FCPA Compliance and Ethics Blog

May 2, 2011

Country Risk Rating: A More Sophisticated Approach

One of the areas of risk which is traditionally assessed is that of geography or country risk. The UK Bribery Act Guidance defines country risk as:

Country risk: this is evidenced by perceived high levels of corruption, an absence of effectively implemented anti-bribery legislation and a failure of the foreign government, media, local business community and civil society effectively to promote transparent procurement and investment policies.

This definition would seem to call for more than an analysis of whether countries are perceived as “the usual suspects” when it comes to risk. Most compliance practitioners to date have used the Transparency International Corruptions Perceptions Index to assess country risk. The Corruptions Perceptions Index, as defined by Transparency International,  “ranks more than 150 countries in terms of perceived levels of corruption, as determined by expert assessments and opinion surveys.” However, the guidance for best practices, as set forth in the most recent Bribery Act Guidance the concept of ‘compliance convergence’ and the recent Deferred Prosecution Agreements (DPAs) entered into by the US Department of Justice (DOJ), would seem to indicate that a more robust risk assessment should be utilized regarding the corruption and compliance risks of individual controls.

I recently had the opportunity to review another tool with which companies can assess an overall geographic or country risk. It is a product called “Country-Check” and it was developed by World-Check (Full Disclosure: World-Check is the sponsor of the World-Check FCPA Speaking Tour, of which I am a participant.) The Country-Check tool is a customizable risk index that ranks the overall risk levels in 244 jurisdictions across the globe.

Country-Check measures risk using over 140 input sources. From these input sources, a company can access up to 42 dimensions of risks from a wide spectrum of different types of threats which may need assessment. These types of risks include: (1) political – varying from governance types to civil liberties, regulatory control, control of corruption and human rights issues; (2) financial – from GDP, overall country debt, military expenditure, average per capita savings and economic freedom; (3) criminality – factors ranging from money-laundering and fraud to terrorism, corruption, export control and the overall country crime rate.

In addition to the above, the Country-Check model can be custom developed which allows a company to make individual adjustments for not only the inputs it perceives as important for its own business but also allows an industry weighted assessment. This factor would come into play with the risk assessments discussed in the initial three DPAs, released in 2011. These DPAs were with Alcatel-Lucent, Maxwell Technologies and Tyson Foods respectively. In each of these DPAs, the DOJ mandated that the companies assess the geographic risks which each of these companies face in the areas where they conduct business. However, these mandated risk assessments went beyond simply geography to such areas as government touch points in conducting business. The Country-Check model would allow a company to customize the product so that a report is generated which measures this type of risk.

In the concept of compliance convergence risks posed beyond simply those relating to the violations of the US Foreign Corrupt Practices Act (FCPA) or UK Bribery Act should also be assessed. This means that a company should also review such areas as propensity of a country to engage in or have lax enforcement of anti-money laundering laws and regulations and have issues related to vigorous enforcement of export controls. The Country-Check tool provides standardized risk intelligence for all of these areas. The beauty of such a tool is that not only does a company garner a more sophisticated picture of the overall risk it may be facing and perform enhanced due diligence as required, such an analysis allows a company to manage these risks more effective by deploying stronger management assets as called for through such a risk analysis.

As companies and regulators grow more sophisticated in the areas of anti-bribery and anti-corruption, best practices keep evolving. The risk assessment that a company does should inform its overall compliance program. The Country-Check tool is a very powerful instrument by which companies can perform a sophisticated risk analysis of a country which they are assessing. I suggest that you head over to the Country-Check website and take a look at the offering.


If you are in Phoenix or San Diego, the World Check FCPA Tour will be in your city this week. Please come out and here about the most current FCPA best practices.

Tuesday, May 3 from 8-10 AM PDT at McCormick & Schmick’s Seafood Restaurant, in Phoenix, AZ. For information and registration details click here.

Wednesday, May 4 from 8-10 AM PDT at San Diego Marriott Del Mar: Santa Fe Ballroom, in San Diego, CA. For information and registration details click here.


My colleague Howard Sklar had an interesting idea. It was that he and I do a video chat each week on the past week’s stories from the world of compliance. We have begun this journey and the results are “This Week in FCPA“; which can be found here.

Every week, Howard and I will get together and talk about the week’s events in FCPA. This week, we talk about the UK Bribery Act, and how companies should react; we discuss the Johnson & Johnson deferred prosecution agreement and J&J’s added undertakings; and we discuss the recent challenges to the idea that state-owned entities can be foreign officials. We also talk about what contract provisions should be in every contract, and whether audit rights are a good thing or not.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

Blog at WordPress.com.