Risk mitigation company Kroll, with Compliance Week, has released the 2015 Anti-Bribery and Corruption Report. First launched in 2011, the survey seeks to give professionals in the compliance field a wide-ranging insight into anti-bribery and anti-corruption programmes.
According to the report, chief compliance officers (CCOs) can expect to take away “a comprehensive view of the types of ABC (anti-bribery and corruption) risks they face, the resources available to fight them and how those resources can be implemented into compliance programmes”.
The respondents comprised almost 250 compliance executives from numerous countries and industries, including financial services, industrial manufacturing, business services and insurance. Their responses were filtered into four categories: risks, third parties, due diligence efforts and program effectiveness.
Responses were similar to those from previous years, says Kroll, indicating that no new risks had emerged – but the fact that the same risks persisted showed that CCOs still struggled to implement a global strategy for anti-bribery compliance and to bring vendor or third-party risks under control.
Some 51% of the CCOs surveyed did expect their bribery and corruption risks to increase in the coming year, the survey revealed – mainly because of expansion into unfamiliar new markets, or increased use of third parties. Another 29% expected their risk to remain stable, and both figures are almost the same as those from 2014.
Bribery and money-laundering remain top risks
Respondents in 2015 echoed those from last year in identifying bribery (93%), money laundering (61%), bid-rigging (60%) and price fixing (65%) as the main types of corrupt behaviour they should be on guard against.
Trailing the big four are conflict minerals (27%) and human trafficking (26%).
Other results that have not changed much between the 2014 and 2015 surveys include how companies manage their bribery risk; whether their anti-bribery policy is a discrete, documented process (41%) or part of a broader policy addressing various compliance risks (38%); whether written ABC policies are embedded in the code of conduct (74%); and the frequency of risk assessments (67% at least annually and 10% quarterly). Nearly 90% are aware of local anti-bribery statutes in various markets where they operate.
This year, Kroll asked CCOs for the first time how confident they are that their companies’ financial controls would catch violations of the Foreign Corrupt Practices Act in their books and other records. A substantial 48% expressed firm confidence, while 36% have moderate confidence and 15% have low confidence in those controls.
Of the more than half who said they were not confident of their financial controls, the main concern was “poor reporting relationships or collaboration,” indicating that finance department employees might not know to bring suspicions of possible improper payments to the compliance officer.
“Recent enforcement actions focused on books and records make clear that, when it comes to scrutinising payments made to third parties, both compliance and finance cannot work independently of each other,” says Kroll.
Third parties
Outside vendors and other third parties are involved in 92% of respondents’ work. The average number of third parties is around 2 900, with more than 20% of respondents having to deal with over 5 000.
Kroll notes that conducting due diligence on a large number of third parties might deter companies, because it’s “like trying to change out the engine of a moving car. It’s a daunting proposition, that companies may avoid because of the logistics and difficulties involved.”
But companies can at least include a copy of the code of conduct while sending other correspondence, and ask third parties to certify to it. Fifty-eight percent of companies rate their due diligence procedures as either effective or very effective, although it's a sure bet that those procedures involve more than just a code of conduct.
The good news is that only 8% of companies admitted performing no due diligence at all on potential third parties. “Due diligence is really one of the keys to any type of compliance program, whether related to conflict minerals, anti-bribery and corruption, or anti-money laundering,” says Kroll.
Third parties continue to pose a risk once the business relationship is up and running, yet only 27% of respondents said they trained their third parties at least once a year on their anti-bribery and anti-corruption policies. Those who trained less than once a year made up 24%, and those who never trained made up 48% – an improvement on last year’s 58%.
