Below, I talked about control convergence: the idea that you’re doing more than you think you are, and there’s a lot of linking and labeling between controls that needs to be done. And taking that one step further, you should do what you can to eliminate duplicate controls, and should try to adapt your current controls to cover multiple areas.
Well, here’s one example. If you look at the Bureau of Industry and Security site, you see two things that’ll sound interesting.
The BIS deals with Export Administration Regulations, the type of customs and export laws, global trade laws, that require specialized compliance folk. These Global Trade types generally operate in silos. They have their own conferences, their own blogs, etc. I just spoke at one of these conferences, and a bunch of people in the audience didn’t know what the FCPA was. Which is funny, because let’s take a look at the BIS’s list of red flags:
- The customer or its address is similar to one of the parties found on the Commerce Department’s [BIS’s] list of denied persons.
- The customer or purchasing agent is reluctant to offer information about the end-use of the item.
- The product’s capabilities do not fit the buyer’s line of business, such as an order for sophisticated computers for a small bakery.
- The item ordered is incompatible with the technical level of the country to which it is being shipped, such as semiconductor manufacturing equipment being shipped to a country that has no electronics industry.
- The customer is willing to pay cash for a very expensive item when the terms of sale would normally call for financing.
- The customer has little or no business background.
- The customer is unfamiliar with the product’s performance characteristics but still wants the product.
- Routine installation, training, or maintenance services are declined by the customer.
- Delivery dates are vague, or deliveries are planned for out of the way destinations.
- A freight forwarding firm is listed as the product’s final destination.
- The shipping route is abnormal for the product and destination.
- Packaging is inconsistent with the stated method of shipment or destination.
- When questioned, the buyer is evasive and especially unclear about whether the purchased product is for domestic use, for export, or for reexport.
Wow, that sounds familiar.
Now let’s take a look at the BIS’s list of Know Your Customer standards:
- Decide whether there are red flags
- If there are red flags, you have a duty to exercise due diligence to inquire regarding the suspicious circumstances and ensure appropriate end-use, end-user, or ultimate country of destination. You have to “go behind” the customer’s representations
- Do not self-blind. “Do not put on blinders that prevent the learning of relevant information.” You can rely upon representations from your customer, and repeat them in the documents you file unless “red flags” oblige you to take verification steps. Knowledge possessed by an employee can be imputed to a firm. This makes it important for firms to establish clear policies and effective compliance procedures to ensure that such knowledge about transactions can be evaluated by responsible senior officials
- Reevaluate all the information after the inquiry. If the “red flags” cannot be explained, you run the risk of having had “knowledge” that would make your action a violation of the regulations
- Refrain from the transaction, disclose the information to the BIS and wait.
How is it possible that compliance officers responsible for BIS regulations don’t know about FCPA controls?
As always, it’s a question of communication and making sure that compliance officers talk to each other, and what I call “cross-pollinate.” These people all need to know what each other are doing.