Monthly Archives: July 2015

One Anti-Corruption Compliance Panel: Multiple Perspectives

One Anti-Corruption Compliance Panel: Multiple Perspectives

On July 23rd, 2015 at the Hotel Kitano in New York City, The Network ( hosted an Anti-Corruption Compliance Panel discussion titled “Why Anti-Bribery Programs Fail and How Compliance Must Evolve.” Cindy Curtin Knezevich, Vice President of Marketing Operations at The Network, along with Meagan M. Flores, Sr. Manager, Marketing Programs & Demand Generation, developed the afternoon discussion program, which was well attended by Compliance, Audit and Investigatory professionals from throughout the New York Metropolitan Area. The panel was moderated by Jimmy Lin, Growth and Product Strategist for the Network, and I was joined by co-panelist Robert “Bob” Appleton, Partner, Day Pitney. As shared in a prior blog, Bob was the former UN Procurement Task Force Chairman, who in 2006 targeted me in as part of a contract investigation, stemming from his work on the Volker (Oil for Food) Committee.

When I asked Cindy about her thought process in launching the event, given the time and expense involved in organizing the logistics, including a rooftop reception afterwards, she responded “We hosted the event because, quite simply, we could not resist the opportunity to put you and Bob, with your fascinating stories, in the same room!  We thought ethics and compliance professionals were bound to be as enticed by it as we were.”

Cindy continued “The Network believes ethics and compliance isn’t a ‘function,’ but is about all employees, so we think about engagement; when we build solutions like our Agile Code of Conduct or our Integrated GRC Suite, we build them from the perspective of ‘how can we engage employees, and how can we help them retain and apply information,’ not just from the perspective of the system administrator.  I encourage our marketing team to think about engaging our prospects and clients so we try to find topics that bring real value, and aren’t the same old papers and webinars that compliance professionals could get anywhere.

“From our first conversation, Richard, I have believed that compliance professionals could learn a lot from your experience and use your lessons to improve their own programs.  And Bob’s investigatory and FCPA background is so impressive, that even the most seasoned Chief Compliance Officer can learn something from him. Ultimately, I felt that this would provide real value to our market and do it in a way that was authentic to The Network, so truly, it was a pleasure to host.”

Paige Pulaski, Marketing Programs Coordinator at The Network, and author of a three part series on “Compliance Lessons Learned Behind Bars” (link here) commented afterwards “The story that you and Bob shared on the 23rd had our guests totally enraptured. One attendee commented, ‘It’s one thing to read about a story like this, but it’s really something else to hear both sides of the anti-corruption story from people who have lived it.’”

But the big surprise came from the following, where Paige shared “ a conversation with our videographer at the end of the event, when she mentioned it was a surreal assignment for her; she and her husband had left the country they’d considered home because of the insurmountable corruption, and there she had stood for hours behind her camera, listening to every word you two had to say about awareness of the ethical issues of bribery and how to be proactive about eliminating corruption.”

Paige reflected that “It was an eye-opening moment for me to realize that, on the extreme side of ‘no one’s getting hurt here,’ that there are people’s lives who are being completely altered to the point of abandoning their home country to the ruins of corruption. Richard, you and Bob are impacting the movement to combat this from happening by providing psychological and corporate tools to prevent unethical persuasion.”

That was an unexpected viewpoint and I hope we can invite the videographer to guest blog here sometime about her experience. I also asked Cindy if she heard from any of the attendees, to which she replied “During the cocktail hour, I spoke with someone from one of New York’s government functions.  He said this was one of the best events he had attended in the compliance space because it was unlike all the others where the content centers on ‘some regulator waving his finger at you’ and droning on about enforcement.  Richard, your perspective really resonated with him; I’m paraphrasing but he said compliance teams could really learn a lot from someone who has actually been through it and suffered the personal and professional consequences.”

We were also fortunate to hear directly from a few attendees including Kimberley Allan, CMO, ProGRCive, who shared that the event was “‪an incredibly compelling and engaging narrative. A very human tale of the psychology behind a bribe, juxtaposed against the efforts of the international regulatory community to address bribery and corruption in business. It provided practical insight into how companies serious about ethical behavior can spot red-flags, but also set up common-sense frameworks (such as how sales, particularly in high risk territories, are targeted and rewarded) to prevent it.”

Jo Sherman, CEO EDT, who has previously shared her experiences at Compliance Events (Oslo Anti-Corruption) on this blog (link here), reflected, “It’s not often that I attend a half day seminar in New York where there is standing room only.   But that was the case on the 23rd when I arrived at the Kitano to hear you and Bob talk about anti-bribery compliance. In fact, The Network advised me afterwards that there were so many registration requests that they could have filled the room many times over.

