Quarterly compliance roundup: Q2 2023

Josh Black

Where in the world should you focus your compliance efforts? For many businesses with limited international operations, the answer appears relatively simple — focus on where you do business.

Yet for global businesses trying to follow a risk-based approach, keeping track of the latest global developments can be a challenge. International sanctions have evolved rapidly since the beginning of the war in Ukraine, and are themselves trying to keep pace with changing politics and complex criminal organizations.

Diligent data highlights some of those challenges first-hand.

Evolving risks

The focus of due diligence requests through Diligent’s Third-Party Risk Management integrated compliance platform are relatively consistent year-over-year.

In 2023 thus far, the top five geographies for due diligence requests were China, the U.S., India, Mexico and Brazil. Four of the five map to the most frequently named countries in historic enforcement actions under the Foreign Corrupt Practices Act (FCPA), according to the FCPA Clearinghouse, a research project at Stanford University. Those include China with 72 instances of alleged misconduct, Brazil with 33, Mexico with 25 and India with 23. Not included are Nigeria, with 24 instances, or Indonesia with 22.

In 2022, the list was almost identical, with the Russian Federation displacing Mexico. Its departure from the top five list may be explained by so many companies exiting their operations in Russia due to the war.

Of course, FCPA enforcement actions may be a lagging indicator due to the length of time taken to complete these investigations. Just five enforcement actions were undertaken in the second quarter of 2023, with the pace on course for the lowest average sanctions since 2016, according to FCPA Clearinghouse. But 25 investigations are ongoing.

Ukraine sanctions net widens

But recent sanctions activity is a reminder that the implications of the war are decidedly global. According to Diligent’s watchlist and sanctions data, two countries in Russia’s orbit were at the center of many new sanctions records created in the second quarter of 2023. In Moldova, the U.S. and other allied countries have moved to target Russia-backed actors trying to destabilize the current government. And Poland added over 400 names to its sanctions records, many targeting Belarusian individuals.

Finally, another portion of the 8,820 new records added in the past three months were contributed by South Africa’s authorities catching up with a United Nations list of problematic persons.

Even the international news surrounding Russia’s Wagner Group, a mercenary army led by Yevgeny Prigozhin, served to distract from developments in sanctions activity. The group itself has been sanctioned since 2017, but U.S. officials warned that it may be “attempting to obscure its efforts to acquire military equipment for use in Ukraine, including by working through Mali and other countries where it has a foothold.” Ivan Aleksandrovich Maslov, Wagner’s primary administrator in Mali, was added to the U.S. sanctions list at the end of May.

An artificial intelligence compliance program?

The launch of ChatGPT-4 in March and the subsequent bandwagoning of artificial intelligence may have some compliance officers wondering whether they should invest in artificial intelligence (AI) powered solutions.

Ellen Hunt, a principal at consulting firm Spark Compliance, points out that AI itself is not new and is already being used in various ways. But new technologies have a habit of inviting regulatory scrutiny.

In March, the Department of Justice (DOJ) introduced new guidance on what prosecutors should look for in a company’s policies surrounding the use of third-party messaging apps and personal electronic devices. And last month, the Federal Trade Commission (FTC) subpoenaed ChatGPT’s owner, OpenAI, requesting information on ChatGPT’s access to personal information and its ability to “hallucinate” false or defamatory statements, as well as OpenAI’s policies, procedures and steps taken to mitigate risks.

Organizations utilizing AI should therefore take a cautious approach to automation, thinking through the potential implications and being prepared to react to signs of problems. “From a governance and compliance perspective, corporations should have clear and understandable policies about how, when, and why this technology will be used,” Hunt told Diligent.

A June white paper from Diligent, Thinking Beyond Automation, warns that, “While artificial intelligence has proved extremely useful at accelerating routine scans through massive quantities of data, it is ultimately one of many tools that your company must deploy when navigating third-party risk. When faced with the abundance of risk inherent to third-party engagements, real human insights and expertise should always be the failsafe and the guiding compass towards the most effective and valuable way forward.”

Such failsafes can include testing automated systems for potential failures, regular risk re-assessments and field investigations.

Learn how Diligent’s Third-Party Risk Management solutions can help your organization stay aligned with the DOJ’s Compliance Program Guidance and other emerging regulations, and consider requesting a Due Diligence report to safeguard your organization against specific risks.

Related Insights
josh black
Josh Black

Josh Black is a Vice President at Diligent and the Editor-in-Chief of Insightia, a Diligent financial news and data company focused on shareholder activism, proxy voting, compensation and corporate governance. Josh is a frequent speaker at industry conferences and an expert for the media. His weekly newsletter on developments in shareholder activism, as well as Insightia’s monthly magazine and frequent special reports, are among the most widely read analyses of what is happening in the investment world.