Categories
31 Days to More Effective Compliance Programs

Internal controls in international locations


Next, I want to consider some of the issues around internal controls outside the U.S. and why your company’s internal controls might require changes for different countries across the globe. However, this provides an opportunity to further operationalize your compliance program through internal controls more narrowly tailored to mirror your business practices. Every CCO should consider entity-wide internal controls for a company. Under the FCPA accounting provisions, issuers can be held liable for the conduct of their foreign subsidiaries, even though the improper conduct occurred outside of the U.S. The scope of liability is based on the issuer’s incorporation of the subsidiary’s financial statements in its own records and SEC filings. So, as with the use of third-party distributors to sell product, FCPA enforcement looks past the structure of the transaction and makes enforcement decisions based upon the substance.
While a CCO should expect (or at least hope) that internal controls at locations outside the U.S. are of the same effectiveness as internal controls within U.S. business units and at the U.S. corporate office; unfortunately, that might not always be the case. It is often the case that corporate level internal controls are stronger than those in foreign business units. There may well be several reasons for this. First, the CFO may be paying closer attention to the corporate level internal controls, with the idea that the corporate level internal controls are the final “filter” to detect issues. This follows partly from the focus in most companies on the controls over financial reporting, which does not include all controls needed for compliance. A second reason is that many companies were built through acquisitions, resulting in many business units (both in and outside the U.S.) having completely different accounting, ERP and internal control systems than the corporate office. There is often a tendency to leave acquired companies in the state in which they were acquired, rather than trying to integrate their controls and conform them to those of current business units. After all, the reason for the acquisition was the profitability of the acquired company and nobody wants to be accused of negatively impacting profitability.
Three key takeaways:

  1. Modifying your internal controls can work to more fully operationalize your compliance program.
  2. Check the effectiveness of your internal controls for your international locations.
  3. Revisit your internal controls when a country or region experience large growth or other disruption.
Categories
Innovation in Compliance

In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future – Part 5: GRC Then and Now


Welcome to this special podcast series, In Conversation with K2 Intelligence FIN Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week I have visited with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over this week, we have reviewed the current Governance, Risk, and Compliance (GRC) landscape, looked at GRC at work, considered GRC and the investment community, reviewed GRC and K2 Intelligence FIN and today, in Part 5, we conclude with a look at GRC then and now.
I found most interestingly that Jeremy Kroll believes one of the key mainstays of GRC is something that many compliance professionals are only now coming to realize, which is that proactive compliance is more effective and more cost effective than reactive compliance. With the addition of technology, it is possible to do things not only more quickly and more efficiently but in a much more cost-effective manner. Jeremy Kroll noted, “What we’re seeing is the velocity of data available, the increasingly important role of technology, coupled with a multi-disciplined approach within organizations to create governance, frameworks, risk management techniques and abilities, and compliance programs that are even more essential now.”
Moving forward, compliance and ethics as well as GRC professionals, who are living and breathing the mission every day, are more fully operationalized down to the front lines. It is these risk management professionals who will be the ones first identifying the risk and risk management strategy. As Jeremy Kroll noted, “This will help you to flatten the curve and that risk particularly to your reputation or your business. I would say, come on over the water’s warm here, we’re growing very quickly. And I think as a proof point, the investment community is showing up every day at our doorstep. And they’re also thankfully investing in a lot of other businesses in our field and technology, RegTech, CompliTech, also professional services and advisory.”
We ended by agreeing that GRC is going to be one of the most exciting areas, including the outsourcing of compliance, which also includes training and education. Here Jeremy Kroll said, “we are taking people who are already in their forties, fifties, or even sixties, and we’re retraining them. And so, pivoting and making a career change and growing in this field, this is a growth field and we want that wisdom. We want that judgment. We want that business or life experience. And you can couple that with young employees and technology enablement, and then you can add tremendous value to clients.” It really does not get much better than that.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.