“So, why was it so compelling?   On the topic of bribery and corruption, you and Bob are so refreshingly unique because you keep it real. You are not a couple of ‘holier than thou’ compliance consultants with limited real world experience speaking about ethical best practices or preaching via bland PowerPoint’s about the world of anti-bribery and corruption.

“Its your story Richard, and it’s Bob’s story. Your real world stories from the trenches.”

When I asked Jo why someone in electronic discovery services would even register, she replied “I attended the event because we have recently realized that our software, which was actually developed for the eDiscovery and litigation markets, inherently delivers functionality that is also useful for internal corporate investigations into potential bribery or corruption.  To that end, the event provided me with practical insights into the challenges our clients face when managing projects in this domain.”

Well, having heard from the organizers and attendees, I thought I would leave my final question to my co-panelist and interlocutor over two continents, Bob Appleton, having engaged at the Oslo Anti-Corruption Conference, for his thoughts, to which he replied, “Richard, it was my honor and pleasure to participate in such a well-organized event handled so professionally by The Network, and to have the opportunity to tell, for the first time after 10 years, the rather unique story of how our paths intersected when I was an investigator and you, the subject, at the United Nations in 2006-7. I really appreciated the opportunity to share our other real life experiences confronting corruption throughout the world in the field in the following nine (plus) years before we finally met in person earlier this year.  Not unlike the circumstances that existed when our paths crossed in 2006, corruption remains a very real problem for, and challenge facing, any corporation seeking to do business abroad – as well as any company, foreign, domestic or multi-national, worrying whether the FCPA can and will reach them.”

Bob added, “I hope that the information imparted from our years of experience in the field was not only entertaining, but of value to the attendees in meeting the very real and significant corruption challenges that continue to be present today.  My profound thanks to you Richard, for approaching these issues so genuinely and thoughtfully.”

My only postscript would be one of thanks. First, thanks to The Network for reaching out to me after my first months of blogging in early 2014, with a call from Cindy saying “we want to know more” and commissioning the Behind the Bribe white paper (link here for download). Cindy and her team were one of the few, back when I started, that provided the encouragement and ‘fuel’ to continue my outreach and trajectory. There are always people that you think of in your career as providing unconditional inspiration, well, The Network was/is that for me. And continued thanks to Bob Appleton for responding to my “remember me” e-mail after I read his interview with Sam Rubenfeld in the WSJ (link here). We have been reminiscing ever since, but not simply the exchange of war stories; rather, we are constantly challenging ourselves and our communities to consider “what does this all mean to today’s compliance challenges.”

Interesting article? Would you like to know more?

Contact Me
E-Discovery: If you can’t take the data to the tools, take the tools to the data

E-Discovery: If you can’t take the data to the tools, take the tools to the data

Today we welcome Jo Sherman, CEO, EDT Inc. (website), to share some of her thoughts on the challenge of international investigations and data collection/analysis. Given the challenges of discovery and data collection across borders in anti-corruption programs and investigations, I thought her experience and perspective would be of tremendous value.   I had the pleasure of meeting Jo in New York and she also attended the Oslo Anti-Corruption Conference, where she contributed her reflections in a prior blog (link here).

RB: Jo, thank you for today’s Q and A, and perhaps you can share some of your background and how that evolved in what you do today?

Thank you Richard.  I studied law a few decades ago back in Australia and then embarked upon my computer science studies.   Since that time I’ve devoted my professional endeavors to the application of technology to the practice of law. About 12 years ago I founded EDT, a company that has developed end-to-end case management software for the investigation, e-discovery and litigation sectors. We’ve now grown to a point where we have many global clients and offices around the world. I moved to New York City about a year ago to set up our North American headquarters.

RB: Thank you, so Jo, what are the challenges which organizations face with respect to data collection and analysis?

Global corporations, particularly those headquartered in the US, confront many challenges surrounding the data privacy regime in the EU.  Those managing internal or regulatory investigations and cross border disputes need to navigate a quagmire of EU rules, protocols and directives that limit access to and removal of data that is deemed to be ‘personal’ from corporate premises.  The problem is further exacerbated by inconsistencies across various EU countries with each country requiring a different and tailored approach.  This is problematic because often the data held, received or created by EU based employees, agents, contractors and consultants is of critical importance to US oriented investigations or disputes.

