Effective risk management means transforming corporate cultures in such a way that your business anticipates dangerous situations, rather than merely reacts to them. Read on to learn about the most crucial categories of risk management.
1. Anti-Corruption and Bribery
Why: This was a banner year for enforcement of the Foreign Corrupt Practices Act (FCPA). In the U.S., fines and settlements related to FCPA rose from $87 million in 2007 to $1.2 billion in 2010. The U.K. Bribery Act, which takes effect in April 2011, is the toughest enforcement standard thus far. Who's Most at Risk: Companies doing business in the developing world. How to Minimize the Risk: Businesses need to root their corporate cultures in values instead of attempting to govern compliance with rules. Rules create loopholes and limits on behavior, whereas a culture rooted in shared values inspires people—instead of coercing or motivating them—to act responsibly.
Conflicts of Interest
Why: The financial crisis has precipitated an expanding focus on conflicts of interest in general. The U.K. Financial Services Agency is continuing to look at bribery and corruption, targeting relationships between brokers and third parties. Who's Most at Risk: The insurance brokerage sector, particularly in Britain. How to Minimize the Risk: Businesses need to recognize that the public and government have an expanding definition of what constitutes a conflict.
Why: U.S. merger guidelines have been revised for the first time in 15 years, and resale price maintenance—a practice that guides the prices distributors can charge for manufacturers' products—is receiving renewed attention as well. Changes are also coming in standards of proof for whether defendants entered into fixed-price agreements, and we may see a more aggressive stance against monopolization. Who's Most at Risk: Sports leagues, when they enter into agreements with retailers, are an area of interest in antitrust law that could have implications on joint ventures—some sports leagues were previously covered by the Sherman Act, but that may no longer be the case. How to Minimize the Risk: Organizations need to be attentive to current and forthcoming decisions and guidelines related to mergers, agreements regarding monopolization and fixed prices, joint ventures, and the setting of resale prices.
4. Export Control
Why: In the U.S., substantial reform is afoot in this area, with the goal of creating a single list of agencies that regulate controlled items, services, and technology; licensing and enforcement; and electronic portals for export licensing issues. These transactions were previously regulated by three different agencies. Who's Most at Risk: All exporters. How to Minimize the Risk: Exporters should keep abreast of the proposed reforms by routinely reviewing the Federal Register, or the trade press, or both, as the proposed reforms will almost certainly lead to significant changes.
Why: President Obama issued a memorandum stressing that contracts not be awarded to contractors delinquent in payment of taxes—and directing agencies to expand the use of "payment recapture audits." The government is expected to step up guidance pertaining to when work must be reserved for performance by government employees rather than by private-sector employees. Who's Most at Risk: All government contractors. How to Minimize the Risk: Contractors need to get their tax payments current, as contracting officials will no longer be lenient about delinquencies.
6. Privacy and Data Protection
Why: Increased U.S. efforts to integrate modern information technology into health-care treatment and payment systems is focusing more attention on this issue. Also, the Federal Trade Commission is looking at Internet advertising and behavioral targeting. And cloud computing is raising global concerns related to security, location of data, national jurisdictions, and availability of evidentiary privileges. Who's Most at Risk: Virtually all organizations. Every business is now global, and data are becoming increasingly mobile. How to Minimize the Risk: By recognizing that their information is an inherent aspect of their wealth, companies can invest with greater confidence in the governance evolution that properly funds and values information security, information management, and the emergence of automated management controls.
7. Records and Information Management/Electronic Discovery
Why: Records and information management is maturing into a dynamic, measured business process. Regulatory demands for accessible, available operating business records are shifting from the archives toward real-time processes that can create and deliver digital business records on demand. Standardization of records and information management process is accelerating. Who's Most at Risk: Any company for whom time is money. How to Minimize the Risk: Companies that invest in improved information management can fully justify those investments by improved speed, and improved reliability, in finding information. The solution requires an integration of law, IT, records management, and corporate audit/compliance.