Amex GBT navigates tricky 2022 to win Compliance Program of the Year

Amex GBT, a corporate travel management company operating in more than 150 countries worldwide, operates as a highly regulated provider that matches its corporate clients with its travel supplier network under rules and requirements including the U.S. Bank Holding Company Act.

In 2022, Amex GBT became a public company, a process that comes with numerous governance challenges. The company also integrated a large acquisition, digital corporate travel solution Egencia, into its operations as part of a carve-out acquisition from Expedia Group.

Like many organizations, Amex GBT had to react to the unprecedented global sanctions response to Russia’s war in Ukraine. Along the way, the company enhanced its risk and compliance program using improved metrics and analytics to develop strategies to handle sanctions, privacy, and fraud mitigation.

That Amex GBT managed to navigate competing risk and compliance challenges successfully while continuing to honor Amex’s brand and maintain trust with corporate clients and travelers is why the company was honored as Compliance Program of the Year at the 2023 Excellence in Compliance Awards.

“Compliance has always been a part of our DNA,” said Amex GBT’s Chief Legal Officer Eric Bock. “Our clients are the biggest banks and regulated institutions in the world, and they need to know we are looking out for them.”

In May 2022, Amex GBT successfully began trading as a public company, independently of American Express, when it merged with a blank-check firm backed by Apollo Global Management. The merger required Amex GBT to revamp and strengthen its governance and compliance programs, including the appointment of independent directors and the creation of a dedicated risk and compliance committee of the board.

“Our relationship with Amex remains very strong. It’s integral to our operations,” said Michael Savicki, Amex GBT’s senior vice president, chief risk and compliance officer.

Amex GBT launched trainings, new policies, and governance enhancements to embed its corporate governance within its operations. The company refreshed its code of conduct and insider trading policy and revised its executive clawback policy, Savicki said.

Egencia, a West Coast tech company, was purchased by Amex GBT in November 2021, but the process of integrating it began in 2022. The process involved layering in stringent sanctions controls, third-party oversight, and data governance rules “while continuing the culture of innovation” within Egencia, Savicki said.

Egencia was the ninth acquisition to be integrated into Amex GBT since 2017, Bock noted.

“Compliance is one of the leading due diligence requirements of any acquisition,” Bock said. “We haven’t found a target yet that was operating to our standards.”

Amex GBT’s three levels of defense framework—business self-testing, compliance testing, and internal audit—were also “embedded into Egencia’s existing business processes, and our whistleblower hotline and investigation activities were enabled for Egencia employees, contractors, and key third-party partners,” Savicki said.

“Compliance has always been a part of our DNA. Our clients are the biggest banks and regulated institutions in the world, and they need to know we are looking out for them.”

Eric Bock, Chief Legal Officer, American Express Global Business Travel

“We sought to take our existing control framework and adapt it into their business processes by actively engaging and collaborating with their teams,” he said. “We wanted to do it in a way that allowed their culture to continue to flourish while highlighting the significant benefits that exist from an enhanced governance environment.”

Then there were the sanctions, which were implemented in waves by the United States, United Kingdom, European Union, Japan, Canada, and other countries throughout 2022 following Russia’s invasion of Ukraine in February. Amex GBT took extra steps to weed out potential problematic bookings within its 75 million monthly transactions.

The company also created a prohibited transactions list that included hotels owned by sanctioned individuals, as well as some airlines, Savicki said. The company retained a third-party risk advisory consultant to conduct beneficial ownership reviews to determine if hotels, airlines, or other travel partners had potential prohibited ownership. The company conducted know your customer reviews on clients and travelers to ensure none had connections to sanctioned individuals or entities.

The company was able to use these processes to flag and block problematic bookings before they were finalized.

“We decided to trace beneficial ownership to that level to make sure we have the right clients and the right partners,” Savicki said. “This additional step protects not only GBT, but it is a critical resource for our corporate clients and travelers who rely upon our expertise in this area to avoid sanctioned jurisdictions and travel supplier content. Our clients have responded appreciatively as this differentiates us.”

Amex GBT also further expanded its strategic use of data metrics and analytics within the sanctions, cyber/privacy, and fraud mitigation areas “to reduce false positives, which allowed us to more efficiently deploy existing resources to investigate and remediate potential compliance gaps and focus on additional opportunities for continual improvement,” Savicki said.