Tuesday, 02 January 2018 15:52

Companies need compliance policies and third-party checks to avoid data security breaches and corruption

Robust compliance policies, the development of ‘risk maps’ and ongoing staff training will help businesses lessen the impact of security breaches originating in third parties

It is vital that businesses in Latin America have stringent internal compliance policies – and also carry out thorough due diligence of vendors and suppliers in other countries – in order to minimise the risk of data security breaches and corruption.
The priority for companies should be risk assessment, including for example, the development of heat maps that show what the main risks are in which jurisdictions, attendees at an event hosted by The Latin American Lawyer – with international law firm Diaz, Reus & Targ – heard in Miami. This enables companies to prioritise what action they will take in the event of a breach – this is especially important if the risk is directly linked to applicable US laws. However, understanding local concerns should also be a priority in order to minimise the risk of breaking laws and regulations in jurisdictions where the company is operating.
Having a robust compliance policy, while also plotting the level of risk in different areas, in addition to ongoing staff training, will help businesses lessen the impact of security breaches originating in third parties. Meanwhile, multinationals need to transfer their culture of compliance to third parties “from day one”, event participants heard. Gary Davidson, partner at Diaz, Reus & Targ, said senior executives in businesses should take responsibility for leading the way when it comes to developing a culture of compliance. “It should start at the top,” he added. “Senior management must cultivate a culture of compliance for the effective implementation of the programme.” Marta Colomar-Garcia, administrative managing partner at Diaz, Reus & Targ, said: “Multinationals should align compliance with risk management, addressing local issues in different regions, countries or areas.”
Some in-house counsel who participated in the event recommended conducting detailed due diligence with third parties, vendors or local partners. It was also recommended that company lawyers and compliance officers should make sure compliance policies and procedures from headquarters are properly explained when training local partners. Colomar-Garcia said training and testing are key to a successful compliance programme and companies should invest properly in employee training. “When allegations of corruption arise, the internal investigation must be credible and efficient” said Michael Diaz, global managing partner of Diaz, Reus & Targ.  
Furthermore, lawyers and executives in the headquarters of multinationals should understand the potential risk and compliance issues they face in the foreign jurisdictions where they do business. Diaz said that, in the case of Latin America, companies are often doing business with the government, which requires obtaining licenses and permits – this in turn presents a higher risk of being asked for bribes, and therefore violating US regulations.
In addition, multinationals should be aware of certain red flags when signing contracts, such as when the local partner or vendor does not want to sign a compliance clause, or prefers to use their own code of conduct and regulations instead. This is remarkably common in certain jurisdictions in Latin America, when family-owned businesses are dominant, participants said. Sometimes screening and monitoring third parties is the only way to assess risk when doing business in a foreign country, explained Colomar-Garcia.

Preventing corruption
When a potential, or actual breach is detected, companies need to react immediately and efficiently, said Davidson. There should be a response at both local and management level, so leadership can cooperate, while at the same time keeping the business running, added Colomar-Garcia. In such situations, external counsel in high-risk jurisdictions have a key role to play in helping multinationals with third party due diligence and ‘know-your-partner’ policies to prevent potential corruption.
External counsel can also play an important role in the immediate aftermath of a breach or potential threat. According to Neyde Correia, regulatory and compliance counsel at Globenet, it is extremely useful for law firms to have a list of third party providers specialised in public relations and crisis control. “Thinking about the reality of small and medium-size companies that do not have a corporate relations or PR department, being able to have quick alternatives to assist on those fronts is definitely useful,” she said.
External law firms can also provide a prompt assessment and develop a preliminary actions plan in the case of a breach, says Correia. Attendees heard that, as time is of the essence when companies are in crisis mode, having a law firm able to provide a risk assessment, as well as forms and templates for action plans that can be easily adapted to the situation, is very useful, she added.

Event: Reality bites – Third party risk in Latin America
Location: Miami
In collaboration with: Diaz, Reus & Targ

Iberian Lawyer
N.105 • June 2021

IL98 cover SP IL94 cover EN

The Latin American Lawyer
N.19 • May - June 2021

IL98 cover SP IL94 cover EN

IpTmtAwardsSpain 2021 300x100 finalists 1

IL LatamAwards STD 300x100 1

IL LatamAwards STD 300x100 1

IL LatamAwards STD 300x100 1

IL LatamAwards STD 300x100 1

IL LatamAwards STD 300x100 1

IL LatamAwards STD 300x100 1

IL LatamAwards STD 300x100 1

IL LatamAwards STD 300x100 1

IL LabourAwardsPT 300x100 Finalists3

This website uses cookies

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the IberianLawyer website. However, you can change your cookie settings at any time. Learn more

I agree

What do I need to know about cookies?

A cookie is a small text file that’s stored on your computer or mobile device when you visit a website. We use them to:

  • Remember your preferences
  • Tailor our sites to your interests.

There are different types of cookies

First party cookies

These are set by the website you’re visiting. And only that website can read them.  In addition, a website might use a separate company to analyse how people are using their site. And this separate company will set their own cookie to do this.

Third party cookies

These are set by someone other than the owner of the website you’re visiting. 

Some IberianLawyer web pages may also contain content from other sites like Vimeo or Flickr, which may set their own cookies. Also, if you Share a link to a IberianLawyer page, the service you share it on (e.g. Facebook) may set a cookie on your browser.

The IberianLawyer has no control over third party cookies.

Advertising cookies

Some websites use advertising networks to show you specially targeted adverts when you visit. These networks may also be able to track your browsing across different sites.

IberianLawyer site do use advertising cookies but they won’t track your browsing outside the IberianLawyer.

Session cookies

These are stored while you’re browsing. They get deleted from your device when you close your browser e.g. Internet Explorer or Safari.

Persistent cookies

These are saved on your computer. So they don’t get deleted when you close your browser.

We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.

Other tracking technologies

Some sites use things like web beacons, clear GIFs, page tags and web bugs to understand how people are using them and target advertising at people.

They usually take the form of a small, transparent image, which is embedded in a web page or email. They work with cookies and capture data like your IP address, when you viewed the page or email, what device you were using and where you were.

How does the Iberian Lawyer use cookies?

We use different types of cookies for different things, such as:

  • Analysing how you use the IberianLawyer
  • Giving you a better, more personalised experience
  • Recognising when you’ve signed in

Strictly Necessary cookies

These cookies let you use all the different parts of Iberian Lawyer. Without them services that you have asked for cannot be provided.

Some examples of how we use these cookies are:

  • Signing into the IberianLawyer
  • Remembering previous actions such as text entered into a registration form when navigating back to a page in the same session
  • Remembering security settings which restrict access to certain content.

Performance cookies

These help us understand how people are using the IberianLawyer online, so we can make it better. And they let us try out different ideas.
We sometimes get other companies to analyse how people are using the IberianLawyer online. These companies may set their own performance cookies You can opt out of these cookies here.Some examples of how we use these cookies are:

  • To collect information about which web pages visitors go to most often so we can improve the online experience
  • Error management to make sure that the website is working properly
  • Testing designs to help improve the look and feel of the website.
Cookie nameWhat it's for
Google DoubleClick The IberianLawyer uses Google DoubleClick to measure the effectiveness of its online marketing campaigns.Opt-out of DoubleClick cookies
Google Analytics From time to time some IberianLawyer online services, including mobile apps, use Google Analytics. This is a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate use of those services and compile a report for us.Opt-out of Google Analytics cookies