Bribery, Corruption, & Espionage – just another daily responsibility
If you are moving into the global economy, or have multinational operations chances are you are beginning to address bribery, corruption, and espionage or have been for a while. Interesting topic. As an example, under the Foreign Corrupt Practices Act, compliance rules are aimed at preventing bribery of foreign government officials in an effort to obtain or retain business. This is quite complicated, as multinationals often deal with hundreds of third parties and ensuring compliance is enough to pull your hair out. Audit rights, anti-bribery, and corruption clauses are now being used in contracts that clearly spell out the rules for third parties. All very well and good, the challenge is actually conducting an audit on third parties where business books and records are not always in the traditional form.
Wrapped up in all of this is the protection of trade secrets. For example, the Chinese are becoming well known for hacking of confidential data across organizations in multiple industries. Although the Economic Espionage Act was expanded in 2012 in an effort to protect trade secrets for US companies, it is the companies themselves that are the front line of defense. Security protocols and procedures may need to be addressed in real-time, and quickly.
Organizations need to determine exactly what data they have, where it is stored, and whether they need to keep it and assign the appropriate security. Finally, we now retreat back to the end users. A culture that educates and communicates the importance of compliance has to be implemented so all staff realize the importance of compliance.
Do you have GRC initiatives that address these potential issues? How have you handled?