Скачать презентацию Anti-Corruption Compliance Risk Assessment Adopting a Systematic Approach Скачать презентацию Anti-Corruption Compliance Risk Assessment Adopting a Systematic Approach

53b1db40792902df1e7727902ad6f3dd.ppt

  • Количество слайдов: 22

Anti-Corruption Compliance Risk Assessment: Adopting a Systematic Approach Risk, Ethics and Compliance Forum – Anti-Corruption Compliance Risk Assessment: Adopting a Systematic Approach Risk, Ethics and Compliance Forum – Thomson Reuters Legal Executive Institute November 2, 2016 Javier E. Robles, SVP, Anti-Corruption

2 2

Standards and Policies Finding safety Process Remediation Guidance for federal prosecutors in developing consistent Standards and Policies Finding safety Process Remediation Guidance for federal prosecutors in developing consistent sentences for those convicted of federal crimes Oversight Effective Compliance Program Disciplinary Action Due Care People Risk Assessmen t and Monitoring NOVEMBER 2, 2016 Communicati on and Training 3

 • “Every piece of your program needs to be tied to the actual • “Every piece of your program needs to be tied to the actual operation of the company. High expectations • We will be asking you questions…about your payment systems, your HR systems, your vendormanagement systems, your audit process, your investigation process, all with a view of looking at how the programs you have designed to remediate conduct have been actually operationalized into the daily life of the corporation… • I have seen systems where you have to go in and get approval for something and then go into a separate system to actually conduct the transaction. When you don’t tie those systems together, it’s very easy to ignore the other system that’s not necessary to make the transaction happen. ” Hui Chen, Compliance Counsel, US Department of Justice Source: http: //www. davispolk. com/sites/default/files/Transcript_Roundtable%20 Discussion%20 with%20 Andrew%20 Weissmann%20 and% 20 Hui%20 Chen. pdf NOVEMBER 2, 2016 ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 4

Crossing the minefield. Launch Compliance Data Mart Leverage Existing Data Monitoring and Testing Program Crossing the minefield. Launch Compliance Data Mart Leverage Existing Data Monitoring and Testing Program DATA Enhance Third Party Risk Monitoring NOVEMBER 2, 2016 Automate Pre. Approval and Disclosure Tool Visualized Regional Reporting Quantitative-Enhanced Compliance Risk Assessment ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 5

Understand the risk universe Rebates and Incentives T&E Travel Agencies Political Donations Sponsorship Assets Understand the risk universe Rebates and Incentives T&E Travel Agencies Political Donations Sponsorship Assets Billing Credits Payroll For each business unit or product line, identify where anything of value leaves the company. Anti. Corruption Universe Jobs and Internships Petty Cash Charitable Contributions NOVEMBER 2, 2016 P-Card Licens Fee Waiver A/R Write Accounts Payable 6

Where to start. • What is the risk? • What controls are in place Where to start. • What is the risk? • What controls are in place to mitigate that risk? • • • How do I test that those controls are working effectively? If a risk event were to manifest itself in a data set, what would it look like, and what analytics can identify it? What can be easily monitored globally? (i. e. Using Existing Data) What has to be monitored through manual testing? Create repository for testing results and workpapers NOVEMBER 2, 2016 ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 7

What can we monitor? Third Parties Employee Metrics Anti-Corruption Due Diligence Completion • Contracts: What can we monitor? Third Parties Employee Metrics Anti-Corruption Due Diligence Completion • Contracts: • Appropriate Anti. Corruption clause • • Appropriate description of services to be performed No Unusual bonuses / commissions / charitable contributions • Attendance at inperson training On-time completion of: – Code of Conduct Certification – ABAC Training – AML Training – Sanctions Training • Rejected conflict of interest disclosures Monitoring a Culture of Compliance Invoices: • Sufficient description of services performed • No unusual taxes or fees NOVEMBER 2, 2016 Appropriateness of controls around petty cash usage • Journal Entry testing • “Know Your Customer” messaging from leadership • Quarterly Culture and Ethics Survey responses regarding tone Note: For Example Purposes Only Completion of online training for third parties • Improper categorization of meals with government officials Quarterly compliance messaging from leadership • • Exceeding policy limits on frequency and dollar thresholds Appropriateness of procedures performed in hiring friends / relatives of business partners Expenses and Sponsorship assets without appropriate preapproval Evidence of accurate Gift & Hospitality Log • Other KPIs • • T&E and Sponsorship Data Other policy violations around • Charitable T&E and Contributions – Sponsorship Assets (i. e. Due diligence, Charitable Sanctions contributions via screening, Board T&E, Sponsorship composition at asset approval timing) organization ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 8

