banking on risk - visualwebcaster.com · banking on risk: the new realities ... to reward companies...

1

Banking on Risk: The New Realities ofThe New Realities of Corruption in the Global Financial Services Environment

September 18, 2013

kpmg.com

Administrative

• CPE regulations require that online participants take part in online questions

- Must respond to a minimum of four questions per 50 minutes.

- Polling questions will appear on your media player

R lt ill b i d i th t ill b t k d b k t- Results will be reviewed in the aggregate; no responses will be tracked back to any individual or organization

- Do not view the presentation on slide show mode – polling questions will not appear

• To ask a question, use the “Ask A Question” icon on your media player

• Help Desk: 1-877-398-1471 or outside the United States at1-954-969-3342

© 2013 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 207921

11

2

Welcome

With you today

Marikay CorcoranManaging Director

KPMG LLP

Raja ChatterjeeExecutive Director, Legal and Compliance,

Global Head of Anti-Corruption Morgan Stanley


3

Andrew CurtinManaging Director

KPMG LLP

Greg AndresPartner

Davis Polk & Wardwell

3

Setting the context

KPMG’s 2011 Anti-bribery and Corruption Survey

Total respondents: 214 (United States and United Kingdom)

Top three anti-bribery and anti-corruption risk areas:

1 A diti thi d t li1. Auditing third-party compliance

2. Due diligence on foreign agents/third parties

3. Variations with regard to country requirements andlocal laws (e.g., facilitation payments)


4

“Extensive preretention due diligence requirements pertaining to, as well as postretention oversight of, all agents and business partners, including the maintenance of complete due diligence records at the company …”

– FCPA Review Opinion Procedure Release No. 04-2 (July 12, 2004)

Regulatory update and framework

4

Enforcement trends

In 2012, reported new FCPA enforcement actions declined from previous years.

This may not represent an actual trend, however, as a number of actions may remain unreported. Companies would be well-advised to remain dedicated to structuring and implementing effective anti-bribery compliance programs.

40

No

. o

f E

nfo

rcem

ent

Ac

tio

ns

6 7

19

23

34 33

12 13

8

18

1012

15 15

1010

15

20

25

30

35

DOJ

SEC


6

N

* Source: U.S. Department of Justice and Securities Exchange Commission Web sites.

46 7

35

0

5

2004 2005 2006 2007 2008 2009 2010 2011 2012

DOJ and SEC release resource guide to U.S. Foreign Corrupt Practices Act

The resource guide to FCPA was released in November 2012. It includes guidance related to:

Anti-bribery provisions

Accounting provisions

Oth l t d U S l h Other related U.S. laws, such as:

– Travel Act

– Money laundering

– Mail and wire fraud

– Certification and reporting violations

– Tax Violations

Guiding principles of enforcement (Discussed in depth on the following slide)

Penalties sanctions and remedies


7

Penalties, sanctions, and remedies

Resolutions

Whistleblower provisions and protections

DOJ opinion procedure

5

Provides declinations example and issuing factors

Clarifies employees of “instrumentalities” can be deemed foreign officials if a government entity maintains a

DOJ/SEC joint guidance on FCPA enforcement

p y g g ymeaningful stake in the company‘s decision-making process

Identifies principles of corporate liability under FCPA including under accounting provisions andconspiracy or aiding and abetting theories, as well as obligations applicable to internal auditors

Provides insight on compliance programs, and highlights that a company should consider its risk profilewhen designing internal controls

Reminds companies that compliance programs should not be “check-the-box”


8

Identifies some expenses provided to government officials that are unlikely to result in enforcementaction

Reinforces that the DOJ and SEC can and will prosecute commercial bribery underthe Travel Act

Declinations

Recent high-profile declinations suggest the government may be willing to reward companies for effective and robust compliance programsto reward companies for effective and robust compliance programs

SEC and DOJ announced declination in the Morgan Stanley matter, due in large part to Morgan Stanley’s robust compliance program. Please note, we discuss this in greater detail later in the presentation

Appears that companies can avoid prosecution by implementing compliance programs and undertaking internal reviews designed to detect violations


9

6

CPE question #1

Please advise what type of company you are currently employed by?

