GRC00718

ACCELUS FOR ANTI-CORRUPTION

THOMSON REUTERS ACCELUS™

3

EXECUTIVE SUMMARYTo effectively demonstrate compliance, a comprehensive anti-corruption solution brings together areas such as legislation, regulation, policy, code of conduct, 3rd party screening, training, enhanced due diligence and internal audit into one connected program.

There is increased exposure to corruption risk where manufacturing is decentralized, supply chains cross borders instead of streets, and consumers are supplied with finished products through agents, shops or e-commerce websites.

Corruption risk also remains prevalent for domestic businesses. While these may typically appear in lower risk categories, they are just as exposed to regulatory censure and reputation damage as multinational organizations.

Accelus for Anti-Corruption outlines many of the steps to implement a cyclical monitoring and feedback system that supports compliance with regulators such as OECD1 Anti-Bribery recommendations and transnational laws like the UKBA2 and FCPA3. It offers solutions for the implementation of policies, codes of conduct and procedures. These steps enable a connected approach to compliance, internal control, training, and internal audit aimed at maximizing resource availability and reducing operational cost.

CONNECT, SIMPLIFY, PERFORM

We service customers through a unique combination of content taxonomies and configurable workflow software as part of our unified platform approach. At the same time, products are modular and can be adopted as point solutions to meet specific needs.4 At whichever stage your organization currently finds itself, Accelus for Anti-Corruption will complement your current program to enhance efficiencies and maximize your risk based approach.

QUICK NAVIGATION

1 Organization for Economic Co-operation and Development, http://www.oecd.org/corruption/, Dec 2013.2 UK Bribery Act, http://www.legislation.gov.uk/ukpga/2010/23/contents, Dec 2013.3 Foreign Corrupt Practices Act, http://www.justice.gov/criminal/fraud/fcpa/guide.pdf, Dec 2013.4 Read more about Connect|Simplify|Perform: http://accelus.thomsonreuters.com/sites/default/files/GRC00387.pdf

MANAGING CORRUPTION RISK

DIAGRAM

PAGES 4 – 5

SOLUTION MATRIX

PAGES 16 – 17

PRODUCT DETAILS

PAGE 18 – 19

ANTI-CORRUPTION CHALLENGES

PAGE 13

4

MANAGING CORRUPTION RISKTYPICAL CYCLICAL MONITORING AND FEEDBACK SYSTEM

A robust anti-corruption program helps to establish a culture of integrity and ethical behaviour that pervades the organization to create a platform for improved performance and business growth. Enhanced brand equity contributes to shareholder confidence to bolster positive market sentiments to grow market share, and profits.

5DEVELOPED IN CONJUNCTION WITH

6

PROGRAM STEPS1. ASSESS RISK

IDENTIFICATION

RISK

S

OBJECTIVES

CORRUPTION

The first step is to perform a risk assessment of the nature and extent of your organization’s exposure to potential external and internal risks to bribery and corruption. Best practice implementations have demonstrated that this risk assessment should be comprehensive, periodic, informed and documented.

Included in your risk assessment should be a review of the international and local regulatory risk, third-party risk, past events, completeness of policies and procedures, and an overall enterprise risk assessment. A connected approach utilizing a combination of risk based methodology and evaluating factors is essential for a comprehensive risk assessment.

7

2. DEVELOP THE PROGRAM

The most successful anti-corruption programs embrace a connected methodology designed to protect and enhance business value by fostering a regulatory risk-aware culture, support for informed decision making, and the ability to address the required multiple steps in the compliance business process. A comprehensive and balanced anti-corruption program that will correspond to the risks identified during the assessment process.

Establish policies, procedures and controls in all levels of the business, with owners for each. Obtain board and management endorsement of strategies, short- and long term expectations, and resources, with ongoing communication of this support.