RB: That sounds almost un-navigable?

It is particularly challenging given the ever increasing investigatory activity by US regulators in the anti-corruption and bribery domain, such as the FCPA, and the corresponding growth in the number of internal corporate investigations. The vast majority of these investigations involve data residing in the EU that is considered private. Significant frustration has been experienced when attempting to collect such data to bring it back to the US.

There has been much debate about the best approach to such cases and a plethora of advisory services and sophisticated technology solutions have evolved in response.   These solutions have typically involved significant travel for forensically skilled personnel or subject matter experts, hardware infrastructure and software licensing expenses. However, there may be an easier way to address the problem.

RB: How, given the complexity of the regulations?

Let’s go back to basics.   It seems that most of the challenges corporations face relate back to an underlying core assumption that the data needs to be brought back to the US.  So, in that context it’s the actual removal of the data from the EU location that is the key problem.

To that end, I wonder if we can draw an analogy to the NASA space pen story Edward de Bono talks about in his 1998 book “Simplicity” (a must read for anyone involved in technology development).  In “Simplicity” de Bono advocates the need for creative thinking to find simple solutions to complex problems. As a metaphor, he uses the story of the NASA program that required massive funding over an extended period of time to develop an anti-gravity pen that will work in space.

Meanwhile, the Russians used pencils.

So, when confronting the EU data protection challenges, I wonder whether we are over-engineering the problem and missing some potentially obvious solutions?

RB: Well, this is new to me, so what might be the obvious?

The first question I would ask is; why do we assume that the data needs to be removed at all?  If obtaining approval to move the data is the problem then why don’t we simply stop moving the data?  Why don’t we just keep it in place, for as long as possible, conducting the bulk of the data analysis and review activities on-site, to either dramatically reduce the problem or potentially even remove it altogether?

A related and basic question is; why do we assume the review needs to be done in the US?  Why can’t the review take place on-site, at the source location, potentially even with some key employees or even workers’ council representatives looking on?   This approach would mean conducting analysis of the data on-site, running searches to identify key relevant documents and, at the same time, identifying personal information right there and then.  At that point the necessary approvals could be sought using very detailed and specific data descriptions (broad sweeping ill-defined requests have rarely been successful), or the personal information could be redacted or it could be flagged and quarantined altogether.   Then, a first pass review could be undertaken, again, on-site without moving any data.

RB: So you seem to be advocating an on-site as opposed to “move the data” approach?

Yes. I think it’s often possible to do a considerable amount of the work on-site without moving the data.   That means fewer obstacles will be confronted because fewer (if any) approvals to move data will be needed.   The extent to which data will need to be removed at all will vary from case to case but I would think that most cases could benefit from a policy that advocates on-site collection, analysis and at least a first pass review to cull down the data.

In some circumstances it may be possible to conduct a more detailed, second pass review in-situ while other cases may necessitate return of a small subset of data back to the US corporate headquarters or to a US based legal team that is overseeing the investigation or dispute.   In such cases, seeking approval for a small kernel of key information that is highly relevant rather than approval for a massive data dump of everything that could possibly be relevant is far more likely to satisfy the EU based gatekeepers.  And, it’s also likely to be a less painful exercise if an on-site, consultative approach is taken whereby key   employees, knowledge workers, even worker councils have been engaged throughout the on-site culling, analysis and review exercise in the first place.

Of course, to adopt this strategy the supporting technology platform needs to be nimble, affordable, easy to use and above all it must have a light footprint so that it’s easy to install, even onto a mobile computer like a laptop.  Such solutions do exist.

RB: Do these solutions embrace reasonably user-friendly technology, or would it extensive training? And what has been the market reaction to this paradigm shift?

Three words to that Richard – Keep it Simple.


By that I don’t mean simplistic. Technology must be powerful but it must also be easy to use. It should be possible for on-site corporate employees, investigators and lawyers who are not data scientists to perform processing, analysis and review activities with minimal training.

Last month we co-hosted an event with our UK based partner, Altlaw (link here), at the NYC offices of Hughes Hubbard & Reed LLP to canvass this topic.  My co-panelists were Brian Corbin Vice President, Discovery Program Manager from JP Morgan Chase, Ignatius Grande, Senior Discovery Attorney, Hughes Hubbard and Reed LLP, Patrick Burke Senior Counsel, Sefarth Shaw LLP, Mike Taylor, i-lit limited.

