Q3 compliance roundup: ESG due diligence and AI ethics
Human rights due diligence is becoming a global requirement, as the EU and its nation states, along with Canada, push ahead with legislation requiring greater screening and reporting. Meanwhile, the United States continues to add to its sanctions lists and expand its prosecutorial resources. Compliance teams should consider using a variety of human and automated screening techniques, paying due care and attention to the advantages and limitations of artificial intelligence.
Regulators clamp down on ESG
ESG is set to become a regular agenda item for compliance officers, thanks to a number of regulators enhancing expectations regarding human rights and climate reporting.
“ESG is at the forefront of consumer's minds,” Alex Cotoia, regulatory compliance manager at Volkov Law Group, told DMI in an interview. “It’s also becoming increasingly regulated, with policies aimed at helping companies steer clear of suppliers with poor human rights.”
On January 1, 2023, Germany’s Act on Corporate Due Diligence Obligations in Supply Chains was implemented, requiring German-listed companies, as well as international companies with Germany-based branches, to report on human rights-related and environment-related due diligence obligations in their supply chains.
A similar bill is due to come into effect in Canada exactly one year later. Bill S-211 will require issuers to annually report on steps taken “to prevent and reduce the risk that forced labor is used” in the production of goods in or imported into Canada. California Bill SB 253, passed in October, also introduces new emissions reporting requirements for issuers operating in the state.
ESG compliance is challenging, given that regions are running at different speeds and much of the reporting is unstandardized. ESG investigations, offered by Diligent’s ESG Due Diligence service, can help give compliance teams a level of comfort that a simple screening cannot, while supporting informed decisions about where additional resources may be warranted.
Chat carefully
Interest in artificial intelligence (AI) is growing rapidly, but there are reasons to be cautious about its role in compliance activities, observers say.
“It's always going to be a human-computer joint venture to do due diligence,” says Reid Blackman, author of Ethical Machines and founder of the digital ethics consultancy Virtue.
All business units should understand how AI systems work and play a role in setting KPIs, Blackman told Diligent in an interview, emphasizing that such nuances can’t be left solely to computer scientists.
While AI holds some promise in cutting down the number of false positives in screening programs, the risk of being under-inclusive should motivate compliance teams to keep a close eye on the outputs of any automated programs, says Cotoia.
“It's not sufficient to outsource sanctions screening and blame the vendor. That's not going to fly,” he says, citing Department of Labor requests for disclosure of AI tools used in hiring as an example of how government agencies are determined to keep such aids on a tight leash. “Use of AI does not absolve you from complying with the law.”
Compliance professionals, as well as board members, are invited to learn more about AI ethics and oversight through the Diligent Institute’s new certification program.
New from the DOJ
In September, Principal Associate Deputy Attorney General Marshall Miller gave a speech on the importance of compliance activities in M&A, with added emphasis on the importance of voluntary disclosure of wrongdoing.
“Acquiring companies should not be penalized when they engage in careful pre-acquisition diligence and timely post-acquisition integration to detect and remediate misconduct at the acquired company’s business,” Miller said. Future efforts to promote and standardize voluntary self-disclosure “will highlight the critical importance of the compliance function having a prominent seat at the table in evaluating and de-risking M&A decisions,” he said.
On October 4, Deputy Attorney General Lisa Monaco announced a department-wide safe harbor policy for M&A at the Society of Corporate Compliance and Ethics’ 22nd Annual Compliance & Ethics Institute. Misconduct must be disclosed within six months of a deal closing, and in most cases will need to be remediated within a year, she told attendees.
Volkov Law’s Cotoia sees policy changes as significant. “Acquiring companies are responsible for the misdeeds of their acquisition target, so this represents a real, tangible threat,” he told Diligent. “You have to have a basis for making a determination for whether the compliance efforts of the target are sufficient or could be remediated.”
The Justice Department is also piloting a program that will require companies penalized for compliance breaches to adopt modifications to their compensation practices as part of a resolution. That may include clawbacks and denial of bonuses for implicated executives, as well as incentives linked to compliance processes. Clawbacks in particular could be used to mitigate financial penalties through a credit system for good faith efforts, Miller said.
A lull in enforcement
Beneficial ownership is an area professionals recommend compliance teams direct their due diligence efforts, especially due to the importance and complexity of the 50 Percent Rule, administered by the U.S. Office for Financial Asset Control (OFAC). Suppliers and vendors should be subject to robust beneficial ownership checks to better understand corporate structures and prevent corruption, money laundering and bribery.
This is especially relevant in high-risk jurisdictions. Cotoia of Volkov Law noted that some Russia- and China-based companies “have a tendency to make that information very opaque,” but such reporting is crucial in determining potential government ties, as well as where sanctions activity may be required.
The third quarter saw a 3% increase in sanctions records, according to Diligent data. OFAC, the EU, and Switzerland’s SECO authority took the lead, mostly with sanctions related to Belarus, Ukraine and Russia. In the third quarter, the Australian Government, Japan’s Ministry of Finance and the Council of the European Union also implemented new sanctions related to Russia. In July, the EU extended its restrictive measures against Russia for a further six months, applying until January 31, 2024. Australia took similar steps to extend sanctions on Russian business and trade.
SECO removed sanctions on Malian individuals to match the UN sanctions list on September 18. In August, the Russian Federation vetoed the renewal of UN sanctions in a row about whether independent monitoring of a 2015 peace deal should continue. The U.S. has sanctioned Malian connections of the Wagner Group, which it describes as a proxy for the Russian government, and painted the group as a threat to the region.
There were eight enforcement actions under the Foreign Corrupt Practices Act (FCPA) in the third quarter, split equally between the Securities and Exchange Commission (SEC) and DOJ. Total enforcement actions for 2023 stand at 17, compared with 26 in the whole of 2022, according to the FCPA Clearinghouse database maintained by Stanford Law School and Sullivan & Cromwell.
The DOJ continues to hire corporate crime prosecutors focused on national security and bank integrity as it expands enforcement, Monaco said at the SCCE event. “National security compliance risks are widespread; they are here to stay; and they should be at the top of every company’s compliance risk chart,” she warned the audience.
Learn how Diligent’s Third-Party Risk Management solutions can help your organization stay aligned with the DOJ’s Compliance Program Guidance and other emerging regulations, and consider requesting a Due Diligence report to safeguard your organization against specific risks.
