Kroll and Compliance Week’s 2015 Anti-Bribery and Corruption Benchmarking Report, surveyed global compliance executives and revealed that, while compliance officers are aware of the risks of anti-bribery and corruption (ABC), they remain challenged in many areas when it comes to effectively managing related risks.
Key Trends & Takeaways
Here are a few of the most notable takeaways from the report from my perspective:
- Anti-Bribery & Corruption Programs Continue to Struggle With Effectiveness While Risks Rise: The survey results show that compliance officers are still struggling to create and effectively implement global ABC programs. This is worrisome because more than 50 percent of respondents reported that they expect their bribery and corruption risks to increase as their businesses expand globally. With this expansion will come a greater utilization of third parties—still the Achilles’ heel for most ABC programs.
- Third Party Compliance Failures Still a Significant Issue: High profile compliance failures and enforcement actions continue to have one thing in common: many of these actions (along with accompanying fines penalties and sanctions) were the result of third parties who failed to follow the law when it came to bribery and corruption. Yet, even knowing this risk is high, 48 percent of the survey respondents reported never training third parties. (This figure is similar to a finding from NAVEX Global’s 2014 Ethics & Compliance Training Benchmark Report in which 57 percent of respondents reported that they did not deploy any third party training.)
- Third Party Due Diligence is Uneven: Third party due diligence is perhaps the greatest single challenge for ethics and compliance officers. While 92 percent of survey respondents stated that they did conduct some form of due diligence on third parties, the type and comprehensiveness varied. Almost all of those who conducted due diligence used some form of risk-based process to determine the extent of due diligence to be conducted on each third party.
The eight percent of respondents who reported that they perform no due diligence on third parties are taking huge risks. The DOJ/SEC FCPA Guidance 2012 specifically addressed third party due diligence and monitoring, with the expectation that it occurs and is ongoing. Cavalierly ignoring basic due diligence and moving forward with engaging a third party with a history of bribery, or a third party who is listed as a politically exposed party will not be well-received by regulators.
- Automated Approaches to Third Party Risk Management are Growing: For organizations who are conducting due diligence, the questions still to be answered are, “How effective is my due diligence?” and “How can I ensure that I am being cost effective in my processes?” The survey seemed to suggest the same answer for both questions: automation. The report found that:
- 66% automate their anti-bribery and corruption program in some way
- Most automated tasks are training-related
- Only 26% automate the vetting of third parties
While automating third party training is a step in the right direction, third party due diligence is where the greatest opportunity lies to gain efficiencies and effectiveness. Not only does automating this process free up expensive head count, it can make the process more consistent and risk-based. This should increase the quality of third parties—and give the company comfort that they are knowledgeably engaging (or rejecting) appropriate entities to represent their company’s brand and reputation.
Automated systems can also continuously monitor databases to further ensure that third parties remain compliant—or if their qualifications change that the company is made aware of it in real time, hopefully before any damage can be done.
Automated due diligence is also invaluable for creating a legal defense through documentation. In the event that an organization is ever the victim of a non-compliant third party or the subject of a regulator’s investigation, an automated system can provide prompt and thorough documentation of the due diligence process that was undertaken. This can prove to be an invaluable insurance policy against fines or penalties.
While most CCOs recognize the need to address bribery and corruption in their organizations, the Kroll/Compliance Week report paints a picture of a struggle to keep up with growing risks and complexity. As programs continue to mature, the report suggests, executives will increasingly turn to automation—particularly in the areas of third party training and due diligence—to increase program effectiveness and better protect their organizations.