Evaluating Bribery & Corruption Risk, Planning for Regulatory Intensity in Investment Management, SEC Settlements on Private-Equity Texting Violations

In the ever-evolving financial landscape, staying ahead of regulatory requirements is more crucial than ever for firms across various sectors. This newsletter navigates three pivotal areas where firms must sharpen their focus to navigate the complexities of compliance and risk management effectively.

Firstly, the importance of Evaluating Bribery and Corruption Risk cannot be overstated. As regulatory scrutiny intensifies, organizations must adopt a structured and tech-enabled approach to third-party due diligence. Effective management of high-risk third parties is critical to mitigating bribery and corruption risks, ensuring regulatory compliance, and safeguarding reputational integrity.

Secondly, the investment management sector is experiencing a surge in Regulatory Intensity. With the SEC's packed rule-making agenda and expanded capacity, firms must prioritize developing a dynamic regulatory readiness posture. Establishing cross-functional teams and fostering effective communication will be key to maintaining compliance and achieving strategic business goals amidst an active regulatory environment.

Lastly, the SEC's Enforcement Actions on Texting Violations spotlight the importance of robust communication compliance programs. Major private-equity firms like Blackstone, TPG, and Carlyle are negotiating settlements over improper use of communication channels. This underscores the necessity for firms to preserve and monitor employees' written communications diligently to avoid significant fines and enforcement actions.

By addressing these critical areas, firms can better navigate the complex regulatory landscape, ensuring robust compliance and risk management practices that support sustainable growth and operational integrity.

Third-Party Due Diligence: 3 Steps to Evaluate Bribery, Corruption Risk

A heightened regulatory focus coupled with increased virtual assessments will likely drive organizations to take a more structured, tech-enabled approach to managing high-risk third parties.

The Importance of Third-Party Engagement

Nearly every organization today engages with third parties, sometimes numbering in the thousands. Each third-party relationship can pose significant risks, including potential bribery and corruption issues, which can lead to severe regulatory and reputational consequences.

Understanding Regulatory Concerns

Regulators are increasingly concerned about not only bribery of government officials but also commercial bribery, kickbacks, and conflicts of interest. Bribery and corruption issues often arise across various functions, such as procurement, supply chain, R&D, marketing, and government tenders, leading to regulatory challenges and enforcement actions.

The Role of Technology in Third-Party Due Diligence

This discussion on third-party due diligence (TPDD) highlights the first of a two-part series, with the second part focusing on the enhanced role technology plays in TPDD/TPRM (Third-Party Risk Management) programs. Regulatory bodies globally expect organizations to comply with laws and engage in ethical business practices, especially in managing third-party relationships. This is particularly crucial in industries like pharmaceuticals and medical devices, where patient safety risks can damage organizational reputation and trust.

In March 2023, the U.S. Department of Justice (DOJ) updated its guidance on evaluating corporate compliance programs, emphasizing a holistic, risk-based approach to third-party lifecycle management. This shift to virtual assessments, heightened during the pandemic, necessitates reliance on electronic data provided by third parties, underlining the importance of effective checks and balances.

Steps to Effective Third-Party Due Diligence

1. Identifying and Categorizing Third Parties

The initial step in managing third-party risk is identifying all third parties and categorizing them based on perceived risk. This involves capturing a comprehensive list of third parties and then categorizing them by the type of service, the nature of the relationship, and the geographies they serve.

2. Determining High-Risk Categories

Next, organizations need to identify and define specific risk characteristics or activities of third parties, such as whether a distributor sells products to government customers. This involves input from various functions within the organization, including procurement, internal audit, legal, and accounts payable, to ensure a thorough risk assessment.

3. Documenting the Risk Ranking Approach

A well-documented risk ranking approach is crucial for auditability and defensibility. This documentation helps ensure continuity in the TPDD program and provides a rationale that regulators can understand and evaluate. Leaders should assign risk scores across multiple characteristics to derive an overall risk tier for each third party.

Implementing ABAC/TPDD Procedures

While approaches to an ABAC/TPDD (anti-bribery/anticorruption) program may vary, common procedures include subjecting third parties to different levels of scrutiny depending on their risk tiers. For instance, using advanced technologies like AI and machine learning, leaders can use external data to quickly assess risks associated with third parties. Lower-risk groups may undergo basic checks, such as corporate registration information and adverse media identification, while higher-risk tiers may require more in-depth procedures, such as identifying shareholders and conducting public records searches.

Future Enhancements

Documenting ABAC/TPDD procedures within a broader ABAC program provides a foundation for future enhancements. Organizations with mature programs are increasingly investing in technologies to enhance their risk categorization and due diligence processes. Automation of basic screening activities for lower-risk third parties helps reduce effort and costs, allowing teams to focus on more targeted audits for higher-risk third parties.

Tech-enabled risk scoring, due diligence workflow, monitoring, and reporting enable continuous improvements through feedback loops, ensuring the program remains relevant and effective over time. Leveraging diverse internal and external data sources enhances the quality of risk tiering, supporting better decision-making

https://deloitte.wsj.com/riskandcompliance/third-party-due-diligence-3-steps-to-evaluate-bribery-corruption-risk-083b35b0

Investment Management: Planning and Prioritizing for Increased Regulatory Intensity

Developing a dynamic regulatory readiness posture within their organizations can help compliance and other leaders respond more effectively to changing regulatory requirements.

Rising Regulatory Intensity

The SEC’s packed rule-making agenda and expanded capacity signal an increase in regulatory intensity for U.S. investment management firms. The SEC plans to boost its budget and headcount to finalize up to 21 new rules, which will introduce fresh industry requirements.

