With all due respect to Howard Sklar, the godfather of compliance convergence, the most obvious case for compliance convergence is leveraging anti-money laundering and anti-corruption compliance. Most members of the financial services industry already have an AML program, which is likely to be reasonably rigorous.
Let's start with some obvious overlaps.
Risk Assessment: A company’s AML risk assessment approach a company already has in place can easily incorporate FCPA issues to create a broader risk profile, including additional areas of inquiry for a due diligence questionnaire, interviews of key operations personnel in regions or significant countries of operations, and analysis of data.
Training: Companies with AML compliance programs have an AML training program for employees and officers (usually based on risk). The training infrastructure and record-keeping requirements can easily be expanded to include anti-corruption training for employees and senior management.
Compliance Officer: Companies have a designated AML compliance officer, as required by the USA Patriot Act, and this same person or perhaps a separate individual could be appointed to lead anti-corruption compliance programs. Even if a separate person is appointed, the compliance officers are likely to serve together and should be able to find efficient overlaps where efforts can be coordinated.
Corporate Governance: The core compliance functions in an anti-corruption compliance program, including policies, procedures and investigation, have significant overlap with AML, and governance and internal reporting and review issues should be handled in a similar way.
Financial Investigations Units (FIUs): Financial services companies usually have a FIU or equivalent office to: investigate alerts and report suspicious activity under the AML regulations, as well as a transaction monitoring system to identify transactions for possible alerts. The FIU can be expanded in several ways to address anti-corruption issues:
-- Anti-corruption flags can be implemented for existing alerts;
-- Transaction monitoring systems can be modified to add new data and new scenarios of concern – Anti-corruption issues can be identified from traditional sources such as accounts payable and general ledger entries, and gifts, meals and entertainment expenses can be added to this monitoring system since they are a significant bribery risk;
-- Politically Exposed Persons who are already identified as part of an AML program will be identified as government officials under anti-corruption compliance programs. This process can be expanded to include vendors, agents and third party intermediaries, especially those PEPs that are linked to specific vendors, agents and third party intermediaries.
Internal Audits: Both AML and anti-corruption compliance programs need to be tested and audited. Existing internal auditors can be trained to examine anti-corruption issues, or develop new procedures to ensure adequate auditing and monitoring. Conducting an independent audit of both programs is important.
Of course, there are many substantive areas where anti-corruption compliance requires different polices than an AML program, such as gift and entertainment policies, specific books and records requirements, a code of ethics requirement, an employee hotline, disciplinary procedures and other specific measures. AML programs may have more or less overlap with these specific areas. Similarly, the nature of risk assessments and other aspects of an anti-corruption program is different than AML counterparts. However, an AML program may be an effective starting point to leverage existing compliance resources to initiate an anti-corruption compliance program.