Published on February 18, 2014
Why small business needs a basic Compliance Framework Prepare for Compliance Due Diligence © b2b-compliance.com 2013 1
Your benefits from this presentation Understand the Compliance Due Diligence procedures that are applied by more and more multinational companies for selecting their Business Partners (agents, consultants, intermediaries etc.) Understand the implications for small businesses who are subject to background checks and screening procedures © b2b-compliance.com 2013 2
Why Compliance Due Diligence? • • • Multinational companies are under increased pressure to demonstrate adequate procedures for the proper selection, management and monitoring of their Business Partners. Failure to do so can result in civil and criminal liability (e.g. under the United Kingdom Bribery Act of 2010) and can lead to severe reputational damages. Implemented measures must be proportionate to the risk environment a company faces. The higher the risks related to an industry, country or go-to-market strategy are, the stricter must be the Due Diligence procedures applied. © b2b-compliance.com 2013 3
What does Due Diligence in the context of the Business Partner selection process exactly mean? 1. 2. 3. 4. To apply a questionnaire procedure to obtain relevant stakeholder and company information directly from the source. To let the Business Partner certify that he will comply with all legal requirements and desired business conduct standards. To conduct a background check and screen of company stakeholders and legal entities against most relevant international sanction-, PEP and terror-lists. To be able to recognize and analyze “Red Flags”. © b2b-compliance.com 2013 4
The Compliance questionnaire is crucial … 1. 2. 3. to obtain all relevant master data from a potential Business Partner. According to our experience it is extremely difficult to get reliable information from service providers when it comes to smaller entities and certain regions/countries. to document that you have clearly communicated the rules and expectations on compliant business conduct to your potential Partner. A web-based questionnaire is a great instrument to let the Business Partner certify that he will meet all legal requirements in the course of the services he intends to render for you. © b2b-compliance.com 2013 5
What is a Compliance questionnaire and what should it be used for? • • • A Compliance questionnaire must be used for critical Business Partners before a contractual obligation is made. Critical Business Partners are “associated parties” under the definition of the UK Bribery Act, section 7. In general, these parties are able to influence the decisions of third parties in the interest of the principal (e.g. sales intermediaries). The questionnaire must be designed to (1) obtain all relevant master data on the company and its stakeholders, (2) detect typical Red Flags (indicators for potential Compliance violations), (3) instruct the Business Partner on the expectations in terms of compliant business conduct and (4) obtain a compliance certification. © b2b-compliance.com 2013 6
Example: Business Partner Questionnaire content Key data 1. Legal name of company 2. Address of legal registration 3. Invoicing address 4. Foundation date 5. Name(s) of legal representative(s) 6. Name(s) of shareholder(s) 7. VAT / company registration number 8. IBAN used for bank transactions with principal 9. References 10. …. © b2b-compliance.com 2013 7
Example: Business Partner Questionnaire content Compliance questions 1. 2. 3. 4. 5. 6. 7. 8. Stakeholders: PEP / public official involvement Acceptance of principal’s code of conduct and/or other principles Does Business Partner provide regular Compliance trainings? Does Business Partner have a Code of Conduct and/or an Anti-BriberyPolicy? Does Business Partner have a whistleblowing procedure? Does any stakeholder have a conflict of interest when being engaged for principal’s business? Will core services be outsourced to third parties? … © b2b-compliance.com 2013 8
Data evaluation 1. The completed questionnaire must be checked by knowledgeable staff who is able to recognize and analyze “Red Flags”. • Example for a “Red Flag”: Country of company registration, territory of service and country of bank account do not match 2. Additional information from the internal Business Manager who is in charge for the Business Partner selection should be obtained. 3. Additional background checks (via internet, open source or service providers) and a sanction list screening must be conducted. 4. The system should automatically calculate a risk score based on the information provided. © b2b-compliance.com 2013 9
Implementation best practice • • Compliance questionnaires have become a wide spread tool to assess compliance and ethics of potential Business Partners To implement an effective procedure (that goes beyond windowdressing) organizations should consider the following watch-outs: • • • • Effective implementation begins with the right questions, based on a riskassessment (e.g. you need other questions, if you have no FCPA exposure etc.) Effective implementation needs proper system support: do not even consider managing the volume of information via Excel (!) by sending files back and forth Effective implementation requires training. Employees involved in the process must be able to recognize red flags among the information provided Effective implementation requires skills and resources to scrutinize and manage critical cases once red flags have been identified (exception and approval flows) © b2b-compliance.com 2013 10
Implications for small businesses • • • • Be prepared to answer Compliance questionnaires from multinational companies Multinational companies will not engage into business with partners showing “Red Flags” (e.g. matches in watch lists, public officials as stakeholders, in- transparent company structures, trustees as legal representatives etc. ) The best way to pass Compliance checks is your reputation and a history of compliant and ethical business conduct Make sure, you have implemented - at least – a basic Compliance framework (Code of Conduct and other policies, Compliance Training to employees etc.) © b2b-compliance.com 2013 11
Thank you B2b-compliance.com is the web resource center for Compliance training material and Compliance policies © b2b-compliance.com 2013
A compliance framework is a structured set of guidelines ... Regulatory compliance needs; ... to tje organization and the business processes and internal ...
Risk management guide for small business 3 Foreword 4 Purpose 5 Why is ... Risk management guide for small business ... needs and meet compliance ...
Regulatory compliance describes the goal that ... 2001 have highlighted the need for stronger compliance and ... Small Business Administration re ...
legal and regulatory compliance; ... Compliance does not need to be complex, ... Design of a tailored organisational compliance framework;
legal compliance framework, ... defined in the new internal audit charter and presented to the ... business leaders would now need to embed
Business of IT Understanding Regulatory Compliance. ... A Revised Framework is also called ... manner that can adjust to business needs. ...
Why does an organization need internal controls? ... How does the COSO small business guidance help small ... Internal Control over Financial Reporting ...
Managing Risks: A New Framework. ... Companies need corporate codes of business conduct that ... When Infosys’s business was based on numerous small ...
Business Advice to SMEs: Professional Competence, Trust and Ethics Robert Blackburn Kingston University Peter Carey Monash University George A. Tanewski