A. Retail Banking

B. Corporate Banking

C I t t B kiC. Investment Banking

D.Broker Dealer

E. Asset Management

F. Private Equity

G.Hedge Fund

H.Money Service Business

I. Consulting Firm

J Law Firm


10

J. Law Firm

K. Other

Recent cases

Some recent cases have highlighted the risks companies face when engaging third parties to carry out business in foreign countries:

– Morgan Stanley

Goldman Sachs– Goldman Sachs

– JPMorgan

– Omega Advisors

– Direct Access Partners

– Deutsche Bank

– Barclays


11

7

Rising cost of FCPA investigations

Company Cost components Cost

AvonProfessional and related fees associated with a global FCPA investigation and compliance reviews

$339.7 million (since 2009)

N CLegal and professional fees related to allegations of bribery payments th t d t i ti ith it i f h $179 illiNews Corp. that emerged two years ago in connection with its now infamous phone hacking scandals

$179 million

WalmartProfessional fees and expenses related to its massive bribery and corruption scheme to win market share in Mexico in the early 2000s and for global investigations in Brazil, India, and China

$230 million

WeatherfordLegal and professional fees related to ongoing investigations of alleged bribery payments in Europe, participation in Iraq's oil-for-food program, and past operations in certain sanctioned countries

$125 million


12

* Source: Compliance Weekly

ABC and financial services

8

Heightened enforcement – Financial services

More recently, financial services firms have come under increased scrutiny regarding FCPA enforcement:

Increased enforcement and “Industry Sweeps” such as the SEC’s FCPA probes of over 10 financial services entities launched last year, including the Aon and Allianz matters, will likely y , g , ybe a continuing trend.

Fines and penalties against organizations relating to FCPA violations have totaled more than $4 billion since 2007, in addition to the long prison sentences handed out to individuals.

115 of 3001 tips received by the commission’s Office of the Whistleblower (OWB), were FCPA-focused.

Considerations:

A key risk area in financial service centers on the use of agents to obtain or retain business. The proper identification and mitigation of such third-party intermediaries is of critical


14

importance to demonstrating an effective compliance program and adequacy of procedures.

Conduct that may violate the FCPA may also violate multiple federal laws pertaining to money laundering, mail and wire fraud, The Travel Act, export controls, arms trafficking, conspiracy, and tax statutes and regulations.

Heightened global enforcement – Financial services – U.K. Bribery Laws

The U.K. Bribery Act came into effect on July 1, 2011, strengthening the existing U.K. bribery laws, including criminalizing private sector bribery. It also established a requirement for organizations to demonstrate that they have “adequate procedures” in place to mitigate bribery and corruption. The Act is extraterritorial and covers global operations of all institutions operating in the U.K. It includes unlimited fines and possible debarment sanctions in the EU for corporations and a prison sentence p p pof up to 10 years for individuals.

Last December, the Wall Street Journal, reported that the U.K. Financial Services Authority (FSA) (now the Financial Conduct Authority, or FCA) was set to embark on a thematic review focusing on bribery and corruption in the asset management industry, citing to a report by law firm Dechert LLP. The law firm says 22 asset managers have already been identified for review, with the regulator set to publish its report in the third quarter of 2013.

The U.K. FSA, and subsequently the FCA, have highlighted bribery and corruption as a key area of focus from a “systems and controls” perspective. This means that FCA regulated firms face potential civil and criminal risk for failure to build adequate anti-bribery and corruption programs. In 2010, the FSA, legacy organization to the FCA, imposed fines ranging from £5 million to £7 million following its 2010 review of bribery and corruption controls within insurance brokers


15

following its 2010 review of bribery and corruption controls within insurance brokers.

