Value of compliance in the modern times defense industry. Part II
Pavlo Verkhniatsky, Managing Partner at COSA
Pavlo is an expert in sophisticated integrity due diligence with an international component. He also leads research on country and political risks, conducts cross-border investigations and asset tracing for the benefit of global corporate players. Having experience of on-the-ground work with a focus on the FSU Pavlo provides COSA’s clients with in-depth understanding of behind-the-scenes particularities of business relations and country specifics.
Compliance has permeated every sector of today’s economy, including the defense industry and trade in dual-use products, and is becoming increasingly important in international economic activity. Against the backdrop of globalization and integration of economic processes, joint ventures with international elements, and the precarious geopolitical equilibrium, there comes a time when we realize that we can no longer ignore the matters of transparency in the operations of our contractors and partners, as well as our own. Market integration and the extraterritorial effect of the anticorruption laws of such powerful players as the United States, Great Britain, and France makes any company that wants to be a part of the global business structure understand that it must build compliance systems and reduce compliance risks for itself as well as its contractors.
Every company is a system that becomes a part of a bigger system when it interacts with other firms or persons, which is why it can no longer be perceived as a separate entity during compliance checks, and the risks associated with its contractors apply to it as well. In the compliance industry, this is called the toxic effect. The toxic effect can be illustrated using bank payments as an example. When a bank executes a transaction involving two persons (the payer and the recipient), complex transaction monitoring systems track the contractors of these two actors as well. This process, called Know Your Client’s Client (KYCC) means checking for compliance risks not only at the base level but potentially ad infinitum or as far as the capabilities of the monitoring system would allow.
Without access to bank systems, corporations check their contractors for compliance risks using automated tools of information analysis and system analysis methods that employ human resources to search for data in publicly available sources and carry out HUMINT (i.e. collect information from sources familiar with the subject). It is important to understand not only what you would want to know about your contractor but also what your contractors pay attention to when it comes to you.
Every compliance check begins with registration data verification. If a company’s ownership structure involves any offshore jurisdictions, it is definitely perceived as a compliance risk (even though of a low level) because it could indicate that the company wants to conceal its ultimate beneficiary, for example. As a matter of fact, it is possible to obtain information on the beneficiaries of such a company, even though the process is admittedly rather complicated. Moreover, some compliance officers would outright eliminate businesses with non-transparent ownership structure from the list of prospective partners, and the company leaders would most likely agree with such a decision of the compliance department.
Interestingly, companies in a group are not always connected with each other in a legal sense, meaning that they could be registered to nominees and appear to be separate entities and yet be controlled by a single entity. In the defense industry, there are many businesses registered in jurisdictions where obtaining a license to trade in dual-use goods is much easier. If such a company is fronted by a person who is not found in registration documents, compliance officers will make a special note of it and maybe even recommend refraining from cooperation with this company.
Every business found within the ownership structure is checked against blacklists, watchlists, and sanction lists. In-depth analysis involves checking the subject’s contractors for the presence of sanctions-related entities, i.e. companies connected to entities that are subject to sanctions. Thus, even if the company itself is not under sanctions but it interacts with sanctioned entities, a business with strict compliance policies may refuse to cooperate with it.
Compliance checks also involve a detailed analysis of the background, participatory interests, political exposure, etc. of every key principal of the subject, as the presence of PEPs (politically exposed persons) increases the corruption risk. Naturally, cooperation between businesses continues in the industries where interactions with PEPs are unavoidable, but the activity and connections of such persons while in office are studied in detail and any publicly available information capable of causing reputational damage is reason enough to initiate a compliance investigation, if cooperation is still considered after detecting such incidents. Litigation involving the company or its key persons is also searched for as part of compliance checks. Moreover, the checks cover not a single location, but a number of jurisdictions.
Most international companies headquartered in developed countries believe in playing it safe and building relationships of trust, but that trust is based on thorough compliance checks.