Own your data “Don’t just plan your lunch. Build an all-you-can-eat data buffet and Own your data “Don’t just plan your lunch. Build an all-you-can-eat data buffet and solve for world hunger!” NOVEMBER 2, 2016 ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 9

Systems of Record Service Providers (Fourth Parties ) ARIBA – Third Parties Work. Day Systems of Record Service Providers (Fourth Parties ) ARIBA – Third Parties Work. Day Personnel Information Repository Bureau van Dyke– Third Party Data Repository Global Compliance Ethics and Disclosure Tool Business Ethics Investigations Regional Compliance and Country Ratings Reports Master. Card Data Warehouse (Transactional and Card Data ) Compliance Data Mart Licensed Customers ACL Analytics Exchange– Data Analysis Software Anti- Corruption Monitoring and Testing Non-Licensed Customer Databases(20+) Internal Audit Compliance Performance Dashboards and Reporting State Owned Entity Monitoring and Communication Sanctions Screening and Monitoring and Exports Compliance SAS / TOAD/ SQL Monitoring High Risk Third Party Anti Corruption Due Diligence Da ta Analysis a nd Tra nsformation Too ls Spotlight Sponsorship Assets Salesforce. com Ke y Co mpliance De livera b les and Re por ts Da ta Analysis a nd Tra nsformation Too ls Co mplia nc e Progra m Eleme nts Connect existing data in a compliance data mart. Sec ondar y Source s of D ata Oracle – T&E, P-Card, Accounts Payable Vendor Master GL , , – Source Data AML Monitoring Global Compliance Risk Assessment 10

Vendors Third parties. You Customers Your single biggest risk. Intermediaries and Agents NOVEMBER 2, Vendors Third parties. You Customers Your single biggest risk. Intermediaries and Agents NOVEMBER 2, 2016 ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 11

Business owners are responsible for selecting the types of services that a third party Business owners are responsible for selecting the types of services that a third party will provide under scope of contracts. They don’t always get it right! Risk scoring is a great monitoring solution for Compliance. “Trust, but Verify. ” Third Party Master Data Analytics Software Red Flags – Scoring Model: 1) Category of Work 2) Key Word Search 3) High-Risk Department 4) Location of Work 5) Contract Values Monitoring and Testing Program Third Party Monitoring Program 12

Measure Performance NOVEMBER 2, 2016 ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 13 Measure Performance NOVEMBER 2, 2016 ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 13

Calculating KRIs Compliance Area – Each Country Ends with a Score of 0 – Calculating KRIs Compliance Area – Each Country Ends with a Score of 0 – 100 for Each Category KRI Scores – Each Country Ends with a Score of 0 – 100 for Each KRI General Risk KRI 01 Score Converted 0 - 100 2 Rank BRA 20 100 KEN 15 75 3 Compare USA 10 50 4 Weight KRI 01 40% KRI 02 50% KRI 03 35% 20% AML 10% Sanctions Total Compliance Risk Score – Each Country Ends with a Score of 0 - 100 20% Business Conduct & Ethics Country Subjective Input Anti-Bribery and Corruption Normalize 1 10% 5% 100% 10% NOVEMBER 2, 2016 ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 14

