Skip to content


Compliance Risk Assessment Components: Industry Risks

By GAN Integrity (Updated )

Recently we have discussed three critical aspects of a compliance risk assessment: the location of your business activities, your customers, and your interactions with foreign government officials. This post deals with a risk that relates to all three of these areas – the particular business sector in which you operate. We discuss the topic separately, however, in order to underscore that a business’s operating sphere may influence how you think about some of the other factors we have identified as essential to conducting a compliance risk assessment.

Consider, for example, some of the unique features of the following industries that are often regarded as “high risk” for corruption under laws such as the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act (UKBA):

  1. Resource extraction

In 2014, the Organisation for Economic Co-operation and Development (OECD) reported that 19% of the 427 foreign bribery cases concluded in countries that are members of the OECD’s Working Group on Bribery involved the extractive industries (see OECD Foreign Bribery Report (2014), at 22). Notable US enforcement actions include those against BHP Billiton, Total, Noble Corporation, Alcoa, and KBR.

The extraction of natural resources such as oil, gas, minerals, diamonds, and even timber has long been considered a high corruption risk area. This is due in large part to (a) the weak governance and absence of a strong rule of law environment within many countries where such resources are to be found and (b) the necessity of working with governments at various levels within such countries to obtain the licenses, permits, and concessions necessary to extract these natural resources.

The risks to extractive industry companies apply not only to the companies that are actually extracting resources (e.g., an oil or gas company), but also to companies that provide services (such as engineering) or goods (such as industrial gasses) to these companies.

  1. Pharmaceuticals and healthcare

For pharmaceutical, medical device, and other healthcare companies, corruption risks start with product development and continue all the way through to sales and after-sales service. At the development stage, a company must work with healthcare professionals (HCPs) who are often employees of state-owned companies to test drugs and devices. The company may also work closely with health ministries to obtain product approvals.

Once a product is approved, sales often involve building close relationships with HCPs. Providing a benefit to a state-employed HCP—such as an honorarium for conducting a clinical trial or travel expenses to attend a conference—may violate laws prohibiting bribery, if the benefit was provided with the intent of causing the HCP to prescribe a particular product or otherwise favor your company. In recent years, the US has targeted healthcare companies such as Bristol-Myers Squibb, Eli Lilly, Pfizer, and Johnson & Johnson on FCPA grounds.

Because companies in this industry engage with government officials in so many different settings, it is particularly important for companies in this sector to develop policies, procedures, and controls specific to each type of government interaction—from the approval process with regulators to the sales process with HCPs.

  1. Infrastructure projects

Helping foreign governments develop local infrastructure (such as installing cell towers, laying cable, or building roads, airports, or ports) can represent substantial commercial opportunities, but engaging directly with foreign governments may introduce corruption risks. For instance, Hitachi has settled FCPA allegations relating to bribes paid in connection with building power plants in South Africa, and Maxwell Technologies has settled similar allegations in connection with building electrical infrastructure in China. Since many of these projects are located in the developing world and involve financing from multilateral development banks (MDBs), companies facing bribery charges from a given national law enforcement agency may also face suspension and debarment from MDB sanction boards on the same set of facts.

Risks arise in the execution of infrastructure projects. For example, to build an airport, a company must obtain countless construction permits and various project stages proceed only after passing numerous safety inspections. Companies in this area may need to work with government officials from the national (e.g., public procurement) to regional (e.g., environmental institutions) to municipal (e.g., local utilities) levels and need to have a strategy in place for dealing with the corruption risks that may arise from each type of transaction with each involved governmental institution.

  1. Defense

The defense sector presents special corruption risks. First, defense projects often require specialized technologies or product specifications. Accordingly, few companies may even be competent or qualified to bid on many defense contracts.

Secondly, the sensitive nature of military and military materiel information means that defense procurement is generally not conducted as openly and transparently as other types of public procurement involving, for example, off-the-shelf products. Furthermore, military equipment is subject to strict export and import requirements.

A few years ago, Armor Holdings ran into FCPA problems in connection with a $6 million United Nations procurement of body armor. Defense contracts need not involve sophisticated technology or large-scale contracts to run into foreign bribery risks, however. Smith & Wesson, for example, ran into FCPA problems in relation to a contract to outfit an Indonesian police department with 548 pistols.

Defense contractors will also want to pay particular attention to the procurement process itself to help ensure that the actions they engage in at the front end to obtain business do not result in an overturning of the award down the road.

  1. Private equity and finance

Historically, compliance in this sector has focused on anti-money laundering activity. US enforcement authorities have begun to target financial firms for FCPA enforcement, however, as evidenced by the recent action taken against BNY Mellon in relation to its decision to hire interns who were family members of government officials connected with a foreign sovereign wealth fund.

These are just a few examples of how industry-specific corruption risks can arise. Of course, these are neither the only risks faced by businesses in these sectors nor are other sectors immune from risk: an agricultural company may face an incentive to bribe customs officials because of the risk of product spoliation, while a chemical company may face incentives to bribe environmental ministers in relation to waste removal. Foreign bribery cases have arisen against companies ranging from a cosmetics company (Avon) to a tire manufacturer (Goodyear) to a technology firm (Hewlett-Packard) to a food processor (Archer-Daniels-Midland). In other words, every business operating abroad presents its own unique challenges when it comes to preventing and detecting foreign bribery. This is why your company-specific risk analysis is so critical.

In our next post, we turn our attention towards identifying which groups of company personnel are most likely to encounter the types of bribery risks we have been discussing.

integrated compliance management

Implement a tailored Third-Party Risk Management solution

View platform

Related reading

Join the E&C Community

Get the latest news from GAN Integrity in your inbox.

We respect your privacy. Your data will be kept confidential and will not be sold or shared with third parties. For more information, please see our Privacy Notice.