There was a particularly candid and stimulating debate between panelists and the participants with valuable insights from corporate attendees.   Some efficient, practical and creative strategies were proposed for managing cross border litigation and investigations and a take the tools to the data proposition presented above was one of the many ideas canvassed.

Indeed, a key theme to emerge on the evening was very much aligned with recent comments by Leslie Caldwell, the AAG of the DOJ’s Criminal Division to the effect that companies under investigation are not required to “boil the ocean”.   A fresh and proportionate approach through a bit of creative thinking may enable corporations to find the balance between ticking the compliance box while maintaining control over the bottom line expenditure.

RB: Indeed, that “boil the ocean” comment seemed to have generated an “ocean” of reaction. Well, is there anything else you would like to add, and how can people get in touch with you?

I’d like to thank you Richard for the fine work you are doing in the anti-corruption and compliance sector. Your insights are always compelling and it’s so refreshing to hear such a  candid perspectives from someone who ‘talks the talk’ but has also really ‘walked the walk’.

Thank you Jo, and for readers, Jo can be reached via [email protected] and video from the event Jo referenced co-hosted by Atlaw can be found here.

Interesting article? Would you like to know more?

Contact Me

The New Canadian Integrity Regime: Compliance Carrots to Join the Sticks

The New Canadian Integrity Regime: Compliance Carrots to Join the Sticks

Today we welcome Kristine Robidoux, Partner, Gowling Lafleur Henderson LLP, for an analysis of the new Canadian Integrity Regime. As Canada has one of the most robust Debarment regimes which includes anti-bribery enforcement, I thought that a change in the Regime was worthy of additional focus. Thus, I am pleased to have Kristine join us again, and for her prior interview on this blog, link here.

KR: Thank you Richard. After extensive additional consultation with industry, anti-corruption groups, academics and stakeholders, the Canadian government quietly announced its highly anticipated revisions to the Integrity Regime. The Regime replaces the previous Public Works and Government Services Canada (PWGSC) Integrity Framework, first established in 2010 and modified in 2012 and 2014.

The previous Integrity Framework had a number of controversial provisions that led to widespread criticism; in particular, suggestions that the Framework was so draconian, confusing and inflexible as to “drive underground” allegations of corporate wrongdoing, contrary to PWGSC’s stated objective of deterring such wrongdoing. For example, under the earlier Framework, government suppliers faced debarment from PWGSC for fraud or corruption committed by them or their affiliates, the definition of “affiliate” being particularly broad and covering all relationships where one entity has power to control the other or a third party has power to control both. In addition, debarment was lengthy and automatic, and there was no flexibility to allow companies to argue mitigating circumstances, robust remedial measures or cooperation to shorten the debarment period. Many of these harshest aspects of the previous Framework have been appropriately addressed: while the Regime remains undeniably strict – one of the strictest in the world – the result of these modifications is to create a much more clear, flexible and proportionate Regime.

Key Elements of The New Integrity Regime include:

1. Debarment

A potential ten year debarment continues to apply for convictions for listed offences. Importantly however, the Regime now provides for the period of contracting ineligibility to be reduced by up to five years if it can be demonstrated that the supplier has adequately addressed and remediated the causes of the misconduct and has cooperated with enforcement agencies in investigating and resolving the conduct at issue. The Regime introduces the concept of an administrative agreement to be put in place to monitor the supplier’s progress in its application for reduced debarment, and would include compliance measures and other conditions with which the supplier must comply in order to remain eligible to contract with the government. Further, suppliers will need to retain an independent third party assessor with expertise in governance and compliance to certify that the terms of the administrative agreement are being met. The independent assessor will report to the government on the supplier’s compliance with the agreement and where an unfavourable report is submitted, the supplier will see its period of ineligibility lengthened.

2. The Breadth of the Regime

The new Integrity Regime will apply across all federal departments and agencies for procurement of goods and services and real property transactions. The Regime will also apply to sub-contractors. Prime-contractors will be required to subcontract only with eligible suppliers and will face potential debarment for five years if they knowingly subcontract with an ineligible supplier.

The list of offences for which a supplier may be debarred remains broad and encompasses offences under the Corruption of Foreign Public Officials Act, the Competition Act, the Criminal Code of Canada and the Financial Administration Act, among others, relating to conduct including but not limited to:

· Bribery (CFPOA)

· Fraud

· Money laundering

· Falsification of books and records

· Participation in activities of criminal organizations

· Collusion, bid-rigging or any other anti-competitive activity under the Competition Act

· Prohibited insider trading

· Misc.

