Engagement with third parties seen as the greatest anti-corruption risk
New research from White & Case and KPMG LLP shines a spotlight on how companies are navigating compliance issues in the face of greater regulatory scrutiny
5 min read
A new report from global law firm White & Case LLP and the Risk & Compliance Advisory practice of KPMG LLP reveals the current state of compliance on key issues across industries, geographies, and organizational sizes. It also shines a spotlight on anti-corruption and other compliance challenges faced by companies, emerging trends in compliance management and strategies employed by companies to manage their compliance risk.
Noteworthy findings from the report include:
Adoption of data analytics in compliance
- The use of data analytics across compliance is still in its nascent stages with most companies (69%) reporting a basic or developing data analytics strategy. Just over one-fifth (21%) of respondents do not currently use data analytics for compliance and ethics at all.
- Adoption of data analytics was lowest among smaller companies. Approximately 30% of respondents with annual revenue under US$10 billion do not use data analytics for compliance and ethics. Conversely, over 95% of respondent companies with revenue over US$10 billion per year use data analytics for compliance risk.
- The top three uses of data analytics in compliance are: enhancing risk assessments (58%); reporting (58%); and managing training and certification (55%)
Managing third parties
- Engagement with third parties presents the greatest anti-corruption risk, according to over half of respondents (59%).
- To help manage the risk of third-party engagement, most respondents have written policies for employee interaction with third parties (87%) and use anti-corruption provisions in their written agreements with third parties (91%). There is more of a split when it comes to training, with just over half (53%) not requiring third parties to complete anti-corruption training.
- 39% of respondents do not include a compliance-related audit provision in their third-party agreements. For companies that do, the vast majority (86%) do not include a provision that shifts the reasonable cost of failed compliance audits to the third party. Of companies that have audit rights in their third-party agreements, 62% exercise them.
- Just over one in 10 (11%) respondents have faced pressure to approve the engagement of a third party that presented an unacceptable corruption risk, with 9% reporting that it happened more than once or with more than one third party.
- This figure rose to just under one in five (18%) amongst those working in financial services.
Reporting and escalating compliance issues
- Despite the importance of employees being aware of and comfortable using reporting and escalation mechanisms, only half of respondents (51%) state their company measures employee awareness of mechanisms and even fewer (36%) measure employees' comfort with using them.
- There is also a significant number of front line compliance personnel unsure of how or whether their organization monitors employee awareness of how to report concerns: 33% of legal teams; 25% of investigative directors; and 19% of compliance and ethics officers.
- The most common reasons for a reluctance to report potential compliance issues include fear of retaliation (55%); concern that nothing will be done (50%); and concern that reporting is not anonymous (47%).
Emerging concerns – ESG and cybersecurity
- Almost two in five companies (38%) are yet to clearly define Environmental, Social and Governance (ESG).
- Unsurprisingly, energy and natural resources companies have made the most headway defining ESG (67%), followed by technology, media and telecom companies (61%).
- Larger companies are more likely to have ESG policies, with 54% of companies with revenues over US$50 billion reporting that they had ESG policies, compared to 37% of companies with revenues below US$250 million.
- The top three ESG priorities companies reported were: diversity and inclusion (46%); climate change and pollution mitigation (38%); and privacy and data protection (27%).
- Looking more broadly across all areas of compliance, cyber security is seen as the biggest compliance issue for companies (scoring 35%), followed by privacy and data protection (17%).
Anti-bribery and corruption (ABC) risk assessments
- Companies in the energy and natural resources sector, as well as the pharmaceutical and healthcare industries are most likely to conduct risk assessments, with 94% and 93% of respondents in these industries, respectively, conducting assessments.
- While in general most companies (79%) report conducting documented anti-corruption risk assessments, almost one in five companies (18%) with fewer than 10,000 employees have not performed an anti-corruption risk assessment and do not plan to perform one.
- Respondents that perform risk assessments are over twice as likely to agree with the proposition that their boards are adequately engaged in discussions about anti-corruption compliance programs and resources and anti-corruption risks.
White & Case partner Darryl Lew commented: "Companies are having to navigate an increasingly complex regulatory landscape and increased cooperation globally among enforcement authorities. This reality makes robust risk-based and data-driven compliance programs more important than ever. Third party engagement has been and remains a particularly prevalent risk. The increasing focus on ESG, rise in cybercrime rates, and advent of AI are but three examples of the evolving business environment, and compliance teams must adapt their programs accordingly."
White & Case partner Anneka Randhawa said: "The survey findings highlight that those responsible for compliance must remain agile, responding to new risks as well as harnessing new opportunities to strengthen compliance management, such as data analytics. At the same time, for the success of any compliance program it is essential for companies of all sizes to cement employee awareness and confidence in reporting, escalation and investigation procedures."
Matt McFillin, Forensic Services Partner at KPMG LLP shared: "As large and small market cap companies continue to evolve their compliance organizations for ABC risk, the root of most ABC issues continues to be the same thing - Third party actors working on behalf of their companies and not company employees. Managing third parties is continuing to be a challenge. Leveraging tools to proactively assess and monitor such as AI, machine learning, advanced data & analytics can be a game changer and save money in the long run."
For more information please speak to your local media contact.