Earlier this year, Bureau van Dijk hosted a compliance forum in London where participants shared advice and best practice around sanctions, due diligence, anti-money laundering and other key compliance topics.
We spoke with Stephen Storey, head of operations and regulatory investigations for Rio Tinto, as well as Robert Smith, director, ethics and compliance for InterContinental Hotels Group (IHG). They each shared what they learned from establishing successful third-party corporate compliance programmes.
In his role at Rio Tinto, one of the world's largest metals and mining corporations, Storey focuses on standards and governance, due diligence, digital forensics, regulatory investigations and more. Here are his 3 corporate compliance programme tips:
- Manage risks. It is crucial that you can identify and understand key risks and use good information sources that can be cross-validated against your own business data.
- Integrate a third-party management solution. This can help your organisation with supply-chain monitoring and to consolidate data sources.
- Create a due diligence community. Get multiple stakeholders involved such as finance and procurement, and share what you've learned.
Smith specialises in regulatory compliance including anti-bribery and corruption, competition law, human rights and data protection. As IHG includes more than 5,500 hotels in around 100 countries, he has experience building out a compliance programme globally. Here are his tips:
- Use effective internal marketing. Get key stakeholders on board not only at the executive level, but also with the operational teams that will be engaging with the programme on a daily basis.
- Make it proportioned. Make the programme proportionate both to your organisation's risks as well as the resources that are available
- Be agile. The programme should be able to respond to changes in your business's external environment, such as changes in risks within countries or regions, as well as internal changes such as restructuring and growth—your programme should scale along with your company.