Bridging the Great Divide
Global Fraud and Risk Report 2021/22 - Bribery and Corruption Risk
Global Fraud and Risk Report 2021/22 – Research Summary: Bridging the Great Divide
As we launch this year’s Global Fraud and Risk Report, incidents of bribery and corruption continue to destroy livelihoods and cost lives around the world.
The global value of bribery is now estimated to be as high as 1.75 trillion a year, or over 1% of global GDP.1,2 The risk of bribery and corruption also cannot be considered in isolation; it frequently goes hand in hand with other financial crimes, particularly fraud and money laundering. For instance, paying bribes often uses the same mechanisms to release cash as fraudulent activities and the process for disguising corrupt payments involves an inherent element of money laundering.
Public procurement is often highlighted as an at-risk area, with the UN reporting that approximately 10-25% of a public contract’s value may be lost to corruption.3 Across total government spending on public contracts, this amounts to hundreds of billions of dollars of funds often intended to finance essential infrastructure and community development for the world’s most vulnerable people. The risk of bribery and corruption is a two-way street–while governments need to design and enforce anti-bribery legislation and promote a zero-tolerance culture, corporates operating in the sometimes-blurry lines between the public and private sector where corruption thrives also need to bolster their own defenses against bribery. Besides the potential financial impact, the effect on corporate reputation and morale can be just as damaging.
It is therefore reassuring that this year’s Global Fraud and Risk Report reveals a growing focus on bribery and corruption risk in the boardroom. We found that 72% of respondents believe bribery and corruption risk is being given sufficient board-level attention and investment. Additionally, businesses are now arming themselves with the right weapons to combat this risk in a fast-changing international landscape. The vast majority (82%) of organizations have conducted enterprise-wide risk assessments in the past five years and 86% are using proactive data analytics to identify problems before they escalate.
Even so, these defenses must be carefully calibrated and targeted at specific risks to be effective. Despite the apparent focus on risk assessments and data analytics, 82% of respondents still feel corruption is significantly impacting their organizations. Thus, while boardrooms are giving greater attention to bribery and corruption risk, it appears most cannot yet identify and mitigate threats effectively.
One key reason may be globalization, which can put a great divide between distant senior management teams and the reality of local business practices. Organizations with overseas operations must ensure they have the data and insight to monitor all their business units around the globe. In addition, while creating a robust internal corporate culture is important, it does not necessarily filter through increasingly complex international supply chains. Almost half (46%) of our respondents cite a lack of visibility over third parties–including suppliers, customers, agents and distributors–as the leading source of bribery and corruption risk. Risks must be controlled both within and without and, if third parties are relied upon, they need to uphold the same anti-bribery and corruption standards.
The hasty reconfiguring of supply chains in the wake of COVID-19, often outside the usual corporate control structures, has only compounded this challenge. Equally, the pandemic has put organizations under greater financial pressure, with many potentially scrapping or delaying internal spending on preventing and detecting bribery and corruption.
Nonetheless, our findings only reinforce the need for organizations to maintain proper data governance and ensure they have appropriate data analytics capabilities which are aligned with their risk profile. Additionally, depending on the complexity of supply chains and geographical diversity, investing in more sophisticated analytical capabilities that help correlate nontraditional datasets, predict nefarious behavior, and enhance outputs and reporting may be necessary to spot the tell-tale signs of risk in an ocean of internal and external information. They must also consider other creative ways to maintain sight of the risks posed by their third-party relationships, and ensure they are training employees and contractors to spot the risks and know what to do when they see them. Implementing robust whistleblowing procedures that are tailored to each region are also a key component.
The Impact of Incidents
Worldwide, incidents of corruption and other financial crimes continue to take a heavy toll on organizations, with 36% reporting a very significant impact.
The largest organizations felt the effects of this illicit activity most significantly, and there appears to be an inflexion point with firms with a turnover of $10-15 billion (48%) or above $15 billion (57%) more likely to state the impact is very significant. This may be due to more complex company structures and supply chains, which in turn makes it harder to maintain visibility.
Firms in developing markets are feeling the greatest effects from corruption. Respondents most frequently reported a significant impact when based in China (98%), the Middle East (97%) or Sub-Saharan Africa (88%).
Ranking Regional Risk
When assessing the danger of bribery and corruption around the world, fast-growth developing markets were again identified as high risk. Ranking the top three regions for the threat of bribery and corruption, respondents most frequently chose the Middle East and North Africa (61%), Sub-Saharan Africa (59%), Latin America (49%) and Asia Pacific (43%).
Some regions are frequently perceived to be higher risk because of certain accepted business practices, lack of transparency in government and weak public institutions. Understanding and adapting to these local elements and cultures is a key part of managing bribery and corruption risk.