General • Example KRIs Number of Compliance -Related Audit Conditions • Last Time Compliance General • Example KRIs Number of Compliance -Related Audit Conditions • Last Time Compliance Provided Training • Management Turnover • Overall Turnover • Net Revenue (Last 12 Months) • Total Headcount • Number of Customers generating > 20% of Country Revenue NOVEMBER 2, 2016 Anti-Corruption • Transparency. org CPI Score • 2 Year CPI Score Trend • TRACE Bribery Risk Score • Number of Employees in High-Risk Positions • Contingent Workers in High Risk Positions as % of Total Population • Number of Government-Owned Customers • Total Value of Sponsorship Assets Used • Percent of Sponsorship Assets Used for B 2 B Activity • Total T&E In High-Risk Categories (Meals, Gifts, Gov’t Officials, etc. ) • ABAC Training Completed On-Time • Number of High-Risk Suppliers • Total Petty Cash Usage • Revenue from Government-Owned Customers • Number of Active High -Risk Suppliers Without Anti. Corruption Due Diligence Completed • Number of Open Third Party Red Flags • Number of High-Risk Suppliers Terminated After Review of Red Flags • Number of New Deals in Past 12 Months with Government-Owned 15

Example KRIs Business Conduct and Ethics • Number of Reported Events • Number of Example KRIs Business Conduct and Ethics • Number of Reported Events • Number of Anonymous Reports • Number of Substantiated Investigations • Conflict of Interest Disclosures Denied • Code of Conduct Certifications Completed On. Time NOVEMBER 2, 2016 Compliance Subjective Input • Subjective Input from Compliance on Management Tone, Employee Awareness, and Business Environment AML Sanctions • Sanctions Training Completed On. Time • Sanctioned Country? (Y/N) • Number of Third Parties who are not captured in ongoing sanctions monitoring • AML Training Completed On. Time • AML Risk Tier ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 16

Standards and Policies The forest and the trees Process Remediation Oversight Effective Compliance Program Standards and Policies The forest and the trees Process Remediation Oversight Effective Compliance Program Disciplinary Action Due Care People Risk Assessmen t and Monitoring NOVEMBER 2, 2016 Communicati on and Training 17

Visualize Risk ■ ■ ■ Traditional Subjective + Data-Driven KRI = Best of both Visualize Risk ■ ■ ■ Traditional Subjective + Data-Driven KRI = Best of both worlds Use Analytics Software to calculate KRIs Use visualization software to create Compliance Risk heat maps: Both for overall Compliance and individual Compliance programs NOVEMBER 2, 2016 Note: Sample Data Entered For Example Purposes Only 18

Increase Awareness of Risk • NEW COMPANY-WIDE ONLINE ANTI- CORRUPTION TRAINING • CUSTOMIZED FOR Increase Awareness of Risk • NEW COMPANY-WIDE ONLINE ANTI- CORRUPTION TRAINING • CUSTOMIZED FOR MASTERCARD • FEATURING ACTUAL CORRUPTION CASE WITH CRIMINALLY CONVICTED FORMER EXECUTIVE • SHOWCASING ANTI-CORRUPTION TEAM AND POLICIES • HIGHLIGHTING KEY TAKEAWAYS TO HELP EMPLOYEES MITIGATE RISK NOVEMBER 2, 2016 ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 19

Reduce compliance burden • Increased perception of process burden results in avoidance of internal Reduce compliance burden • Increased perception of process burden results in avoidance of internal controls. • Thus, reducing process burden results in better compliance. NOVEMBER 2, 2016 ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 20

§Better guidance- Redesigned Anti. Corruption website to include solution oriented guidance §Better tools - §Better guidance- Redesigned Anti. Corruption website to include solution oriented guidance §Better tools - Implementing automated pre-approval tool for all gifts and hospitality to simplify work-flow and eliminate the need for a separate gift log §Less drag - Designing new onboarding process for third parties with less questions and forms NOVEMBER 2, 2016 ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 21

THANKS Any questions? You can find me at • javier. robles@mastercard. com NOVEMBER 2, THANKS Any questions? You can find me at • javier. robles@mastercard. com NOVEMBER 2, 2016 ANTI-CORRUPTION COMPLIANCE RISK ASSESSMENT: ADOPTING A SYSTEMATIC APPROACH 22