Your browser does not support JavaScript
 
For Compliance Databases, a ‘No Hit’ Isn’t a Green Light
Monday, December 17, 2018

the kreller group

This post originally appeared on FCPABlog.com.


By Chris Weiss and Tracey Kungl    

The recent Cobham Holdings Inc. OFAC settlement highlights a limitation in due diligence software: Cobham’s screening partner ran a name through a database and received no hits.

The name was later found to be a variation of a hit from the OFAC sanctions list, but wasn't picked up due to the limitations of the search parameters. 

While companies who find themselves in this situation look to and hold their screening partner responsible, database and continuous monitoring services should be considered a minimum tool available for a compliance program’s due diligence. Marketed as a “one stop due diligence solution,” these programs are limited by the information available and provided. Misspellings and naming conventions are only two areas of potential complications that can cause countless false positives or as Cobham’s experience has shown, miss the intended party.

Contrary to the Resource Guide to the FCPA (pdf) released six years ago, many companies have adopted the “check the box” approach satisfied by the database and continuous monitoring services. Our experience has been that compliance departments with limited budgets purchase subscriptions to these services, upload a list of names and then wait for the red flags to find them. And who can blame them! What compliance head wouldn’t want to have a robust screening process in place at or under budget?

Unfortunately, regardless of advancements in technology and infrastructure, the human element is still irreplaceable in the due diligence process. In Cobham’s case, the engagement partner should have been subject to additional scrutiny due to location and perceived risk. Additional due diligence would have utilized an analyst with the knowledge of the variations of Russian names translated into English.

Due to expanding sanctions in Russia, additional due diligence regarding ownership would also have been prudent to determine any risk of denied parties being involved in the transactions. Peeling back that ownership onion can be a complex task, and one that requires the skill and knowledge of a licensed investigator. Ultimately, a much deeper dive than the initial screen should have been conducted. Doing so would have greatly increased the chances of finding the connections to sanctioned countries and lowering the risk to the company.  

A robust and exhaustive due diligence program, while ideal for an organization, comes at a cost. Compliance departments require the support (both in budget and tone at the top) that allows them to investigate beyond the constraints of a subscription database. The cost of an effective compliance program with risk-based due diligence is often minor compared to the total cost of the reputational harm, fines and legal fees that stem from violations.



 
 

Blog Categories

  • Hot Topic Report
  • Due Diligence
  • FCPA Compliance
    • 12/17/2018 - For Compliance Databases, a ‘N
    • 10/16/2018 - The Real Cost of FCPA Non-Comp
    • 01/27/2016 - Safe Harbor 2.0 - January 31st
    • 06/18/2015 - DOJ’s Expanding Jurisdiction
    • 05/22/2015 - Global Anti-Corruption and Ant
    • 12/02/2014 - Important DOJ Update on Merger
    • 10/28/2014 - Kreller Risk Assessment Matrix
    • 10/22/2014 - Whistleblower: Compliance Offi
    • 09/30/2014 - Instrumentality Defined for FC
  • Ethical Sourcing
  • Background Investigations
  • Events
  • News
  • Community
 

Contact Us

To get more information on Kreller Group investigative services.
Follow Us on Facebook Follow Us on TwitterFollow Us on LinkedInFollow Us on YouTubeKBlogs
Kreller Group
Copyright © 2019 Kreller Group. All Rights Reserved   |   Privacy Shield Certified