Search

Editors

Richard L. Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Harry Cassin Managing Editor


Elizabeth K. Spahn Editor Emeritus

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor


FCPA Blog Daily News

« It's Another World At That Bank | Main | Chasing Dirty Money »
Monday
Jan122009

Aon's New Path

A couple of months ago, guest-blogger Scott Moritz talked about risk-based compliance. His post, we now see, was prophetic. Why? Because just last week, when Aon settled an enforcement action with the U.K.'s Financial Services Authority, the real star of the show was . . . risk-based compliance.

The FSA's Final Notice described how both U.K.-based Aon Ltd and its U.S. parent, Aon Corporation, have improved the way they'll deal with intermediaries -- the group apparently responsible for Aon's problems in a number of countries. The Aon companies, the Final Notice said, have "designed and implemented a new global anti-corruption programme that includes a policy limiting the use of third parties. Aon Ltd has also implemented robust risk-based procedures that control and restrict the circumstances in which staff may make payments to Overseas Third Parties, particularly in high risk jurisdictions."

Aon's new compliance policy, according to the Final Notice, generally . . .

. . . prohibits the use of third parties whose only service to Aon is to assist in the obtaining and retaining of business solely through client introductions in countries where the risk of corrupt practices is anything other than low. These jurisdictions are defined by reference to an internationally accepted corruption perceptions index. Any use of third parties not prohibited by the policy must be reviewed and approved in accordance with global anti-corruption protocols. . . . In addition, Aon Ltd has implemented an enhanced comprehensive risk-based training regime for its staff.
How does risk-based compliance work? Guest-blogger Moritz said the concept is simple: certain customers, vendors, and intermediaries represent a higher compliance risk than others. Geography, nexus to government officials, business type, method of payment, dollar volume -- all are risk indicators. And he said the key to any risk-based approach is the strategic use of information technology -- tracking and sorting the critical elements, including risk-ranking, as well as enhanced due diligence and ongoing monitoring of high-risk parties proportionate to their risk profiles.

The benefits of risk-based compliance are clear. In places where risks are very low, compliance burdens can be reduced. Where risks are anything but low, compliance is stepped up one or more notches, to make sure nothing slips through. As we've often said, when there are more red flags around, the proper response is more compliance, not less. And that's what risk-based compliance is all about.
_________

And one more thing . . .

Take a look at Don Lee's amazing story from the January 12th edition of the LA Times about Avery Dennison's FCPA compliance problems in China. Shanghai bureau chief Lee seems to have gotten everyone to talk on the record. This is one of the best articles we've read in the mainstream press or anywhere else about the Foreign Corrupt Practices Act at ground level.
.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.