Key governmental watchdog agencies around the globe are getting much better at sharing information about potential fraud and corruption cases, and holding companies more accountable for how they choose to use their own data when evidence of wrongdoing is uncovered. For that reason, entities like the U.S. Department of Justice are willing to reward accountability by offering penalty reductions to companies that self-disclose violations of the Foreign Corrupt Practices Act (FCPA).
Key regulatory agencies have offered guidance to help companies become better stewards of their data, which often centers on improving monitoring, protection, and preservation of personal information. The richness of this information is vital to help companies stay in FCPA compliance. And companies that are ISO 37001 certified are in a much stronger position to prove the adequacy of their compliance programs. This is because recently developed international anti-bribery standards provide a sequential approach for companies to apply a “reasonable and proportionate” evaluation and assessment of fraud risks.
While most companies are actively striving to maintain compliance with FCPA and other anti-bribery regulations, many of those businesses struggle with identifying–and risk-managing–portions of their data accessible by third parties. For example, blockchain is a linked, time-stamped, unchangeable record of digital activities, accessible by a controlled set of users. Since this technology is still relatively new, the risks and controls involved in its use are still evolving, which can make it difficult for business leaders to feel completely accountable for information on those data files. Despite that lower level of assurance with third-party data oversight, many companies do not make use of internal assessments that can help bolster confidence in that area.
Compliance with FCPA, the U.K. Bribery Act, or other regulatory standards should not be viewed as a “one and done” activity. In the big picture, companies must be diligent about maintaining accurate books and records, while also using data analytics to monitor employee activity in certain areas at high risk of bribery, corruption, or fraud. On a more personal level, the most successful compliance leaders must be both charismatic and persuasive, with enough accumulated political capital to allow them to influence the sound, compliance-based decisions among senior executives when illicit behavior is discovered.