ISSUE(S) ADDRESSED

POLICY MANAGEMENT SOLUTIONS

COMPLIANCE MANAGEMENT SOLUTIONS

RISK MANAGEMENT SOLUTIONS

Recommendations Accelus Policy Manager Accelus Compliance Manager Accelus Risk Manager

8

3. DEFINE AND IMPLEMENT POLICIES

Demonstrable dissemination of policies is fundamental to an anti-corruption culture. This applies not only to the company’s code of conduct, but also to related areas such as gifts and entertainment, facilitation payments, political and charitable donations which can often be a gray area for many.

Policies need to be reviewed and updated periodically to ensure that they adequately address the required regulatory developments and changes to the business environment. Any updates need to be properly communicated to employees and business partners with relevant training provided.

3

POLICY DESIGN

ISSUE(S) ADDRESSED

REGULATORY INTELLIGENCE SOLUTIONS POLICY MANAGEMENT SOLUTIONS

Recommendations Accelus Regulatory Intelligence Accelus Policy Manager

Accelus Compliance Manager

9

ISSUE(S) ADDRESSED

REGULATORY INTELLIGENCE SOLUTIONS POLICY MANAGEMENT SOLUTIONS

Recommendations Accelus Regulatory Intelligence Accelus Policy Manager


4. BUILD AND OPERATE CONTROLS

POLICIES

PROCEDURES

CONTROLS

The discipline of documenting, managing and testing of internal controls provides the effective operating mechanism for managing the effectiveness of your anti-corruption program. The objective of your internal controls processes should be to provide reasonable assurance that your organization’s risks have been managed effectively and that your stated objectives will be achieved efficiently, economically and responsibly.

It has been shown that many organizations struggle with managing internal controls since controls and procedures are managed by individual assurance functions and in disparate systems. Without a standard naming convention or common methodology for determining or classifying risks and controls, your organization will likely struggle with the consistent sharing of information between the assurance functions. The benefits of utilizing a common language for risks and controls include improved reporting throughout your organization, consistent coverage to ensure all risks are considered, and less external oversight and audits because controls are standardized.

ISSUE(S) ADDRESSED

AUDIT SOLUTIONS INTERNAL CONTROLS SOLUTIONS


Recommendations Accelus Audit Manager Accelus Internal Controls Manager

Accelus Conflicts Compliance

10

5. TRAIN AND EDUCATE

SALES/MARKETING

MANUFACTURING

LOGISTICS/DISTRIBUTION/PURCHASING

ACCOUNTING/FINANCE

K EY BU SINES S O PE R ATIO N S / STA K EHO LDE RS

Training should provide employees and third parties with a clear understanding of policies and procedures and their practical application. Effective anti-corruption training should be proportionate and take the form of education and awareness-raising about the threats posed by bribery and corruption. Some organizations now require mandatory anti-corruption training for new employees or agents as part of the new-hire or onboarding process. Tailored training is also typically offered to those employees, agents or suppliers that have specific risks associated with where they conduct business, their role or to the nature of who they do business with. To be effective, training should be continuous and regularly monitored and evaluated.

ISSUE(S) ADDRESSED

TRAINING SOLUTIONS COMPLIANCE SOLUTIONS

Recommendations Accelus eLearning Accelus Compliance Manager

11

ISSUE(S) ADDRESSED

REGULATORY INTELLIGENCE SOLUTIONS


RELATIONSHIP RISK SOLUTIONS

TRAINING SOLUTIONS

AUDIT SOLUTIONS



Rec

omm

enda

tion

s

Accelus Regulatory Intelligence

Accelus Policy Manager


World-Check

Country-Check

Accelus Enhanced Due Diligence

Screening Resolution Service

Accelus Risk Manager


Accelus eLearning

Accelus Audit Manager




6. MONITOR AND EVALUATE

AUDITING/TESTING

ANALYTICS

SCREENING

INVESTIGATIONS

HOTLINEDATA

For your program to succeed at managing corruption risk, it is critical to invest the time and resources for ongoing monitoring and evaluation of business processes, policies, risks, controls and due diligence activities. These on-going monitoring activities fall into the categories of of screening for risk, analyzing and testing of controls, issue tracking, and internal audit.

