In February 2022, Kroll analyzed data from 100 U.S. and Canadian compliance professionals, the vast majority of whom projected confidence in their firms’ ability to meet challenges posed by new or tightened regulations. Buoyed by confidence in their firms’ compliance culture and senior leaders’ commitment to the compliance function, most U.S. and Canadian respondents to Kroll’s 2022 anti-bribery and corruption (ABC) survey anticipated that ABC risks to their companies would stay the same in 2022 as compared to the prior year. However, a broader look at the reported capabilities of the respondents’ compliance programs tells a different story–one that reveals potential gaps in third-party due diligence that could hinder their firms’ ability to navigate risk in the face of future regulations, enforcement trends or unexpected upheavals in the geopolitical landscape.
In the U.S. and Canada, 70% of survey respondents ranked their companies’ ABC programs as effective, including 45% that ranked them as very effective. Over 60% attributed their confidence in the programs to the results of internal audits and the absence of bribery or corruption incidents identified to date. Respondents also overwhelmingly maintained that their organizations are meaningfully committed to a culture of integrity (74%), that senior management within the organization supports the compliance function (75%) and signals that compliance and accountability are important (75%), that new business initiatives receive appropriate risk assessment (72%) and that performance goals and incentives do not conflict with compliance processes (74%).
Looking forward, 54% of respondents in the U.S. and Canada indicated that their organization’s compliance function would likely take on increased responsibility in 2022, while 40% were unsure. Survey results suggest modest concern for developments in the regulatory environment in the next 12 months, and only 23% of respondents believed that their organizations’ bribery and corruption risks would increase in 2022. Taken together, the data indicates that compliance professionals in the U.S. and Canada felt prepared to tackle the ABC challenges on the horizon. While the U.S. and Canadian governments have signaled an increase in anti-corruption enforcement activity, respondents may have been lulled into a false sense of security by record low enforcement of the Foreign Corrupt Practices Act (FCPA) in the U.S. in 2021 and negligible Corruption of Foreign Public Officials Act (CFPOA) enforcement activity in Canada since 2020.
Overview of ABC Regulatory Environment in the U.S. And Canada
According to Stanford Law School’s FCPA Clearinghouse (FCPAC), FCPA enforcement activity in 2021 fell to its lowest point since 2006. The U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) launched 18 FCPA enforcement actions in 2021, compared to 39 in 2020 and 53 in 2019. FCPA-related investigations into entities–a harbinger of future enforcement activity–also declined from 13 in 2020 to 5 in 2021.1 Rather than indicative of a long-term trend, the slowdown has been driven by the continuing impact of the COVID-19 pandemic, turnover in DOJ and SEC leadership at the beginning of the Biden administration and low levels of corporate self-disclosures in recent years.
In Canada, the 2018 passage of federal legislation–allowing for use of remediation agreements (Canada’s version of deferred prosecution agreements) in foreign bribery and corruption cases–set the stage for heightened enforcement activity. However, Canadian authorities have yet to execute any agreements under the new legal framework, partially due to stifled Royal Canadian Mounted Police (RCMP) investigative capacity during the pandemic. Early adoption of the remediation agreement regime may have also been thwarted by controversy that erupted in 2019 over the Trudeau administration’s alleged attempt to pressure public prosecutors into negotiating a remediation agreement with SNC-Lavalin, a Montreal-based engineering company that was charged with bribing Libyan officials.2 Critics have characterized the tool as a break for companies facing criminal prosecution and have questioned its ability to deter corporate misconduct.
Perhaps motivated in part by low enforcement, 46% of the U.S. and Canadian compliance professionals surveyed in 2022 expressed concern about the regulatory landscape in the coming year, compared to 62% of respondents surveyed six months earlier. Among those expressing concern in 2022, 58% cited a stricter and increased regulatory environment and 45% cited increased enforcement activity as leading reasons for their apprehension. When asked to assess the ABC risks posed to their compliance programs, 77% of U.S. and Canadian respondents surveyed in February 2022 said that the risks would stay the same or decrease, whereas only 50% expressed this sentiment in August 2021.