The FSA and FCA have also undertaken a review of anti-bribery and corruption systems and controls in investment banks. The findings were published in March 2012. In sum, while the FSA/FCA acknowledged that considerable work had been undertaken to implement ABC programs, the majority of firms visited had more work to do, and some firms’ systems and controls fell short of regulatory requirements. As a result, the FSA/FCA is considering regulatory action against a number of firms.

9

CPE question #2

What is your current role/function?

A. Compliance Officer

B. Legal Department

C Ri k M tC.Risk Management

D.Operations

E. Internal Audit

F. External Consultant

G.Counsel

H.Other


16

Risk assessment and compliance

10

Where are you on the anti-bribery & corruption compliance curve?

DOJ’s three basic questions:

1. Is the company’s compliance program well designed?

2. Is it being applied in good faith?

3. Does it work?

Is it being applied in good faith?

Proper oversight and accountability

Adequate training and supervision

Dedication of appropriate

Does it work?

Routine auditing of controls

Regular monitoring and assessment

Periodic testing

– A Resource Guide to the U.S. FCPA; p. 56


18

Is the program well designed?

Based on a risk assessment

Including all essential elements

Dynamic and evolving as company and markets change

Tailored to address particular needs of the business

Customized to resonate with targeted employee population

resources

Anti-bribery and corruption compliance program elements

Compliance Oversight/Top Level Commitment

Board/Audit Committee

CEO & Leadership Team

Chief Compliance officer (CCO)

Line ManagementContinuous Improvement: Monitoring & Auditing

Periodic Risk Assessments

Identify principal existing and emerging risk areas

Identify business segments and employees most affected

Asses existing controls and opportunities for enhancement

Clearly Articulated Anti-Corruption Policy

Based on risk profile

Enterprise-wide applicability

Effectively communicated to all affected employees and business partners

Bolstered by appropriate internal controls

Training & Communications

Based on risk profile

Mandatory for all affected employees

Tailored to particular employee populations and needs of business

Periodic reminders

Enforcement & Remediation

Consistent and appropriate discipline

Enhancement of procedures and controls as warranted

g

Periodic re-evaluation of all aspects of program, including risk areas, controls, policies

Recalibrate risk profile and controls as needed

Enterprise-wide effort: Internal Audit, Compliance Group, Finance, Legal, Operations

Asses existing controls and opportunities for enhancement


19

Retain records of training and attendance

Internal Reporting Channels

Hotline or other confidential reporting processes for employees to raise concerns or seek guidance.

24x7 availability

Procedures for anonymous reporting and protecting complainants from retaliation

Escalation & Investigation

Escalation protocols for instances of potential non-compliance, including reporting significant matters to CCO, Senior Management and Audit Committee.

Coordinate and implement appropriate investigative plan

Oversight/Follow up to confirm escalated matters properly & promptly addressed

Due Diligence & Internal Controls

Screening of third parties

Contractual protections

Financial controls

Legal approvals

11

CPE question #3

What aspects of an effective compliance program do you feel your program focuses most of its efforts around?

A. Risk Assessment

B Governance/OversightB. Governance/Oversight

C.Policies and Procedures

D.Training & Communications

E. Monitoring

F. Auditing

G.Due Diligence

H. Investigations

I. Litigation/Enforcement


20

I. Litigation/Enforcement

Conducting an ABC/FCPA risk assessment

WHERE DO WE BEGIN???

Partnering amongst legal, compliance and internal audit with top-level management commitment and support

Risk assessment drives ABC/FCPA audit scope Risk assessment drives ABC/FCPA audit scope

– Industry and country specific ABC/FCPA risks

– Country corruption risk based on certain corruption perception indexes

– Degree of interaction and types of transactions with government officials, political parties, government, and state-owned or affiliated entities (SOEs)

– Corporate structure and compliance maturity

– Historic risks – Previous ABC/FCPA compliance exposures (internal or external reports of potential corruption risks)


21

– Concentration of sales by geographic region

– Recent acquisitions

– Prioritize

12

Third-party intermediary management

TPI Population

Identification of Covered

TPI

Risk Ranking/S i

Due Diligence

Review Follow-up

Technology Enablement and Integration

Obtaining a complete population of third parties

Aggregation, normalization, and deduplication of data sets:

Vendor master files:

– Consultants, lobbyists, agents, brokers, customs vendors, etc.