Track and assess policies and controls for effectiveness and performance, including:

SCREENMonitor internal and external information and compare vendor, partner and customer records against trusted data sources for red flags that indicate issues.

IDENTIFYEstablish hot line and other open channels for reporting and resolution of questions and issues.

INVESTIGATEObtain and assess information about observed or suspected misconduct, using appropriate qualified teams, and considering privilege issues.

ANALYZEEvaluate data to locate concerns and potential problems by applying analytic techniques, tools and reporting capabilities.

AUDITProvide regular internal audit oversight and inspection of the anti-corruption program; test and assess controls to determine if additional or modified action is necessary.

12

7. REVIEW, REALIGN AND REPORT

To implement an effective anti-corruption program, it is critical that a continuous business process improvement approach be implemented. Leading organizations demonstrate that such programs require periodic review, realignment and reporting. For a successful program, your management and assurance teams need to take timely corrective and disciplinary action for violations of the anti-corruption program, continually evaluate the program and adjust it to ensure alignment with changes in risk profile, and keep the board informed of program outcomes and needs through regular reporting.

ISSUE(S) ADDRESSED



RELATIONSHIP RISK SOLUTIONS

AUDIT SOLUTIONS



Recommendations Accelus Regulatory Intelligence

Accelus Policy Manager



World-Check

Country-Check

Accelus Enhanced Due Diligence

Screening Resolution Service




Compliance Management Solutions


13

ANTI-CORRUPTION CHALLENGESTo effectively demonstrate compliance, an intelligent anti-corruption solution brings together areas such as legislation, regulation, policy, code of conduct, screening, training, enhanced due diligence and internal audit into one connected program.

UNDERSTANDING INTERNATIONAL BRIBERY RISKGuided by the FCPA and UKBA, many countries are revising their anti-corruption regulations to ensure alignment to the OECD Anti-Bribery Convention. Under these tightening regimes, regional enforcement actions are also increasing.

Organizations need to stay informed and implement an evolving anti-corruption program that is cost effective and demonstrates compliance. As evidenced in the graph below, both the volume and value of FCPA-related Deferred Payment Agreements (DPAs) and Non-Prosecution Agreements (NPAs) approved by the US Department of Justice (DOJ) have increased since 2000, as a means to resolve allegations of corporate wrongdoing.

$10.0

$9.0

$8.0

$7.0

$6.0

$5.0

$4.0

$3.0

$2.0

$1.0

$0.0

45

40

35

30

25

20

15

10

5

02000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013

12

37

31

39

21

19

39

24

8

6

22

3

$0l9

$0.3

$0.8

$3.6

$5.9

$2.1

$0.3

$5.3

$4.7

$3.1

$9.0

$1.2

DOJ Corporate DPAs and NPAs, and Total Monetary Recoveries Related to DPAs and NPAs 2000 – 2013.6 (* through June 30). [Graphs combined by author] Source: Gibson, Dunn & Crutcher

6 2013 Mid-Year Update on Corporate Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs), July2013.http://www.gibsond-unn.com/publications/pages/2013-Mid-Year-Update-Corporate-Deferred-Prosecution-Agreements-and-Non-Prosecution-Agreements.aspx )

14

A CONNECTED APPROACHEffective anti-corruption programs typically have a connected methodology designed to cover all requirements. This approach fosters a common language for policy, risk and control, ongoing monitoring of regulatory change, clear process ownership and informed decision making. It also recognizes the parallel and linked activities in the compliance process.

In the event of alleged wrongdoing, regulatory enforcers will generally seek to establish whether the act was:

• the result of a rogue employee,

• a business partner acting contrary to the organization’s clear commitment to ethical conduct, or

• whether the organization had failed to maintain a comprehensive anti-corruption regime.

It is important to have a compliance strategy that is comprehensive, straightforward and clearly communicated.

A RISK BASED METHODOLOGYA risk based anti-corruption program focuses resources on those activities and relationships that pose greatest risk to the organization.

