31 Days to More Effective Compliance Programs – Day 14 – Risk Assessments | Thomas Fox

Risk assessments in the context of anti-corruption programs cannot be said enough. Indeed, every corporate compliance program should be based on a risk assessment to understand your organization’s activities from a business perspective, how your organization has identified, assessed and defined its risk profile and, and the degree to which the program devotes careful consideration and resources to this range of risks. Yet, the 2020 update added new emphasis that risk assessments should not be done at least once a year, but in fact should be done whenever your risk changes. Over the past two years, every company’s risks have shifted from working from home to returning to the office to hybrid work environments. Have you assessed each of these new risk paradigms from a compliance perspective?

There are several ways to slice and dice your basic request. As with almost all FCPA compliance, your protocol should be well thought out. If you use one, several or all of the above as the basic questions for your risk analysis, this should be acceptable for your starting point.

Three takeaways:

1. Since at least 1999, the DOJ has viewed risk assessment as the beginning of an effective compliance program.

2. The DOJ will now review your risk assessment methodology to identify risks and gather evidence.

3. You should base your compliance program on your risk assessment. See less –