-corruption laws already on the books, or they’re enacting new laws,” Jean notes. “There’s also been a dramatic increase in international cooperation. For some larger settlements of late, it’s been the U.S. along with one or more other countries.”
So, when looking at its global supply chain, a company should assess where and what its biggest risk exposures are. If its operations are in a small number of countries, it may make sense to create bespoke risk management programs tailored to each country’s regulations. But if, as is often the case, a company has employees, vendors, and customers in dozens or hundreds of different countries, that’s a far more difficult task. “One common method I’ve seen is [companies] managing to the most restrictive requirements,” Jean says.
Undoubtedly, a company’s risk management and compliance needs will only grow more complex in the future. Getting a grasp on the current stakes is a good way to get ready for what’s to come.