Customer master files

Customer Master

Vendor Master

Broker Files

PopulationTPIs Scoring

Diligence


22

Customer master files

Agent distributor listing:

– Broker files

– Distribution records

Joint venture agreements

Agent Listing

Distributor Listing

Layers of due diligence

Limited desktop public records review

KYC and CIP response

Sanctions and PEPs databases

Adverse reputational

Structured-data mapping and change alerting

High-Level sanctions and PEP reporting

(Limited public records review)

(Sh t F ) Corporate databases(Short Form)

Enhanced Due Diligence (KYC)

ABC Due Diligence

(Astrus or Similar)

Integrity Due Diligence

M&A

Comprehensive desktop public records

Detailed corporate filings and shareholder/owner structures

Court filings, regulatory investigation findings, etc.

Detailed multilingual media research, including local and specialist publications

Government contracting/relationships for entity and related parties


23

M&A

Interviews

Investigations

Fieldwork

and related parties

Crafted source inquiries

Interviews with clients, competitors, government officials, etc.

Management/candidate assessments

Further investigation and clarification of issues identified

“Company X has bid successfully on a number

of ministry supply contracts. These tenders

have always been transparent and competitive.”Health Ministry

procurement official

“It’s common knowledge among my industry sources that the Health Minister has an undisclosed shareholding

interest in Company X. Of course, it’s not reflected in

the filings”Local investigative journalist

“My company uses Mr Z as a supplier. He often asks us to make payments in cash or by bearer cheque, but that’s just

the way business is done here.”Owner of local business

“We considered using Mr Z as a sales agent, but decided to go with someone else. It was

purely a commercial decision –we didn’t have any concerns

about Mr Z’s integrity. ”Manager, international pharma

company

“Mr Z claims to be a big player in the distribution sector, but since he fell out with his brother-in-law at the ministry his

business has struggled.”Local competitor

“Company X has bid successfully on a number

of ministry supply contracts. These tenders

have always been transparent and competitive.”Health Ministry

procurement official

“It’s common knowledge among my industry sources that the Health Minister has an undisclosed shareholding

interest in Company X. Of course, it’s not reflected in

the filings”Local investigative journalist

“My company uses Mr Z as a supplier. He often asks us to make payments in cash or by bearer cheque, but that’s just

the way business is done here.”Owner of local business

“We considered using Mr Z as a sales agent, but decided to go with someone else. It was

purely a commercial decision –we didn’t have any concerns

about Mr Z’s integrity. ”Manager, international pharma

company

“Mr Z claims to be a big player in the distribution sector, but since he fell out with his brother-in-law at the ministry his

business has struggled.”Local competitor

13

The role of data analytics

Policies developed under

Development and enforcement of

Effective compliance infrastructure with autonomy from management and resources to affect sound anti-bribery controls.

Anti-Bribery Governance

Policies Policies developed under the direction of the

compliance officer and committee.

Anti-bribery policies and Periodic activities to

enforcement of policies and procedures, including consistent application of sanctions.

Incident response plan and policies to investigate alleged bribery or corruption.

Ongoing assessment of

internal and external

anti-bribery risks.

Policies, Procedures, & Internal Control

Systems

Investigation

Enforcement, Remediation &

Disclosure

Risk Assessment & Due Diligence

Prevention

Detection

Response


24

y pprocedures are

communicated to all affected employees and

business partners.

Periodic activities to assess employees and third-party compliance with anti-bribery obligations.

Mechanisms that allow for anonymous reporting of anti-

bribery issues or concerns.

