EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
How EY can help
-
Our Investigations & Compliance team can help your business outcome. Find out how.
Read more
Global financial services organizations are required to have a dedicated compliance function. This includes a focus on financial crimes, anti-money laundering (AML), sanctions compliance procedures, and anti-bribery and corruption (ABC). ABC programs at many financial services firms have not reached the same level of sophistication as most AML and sanctions programs. ABC compliance requires the consideration of more complex organization-specific nuances when designing a program. Often, controls are more difficult to embed within the organization and violations are harder to identify. As a result, the implementation of ABC programs has the potential to lack rigor, awareness, consistency of monitoring and investigation, and overall governance when compared to other compliance functions which focus on AML and financial crime.
Key risks and considerations for financial services firms
1. Avoiding a “paper program”
ABC programs tend to be siloed, understaffed, and rely on operational areas which may not fully appreciate or operate ABC controls. This heightens the risk of a “paper program,” which will fall short of regulatory scrutiny.
2. Nuanced third-party risk management
The financial services industry presents heightened risk driven by third-party relationships, investments, acquisitions, etc. Acquirers and investors inherit risks that are often underestimated. Broker-dealers, banks, asset managers and private equity firms need to address ABC risk as early as possible and monitor going forward.
3. A tailored approach
There is no “one-size-fits-all” approach to ABC compliance. A well-designed compliance program considers an organization’s specific bribery and corruption risks and is adaptable as risks evolve. Periodic risk assessments and subsequent actions are an integral part of an effective compliance program.
4. Continuous monitoring
Without adequate monitoring and testing, an institution has no insight on the effectiveness of its compliance efforts. Testing of controls allows for the identification of noncompliance and potentially bad actors, including employees and third parties.
5. Timely response
Upon identification of violations of the FCPA or other regulations, it is imperative that organizations have a process to mitigate the risks of noncompliance to the entity. A robust and timely response plan is critical for subsequent dealings with regulators. Self-reporting may result in regulators bringing reduced charges, lighter sanctions, or using mitigating language in documents used to announce and resolve enforcement actions.