Over the past year, new proposals have emerged, covering additional fund disclosures and reporting requirements (the “names rule”), generative AI technologies, and oversight of outsourced functions. This regulatory uptick will keep investment management leaders occupied, affecting compliance programs, governance practices, and investor disclosures throughout 2024.

The Importance of Communication and Agility

In this regulatory environment, communication and agility are crucial to ensure compliance and avoid penalties. Investment management leaders should reexamine cross-functional collaboration procedures to eliminate gaps and maximize efficiencies. A dynamic regulatory readiness posture can enhance collaboration and flexibility, enabling firms to respond effectively to changing requirements.

Establishing a Cross-Functional Team

A formal action plan can bolster compliance and mitigate enforcement risks. Standardizing compliance programs across the firm enhances capabilities to monitor new rules and identify interlocking impacts. Establishing a Regulatory Assessment and Response Execution (RARE) team with cross-functional members ensures a consistent view of regulatory changes and their effects on the firm.

Benefits of a RARE Team

A RARE team aids in developing a comprehensive interpretation of rule changes, prioritizing them enterprise-wide while considering potential interlocking impacts. Scenario planning and risk assessments help formulate effective responses based on regulatory changes. Centralized evaluation of compliance systems by the RARE team can streamline processes and reduce inefficiencies.

Coordinated Communication and Compliance

Effective coordination and communication throughout the organization help employees understand new rules and incorporate necessary process changes. Leaders who communicate desired compliance outcomes are more likely to achieve business strategy goals and facilitate consistent compliance monitoring across the organization.

Building a Regulatory Readiness Framework

In an evolving regulatory environment, a robust regulatory readiness framework helps leaders manage regulatory risk while developing core businesses. Building and maintaining a collaborative team environment and flexible processes will be instrumental in responding to emerging regulatory demands. Given the constant change in the regulatory landscape, adaptability is key.

Source: 德勤 Center for Financial Services; Deloitte Insights

Contributors: Maria Gattuso, principal, Ryan Moore, partner, both with Deloitte & Touche LLP, and Sean Collins, research manager with Deloitte Center for Financial Services, Deloitte Services LP

https://deloitte.wsj.com/riskandcompliance/investment-management-planning-prioritizing-for-increased-regulatory-intensity-7fdbbd0b

Private-Equity Giants Near Settlements With SEC Over Texting Violations

Some of Wall Street’s biggest private-equity firms, including Blackstone , TPG , and 凯雷投资集团 , are negotiating settlements with the U.S. Securities and Exchange Commission over violations related to employees use of banned communication channels.

Overview of the Situation

Regulatory Requirements: Under SEC rules, financial firms must preserve and monitor employees' written communications to ensure compliance with federal laws. This requirement creates a paper trail for regulators to monitor.

Violations Identified: Firms have violated these rules when employees conducted business over prohibited mobile apps, such as WhatsApp, without retaining or monitoring those messages, particularly when exchanged on personal devices.

Investigation Details

Probes and Cooperation

Blackstone, TPG, and Carlyle Group: These firms disclosed in their latest quarterly filings that they have been cooperating with the SEC's record-keeping investigations.

Timeline: Requests for information related to electronic business communications, including text messages, were received in October 2022.

Status: The firms have begun discussions with the SEC about potential resolutions.

Financial Impact

Accrual for Liabilities

Blackstone: Disclosed in its quarterly report that it has set aside an estimated liability related to this matter.

TPG: Recorded a contingent liability for the period ending March 31.

Carlyle: Mentioned the SEC’s investigation into its business communication retention practices but noted no assurance of a settlement.

Broader Regulatory Context

Industry-Wide Enforcement

SEC's Actions: Since December 2021, the SEC has charged 60 firms and imposed over $1.7 billion in fines for failing to maintain and preserve electronic communications.

Other Firms: KKR and Apollo Global Management, Inc. have also disclosed ongoing SEC probes into their record-keeping practices.

Regulatory Crackdown

The SEC’s enforcement has expanded from big banks and broker-dealers to other financial firms, including credit-rating firms. In February, fines were imposed on another round of brokerages for similar violations.

Policy Changes: Harsh fines have led to changes in policies and procedures at many firms.

Comments and Statements

SEC Spokesperson: Declined to comment on the existence or nonexistence of a possible investigation.

Firms' Spokespeople: Representatives from Blackstone, Carlyle, TPG, KKR, and Apollo declined to comment beyond the filings.

The settlements with the SEC highlight the increasing regulatory scrutiny and the importance of robust compliance programs for financial firms. As regulatory enforcement intensifies, firms must ensure that their communication practices adhere to regulatory requirements to avoid significant fines and enforcement actions

https://www.wsj.com/articles/private-equity-giants-near-settlements-with-sec-over-texting-violations-ad16a083?st=y44w1fpdu13fowt&reflink=article_whatsapp_share

Conclusion

Together, these areas emphasize the need for comprehensive and adaptive compliance strategies to safeguard against regulatory risks, ensuring sustainable growth and operational integrity in an ever-changing financial environment.

Sources: The Wall Street Journal, Deloitte Center for Financial Services

#RegulatoryCompliance #InvestmentManagement #BriberyRisk #CorruptionPrevention #SECRegulations #FinancialServices #TechInCompliance #PrivateEquity #RiskManagement #CorporateGovernance #BusinessEthics

??--------------------------------------------------------------------

Should you find value in my BOARDS Newsletters series, I invite you to:

?? "Connect" and “Follow” me on Linkedin

?? Hit the “Like” icon on my editions

?? "Subscribe" to my Newsletter Policy Board a category of BOARDS Interconnected Insights

?? For our collective learning, leave your valuable “Comments” below

?? Hit the “Bell” icon on my Profile to get notified of my Newsletters

?

?