28 September 2010

Workplace Violence: Cues and Clues to Teach...

Operational Risk Management is your foundation for crisis leadership. All work locations have distinct categories of threats that are relevant to the site, people and type of business. Assessing the violent factors is the role of FBI profiler Mary Ellen O'Toole and there are four categories according to a study entitled: "The School Shooter: A Threat Assessment Perspective."

  1. A Direct Threat
  2. An Indirect Threat
  3. A Veiled Threat
  4. A Conditional Threat

Employees must be trained to be aware of the warning signals that typically occur before a threat and violent act becomes operational. Based on the O'Toole study these are some of the 23 "Red Flags" that employers should be monitoring and keeping their Corporate Threat Assessment Teams on high alert for:

  • Low tolerance for frustration
  • Poor coping skills
  • Failed relationships
  • Signs of depression
  • Exaggerated sense of entitlement
  • Attitude of superiority
  • Inappropriate humor
  • Seeks to manipulate others
  • Lack of trust/paranoia
  • Access to weapons
  • Abuse of drugs and alcohol

Source: O'Toole, Mary Ellen, "The School Shooter: A Threat Assessment Perspective," by the Critical Incident Response Group (CIRG), the National Center for the Analysis of Violent Crime (NCAVC) and the FBI Academy.


The court and the jury will look upon your employers ability to apply the basics of workplace violence and threat assessment. What did you know? When did you know it? What have you done about it? They will judge you on the threat assessments utilization of insider threat intelligence combined with the evidence of your overt training of employees in the workplace. What grade would you give your company today for these fundamentals?

Let's take it to the next step in terms of your ability to even meet the requirement by the Occupational Safety and Health Administration (OSHA) in the United States. Awareness programs are expected on the four primary types of workplace crimes:

  1. Those crimes committed by people not connected to the workplace.
  2. Aggression by third parties including customers, clients, patients, students, or any others for whom you provide a service or product.
  3. Employee to Employee violence or a former employee who returns to the workplace with the intention to injure a former supervisor.
  4. Aggression related to a personal relationship inside or outside the workplace.


The organization who understands the foundation for creating a proactive and preventive team for incidents in the workplace should not stop there. Once you have developed the framework for Incident Command, Emergency Operations Center, Shelter in Place, Medical Triage and Evacuation you have a good baseline to extend to a complete "Continuity of Operations" strategy. This requires a deeper analysis into the threats inside your organization that may put you out of business entirely.

Once the organization has adopted the "All Threats - All Hazards" mentality then it is well on it's way to becoming a survivable business. Operational Risk Management is a discipline that incorporates this approach and enables owners, operators and business suppliers with the tools, methods and strategy to handle workplace violence incidents or a catastrophic act of mother nature.

18 September 2010

China Syndrome: FCPA & Rating Agencies...

A modern day "Operational Risk China Syndrome" is making the Board of Directors nervous these days. The new syndrome otherwise called the Foreign Corrupt Practices Act (FCPA) has been the buzz at rating agencies for months. Are you sure about your ability to withstand the scrutiny of a FCPA litmus test? Board Member Magazine explains:

On June 2nd, Fitch Ratings agency announced that Foreign Corrupt Practices Act violations could result in ratings downgrades. That’s one more reason boards should educate themselves on FCPA and how their companies are monitoring FCPA-related risks. It appears, though, that many boards do not feel comfortable with their companies’ compliance programs. In a soon-to-be released survey from KPMG’s Audit Committee Institute, only 27 percent of U.S. audit committee members said they were satisfied that their company had an effective process to manage Foreign Corrupt Practices Act risks, and other risks associated with doing business in Brazil, Russia, India, China and other emerging markets. 35 percent of respondents were only somewhat satisfied, and 9 percent said process improvements were needed in conducting such business, which may include sourcing, outsourcing, manufacturing, or sales and distribution channels.

As your Business Development teams fan out across the globe to satisfy the appetite of the Chinese economy for critical infrastructure, establish a sound and effective awareness, training and audit program. What are the ramifications of putting unprepared personnel on the ground to do business in the Chinese Markets?

American companies or individuals who enter joint ventures with foreign partners, as well as those who hire foreign agents or distributors in China, must be extremely cautious of the vicarious liability that they may face as a result of a third party's violation of the principles set forth in the FCPA. According to the Justice Department, an American company will be subject to liability under the FCPA if it makes payments to an intermediary third party with the knowledge that such payments will go to a foreign official for corrupt purposes. Conscious disregard is enough to satisfy the requirement; if the American company is aware of a "high probability" that such payments will occur, the knowledge requirement will be satisfied. More importantly, a joint venture partner, agent, or distributor will be considered an intermediary third party for purposes of the FCPA. Therefore, any violation of FCPA standards by one of those parties could result in the American company being vicariously liable under the FCPA.

In order for the Board of Directors to have peace of mind on the emerging markets business opportunities first a substantial compliance framework needs to be established. Next, the implementation of predictive analytics software to manage the complexity of companies, people and relationships as you do business in any of these countries. This includes the subscription to several databases that include the constantly changing landscape of specially designated nationals (SDN) and politically exposed persons (PEP). World check explains:

During the period 2005 to 2007 alone, more than 310 elections and by-elections took place around the world – that’s an average of nearly 10 elections per month. (Source: ElectionGuide.org). This means that your existing clients may be elected to public office, and hence become PEPs, without your business knowing it. It may be that you only apply your due diligence processes to new customers and so miss a whole category of individuals that do not meet your corporate risk appetite. As such, routine and ongoing PEP risk screening is not only considered best practice, but is also a legal requirement.
In practice, full compliance with PEP legislation has not come without major operational challenges. In the post-9/11 era, the proliferation of regulatory compliance laws, combined with the need to screen hundreds of thousands of users and accounts on a routine basis, has created a substantial administrative burden for businesses subject to PEP legislation.

The sheer magnitude of the due diligence challenge has subsequently led to the adoption of a risk-based approach to regulatory compliance, but nevertheless Enhanced Due Diligence and ongoing risk management is still required for PEPs. Broadly speaking, the risk-based approach entails the identification of risks that exceed your business’ stated risk appetite (including the need for regulatory compliance), and then matching individuals and entities against these heightened risks during the preliminary stages of due diligence. Should a person fall into one or more of the specified heightened risk categories, additional due diligence is then required.

As your company establishes it new China-based strategy for partnerships, joint ventures or actually putting employees in country the operational risks become exponential. Remember, a sound and prudent risk framework includes a 4D approach:

  • Deter
  • Detect
  • Defend
  • Document

With these established and operating on a global basis the Board of Directors will be sleeping more soundly. Or perhaps not...learn more.