Policies and procedures, internal controls, ethics and compliance training programs, are then based on the size, nature and complexity of the organization as well as any specific corruption risks faced or past events.

Assessing corruption risk includes external factors such as:

• geographical exposure;

• interaction with government officials;

• reliance on agents;

• structure of any agency payments, and

• complexity of global supply chains.

A best practice policypolicy provides internal structures, procedures and reporting that help to reduce risk and demonstrate effective compliance, such as:

• employee training, skills and knowledge;

• guidance on gifts, hospitality, promotional expenditure and political or charitable contributions;

• sound financial controls; and

• a clear anti-bribery message from the top.

Often the scope of the program will extend beyond corruption risk to include related ethics and reputational issues such as the environmental and employment practices of suppliers and agents.

Risk factors change as the organization reorganizes, as regulations change and as new information becomes available. Risk assessments should be objective, well documented, quantified and consistently reapplied.

Activities such as monitoring of third parties can require significant resources to perform properly.

15

EVALUATING FACTORSRisk in business relationships may be evaluated against a number of factors, including:

• Annual spending risk – a relatively high spend can indicate heightened risk

• Location based risk – operations based in certain locations carry significantly higher risk than others

• Operational risk – some business partners and their operations may be more mission critical than others

• Nature of Relationship – corruption risk based on the type of third party relationship involved

• Business sector risk – certain business sectors are seen as more prone to corruption

• Payment risk – vendors who require payment for goods or services in advance, and are unwilling to enter standard, normal payment terms, may be graded as high risk

If the assessment reveals risk then often it is necessary to undertake in-depth due diligence research on all medium and high risk matches, as well as a screen of all low risk matches against a specialized risk intelligence database to check for fraud, trafficking, money laundering, terrorism, financial crime and sanctions or regulatory enforcement issues.

High Risk

> 1 million

Medium Risk

100-999K

Low Risk

0-99K

No

Higher Risk

Yes

Lower Risk

Location Risk Rank Score:

High Risk

<5

High Risk

5 – 7

Low Risk

>7

High Risk

Medium Risk

Low Risk

High Risk

Premium EDD Report

Medium Risk

Standard EDD Report

Low Risk

Risk Screening

RESCREEN

Assess

Annual spending U.S.$

Goods/services received before payment is made

Location of vendor Business sector Risk rating

Assess Report & ScreenScreen

SAMPLE RISK EVALUATION USING A RISK BASED APPROACH

16

ACCELUS SOLUTIONS



3RD PARTY RISK SOLUTIONS

TRAINING SOLUTIONS

AUDIT SOLUTIONS



Proactive Insight into Regulatory Change

Dynamically Links Policies to Regulatory Change

Reveals Risk in Business Relationships

Cost-Effective and Comprehensive Executive Training

End-to-end Life Cycle management of the Entire Audit Process

Assess, Monitor, and Manage Risks Organization-wide

Connects governance, risk and compliance to drive organizational performance

AN

TI-C

OR

RU

PTI

ON

PR

OG

RA

M

Develop the program Accelus Compliance Manager



Define & Implement Policies


Accelus Policy ManagerAccelus Compliance Manager

Build & Operate Controls Accelus Audit Manager

Accelus Conflcits Compliance

Train & Educate Accelus eLearning Accelus Audit Manager


Monitor & Evaluate Accelus Regulatory Intelligence

Accelus Policy ManagerAccelus Compliance ManagerAccelus Conflcts Compliance

World-CheckCountry-CheckAccelus Enhanced Due DiligenceScreening Resolution ServiceAccelus Conflicts Compliance



Accelus Compliance ManagerAccelus Conflicts Compliance

Review, Align & Report Accelus Regulatory Intelligence

Accelus Policy ManagerAccelus Conflicts Compliance

World-CheckCountry-CheckAccelus Enhanced Due DiligenceScreening Resolution Service