Similar to the prior Integrity Framework, there is no minimum dollar threshold for listed offences. In other words, the Regime will not differentiate between a company that paid a small bribe and entity convicted of paying bribes totaling millions of dollars.

3. Affiliates

A key improvement to the new Integrity Regime provides that the commission of a listed offence by an affiliate will no longer automatically result in a penalty on the supplier. Rather, the Regime provides that only where the supplier has “directed, influenced, authorized, assented to, acquiesced in or participated in” the violative conduct, would the actions of the affiliate give rise to the supplier’s ineligibility. If the supplier can demonstrate that it had no such involvement, it can avoid debarment.

What Does This Mean For Contractors And Suppliers to the Canadian Government?

It is clear that with the recent changes to the Integrity Regime, the Canadian government is attempting to foster an environment that will encourage cooperation, self-investigation and voluntary disclosure by using inducements to potentially shorten the debarment period. Given the government’s emphasis on proactive investigation and remediation, it is imperative that companies carefully consider the value of conducting robust internal investigations of potential misconduct at the earliest opportunity. Should such misconduct be uncovered, particularly misconduct by a foreign affiliate over which there is not the requisite degree of control, such investigation and proactive remediation and cooperation could lead to either a much reduced debarment period or avoidance of debarment at all.

The Canadian government carefully reflected on the input it received from the various stakeholders in implementing this overhauled Regime. Is the Regime perfect? Hardly. But while some on one end of the discussion may argue that the government “caved to the pressure” from industry, and still others may argue that the Regime remains draconian and impractical, it is clear that the government has attempted to strike a balance between the need to ensure integrity in procurement and the need to promote ethical conduct – versus simply piling on additional retribution – among suppliers.

Kristine Robidoux, QC, Gowling Lafleur Henderson LLP [email protected]

Interesting article? Would you like to know more?

Contact Me
Benchmarking Bribery & Corruption: Compliance Progress & Frustration

Benchmarking Bribery & Corruption: Compliance Progress & Frustration

In 2014 I wrote about the Kroll and Compliance Week 2014 Anti-Bribery and Corruption Benchmarking Report, subtitled Untangling the Web of Risk and Compliance. I found the 2014 Report to be extremely relevant and engaging, focusing, among the conclusions, upon the peril of “vetting and forgetting,” link here. Accordingly, when the 2015 Report was recently released, subtitled How Companies Navigate Bribery and Corruption (link here to Kroll for the entire Report), I was anxious to see what, if anything, had changed from the 2014 Report data and conclusions.  After reading the Report I contacted Kroll with a number of questions pertaining to the Report’s conclusions, and with thanks to  Kroll Compliance Director of Global Marketing & Communications, Cathy Johnson, my questions were submitted to the Kroll Managing Director of EMEA Compliance, Kevin Braine. The following represents the Q and A in its entirety.

Kevin, first, thank you for your assistance in responding to my follow-on questions. The Report speaks of the “frustrating picture of compliance officers struggles to implement a global strategy for anti-bribery compliance and to tame vendor/third party risks.” Do you think that it is just due to the overwhelming nature of the endeavor or perhaps in part due to internal “compliance fatigue” where there is a lack of organizational support and hence commitment of resources?

KB: I do not believe that there is a simple answer here. I have yet to meet a CCO happy with the resources he or she has at hand to tackle their tasks and yet most large corporates have bigger compliance functions now than five or ten years ago. The financial downturn has put some real pressure on all operational budgets and, in many sectors, CCOs have felt the pinch along with the rest of their senior colleagues. However, overall, there still appears to be widespread and ongoing board level commitment to maintaining robust ABC controls.

Some “compliance fatigue” may spring from a combination of maturing ABC programs – which perhaps lose a bit of steam after initial enthusiastic roll outs – and a drop in the number of high profile fines and prosecutions (especially in the UK where there still has not been a significant corporate prosecution under the 2010 Bribery Act) which act as reminders of the importance of having effective programs in place.

The Report focuses upon “poor reporting relationships or collaboration” where finance personnel not part of the compliance regime. From my perspective, this might be the buried headline, as it takes more than one person to “get the money out.” From your experience, what are some of the steps organizations can take in order to remove finance from the compliance silo and hence, make them an essential part of the internal compliance team? As Ms. Zoe Newman (Kroll, Managing Director) well states, it is often the finance personnel, throughout the organizational chart, who understand “how the financial controls work and therefore how they potentially can be manipulated.” So, what can be done? This looks to be like a major gap you just unearthed.

