Share this article with your network
Help your network to discover new knowledge
Debate about the fifth Money Laundering Directive began before the fourth had even been implemented. You have to comply with EU directives, sanctions lists and other rules of the game. At the same time, some sets of rules are growing, others are being withdrawn and new ones are being added. The sheer number of regulations and the changes on the market are overwhelming, turning your company’s compliance into a minefield. Not to mention due diligence! Find out in this article the first step you need to take to steer your business into safe waters.
New directives, sanctions and embargoes appear every month, if not every week. What happens while compliance officers are trying to mitigate risk without slowing business growth? A data tsunami is brewing that threatens to bury painstakingly constructed processes underneath it, that’s what. Business partners, suppliers, customers and many other third parties can expose your company to risks both minor and major. For example: 90% of the bribery cases enforced by the FCPA over the last 40 years have involved third parties.
Yet 83% of companies do not perform ongoing due diligence on all third parties. This is where disaster prevention begins – as drastic as that may sound. So take the helm and row back a few steps. At the outset of any crisis management, the first thing you need to do is get an overview. That’s when you should start looking at a risk assessment / risk evaluation.
There are plenty of data available on business partners. Thank you, data suppliers! The real question is, what are the most pertinent data among them? Address, hierarchy, ownership structure, beneficial owner, financial and payment data, trigger warnings – the list is endless. This is where a risk assessment can help. This step deals with the internal and external world of a company. It is founded on the risk-based approach you take. Depending on how severe you assess the risk for your company to be, a more or less intensive investigation may be required.
It’s worth taking a first look inside. A few questions about the company’s situation provide an insight into how high the potential risk from outside actually is. Classify the risks to your own company. This enables you to better assess the risk level posed by a third party (how “dangerous” this “third party” could become for you). This is easily illustrated by way of examples: If you work in the precious metals industry, you are exposed to a higher risk of money laundering as precious metals are common vehicles for this criminal activity. In the construction industry, late payments represent classic external risks.
Possible questions you should ask yourself about your situation include:
It may also be worthwhile to take a look at your company’s organisation. For example, do you mainly have an external sales force that is predominantly on the road visiting customers? Then the risk of bribery is much greater for you than if you conduct your business through telesales, for example.
In the next step, it’s time to deal with the third parties. Examine the environment in which your company finds itself. Identify your suppliers, vendors, customers, agents, subsidiaries and other partners.