Communication & Training

Reporting Channels

Auditing & Monitoring

ForesightInsightHindsight

Data analytics – Maturity continuum

Predictive

Strategic

IntegratedReal TimeDetection

Reactive

RetrospectiveData

Mining

Prospective

Predictive

Compliancedriven

Reactive Proactive


25

Ad-hoc

More labor intensive, reliance upon testing and sampling; queries; formula-driven analysis.

Largely ad-hoc

Application of rules to detect known patterns of fraudulent activity and anomaly detection for unknown patterns; includes queries, drill downs, alerts

Repeatable into continuous

Management of known suspicious activities/ claimants/vendors

Continuous into sustainable

Identification of unusual trends, false claims and statistical anomalies

Sustainable

Pattern recognition and prospective management, machine learning and neural networks

14

Procure to pay dashboard – Vendor summary view


26

Expense reimbursements dashboard – Transaction review


27

15

CPE question #4

Where along the data analytics continuum would you consider your current capabilities in relation to ABC compliance risk assessment and monitoring?

A. No data analytics performed

B ReactiveB. Reactive

C.Retrospective

D.Prospective

E. Predictive

F. Integrated real-time detection

G.Not applicable


28

Morgan Stanley and Garth Peterson “Rogue Employee”

16

Case study: Morgan Stanley Overview of declination

Public Declination of Company & Charging of Employee

In April 2012, the DOJ and SEC publicly announced their decision not to charge Morgan Stanley. Former Morgan Stanley executive Garth Peterson was charged with FCPA violations.

First Ever Publically Announced DeclinationFirst Ever Publically Announced Declination

The decision not to charge Morgan Stanley was the first-ever publicly announced decision not to prosecute a company after an FCPA investigation.

Morgan Stanley Compliance Program

In its charging decision and press release, the DOJ specifically cited as relevant Morgan Stanley’s robust anti-corruption compliance program and its cooperation in the investigation.


30

Case study: Morgan Stanley Model compliance features specifically cited by DOJ

Training

Dedicated compliance officers & anti-corruption specialists

Anti-corruption/FCPA notices and reminders

A l tifi ti Annual certifications

Payment approval process

Transactional due diligence efforts


31

* Morgan Stanley documented these policies and efforts.

17

Case study: Morgan Stanley Training

Varied Programs: “Morgan Stanley’s FCPA compliance program included live training presentations, Web-based training, and additional FCPA reminders.”

Frequent Training: Between 2000 and 2008, no fewer than 54 trainings were held for various groups of Asia-based employees on anti-corruption policies and the FCPA.g p p y p p


32

Case study: Morgan Stanley Enhanced training

February – March 2009: Conducted FCPA training in late February/early March 2009 in various cities including Shanghai, Hong Kong, Singapore, Beijing, Hangzhou, Shenzhen, and New York.

March 2009: “Tone from the Top” memoranda from Senior Management emphasizing p g p gcommitment to anti-corruption policies and procedures.

October 2009: Conducted targeted follow-up FCPA training in October 2009, including live, half-day, “deep dive” training in Shanghai for all China Real Estate employees.


33

18

Case study: Morgan Stanley Dedicated compliance officers & anti-corruption specialists

Compliance Personnel: “Between 2002 and 2008, Morgan Stanley employed over 500 dedicated compliance officers.”

Reporting: “Compliance Department had direct lines to Morgan Stanley’s Board of Directors and reported through the Chief Legal Officer to the Chief Executive Officer and other senior p g gmanagement committees.”

Specialists: Employed dedicated anti-corruption specialists responsible for policies and procedures, training, and coordinating with business units, among other functions.

Regional Officers: Employed “regional compliance officers who specialized in particular regions . . . to evaluate region specific risks.”


34

Case study: Morgan Stanley Annual certifications

Code of Conduct

“Morgan Stanley required each of its employees to certify adherence to [the company’s] Code of Conduct.”

Annual CertificationAnnual Certification

Beginning in 2006, all employees were required to annually certify that they had read and understood the Code of Conduct.