Despite these perceptions, since President Biden declared the fight against corruption a core U.S. national security interest in June 2021, a raft of ensuing directives and strategic moves have signaled the U.S. government’s intent to ratchet up its fight against corruption and illicit finance.3 The United States Strategy on Countering Corruption, issued by the Biden administration in December 2021, announced that the administration would enhance interagency and international cooperation, surge law enforcement resources and strengthen regulatory regimes dedicated to combatting corruption.4 Echoing these strategies, in October 2021 Deputy Attorney General Lisa Monaco announced efforts to “surge resources” to DOJ prosecutors that includes, among other augmentations, increasing the department’s Criminal Fraud Section law enforcement personnel.5 Collectively, these measures increase the capacity of U.S. authorities to identify, investigate and prosecute incidences of bribery and corruption. Indeed, in January 2022, Nicholas McQuaid, a top official in the DOJ’s Criminal Division, pronounced a “very robust pipeline” of enforcement activity in the coming year.6
In Canada, the RCMP also claims that, despite the scrutiny it attracted in 2019, the remediation agreement regime has prompted Canadian companies to begin self-disclosing potential CFPOA violations to avoid harsher consequences. This is a development that the law enforcement authorities encourage. In January 2022, RCMP anti-corruption investigators disclosed that they were probing possible illicit activity of several Canadian companies operating in Africa, Eastern Europe and South America.7
While time will tell whether FCPA and CFPOA enforcement activity will increase as advertised, Russia’s war on Ukraine in late February may jumpstart and reinvigorate such activity. Of the U.S. and Canadian respondents who expressed concern over the regulatory horizon, only 25% attributed geopolitical risks as a top reason. Notable, however, 84% of survey participants in U.S. and Canadian issued their responses prior to Russia’s war on Ukraine. Days after the war began, and an onslaught of international sanctions targeted Russia, the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an advisory on increased vigilance for potential Russian sanctions evasion attempts,8 and Attorney General Merrick Garland announced the establishment of Task Force KleptoCapture–an interagency law enforcement task force aimed at prosecuting violations of U.S. sanctions and other countermeasures imposed against Russia.9 The task force will leverage civil and criminal asset seizure and a wide range of investigative methods, including data analytics and information from financial regulators, foreign intelligence sources and the private sector to fulfill its mission. Any financial institution or company with ties to Russia can expect increased scrutiny as a result of these new strategic moves.
Potential Gaps in Third-Party Due Diligence
With new risks and regulatory requirements to navigate, the effectiveness of an organization’s compliance program is all the more essential. And while tone at the top is an important foundational element of an effective compliance program, one of its main pillars is also a robust third-party management process that employs risk-based due diligence and ongoing monitoring of third-party relationships.10 Here, unfortunately, responses from U.S. and Canadian survey participants were indicative of programs that fall short of effectively mitigating third-party risk. Most survey respondents (69%) indicated that their firms conduct some form of due diligence on third parties, but only 48% indicated that their firms conduct a more thorough assessment, or “enhanced due diligence.” Those who conduct enhanced due diligence primarily do so when red flags are identified by a screening database or other onboarding process (59%), if the third party operates in a high-risk jurisdiction (55%) and/or when warranted by the size of the commercial opportunity with the third party (51%). According to survey results, 41% of respondents’ firms do not conduct enhanced due diligence on their third parties, citing lack of necessity (56%) and lack of budget (44%) as the primary reasons. FCPAC data indicates that nearly 90% of FCPA matters (groups of related enforcement actions that share a common bribery scheme) allege bribery involving third-party intermediaries such as agents, consultants or contractors.11 However, about a third of respondents in the U.S. and Canada indicated that their company never provides ABC training for third parties, and when prompted for a primary reason (beyond financial expense), 83% of respondents pointed to lack of perceived purpose. According to 49% of respondents, their organizations do not have a process to validate and attest to other organizations’ use of third parties, compared to 35% who indicated that their firms have such a mechanism. Survey data further portrayed a lack of confidence in third parties’ awareness of, as well as alignment and compliance with, the respondents’ organizations’ ABC policies. While third-party questionnaires provide a convenient method for collecting documentation about an organization’s compliance policies and procedures and other data to aid in risk ranking, only 29% of U.S. and Canadian compliance professionals said that they utilize questionnaires to assess risk in their third-party network, and 10% indicated that they do not assess such risks at all.
Claiming a strong culture of compliance and expressing relatively mild concern over the potential of growing bribery and corruption risk and increased regulation and enforcement, most compliance professionals in the U.S. and Canada exuded confidence in the effectiveness of their compliance programs in early 2022. Survey data suggests that a significant portion of respondents expressed this view despite apparent gaps in third-party risk management and signs that regulatory and enforcement trends may not hold steady. Indeed, the past few years have taught us to expect the unexpected. A major geopolitical conflict that would ignite unprecedented levels of economic warfare through sanctions was not likely at the forefront of most strategic plans at the beginning of the year. As a result, the effectiveness of these compliance programs is now being put to the test much sooner and more rigorously than expected.
7 Bronskill, J. (2022, January 8). Mounties eye corruption cases involving Canadian firms and new ways of resolving them. The Canadian Press.
Join Kroll’s compliance experts for our upcoming webcast on Wednesday, June 22 where they discuss the 2022 ABC Benchmarking Report and the challenges and evolution of anti-bribery and corruption for compliance professionals.
Complying with anti-money laundering and anti-bribery and corruption regulations.
Comprehensive spectrum of background checks, screening and due diligence services.
Supporting corporate third-party management programs to drive risk-based due diligence decisions.
Kroll helps clients navigate the complexities of today’s regulatory environment through a broad suite of anti-money laundering compliance screening and due diligence offers.
Identifying, assessing, mitigating and monitoring third-party risk in modern supply chains
Kroll is trusted by companies worldwide to help establish policies and programs aimed toward preventing fraud and complying with anti-money laundering (AML) and anti-bribery and corruption regulations.
Kroll helps clients mitigate and respond to the risks associated with international anti-corruption legislation.
Kroll’s anti-money laundering (AML) solutions are designed to help minimize the risks associated with money laundering and other illicit activities and to ensure compliance through the development and management of ongoing compliance programs and processes.