One of my favorite clients, World Compliance, publishes an occasional email newsletter.
World Compliance (http://www.worldcompliance.com/en/default.aspx) claims it "helps mitigate risk by providing an information advantage through access to the world’s largest, most comprehensive anti-corruption database. "
World Compliance solutions are used to identify individuals and companies linked to over fifty different risk categories, such as:
- Politically Exposed Persons (PEP)
- Foreign Officials
- Terrorist funding
- Money laundering
- Drug trafficking
- Collateral crimes
- Arms trafficking
- Beneficial owners
- Human trafficking
In order to provide global protection, World Compliance offers services that conform to over 100 local anti-terrorism and money-laundering laws; including, but not limited to the following legislation:
- USA Patriot Act
- Financial Action Task Force (FATF)
- Bank Secrecy Act (BSA)
- Foreign Corrupt Practices Act (FCPA)
- 3rd EU Money Laundering Directive
So much for the commercial.
One of the articles in the most recent e-newsletter is about pharma giant Eli Lilly. Having been born in Indianapolis, I go back a long way with the company.
What got my attention?
It seems that, according to the U.S. Securities and Exchange Commission (SEC), Lilly executives apparently got a little too casual in checking out the organizations with which it was dealing in Russia. Specifically, the SEC contends:, "
The Eli Lilly subsidiary in Russia paid millions of dollars to third parties using offshore “marketing agreements”, although they had little knowledge about the third parties beyond their offshore address and bank account information. These third parties were selected by government customers or distributors and rarely provided any services. In some instances, these entities were used to funnel bribes to government officials in order to obtain business for the subsidiary. In one case, approximately $2 million was paid to an offshore entity owned by a government official. In another case, approximately $5.2 million was paid to an offshore entity closely associated with an important member of the Russian parliament.
"The SEC alleged that Lilly accepted paperwork at face value without proper assessment of the terms and circumstances of transactions that suggested the possibility of foreign bribery It further cited the company for its failure to perform any specialized review of offshore and government-affiliated entities in an attempt to detect possible FCPA violations. The SEC charged that—despite the company’s recognition that the questionable marketing agreements were being used to “create sales potential” in possible violation of the FCPA—Lilly allowed the situation to continue unabated for more than five years by not curtailing the subsidiary’s use of those agreements."
Emphasis in the above two paraagraphs mine.
Lilly's Russian adventure is not the only issue that caused the $29 million plus penalty. It also was taken to task for:
- A Lilly subsidiary in China provided incentives in order to obtain business by falsification of employee expense reports. Some of the incentives included spa treatments, jewelry, and other improper gifts as well as cash payments to government-employed physicians
- The Lilly subsidiary in Poland facilitated influence on behalf of its business in a creative way. In exchange for an official placing Lilly drugs on the government reimbursement list, the Lilly subsidiary made eight improper payments totaling $39,000 to a small charitable foundation founded and administered by the head of one of the regional government health authorities.
- Lilly’s Brazilian subsidiary allowed one of its pharmaceutical distributors to pay bribes to a government health official to obtain $1.2 million in sales of a Lilly drug product for its use in state institutions
To be fair, "Lilly has not admitted or denied the allegations, but has consented to entry of a final judgment that permanently enjoins the company from violating the anti-bribery, books and records, and internal controls provisions of the FCPA."
And, still trying to be fair to Lilly, all the SEC complaints were against subsidiaries, not the parent in Indianapolis.
THE POINT in all the foregoing is simple: If you are a risk manager you need to help your client - internal or external - understand that (a) it needs to realize that for the organization, the legal "buck stops here" and (b) that it needs not only to fully vet its business partners, but to make certain the business partners remain within the applicable laws - and those laws are more than "just" US acts.
Management can claim it didn't know, but such claims fall on regulators' deaf ears; it goes back to the old saw: "Ignorance is no excuse."
Risk managers rarely, too rarely, are invited into the executive suite, and far too often, management doesn't want to hear that the organization is open to threats beyond the environment and maybe a work action. Pandemic threats are "sexy" so lots of attention is given useless pandemic-specific plans (that typically are ignored after the annual threat goes by the way).
I consider World Compliance e-newsletters to be on a par with AdvisenFPN's daily blast; both remind me of threats I might overlook were it not for the occasional "refresher." While I really don't care that
- A Former Russian Defense Minister Subpoenaed
- A Fugitive Judge Arrested in Chile
- or that "Resistencia Gallega" Members Charged with Terrorism
On the other hand, Allianz SE's risk manager should be concerned that the organization is charged with Foreign Corrupt Practices Act (FCPA) violations.
Any organization that thinks having a typical business continuity plan is enough doesn't take risk management seriously.
Threats to the organization come from all points; even "trusted" partners that may, if given enough leeway, prove to be less than truly trustworthy.
If I wrote it, you may quote it.