A panel of compliance professionals assembled to discuss the increasingly relevant topic of working in high-risk countries, sharing their experiences and lessons learned at Compliance Week’s National Conference in Washington, D.C.

Speakers during the session included Charlie Reed, vice president of corporate compliance at Flex; Tyler Hand, chief compliance officer at Western Union; Fabricio Nunes, global chief compliance officer at Linde; and Ralph Carter, managing director of regulatory affairs at FedEx.

The panelists underscored how the issues of working in high-risk regions have always been there, but recent dynamic events and circumstances have added unique challenges.

Modern risk landscape

“There are new rules from OFAC concerning places like Russia and Ukraine; the volatility of cryptocurrency making it tough to use and process them in transactions; and a pandemic that has changed consumer ordering patterns,” said Hand. OFAC, the Treasury’s Office of Foreign Assets Control, is the primary sanctions regulator in the United States.

“You cannot get this right if your risk assessment is at all ‘off.’ The management team needs to be educated on the specific risks posed by these regions and act accordingly.”

Fabricio Nunes, Global Chief Compliance Officer, Linde

Hand said Western Union needed to have dexterity within its communications to its offices to track these developments and new obligations and pivot accordingly.

Nunes agreed and spoke of the challenges facing Linde, a company producing and selling gas locally in 80 countries.

“You cannot get this right if your risk assessment is at all ‘off,’” he said. “The management team needs to be educated on the specific risks posed by these regions and act accordingly.”

Carter pointed to FedEx’s challenge as a shipping company maintaining a large fleet of airplanes that needed to follow export control rules, plus have interception techniques to ensure any goods going to a targeted country could be swiftly intercepted, as needed.

“We aligned our training among our various branches around the world specifically to deal with the export controls and these interception techniques we created,” he said.

Nunes said his company did the same with training, plus got its middle management more heavily involved in working with employees on the ground so they would have a better look at the risks at street level.

“We do an anti-bribery training and other types of training once a year for certain employees and certain offices. And we adjust them as needed,” he added.

Risk assessments … and the risk that is Russia

Hand said Western Union’s risk assessment process considers how comfortable the business feels about the risk involved in operating in certain areas, sometimes leading to decisions to avoid certain types of business, even if the company can get an exception to OFAC’s restrictions.

“We need to see if we can mitigate the risks to our customers sufficiently,” he said. “The federal government often wants us to keep remittances going, but we as a business—and our business partners—need to feel good about it.”

Hand said the bank had no business in Russia that was strictly rooted in humanitarian efforts, so Western Union pulled out of the country.

Nunes pointed out abruptly exiting is not always possible. For Linde, the company provided some humanitarian services, like offering medical gases to healthcare facilities, while complying with international laws and regulations.

Carter noted employees and customers in these high-risk countries might see things differently than top executives do and need more explanation about why business is being halted there.

“I spend a lot of time with the [communications] teams in describing these issues and our decisions about how and why we are reacting to them,” he said.

Using DOJ guidance and data tools

In wrapping up, Reed reminded attendees to look to the Foreign Corrupt Practices Act Resource Guide, issued by the Securities and Exchange Commission and the Department of Justice, for guidance in this arena.

The panelists said they relied on data and intelligence to map transaction patterns, monitor changing consumer behavior, and track regulatory change. Ensure you have enough intelligence on the ground, so you don’t just depend on the technology and get tripped up by false positives, they advised.