I’ve discussed the risks of creating “compliance silos” for processes requiring regulations by focusing on single compliance programs instead of leveraging a total risk-based compliance solution. A comprehensive solution for corporations should encompass a broad range of your industry's federal regulations and compliance requirements.
Consider, then, establishing a standard for new customer or supplier relationships by combining your regulatory screening and compliance systems for the following:
- Anti-Money Laundering (AML)
- Know Your Customer (KYC)
- Foreign Corrupt Practices Act (FCPA)
- UK Bribery Act Regulations
- Office of Foreign Asset Control (OFAC)
Compliance program overview
- Anti-Money Laundering (AML) - According to the International Monetary Fund (IMF), money laundering requires a primary, profit-making crime. These crimes include corruption, drug trafficking, market manipulation, fraud, and tax evasion. There must also be the intent to conceal the criminal activity by laundering the money.
- Know Your Customer (KYC) - According to the Harvard Law School Forum on Corporate Governance and Financial Regulation, the U.S.’s Financial Crimes Enforcement Network (FinCEN’s) Know Your Customer (KYC) requirements were proposed in 2014 as part of a broader regulation setting the requirements of a customer due diligence (CDD) program. These process and documentation requirements align with the Patriot Act to help financial institutions avoid accidental terrorist financing by gaining more visibility into their customers' identities and their business relationships. The purpose of KYC regulations is verifying the identity of customers to ensure the parties you are doing business with are operating in a compliant and lawful manner.
- Foreign Corruption Practices Act (FCPA) - The Foreign Corrupt Practices Act (FCPA) is a United States Federal Law that was enacted in 1977. The law was two main provisions. The first provision requires accounting transparency and record-keeping procedures as stated under the Securities Exchange Act of 1934. The FPCA is enforced by both the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC).
- UK Bribery Act Regulations - This is one of the most severe international legislations on bribery for companies and individuals and outlines four types of offenses:
- Two general offenses covering the offering promising or giving of an advantage, and requesting, agreeing to receive, or accepting of an advantage;
- A discrete offense of bribery of a foreign public official; and
- A new offense of failure by a commercial organization to prevent a bribe being paid to obtain or retain business or a business advantage.
- Office of Foreign Asset Control (OFAC) - OFAC provides resources to enable companies and organizations to protect themselves from doing business with such enemies of the United States to be used for compliance screening and due diligence purposes.
Combining your KYC controls with other programs
Below are five business compliance programs along with the process and master file impacts. Additionally, a sample of internal control tests that can be conducted in a combined program has been included.
This approach reflects the benefits that can be gained by taking a complete risk management approach to your company’s compliance requirements.
||Master File Impact
|Anti-money Laundering (AML)
||AR, AP, T&E, and Payroll
|Know Your Customer (KYC)
|Foreign Corrupt Practices Act (FCPA)
|UK Bribery Act Regulations
|Office of Foreign Asset Control (OFAC)
||AR, AP, T&E, and Payroll
Sample Internal Control Tests
- Ensure all customer transactions can be traced back to a contract.
- Ensure all supplier transactions can be traced back to the proper documents—a contract or a PO.
- Screen all “off cycle” and manual T&E, AP, and payroll disbursements.
- Ensure that all policies are followed for Customer, Supplier, and Employee master file set-up.
- Ensure that all procedures and due diligence requirements are followed.
- Review large international financial transactions and associated information for all wire transfers.
- Review Delegation of Authority (DoA) and Segregation of Duties (SoD) Controls.
- Compare Employee and Supplier Master Data Files on a quarterly basis.
- Review Politically Exposed Persons (PEP) files.
- Review transactions that may contain “slang” terminology for bribery payments.