This document discusses leveraging existing compliance resources to increase efficiency and reduce costs while ensuring legal and regulatory compliance. It addresses benchmarking processes against other organizations, determining when to outsource functions, and leveraging information across departments. Specific issues covered include the intersection of anti-money laundering (AML), sanctions, foreign corrupt practices act (FCPA), and data privacy laws. Controls and oversight of third parties are also discussed, including potential red flags for FCPA violations related to foreign agents, payments, and high-risk countries or industries.

1. Leveraging Existing Resources to Increase Efficiency
and Reduce Costs While Ensuring Compliance
Brian C. Loutrel, Vice President, Chief Privacy Officer, New York Life Insurance Co.
Cari N. Stinebower. Crowell & Moring, LLP
Noreen M. Fierro. Vice President, Corporate Counsel, Prudential Financial

2.  Alphabet Soup
 AML, OFAC & FCPA- Offense of one could be offense of
all
 Leveraging the similarities/acknowledging the
differences
 The value (or not) of Benchmarking
 When structural differences make all the difference
 When to consider “outsourcing”
 Appropriateness of function
 Ability to actively oversee outsourced work
 “Internal” vs. “External” “outsourcing”
2

3.  Leverage, Leverage, Leverage
 How to rely on information from other
departments to streamline your own processes
 International Privacy laws- their impact on
multi-nationals and how they influence
outsourcing decisions
 Specific FCPA Risks for insurers and reinsurers
3

4.  Basic controls may not be sufficient
 Benefits to sharing information/developing
complimentary processes
 Consider this:
 Your company is attempting to expand its insurance business in Mexico
 Many government approvals are required before a license to sell insurance
is granted
 Your company has hired a local law firm to assist in procuring the necessary
approvals - an engagement letter is executed outlining the law firm’s fees
 The Senior Vice President in charge of opening the Mexico operations
approves a payment to the law firm that includes not only billable attorney
time but some “miscellaneous” charges
 Your company wires the fees to the identified bank account in the name of
the law firm 4

5.  You find out after the fact that some of the
“miscellaneous fees” included in the law
firm’s invoice were to cover “payments”
made to local government officials in an
effort to procure the necessary licenses to sell
insurance
 You also determine that one of the local
government officials receiving the payments
is on the SDN for alleged ties to drug
trafficking
5

6. PLACEMENT OF MONEY
FUNDS LAUNDERING
CONCERNS-
Beyond PATRIOT
Payment
LAYERING OF Act applicability
sent to Law FUNDS 18 USC § 1956,
et al
Firm
Payment placed in INTEGRATION
Law Firm’s bank
account
Funds distributed from Law
firm’s bank account to
government official for
deposit or use elsewhere,
integrating them into the
financial system
6

7. Where were
the
controls?
7

8.  Law Department
 Terms of law firm engagement
▪ Backup documentation for expenses
 Lawyer review of invoice
 Identification of red flags
 Internal Approval Processes
 Are managers being trained to ask the right questions before approving invoices?
 More than monetary approval authority
 Accounts Payable
 Necessary documentary backup
 Copy of law firm engagement or access to ask questions regarding appropriateness
of fees
 General AML/OFAC/FCPA Compliance program may not have
identified these issues
 Payment to law firm not likely to hit AML surveillance reports
 OFAC issue not transparent
 FCPA issue not immediately transparent
8

9.  Generalities can sometimes be misleading
 Risk assess differences
 Resource differences
 Operational differences
 Jurisdictional Exposure differences
 Speak to people who are in charge of process
 Do not rely on information learned through basic
business channels
 When it really can be helpful
 Learning from others experiences
9

10.  Confirm executive support
 Critical for success of process and your ability to
insure appropriate oversight
 Consider current processes
 Are there functions that naturally lend themselves
to outsourcing?
▪ OFAC screening
▪ Initial CIP vetting
 Internal vs. External- Does “outsourcing” have
to automatically imply hiring an unrelated
third party?
10

