Lacking an incidence response plan? Consider Vaultare

If a critical compliance incident occurred in your business, could you respond effectively? Would you know what to do in the first few hours? How would you manage the compliance response? These are important questions that businesses need to ask themselves because the business’s brand and reputation could be at stake. 

So, whether it be bribery, fraud or money laundering for example, these incidents often arise from nowhere, when you least expect it, and suddenly the landscape has changed, the authorities are involved and the pressure is on to respond. So how do you demonstrate that the business has a robust range of compliance programmes across the appropriate risk areas?  What are the first steps you need to take?

Andrew Sackey is a partner in Pinsent Masons’ white collar crime and investigations team that helps clients with their response in these situations and, in many cases, he will work closely with HR teams, as we’ll hear shortly. To help with that response Andrew has developed a product called Vaultare - a dedicated compliance incident response platform. It’s designed to provides a chronological overview of the business’s compliance development and preparedness. 
So let’s hear more about the product and how it works. I phoned Andrew to discuss how Vaultare came about, and why it should be of interest to HR:

Andrew Sackey: “Well, Vaultare is a product which has come about because we at Pinsents have been engaging with clients who've been seeking to manage their internal compliance programmes and internal investigations and we felt that there was a real benefit to clients to being able to bring together the various strands of what can sometimes be quite disparate controls in their business and put that under one umbrella and that is what Vaultare does. It brings together a whole host of controls that the client may already have in place, puts them in one place, and then that allows you, as the client, to take a helicopter view of your controls and assess whether there are any gaps or mitigations that you need to address.”

Joe Glavina: “So as I understand it there are lots of different component parts to this product, Andrew. Can you talk me through them?”

Andrew Sackey: “Well there's quite a bit of functionality to the product and I think within the portal itself you'll see there are eight different aspects of functionality, but the three core ones amongst those are, firstly, what we think is a really comprehensive guide for clients to help them manage those really serious, or potentially serious, critical compliance incidents. So if a client needs to manage an internal investigation, if it needs to know what steps it needs to consider, how it needs to do that and, of equal importance, where the bear traps are, then this guide walks them through that process, so it gives them a really good template is how to start. The second component which we think is really useful is a chronological repository of all of their risk assessments and evolving controls and top level statements that have evolved over time for each threat area. So if, for example, a bribery or a money laundering or a tax investigation were to arise the client needs to understand what the controls and expectations were back when that event happened because these events, more often than not, are historically based so you need to understand what your controls were in 2017, if it was a 2017 allegation, and this product allows clients to do that but also to chart the narrative, the evolution, the strengthening of their policies and controls over time. Also, as the vault is being populated, it's really simple to then see where the vulnerabilities are, where the mitigations are and a really useful part, we think, of this product is that it sends alerts so if your policy indicates that you've got to refresh your risk assessment, or revisit your policy on a date, let’s say September 22 to pick a random date, the product will send you an alert months prior to that to enable you to put the necessary processes in place to make that happen. That’s useful because, very often, if individuals within businesses leave that sort of business continuity, that renewal continuity, can often be missed.”

Joe Glavina: “If I can just put some context to this Andrew. Can you describe a typical situation that might arise where you get involved, and the sort of issues you see which could hinder the client’s response?”

Andrew Sackey: “Well, the white collar crime and investigations team are called in for a variety of reasons but in terms of an internal investigation, for example, where there has been, or there are initial indicators that are red flags that something might have gone amiss historically. Some of the work we do involves understanding what the expectations and controls were that relates to that period. So very often a client might indicate that they have, for example, an up to date risk assessment and policies and controls to cover the issue and that the incident related to, for example, a rogue individual, and very often that's the case, but on a not infrequent basis you can see that risk assessments, for example, have not been renewed as they should have been because a policy will need to be reviewed every two years, every three years, as part of the general monitoring review protocol. If that is not undertaken then your starting position is not as strong as it might be it in terms of trying to protect your corporate position in terms of having the right controls in place to control behaviours.”

Joe Glavina: “So when it comes to going in and helping the client in these cases, would that include working with their HR team? 

Andrew Sackey: “We work with HR on a very regular basis. In fact the Pinsents employment team is probably the team I work most closely with because whenever you're looking into any incidents of serious compliance breaches there will invariably be the need to consider what HR employment law responses are merited and those need to be coordinated because it's very important that you preserve the integrity of both the internal investigation and, to the extent possible, the integrity of the HR process. So for example, you wouldn't necessarily want to conduct a standard disciplinary hearing where you would interview the employee if there was the likelihood that that same employee might be referred to law enforcement agencies because under a law enforcement umbrella that individual would be entitled to the right to silence. So there's a huge amount of coordination between the white collar investigations team and our employment law colleagues and Pinsents.”

Joe Glavina: “Last question Andrew. Why do you say clients should take a close look at Vaultare?”

Andrew Sackey: “Compliance incidents can arise out of nowhere, they can come from when you least expect it, so the product deals with a range of mitigations and steps you can take when such an incident has occurred but what I think we're most proud of is it gives clients the opportunity to get ahead of the problem. It gives clients the opportunity before something goes wrong, to look at your procedures, to look at your controls, to look at your risk assessments, and take a view - are we in as strong a position as we think we are and that preparation stage, I think, is critical to protecting the interests of any business.”

If you would like further details about Vaultare, or you would like a demonstration, then please visit the dedicated Vaultare page on the Pinsent Masons website. You then just need to click on the ‘Make an Enquiry’ button. We have put a link to that page in the transcript of this programme.

LINKS
- Link to Vaultare page of Pinsent Masons website