Both the Justice Department and the Securities and Exchange Commission make clear the need for a risk assessment to inform your compliance program. I believe that most, if not all CCOs and compliance practitioners understand this well-articulated need. The 2012 FCPA Guidance could not have been clearer when it stated, “Assessment of risk is fundamental to developing a strong compliance program, and is another factor DoJ and SEC evaluate when assessing a company’s compliance program.” While many compliance practitioners have difficulty getting their collective arms around what is required for a risk assessment and then how precisely to use it, the FCPA Guidance makes clear there is no “one size fits all” for anything in an effective compliance program.