Accelus eLearning Accelus Audit Manager



17

ACCELUS SOLUTIONS



3RD PARTY RISK SOLUTIONS

TRAINING SOLUTIONS

AUDIT SOLUTIONS



Proactive Insight into Regulatory Change

Dynamically Links Policies to Regulatory Change

Reveals Risk in Business Relationships

Cost-Effective and Comprehensive Executive Training

End-to-end Life Cycle management of the Entire Audit Process

Assess, Monitor, and Manage Risks Organization-wide

Connects governance, risk and compliance to drive organizational performance

AN

TI-C

OR

RU

PTI

ON

PR

OG

RA

M

Develop the program Accelus Compliance Manager



Define & Implement Policies


Accelus Policy ManagerAccelus Compliance Manager

Build & Operate Controls Accelus Audit Manager

Accelus Conflcits Compliance

Train & Educate Accelus eLearning Accelus Audit Manager


Monitor & Evaluate Accelus Regulatory Intelligence

Accelus Policy ManagerAccelus Compliance ManagerAccelus Conflcts Compliance

World-CheckCountry-CheckAccelus Enhanced Due DiligenceScreening Resolution ServiceAccelus Conflicts Compliance




Review, Align & Report Accelus Regulatory Intelligence

Accelus Policy ManagerAccelus Conflicts Compliance

World-CheckCountry-CheckAccelus Enhanced Due DiligenceScreening Resolution Service

Accelus eLearning Accelus Audit Manager



18

PRODUCT DETAILSACCELUS REGULATORY INTELLIGENCEA single source for regulatory news, analysis, rules and developments, this solution provides global coverage of more than 400 regulators and exchanges, and allows for hundreds of regulatory developments to be tracked with meaningful expert-level interpretation. This means that less time is spent searching for, and stitching together, disparate information and more time is available for managing risk and adding value to the business.

ACCELUS ENHANCED DUE DILIGENCEAccelus Enhanced Due Diligence Reports are a cost-effective method of obtaining detailed background checks on any entity or individual, no matter where they are located. Business conduct and reputation history can be analyzed and a thorough search made for unseen liabilities. Business intelligence is gathered from regulators, industry observers, suppliers, competitors, distributors, and customers both current and former. Every Accelus Enhanced Due Diligence Report includes screening for risk using World-Check Risk Intelligence.

WORLD-CHECK RISK INTELLIGENCEWorld-Check reveals the risk hiding in business relationships and human networks. The result is highly structured intelligence profiles of heightened risk individuals and entities globally. With 240+ countries and territories covered in 60+ languages, 200+ research analysts in all global regions, specialist research to include terrorism, organized crime, Middle East, we are able to satisfy demands for KYC, AML, CFT, and PEP due diligence.

We monitor over 400 sanction, watch and regulatory enforcement lists and hundreds of thousands of information sources, often identifying high-risk entities months or years before they are listed. In 2012 alone we identified more than 180 entities before they appeared on the US Treasury Office of Foreign Assets Control (OFAC) list, and currently exceed terrorist coverage on the leading sanctions by more than 60,000 records.

Screening using World-Check Risk Intelligence helps to minimize the cost of compliance. Highly structured data and advanced features ensure a high level of accuracy and a low level of false positives, saving time and money.

COUNTRY-CHECKCompliance teams can define their risk based approach more efficiently with the availability of detailed country risk intelligence, while doing routine customer due diligence tasks using World-Check Online.

Develop an accurate view of your location-based risk to prove AML and Anti-corruption due diligence to your regulator.

ACCELUS AUDIT MANAGERAccelus Audit Manager increases the efficiency and productivity of the entire audit process including risk assessment, planning, scheduling, preparation, review, report generation, global issue tracking and administration. Developed with international auditing best practices in mind, Accelus Audit Manager supports repeatable, accurate, and consistent audit processes within its diverse, international customer base.

