- Security TWENTY
- Women in Security
For a second year, third party violations of anti-bribery and corruption laws top the list of perceived risks for compliance professionals surveyed for the eighth annual Anti-Bribery and Corruption Benchmarking Report (“ABC Report”), a joint study by the risk management and investigations firm Kroll and the US-based Ethisphere Institute. The study shows compliance teams are grappling with the convergence of regulatory mandates, critical reputational factors, and data security issues as they try to protect their organisations from substantial financial and reputational harm as well as regulatory and legal exposure.
Despite the increased focus and robust deployment of resources supporting compliance, near all, 93 percent of the 448 respondents believe their ABC risks will remain the same or worsen in 2018. Those who expect a greater level of ABC risks attribute the rise to more enforcement of existing regulations, followed closely by new regulations. Indeed, heightened regulatory activity is evidenced in China’s official anti-corruption campaign over the past five years; the UK’s Criminal Finances Act and France’s Sapin II, both of which became effective in 2017; new anti-bribery and corruption law introduced worldwide, including in Germany, Ireland, and Slovakia; and US Department of Justice and Securities and Exchange Commission enforcement.
Steven J Bock, Global Head of Operations with Kroll’s Compliance practice, said: “The stakes are high and so is the risk level, which is likely causing some sleepless nights for the average compliance professional. In today’s hypersensitive business environment where a company’s hard-earned reputation can be easily lost through a lapse of judgment by a third party, the job of a conscientious compliance professional has never been tougher or more central to the success or failure of a business.”
The study also suggests that while reputational and integrity concerns remain the number one reason why a third party fails to meet an organisation’s standards, the corporate or ownership structure of a third party has emerged as a major concern for compliance teams. Notably, more than half of respondents reported that they were “concerned” or “very concerned” with beneficial ownership risks associated with their third parties, while less than 25 percent feel highly confident in ability to address these risks.
Bock said: “Compliance professionals have good reason to renew their focus on the ownership structure of third party companies with which they permit their company to associate. It’s about both reputation and regulatory risk—if you don’t know the true owner of a company you’re working with, you cannot effectively assess those risks, and corporate structures do not always lend themselves to an easy analysis of that question.”
Monitoring that includes a regular refresh of the underlying third party data emerged among the report findings as a key strategy for maintaining the effectiveness of anti-bribery and corruption programs overall, and especially for keeping up with potential ownership changes.
The report has good news. For example, 36 percent of respondents indicated that their organisation dedicated more resources to ABC issues in 2017 than in 2016. Executive leadership support also remains strong, as 92 percent of all survey respondents said that their leadership team is highly engaged or somewhat engaged in their ABC efforts.
Erica Salmon Byrne, Executive Vice President, Executive Director, Business Ethics Leadership Alliance, at Ethisphere, said: “The 2018 Anti-Bribery and Corruption Benchmarking Report brightly illuminates the challenges facing today’s compliance experts, including the likelihood that third party risks will grow in relevance and impact. We are encouraged, however, that partnerships across organisations continue to grow as company leaders assign greater priority to the adoption of best-in-class anti-bribery and corruption programs that protect not only individual organisations, but also the integrity of the global business ecosystem.”
Other findings include:
Regulatory focus on individual accountability heightens personal liability concern: 50 percent of respondents who reported post-onboarding issues with a third party indicated that the issues were discovered through ongoing monitoring.
Perceived risk: 65 percent of respondents think that their risk will stay the same in 2018, and 28 percent think it will increase.
ABC after onboarding and data: 75 percent of survey respondents monitor some or all of their third parties. Fifty-six percent of respondents whose organizations conduct monitoring opt to refresh third party data.
Mergers and acquisitions: 62 percent of respondents indicated they engaged in M&A activity in 2017. Yet the data continues to show that respondents are not conducting appropriate pre-acquisition due diligence.
Enterprise risks converge: most, 76 percent of respondents said they are “concerned” about data security risks related to third parties, while only 56 percent feel prepared to address them.