Risk-matrix graphs can give clients a colorful assessment of global risk
Ropes & Gray, a Boston-based business firm, has come up with the idea of turning the dangers businesses face overseas into a risk matrix that shows clients which of their operations are exposed to what kinds of risks by way of a vibrantly colored graph.
"Multinational clients are often asked to respond to regulatory inquiries by DOJ and SEC," says James Dowden, a partner in the firm's government enforcement practice group. "We asked ourselves: How do you fish the entire world ocean with a realistic assessment of risk so you know where to devote compliance resources? So the matrix tool was developed with companies who might have tight compliance resources—it shows them where to home in."
A HEAT MAP OF RISKEmploying an algorithm designed by Ropes & Gray, its Risk Matrix takes into account the perception of corruption in a given country, then looks at what the SEC and DOJ are looking at in FCPA enforcement to develop what Asheesh Goel, co-chair of Ropes & Gray's global anti-corruption and international risk practice, calls a "heat-map basis where your biggest risks are ... so clients can align their compliance resources with developing trends."
Goel says it made sense to condense the risk assessment into a visual because "it's easy to understand. And then we back that up with quantitative data in charts and spreadsheets—that's our experience in private equity about how sophisticated boards and clients are looking at these problems."
Obviously, some countries start out in any analysis as potential trouble spots, but the BRIC countries of Brazil, Russia, India and China also have varying levels of transparency. In Russia, the situation is complicated by the recent sanctions over Ukraine, so the risk can change daily. Upward of three dozen Ropes & Gray clients have employed the Risk Matrix, Goel says. Richard Argent, director of compliance for First Data Corp., a global payment processing firm, says the risk matrix has proved very useful in plotting his firm's antibribery risk assessment.
Argent says the Ropes & Gray analysis not only gave First Data reassurance about the effectiveness of its own risk assessment efforts, but "there were things we identified which we are now incorporating within our training, and we are further enhancing our communications to stress to our employees what they need to do. The visual representation of the risk enabled us to understand better where the risks and business issues associated with them existed."
Each client's risk assessment derives in part from a questionnaire Ropes & Gray administers that covers 10 areas, including investigations; the client's cash reserves in the host country; whether the country has adopted global policies; the company's policies, procedures, training and monitoring; sales and promotional activities; distributors, sales agents and marketing partners; third-party representatives; registrations, permits and licenses; customs/logistics in the country; and contributions and scholarships.
"If [the client] runs into a problem down the road," Goel notes, "the government tries to determine whether there is misconduct, and if so then whose fault it is. So that's where risk assessment and compliance can come in handy, if you can show its not our fault that this happened.
"The converse is if the company had no risk assessment program, then the DOJ can say, 'How can you say you didn't know this was going to happen if you didn't take any measures to prevent it?' "
This article originally appeared in the November 2014 issue of the ABA Journal with this headline: "In the Matrix: Clients get a colorful assessment of global risk."