The risk assessment process is important to establishing a well-designed and effective compliance program tailored to the unique risks a particular company faces. The risk assessment achieves a number of important compliance objectives for a company, including:

• Fostering discovery of relevant risks, processes and controls
• Educating leadership about compliance concerns
• Promoting preventive and early detection strategies over reactive strategies
• Identifying business strengths and stakeholders
• Facilitating satisfaction of corporate director obligations

View full image: How often does your organization conduct a documented anti-corruption risk assessment? (PDF)

Most companies conduct regular anti-corruption risk assessments

More than three-quarters of respondents (79%) conduct documented anti-corruption risk assessments, and almost half (48%) conduct these assessments annually or more frequently.

Almost one in five companies (18%) with fewer than 10,000 employees did not conduct an anti-corruption risk assessment and do not plan to conduct one.

Companies in the energy & natural resources and pharma/healthcare industries are most likely to conduct risk assessments, with 94% and 93% of respondents in these industries, respectively, conducting risk assessments.

Companies in the financial services and technology, media & telecom industries were comparatively less likely to report that they conducted (15%) or planned to conduct (17%) risk assessments.

View full image: Our organization’s board is adequately engaged in discussions about our… (PDF)

Companies conducting anti-corruption risk assessments report more engaged boards

Anti-corruption risk assessments are a foundational element of an effective compliance program. They help companies identify and prioritize risk and provide an important means of communicating internally, including with senior management and the board, about the anti-corruption compliance program and how best to deploy resources to manage and mitigate risk. Having senior management and the board appropriately informed about and engaged on compliance issues is important in establishing and maintaining the company‘s overall culture of compliance and "tone at the top."

Our results show that respondents that perform risk assessments were more than twice as likely to agree with the proposition that their boards are adequately engaged with respect to their anti-corruption compliance programs, resources and risks. Conversely, respondents not conducting anti-corruption risk assessments were approximately four times more likely to disagree with the proposition that their boards are adequately engaged with these topics.

View full image: What do you view as the greatest anti-corruption risk facing your company? (PDF)

Use of third parties cited as the biggest corruption risk companies face

Use of third parties is seen as the most significant corruption risk (59%) among respondents.

For all industries other than financial services, use of third parties is seen as the biggest risk. Companies from the pharmaceuticals/healthcare industry and the technology, media & telecommunications industry consider this risk to be particularly significant, scoring 83% and 72%, respectively.

As the size of the organization increases (both by revenue and number of employees), it is more likely to consider the use of third parties as the biggest corruption risk. This may be because larger entities engage with a wider range of third parties.

_{White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.}

_{This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.}

_{© 2023 White & Case LLP}