Companies with strict internal controls, even when operating within a highly regulated industry, are not immune to dramatic and costly compliance or risk management failures. All too often, despite having the foundations of a successful compliance program in place, companies experience dramatic failures resulting in criminal penalties, civil fines, job losses, congressional hearings, and mass destruction of shareholder value. This is an unfortunate reality that is underscored by the recurrence of catastrophes that come in the form of a ‘black swan.’
Evidencing the broad reach of these failures, the passage of the Sarbanes-Oxley Act of 2002 (SOX) was a direct response to a series of compliance-related events that drastically decreased the public’s confidence in securities markets. SOX requires publicly traded companies to establish and maintain an adequate internal control structure and procedure and to assess their effectiveness for financial reporting.
Unfortunately, companies sometimes fail to realize that these blocks are only a starting point and that not all solutions come in the form of a specific prescription.
In cases when risk management and compliance fail, many similarities exist. These similarities can be found in failures ranging from AIG’s accounting scandal and subsequent liquidity crisis, to the compliance issues that gained public notoriety in 2016, such as GlaxoSmithKline’s (GSK) violations of the Foreign Corrupt Practices Act and the highly publicized revelations at Wells Fargo. There are four key lessons to be learned through these disasters which, if implemented, will ensure that risk management and compliance frameworks are better equipped to avoid or minimize damage, while preventing a black swan type event.
To read the full article, “Four Tips for Ensuring That Compliance and Risk Management Programs Work Effectively” please click on the image below to download a PDF.
Diaz Reus Partner Richard N. Wiedis, in the firm’s Washington, D.C. office, can be reached at +1 202-684-2334 or firstname.lastname@example.org.