By considering the source and breadth of bribery risk to which a firm could be exposed, either directly from its workforce or via associated persons, an assessment can also be made of the likelihood of occurence and potential impact.
For activity or relationships considered to be higher-risk, enhanced measures should be maintained to reinforce the anti-bribery culture; with controls, assurance testing and management information requirements reflecting the risk-based approach.
For FCA regulated firms, the regulator expects firm's to assess bribery and corruption risk in the systems and controls framework:
A properly scoped and successfully completed risk-assessment will provide senior management with an informed view on the following:
FCRM assists clients to identify bribery and corruption risk in the operating environment. Our personnel utilise experience of conducting regulatory reviews (e.g. s166), knowledge of systems and controls risk, and our investigative capability, to provide clients with a report and analysis on the firm's arrangements for managing bribery risk.
We consider various sources, including: (i) incident data; (ii) control-gap risk assessment; (iii) output of structured meetings/workshops; (iv) trend analysis; (v) Guidance on adequate procedures published by the Ministry of Justice; and (vi) regulatory considerations (e.g. FCA published papers, guidance and thematic reviews).
Risk-assessment findings can used by senior management to inform risk-appetite priorities and form the baseline for any subsequent review/refresh, as part of the firm's bribery and corruption risk-management framework.