Written by Chris Weiss
It is clear in the FCPA guidelines that there is no “one size fits all” approach to structuring a corporate compliance program. Whether it is time, budget, manpower, etc., we are all limited by our resources in one way or another. If you do not have the luxury of conducting annual global audits and interviews, desktop risk assessment can be a compliance officer’s best friend.
Assessing and assigning risk to your international partners is paramount to the strength of your compliance program. There are specific criteria Kreller focuses on when assessing risk, including:
- Physical location
- Sales volume
- Government exposure
- Line of business
These are some of the criteria that would make up the foundation for a Risk Matrix. Much like the structure of your corporate compliance program, there is no one approach to creating a risk matrix.
For example, the weight of each of the four criteria may vary. We would often place the highest emphasis on location (40%) and equal emphasis (20%) on the three remaining criteria. Because our clients vary in size and span many industries, we create a custom risk matrix for each client based on a macro level view of their international risk.
By using a risk matrix, you can plug in the above criteria for any of your international partners to determine their “risk score” or perceived level of risk. Creating tiers with corresponding numbers using the criteria above will allow you to assign a risk score to each of your engagements.
When determining risk based on your international partners location for example, use the CPI index. For the purpose of demonstration, we will tier location using the transparency country ranking. Perhaps your risk matrix outlines countries ranking 1-25 on the transparency index as low risk, 26-100 medium risk and 100+ as high risk.
Because location is more heavily weighted than the other factors in our example, we will assign a total of 6 points to location. Low risk locations would be two points, medium is four points and high is six points. You create similar low, medium and high tiers for sales volume, government exposure and line of business.
Desktop Risk Assessment is a tool too valuable to ignore. It offers a simple, common sense approach to assessing the risk of your international partners and follows the guidelines outlined by the DOJ and the SEC.
Kreller provides a complimentary risk matrix for any company looking for assistance. Please do not hesitate to contact myself or any other Kreller representatives to assist you with creating a risk matrix relative to your organization.
Chris Weiss is a global due diligence consultant for Kreller Group. He advises multinational Fortune 100 companies in the areas of FCPA Compliance Program Construction, Risk Management Solutions, Security Risk, Gaming & Probity and Ethical Sourcing Investigations. Weiss sub-specializes in consultation with regard to FCPA, the Patriot Act, Bank Secrecy Act and Sarbanes Oxley Act. He received his B.A. in International Affairs from the University of Cincinnati with a minor in Middle Eastern Studies
About The Kreller Group
For nearly 30 years, Kreller has relied on “extensive boots-on-the-ground” research, conducted by investigators who are well-versed in worldwide military, law enforcement, business and government matters to deliver the concise information our clients need to make decisions.
Want to discuss how our expertise can help? Click here.