100% Compliance

The Compliance Department ensured 100% compliance with the certification requirement.


35

* Morgan Stanley documented these policies and efforts.

19

Case study: Morgan Stanley Payment approval process

“Morgan Stanley also maintained a substantial system of controls to detect and prevent improper payments.”

Multiple Levels of Review: Payments above certain amounts required several levels of approval by multiple employees.pp y p p y


36

Case study: Morgan Stanley Transactional due diligence efforts

Morgan Stanley maintained “established due diligence practices,” which included, as appropriate:

Reviewing foreign public records;

Speaking with sources familiar with the industry; Speaking with sources familiar with the industry;

Checking third-party’s references;

Site visit to third-party’s office;

Searching media sources re: third-party; and

Running background on third-parties and their principals.


37

20

Case study: Morgan Stanley Transactional due diligence efforts (continued)

Investigation, Cooperation and Advocacy: Morgan Stanley’s cooperation, together with its fulsome self-disclosure, pre-existing compliance program and various enhancements, positioned the firm to advocate for, and ultimately earn a declination.

Compliance Program in Place that Is Alive and Breathing: Morgan Stanley’s existing p g g g y gcompliance program evolved and responded to the issues uncovered, demonstrating that it was alive and not a “paper program.”

Document Training Efforts: Documentation is an internal metric of your program and becomes important evidence to provide to the government. Here, evidence that the rogue employee was trained and aware of the FCPA allowed Morgan Stanley to ultimately establish that he was engaged in self-dealing.

Value of Immediate Compliance Review: The time between identification of a violation and final negotiations with the government is often significant and must be used to repair and enhance a company’s compliance program; doing so can dramatically alter the ultimate


38

enhance a company s compliance program; doing so can dramatically alter the ultimate resolution.

CPE question #5

Which one area of your compliance program would you like to invest further in:

A. Understanding global ABC regulatory requirements

B. Assessing risks

C P li i d dC.Policies and procedures

D.Due Diligence on third-party intermediaries

E. Data analytics for risk assessment

F. Data analytics for transaction monitoring

G.Data analytics for vendor oversight

H.Training and communications

I. Auditing

J Staffing/resourcing


39

J. Staffing/resourcing

21

Questions?

Appendix – Third party risk management

22

Third-Party Intermediaries (TPIs)

H d d fi TPI i i ti ?

“73 percent of respondents found performing effective due diligence on foreign TPIs challenging or very challenging.”

KPMG Anti-Bribery and Corruption Survey 2011

How do you define a TPI in your organization?

How do you identify which TPIs should be included in due diligence procedures?

How do you determine the relative risk of each TPI?

How do you determine what level of due diligence to perform on each TPI?

How do you implement a comprehensive TPI management process?


42

Regulatory definitions

“…any officer, director, employee, or agent…”

§ 78dd-1 (a) Foreign Corrupt Practices Act

“The FCPA prohibits corrupt payments through intermediaries. It is unlawful to make a payment to a third party, while knowing that all or a portion of the payment will go directly or indirectly to a foreign official. The term “knowing includes conscious disregard and deliberate ignorance.”

The laypersons guide to the FCPA, U.S. Department of Justice


43

“A relevant commercial organisation (“C”) is guilty of an offence under this section if a person (“A”) associated with C bribes another person…”

“…a person (“A”) is associated with C if (disregarding any bribe under consideration) A is a person who performs services for or on behalf of C.”

Sections 7(1) and 8(1) Bribery Act 2010

23

Potential TPI’s

Purchasing Agents

Regulatory Affairs

Consultants

Travel and Expense

Lawyers

Accountants

Distributors

Resellers

Wholesalers

Freight Forwarders Customs

Agents

Product Registration

Agents

Health & Safety

Consultants PromotionalConsultants

ExpenseVendors

Joint Venture Partners

Accountants

Consultants


44

Sales Agents

Brokers

ShippersLicensees

Consultants Partners

Charities Political

Better model for TPI management

TPI Population


TPI

Risk Ranking/S i

Due Diligence

Review Follow-up


Obtaining a complete population of third parties

Aggregation, normalization, and deduplication of data sets:

Vendor master files:

– Consultants, lobbyists, agents, brokers, customs vendors, etc.

