UK Law and Practice Contributed by: Ben Morgan, Ali Sallaway, Matthew Bruce and Emily Knight, Freshfields
tional use of external oversight as a feedback mechanism. In this respect, plans can be fur- ther improved via engagement with regulators and external advisers, including auditors and lawyers. Irrespective of whether or not it may wish to have the support of an external party, it is prudent for an organisation to follow these steps, amongst others, when developing its strategy and plans: • seek internal feedback from staff members; • examine any relevant whistle-blowing cases and the subsequent action taken; • assess the effectiveness of pre-existing risk prevention procedures; • conduct formalised periodic review, with documented findings; • collaborate, where useful, with other organi- sations, such as trade bodies or other organi- sations facing similar risks; • follow advice from professional organisations (for example, accountancy or legal bodies) where appropriate; and • consider any relevant enforcement examples in the sector and Deferred Prosecution Agree- ments (DPAs). This is not an exhaustive list, and it is expected that organisations will choose the approach most suited to their needs. Organisations may change their review process in light of develop- ments. For example, an organisation may need to take a more formalised and detailed approach to reviewing its crisis management procedures following an incident within the organisation or other entities operating within the same sector. The FTPF Guidance sets out six general prin- ciples for organisations to bear in mind when developing fraud risk prevention procedures, alongside illustrative case studies, which can be
useful to assess current government expecta- tions when exploring crisis management plans more generally. The framework mirrors the well- established UK Bribery Act Guidance and Fail- ure to Prevent the Facilitation of Tax Evasion Guidance, which have been in force for several years. These principles can accordingly provide a useful methodology for addressing the risk of a crisis. The principles are as follows. • Top-level commitment: senior level engage- ment is essential, and this includes commu- nicating and endorsing the company’s risk prevention measures, committing resources to crisis management, and leading by exam- ple in fostering an open culture that empow- ers staff to speak up to identify relevant risks to business stability. • Risk assessment: organisations should conduct regular risk assessments to address problem areas and implement remedial and prevention measures. • Robust but proportionate risk-based preven- tion procedures: measures should be intro- duced and adapted that aim to reduce the risk of a crisis. Most companies should be able to build on existing processes, but addi- tional measures may be required, depend- ing on the outcome of the risk assessment exercise and existing safeguards. • Due diligence: due diligence on third parties who provide essential services is an impor- tant element of prevention, as is appropriate due diligence in the M&A context to ensure newly acquired business units are also com- pliant with company policies. • Communication (including training): training can help employees understand the steps to respond to a crisis, with communications to reinforce why this is important. The FTPF
136 CHAMBERS.COM
Powered by FlippingBook