ABA Bank Compliance - July/August 2014

of compliance failures will be devastating, exposing companies to significant criminal and civil penalties in addition to the profound reputational risk of being publicly pegged as a “human trafficker.” As a result of increased attention to the human trafficking issue and the enactment of the above-described regulations, companies face increased expectations to take proactive measures to prevent human trafficking activity in their supply chains. The question becomes, how is it best to execute these new requirements? We suggest that the compliance wheels do not need to be re-invented. Rather, compliance disciplines developed in the AML and ABC contexts overlap significantly with those required to measure and mitigate human trafficking risk, including risk assessment processes and on-boarding due diligence measures. The challenge for many companies will be to re-focus existing compliance mechanisms, not to create wholly new compliance processes.

Many firms today are exploiting the structural and operational similarities inherent in the construction of effective AML and ABC programs. For example, despite the fact that they are designed to protect against different substantive risks, AML and ABC programs share the same basic structural components, namely: 1. Internal program oversight;

2. Policies and procedures to prevent and detect human trafficking, including risk assessments, monitoring protocols, and confidential reporting mechanisms;

3. A training program; and

4. Independent testing and review.

A human trafficking compliance program will require the same basic structure, which mirrors the requirements of the FAR “compliance plan.” As described below, operational efficiencies can be achieved by bundling together AML, ABC, and human trafficking compliance structures within the same program.

Risk Assessment

To design and implement an effective compliance program in the AML and ABC spaces, it is routine to execute a formal, documented, regularly updated risk assessment. It is only logical to do the same with respect to human trafficking compliance. Indeed, given the overlap inherent to assessments of AML, ABC, and human trafficking risk, all three types of assessments could be conducted simultaneously, leveraging the same compliance resources and processes.

For example, a well-constructed ABC risk assessment might measure the extent to which a company uses third parties to conduct business on its behalf globally, and identify the controls in place to mitigate the resultant ABC risk. Common controls include contractual representations and warranties, training, and documented due diligence. Similar controls are required to govern human trafficking risk in supply chains. Accordingly, slight alterations and additions to an existing risk assessment template may help a company assess multiple risks through one compliance exercise. 13

Due Diligence

Both AML and ABC compliance programs are concerned with due diligence: how much, how often, and on what types of customer, agent, and counterparty. Adequate and effective due diligence can help companies identify and respond to third-party risks.

This is essential because regulators are singularly unimpressed by the “head-in-the-sand” defense, such as, “how was I supposed to know the client/vendor/third-party/finder was engaged in human trafficking?” Under the new regulations, companies are required to conduct pre- and post-engagement due diligence and relationship monitoring to determine their exposure to human trafficking risk. A company that invests compliance resources to mitigate third party corruption risk in the AML and ABC space may be able to leverage those resources to execute appropriate supply chain due diligence and identify human trafficking risk.

Adequate due diligence in the human trafficking space could be modeled after the ABC risk-based approach spelled out in the November 2012 FCPA Resource Guide.15 As described in the FCPA guidance, standard due diligence requires an understanding of a third party’s corporate structure, business reputation, involvement in high risk industries or sectors, and the business rationale for the engagement, including whether the cost of the contract reflects market and industry practice.

Depending on the third party’s initial risk level, enhanced AML, ABC, and human trafficking due diligence may include obtaining certifications of the third party’s compliance with applicable laws, conducting a site visit, and reviewing the third-party’s policies and procedures, including an ethics or other code of conduct, and other documents demonstrating a commitment to ethical and lawful business.

Additional human trafficking red flags include:

■ ■ ■ Whether the third party agrees to complete work in an unreasonably short period of time;

■ ■ ■ The rates are below market;

■ ■ ■ The third party intends to outsource some or all of the work;

■ ■ ■ The labor hired to perform the work will be obtained through agencies, labor brokers, or require the paying of recruitment fees;

■ ■ ■ Workplace practices impede worker freedom (e.g. passport retention) or poor living conditions;

■ ■ ■ There is an overall lack of transparency party’s workforce conditions and recruitment;

■ ■ ■ And there are unexplained fees and costs passed on to the company.

As it would be in the AML and ABC compliance spaces, if a third party refuses to answer due diligence questions or is not forthcoming in providing answers, that alone would present a red flag.

To summarize, although it would require asking additional questions specific to human trafficking, a significant amount of human trafficking due diligence could be conducted and driven through the ABC and AML-related due diligence questions and completed by adding additional queries to existing templates.

Apart from the drug trade, human trafficking is the world’s fastest growing criminal enterprise and, at an estimated $32 billion, the world’s second most profitable (tied with arms dealing).