Customer master files:

Customer Master

Vendor Master

Broker Files


Diligence


45

Customer master files:

– Distributors, resellers, etc.

Agent distributor listing:

Broker files

Distribution records

Joint venture agreements

Agent Listing

Distributor Listing

24

Better model for TPI management (continued)

TPI Population


TPI

Risk Ranking/S i

Due Diligence

Review Follow-up


Agents

Suppliers

Customers

Use of data analytics to define population of covered TPIs

Application of risk criteria:

Vendor service code

Vendor industry category

Name

Expense category

Application of Filters and Grouping:

B i it ibilit


Diligence


46

Covered TPIs

Business unit responsibility

Geographic


TPI Population


TPI

Risk Ranking/S i

Due Diligence

Review Follow-up


Risk Ranking and/or Scoring

Risks are specific to each client and are agreed in advance with management and legal

Approach is tailored to client based on responses from management and operations

Maximizes compliance resources by focusing on higher risk TPIs

Structured, documented and capable of being articulated in compliance program

Medium priority/risk

Lo priorit

High priority/risk


Diligence


47

Low priority

Low priority/low risk

25


TPI Population


TPI

Risk Ranking/S i

Due Diligence

Review Follow-up


Questionnaire-based information request and limited

Due Diligence Reports – Astrus

Advanced Enquiries and Investigation


Diligence

Medium priority/risk

Lo priorit

High priority/risk


48

Structured approach to large number of lower risk TPIs

Quest o a e based o at o equest a d tedpublic records verification

Low priority

Low priority/low risk


TPI Population


TPI

Risk Ranking/S i

Due Diligence

Review Follow-up


Review of compliance information can be facilitated by:

Simple and clear report

Single aggregated report

Central Repository for Due Diligence Information and Follow-up

System for retaining current and historic due diligence information

The information collected as part of the TPI management process can be used for:

Compliance decisions

Business decisions

Vendor management

Exclusion/debarment of certain vendors.


Diligence


49

Disseminated and available to decision makers, compliance, and legal

Audit trail of requests, responses, and follow-up

26

FCPA technology elements

Extract global TPI list – i.e., ERP or Procurement systems Import and analyze data source (s) Identify Third Party Intermediaries (TPIs) categories in scope

for due diligence Identify and extract full population of Third Party Intermediaries

(TPIs) in scope

TPI Scope ManagementCategories of TPI

FCPA Technology

Elements

Initiate Due Diligence process for individual TPIs and conduct qualitative and quantitative analysis: Business Justification, TPI Questionnaire, FMV Assessment

Identify red flags and TPI risk rating – triggers escalation and additional reviews

Determine necessity of corporate intelligence reports. Retain TPI for on-boarding or Not-Retain TPI and capture

assessment data.

Risk & Due Diligence Management

Capture training data and confirmation of completion Capture contract related information – i.e., contract type,

contract start and end dates, contract reference code (s) Build business rules for notification of contract expiration or

renewal

Training & Contract Management

(TPIs) in scope


50

Generate reports to capture TPI status: Retained, Not Retained, In Progress, etc…

Break-out reports by Region, TPI Category, etc… Generate reports for TPIs that are due for renewal Build dashboards to provide real-time data on TPIs, and

accommodate various user roles: business sponsors, regional, compliance officer, regional business & compliance

Reporting Management

Integrate with enterprise systems and applications for downstream or upstream data requirements – – i.e., ERP or Procurement systems

Integrate with third party vendors to capture background check data – i.e., WorldCheck, D&B

TPI Scope Enterprise Integration


The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.

banking on risk - visualwebcaster.com · banking on risk: the new realities ... to reward companies...

Documents