KB: I fully agree that this is an important point and one that we do not always see tackled effectively. In some companies, this is a structural issue: compliance departments are purposefully ring fenced to protect their independence and objectivity and this can become a barrier to closer cooperation with both operational units, who will typically have a much better grasp of the details of a proposed relationship with a commercial counterparty, and finance departments. Many companies seek to remedy these silos with multidisciplinary approval committees to review any relationship flagged as ‘higher risk’ from both a compliance and commercial perspective. Best practice is to have Finance represented on these committees.

In the 2014 Report, you warned of “don’t vet and forget.” It seems that this recommendation in the context of your “ongoing care and monitoring” responses did not make much progress. Any additional thoughts on this topic, given that only “33 percent feel as confident about monitoring third parties after the business relationship is underway.”

KB: Ongoing monitoring is indeed still a huge challenge for many ABC programs. A lot of programs rely solely on a mixture of refreshing existing due diligence files at regular intervals (every one, two or sometimes five years) and some form of regularly updated self-certification by third parties, but very few have dynamic processes in place allowing them to monitor and re-evaluate ever changing risk profiles. More sophisticated programs – as typically found in regulated industries – include automated reviews of third parties against certain data sets but this can remain a fairly crude binary process. In a perfect world, ABC programs should be able to pick up a commercial counterparty’s change of beneficial ownership, exposure to new higher risk markets or reported involvement in some issue of controversy in a ‘live’ manner and these changes would automatically lead to a reevaluation of previous risk assessments.

I found it fascinating that training intensity and frequency dropped, as it got further away from the “Compliance suite,” which is where risk remains the greatest. Why do you think that exists given the front-line teams in foreign remote offices, often unsupervised, are those who need such training in greater regularity than their domestic counterparts who may never confront corruption risk? As the Report states, “the further away the risk, the confidence in its effectiveness wanes.” This seems to be fraught with peril from my front-line perspective.

KB: I think there has been some progress on this front. We typically see effectiveness wane in remote offices when: 

  • ABC programs are developed at corporate headquarters in splendid isolation;
  • Tone from the top is handed down with no consultation with business units;
  • Companies stick with a ‘one-size fits all’ ABC training program / processes which may be inadequate for certain business units that operate under very different models (arbitrary cash thresholds or country exposure rules put every single relationship of a business unit in higher risk categories);
  • International groups only roll out ABC training program / SOPs in one language, or fail to take into account local and cultural differences.

Self-certification. Well, I am not a believer as I have seen third parties collude with internal business sponsors to circumvent such assessments. Plus, as the Report well states, they often “will not get much enthusiasm from third parties who may view it as one more compliance exercise,” to which I would add: Or not take it seriously as they don’t consider themselves as locally subject to anti-bribery laws. Accordingly, the report speaks to “participation in training” as getting third parties “to start taking this a bit more seriously.” Can you elaborate a little more specifically as to what you would recommend?

KB: Self-certification can be effective. We notice that, when internal business sponsors have to countersign third parties’ disclosure documents, and clearly engage their responsibility should they overlook serious misrepresentations; this type of exercise is taken very responsibly. To be fully effective, companies also have to conduct regular audits and tests on the whole self-certification process.

Do you think on-line or web based training for overseas field personnel is helpful, or is it necessary to bring them to the home office for anti-bribery training, or is it a combination of both that resonates the most?

KB: Face to face training will always be more effective than web-based. However it is only worthwhile for employees in higher risk functions and often most effective when delivered in country and tailored to a particular business unit. We have come across many very successful ‘train the trainer’ programs where local managers were given training centrally and then adapted it and rolled it out locally.

Automation. It seems to be that the Report is a strong proponent of automation but with an “initial bit of consulting work to make it an actually worthwhile exercise.” Given the proliferation of automation services, especially when it comes to third party on-boarding, is there a danger that automation might lead a company to a false sense of security or “passing the buck” when it comes to automating third party on-boarding and assessments.

KB: As you rightly point out automation can be a boon or a trap. However, with the right initial risk assessment in place, automation is the only way for regulated institutions to conduct some form of regular searches on huge volumes of lower risk entities. Getting the risk assessment wrong, or lowering the bar to the point that the automated searches conducted do not pick up issues or are conducted on entities operating in countries where the data sets are either lacking or woefully inadequate are the two common failures that we continue to come across.

Thank you Kevin for  sharing your work and additional perspective. If someone would like to contact you, do you have a preference?

My pleasure Richard. Feel free to share my e-mail address at [email protected]

Interesting article? Would you like to know more?

Contact Me