Risk Intelligence for Your Legal Entities: Identify Personnel Risks Before They Turn to Crises

Alexander Delong
5 min read

Judging a book by its cover is one thing. But going into business with individuals without proper due diligence is something else entirely – something that can cost your organization’s reputation and bottom line.

Bad actors aren’t always obvious. Luckily, risky individuals are often filtered out in the hiring process through standard background checks to flag any criminal history to avoid high levels of risk associated with such a hire. This control has some very stark limitations, however.

What about crimes someone commits after their hiring? What about associations or actions that may be controversial but not illegal? What if you have a person in an influential position who does not get screened by HR, such as an independent board director or an officer or signatory who joins the company through an acquisition?

Most employees and people connected with your business act in good faith, but being unaware and unprepared for risks some individuals carry can have costly results. Without proper risk intelligence, such individuals could be exposing your organization to material risks to business operations through sanctions, fines or license revocation; not to mention reputational risks impacting partnerships, customers, investors and employees.

The costs can be staggering when risks turn to crises. Yet compliance teams are anything but helpless. As we dig deeper into some examples, think of what risks your organization is taking on when these individuals, such as board directors, executives and officers and persons with power of attorney, have heavy influence on your business operations and reputation across legal entities. Here’s how bad actors can impact your organization’s bottom line and how compliance teams can fight back.

Crime in Business – Hard to Find and On the Rise

Financial crime may not be new to organizations, but the sheer volume of that crime is. The United Nations reports that money laundering alone can reach up to $2 trillion in just one year (a staggering 3-5% of the global GDP), and according to a 2018 Refinitiv study, 47% of organizations have been impacted by financial crime. This was before the COVID-19 pandemic moved many operations around the globe to virtual settings, making money laundering, fraud, insider trading and other financial crime even harder to track.

It’s easy to recognize the value of preventing financial crimes and staying compliant with anti-money laundering regulations at your organization, but the cost of doing so can be tough to swallow. The cost of compliance has increased to $49.9B in 2021, up 19% from 2020, according to LexisNexis, with 74% of U.S. firms adding to their compliance staff to keep up with industry regulations. Easing the burden can have ripple effects to improve the bottom line.

Unfortunately, financial crime is not the whole picture. Other workplace crime, such as harassment, can materially impact the organization’s bottom line and reputation: everything from doubling the cost of mental healthcare for affected individuals, to loss of productivity and employee attrition, to more overt costs such as expensive litigations and damage to the corporate brand.

Reputation at All Costs

As if fines and lost assets weren’t enough reason to uncover bad actors, the ensuing publicity from an incident can lead to lasting negative effects on the business. A classic Harvard Business Review article indicates that organizations derive 70-80% of their values from hard-to-assess intangible assets like brand equity, intellectual capital and goodwill.

Warren Buffett seems to feel the same way and was quoted, “We can lose money – even a lot of money. But we can’t afford to lose reputation – even a shred of reputation.” Why? Reputation impacts all aspects of an organization – its ability to attract and retain customers, employee sentiment (which impacts operational continuity), public scrutiny, partnerships and investment.

It’s for this reason that so many organizations have personal conduct policies that extend beyond the work environment. A quick online search will yield plenty of examples of individuals losing their jobs due to conduct on social media even when not representing their places of work. Companies are quick to protect their reputations even at all levels, but highly visible and influential positions such as board directors, officers and those with power of attorney carry an outsized weight that can damage brand equity.

How Do We Prevent This?

Now more than ever, organizations should have a risk intelligence strategy in place. Everyone from the compliance team all the way up to the general counsel and chief audit/compliance officer need to be aligned on how the organization will identify and mitigate the risks that stem from mergers and acquisitions or doing business in jurisdictions far from headquarters where there is less immediate transparency.

This is easier said than done, though, given harmful individuals within the organization aren’t always easy to identify and due diligence can take a long time to complete. Risk Intelligence Data (RID), now available within Diligent Entities, makes it easier to find potential bad actors in the most critical roles to identify and evaluate their risk levels before it becomes too late.

RID mines through over 5 million publicly available data sources including news reports, sanctions lists, watchlists, politically exposed persons (PEP) lists and risk records from 160 countries using AI to sort through the data and create a risk score. Those who show up with high risks can then be reported to a trained security team for further investigation. Leveraging the RID capabilities is an inexpensive way to identify high-risk individuals in leadership positions within your organization or to prioritize the biggest threats when going through a comprehensive screen of the company.

Incorporating RID with your entity and subsidiary risk strategy will help to keep your organization’s revenue and reputation out of harm’s way. After all, an identified risk is much easier to mitigate than an unknown one.

Because after an incident has occurred, you’re no longer managing a risk; you’re managing a crisis.