11.  Build business case
 Conduct cost-benefit analysis
 Proper utilization of current resources
 Outsourcing does not have to mean
“downsizing”
 Consider regulatory risk/expectations
 FINRA 3190 requirements
 Value of Benchmarking- Leverage lessons
learned from colleagues
11

12.  Look for redundancies
 Review processes
▪ Are there multiple touch points reviewing the same data?
▪ Could one touch point review the data for multiple purposes?
 Sometimes less is more
 Insure consistency in approach
 Integrity of data/consistent view of issue or vendor
 Maintaining active oversight
 Third party vs. other internal departments or divisions
12

13.  Acknowledge the difference
 Purposes are usually very distinct
 Consider what those differences are and/or look
for overlap with general compliance controls
 If overlap is identified, consider ways to redirect
control or audit resources to enhance overall
control/testing environment
 Look to develop a complimentary overall
program
 Context is key
13

14.  Considerations when outsourcing
 Location of data storage
 Cross-border sharing of information
 Local law implications/limitations
 Security of Data
 Encryption
 Vendor commitment
 Inside/outside firewall solutions
14

15.  Review the basic elements of each program
 Policy/Procedures
 Risk Assessments
 Frequency/focus
▪ FCPA/OFAC/AML risk profiles while similar are not always
equally weighted
 Macro level and micro level
▪ Business Unit process
▪ Hiring – employees, vendors
▪ Use of third parties
▪ Role of third parties
▪ Payment/Approval processes
 FOLLOW THE MONEY
15

16.  Current Screening
Processes(OFAC/PEP/Sanctioned
Countries/Sanctioned Governments)
 What information is screened?
▪ Customer/Vendor/Accounts Payable
 Do you get enough information to adequately screen?
▪ Screening for those owned or controlled by the above
 Compliance Testing
 Training
 Avoid the siloed approach
 Audit Function/Periodic Review
16

17.  Foreign Agents: Must perform thorough background checks
and examine qualifications; be cautious of an agent’s efforts to use
front companies to make improper payments
 Guarantees: An agent’s refusal to sign a contract confirming
that no improper payments were or will be made should prompt
close scrutiny
 Middlemen: Be wary of any situation where multiple
middlemen seem to be performing the same task
 Government Relationships: Carefully examine agents who
have held government positions or have an ongoing
relationship with a government official. Employing an agent
solely because of his/her connection to the government risks
running afoul of the FCPA
 Third Parties: The payment of an agent’s fees to a foreign
bank account or to an entity other than the agent is a
warning sign of possible FCPA problems
17

18.  High Risk Country: Take extra care in countries where the
standard costs of doing business are perceived to include bribes,
pay-offs, and “gifts” to officials
 Business: Certain industries present historically higher risks of
FCPA violations; note, however, that the DOJ and SEC have
increasingly targeted a variety of industries
 Commissions: Unreasonably high commissions increase the
probability that money will be diverted to pay government
officials
 Cash Payments: One of the most obvious FCPA warning signs is
the transfer of large amounts of cash
 Bonuses, Reimbursements, and other Payments: Large bonus
payments or reimbursements for unusually high entertainment,
advertising, or other administrative expenses may be used as a
device to mask illegal payments
18

19.  Payroll Fraud: The presence on a company’s payroll of
persons who are relatives or associates of foreign
government officials raises serious FCPA compliance
concerns
 Secrecy: Be wary of any situation in which a potential agent
seems reluctant to fully explain the nature of the proposed
activity or to provide clear answers to routine questions
 Research: Publicly reported cases of bribery and public
corruption should prompt careful review of the company’s
operations in that country
 Competitor Violations: If the company learns of competitor
violations, it should conduct a careful investigation of its
operations; in a difficult competitive environment,
employees may learn of a competitor’s tactics and be
tempted to follow suit
19