19

ACCELUS CONFLICTS COMPLIANCEAccelus Conflicts Compliance ensures organizations are in compliance with key global anti-bribery and corruption rules. The solution tracks employee disclosures and approvals around conflicts of interest, outside business interests, gifts and entertainment, political donations, and more. To ensure compliance requirements are being adhered to, the solution enforces the firm’s policies around gifts and entertainment activities. Organizations can efficiently manage their political contributions and pay-to-play monitoring program, and review employee trading against restricted lists, insider trading rules and other conflicts.

ACCELUS RISK MANAGERAccelus Risk Manager enables organizations to assess, monitor and manage bribery and corruption risk as part of their risk appetite objectives. Risk and compliance teams compliance teams can perform bribery and corruption assessments internally and externally; monitor key risk indicators; track issues across business units and create action plans to mitigate risk. Risk and compliance executives can analyze this connected risk intelligence, and then communicate successes and challenges around managing bribery and corruption risk clearly and effectively across the organization.

ACCELUS COMPLIANCE MANAGERAccelus Compliance Manager enables executives to easily and effectively manage the impact of compliance risk on their organization. Clients can track regulatory change, assign action plans, and manage associated policies and controls. The solution’s connected approach brings a new perspective on the impact of the regulatory environment on business strategy decisions.

ACCELUS POLICY MANAGERThomson Reuters Accelus provides an end-to-end solution for your policy management needs, from automated tracking of the regulatory changes that matter to your organization to the evidencing of policy reading and acceptance. In today’s dynamic operating environment, organizations need a connected approach to capturing potential changes to internal policies and a simplified method of implementing those changes. Accelus Policy Manager delivers this in one easy-to-use solution, which can save you time and money and significantly reduce your compliance risk.

ACCELUS ELEARNINGOur eLearning courses ensure that your employees have the right information to make compliant decisions and protect your business from risk. We offer practical, interactive, customizable and cost-effective training courses in the areas of anti-bribery and corruption, which change behavior and help to support a culture of integrity and compliance.

Our courses are deployed using Accelus Learning Manager (ALM), our flexible and easy-to-use learning management system. This web-based solution optimizes the management, tracking and reporting of your compliance and risk training, and provides a full audit trail to demonstrate compliance.

ACCELUS SCREENING RESOLUTION SERVICEAn outsourced KYC screening service for your organization. Thomson Reuters can do the screening and hit remediation on your behalf, highlighting positive and possible matches for heightened risk individuals and entities. We are able to serve your organization’s client on-boarding procedures, screen records against World-Risk Intelligence and Country-Check, perform Enhanced Due Diligence (EDD) background checks on selected matches, ensure quality assurance processes are in place check-points at each step to lower your overall costs of operation whereby you are able to demonstrate a complete audit trail to regulators.

Visit accelus.thomsonreuters.com

For more information,contact your representative

or visit us online.

The Thomson Reuters Governance, Risk & Compliance (GRC) business delivers a comprehensive set of solutions designed to empower audit, risk and compliance professionals, business leaders, and the Boards they serve to reliably achieve business objectives, address uncertainty, and act with integrity.

Thomson Reuters Accelus connects business transactions, strategy and operations to the ever-changing regulatory environment, enabling firms to manage business risk. A comprehensive platform supported by a range of applications and trusted regulatory and risk intelligence data, Accelus brings together market-leading solutions for governance, risk and compliance management, global regulatory intelligence, financial crime, anti-bribery and corruption, enhanced due diligence, training and e-learning, and board of director and disclosure services.

Thomson Reuters has been named as a category leader in the Chartis RiskTech Quadrant™ For Operational Risk Management Systems, category leader in the Chartis RiskTech Quadrant™ for Enterprise Governance, Risk and Compliance Systems and has been positioned by Gartner, Inc. in its Leaders Quadrant of the “Enterprise Governance, Risk and Compliance Platforms Magic Quadrant.” Thomson Reuters was also named as Operational Risk Software Provider of the Year Award in the Operational Risk and Regulation Awards 2013.

THOMSON REUTERS ACCELUS™

© 2014 Thomson Reuters GRC00718/2-14

GRC00718

Documents

Transcript of GRC00718