Risks From Within or Without?
When considering their organizations, most respondents cite a lack of visibility over third parties like suppliers, customers and distributors (46%) as presenting the greatest threat of bribery and corruption. In contrast, internal risk areas like weaknesses in record keeping (31%) or employee actions (23%) are regarded as less significant sources of risk.
Organizations may be more confident with internal risks because they are establishing solid processes to monitor and mitigate them. For instance, the majority (82%) have conducted enterprise-wide risk assessments in the past five years and 86% are now using proactive data analytics to identify problems before they escalate. Yet, this also suggests that organizations may not be combining internal and external information well enough to monitor outside threats confidently.
A lack of visibility over third parties is considered an even greater risk in more developed economies, such as Canada (56%), the U.S. (53%) and the UK (49%)–markets that are increasingly dependent on complex international supply chains.
Our respondents also suggest that organizations have high confidence in their employees, with only 23% citing this as the largest area of concern on average. In fact, when asked to rank the largest bribery and corruption threats to their organization, almost half (48%) of respondents globally ranked their own employees’ actions as the lowest risk–a stark contrast to the less than one in four who said that it was the highest.
Responding to the Challenge
The main drivers of a successful anti-bribery and corruption program include:
- Senior management making a strong commitment to implement an ethical culture
- Properly understanding risk throughout the organization
- Developing a robust control framework
- Using data analytics to identify and assess changing risks effectively both inside and outside the organization
This year’s Global Fraud and Risk Report focused on understanding to what extent these four elements are being deployed–and the results appear positive.
Internal business cultures that stress transparency and accountability as best practices are more effective at reducing the risk of bribery and corruption. Senior leaders play a crucial role in embedding this philosophy throughout an organization–establishing the proper tone from the top, aligning performance goals with ethical behavior and providing ongoing education to help employees navigate ambiguous situations.
It’s a positive sign then that our respondents see a growing focus on bribery and corruption in the boardroom, with 72% believing this challenge is being given sufficient board-level attention and investment. This is also a consistent opinion across different sectors, with the only notable outlier being the banking industry (53%), potentially since their focus is on preventing other illicit activities such as money laundering and sanctions breaches.
However, board-level attention to bribery and corruption does vary across regions, with respondents in both developing and developed countries continuing to feel that it is insufficient.
Our survey found that more respondents felt greater boardroom attention was required when based in Colombia (54%), the Middle East (45%), Australia (42%) and Russia (39%).
It appears that while board members are giving greater attention to the risk of bribery and corruption, there is still a great divide between head office expectations and the local business practices in regional offices or supply chains. To bridge this divide and mitigate the risk of bribery and corruption, organizations must go beyond blanket compliance policies. A top-down focus on long-term cultural messaging will be needed, alongside nuanced data analytics considering local business practices and attitudes.
Enterprise-Wide Risk Assessments
The vast majority (82%) of organizations have conducted an enterprise-wide risk assessment in the past five years to understand threats throughout their business. The uptake of risk assessments is also generally consistent across all regions, although it is least in Germany (63%), Canada (60%) and Russia (59%).
The global uptake of enterprise-wide risk assessments is surprisingly high–and though a positive, does not mean that the task is complete for businesses who have conducted one in the last five years. Very few organizations have updated their risk assessments to account for the changing post-COVID-19 landscape, so a risk assessment completed three years ago will no longer be sufficient.
Interestingly, the organizations that most frequently had not taken this step were in manufacturing (21%) or banking (20%)–two sectors where the most respondents reported a very significant impact from corruption. Additionally, while the likelihood of organizations undertaking an enterprise-wide risk assessment generally increased with higher turnover, those in the $10-15 billion range were a notable exception. Despite organizations of this size frequently reporting a very significant impact from corruption (48%), almost a quarter (23%) had not implemented risk assessments in the past five years.
Internal Control Frameworks
Our respondents also have good confidence in the ability of their internal control frameworks to detect and prevent high-risk activities when it comes to bribery and corruption. On average, 74% of respondents believe their internal control framework is effective. This remains true for companies of all sizes, as well as across different industries–although the least confident respondents were again from the banking sector (60%).
Given the continuing impact of bribery and corruption reported, is there reason to be skeptical of so much positive sentiment towards the effectiveness of internal control frameworks? With respondents drawn from across the C-suite, many may not be practically involved in managing anti-bribery and anti-corruption controls. Additionally, confidence in a control framework can only come from continuous testing–how can an organization know there is no problem until it looks?
Organizations must undertake regular risk assessments and third-party audits, as well as combine internal and external data for proactive analysis to identify risks early. Effective frameworks must also account for jurisdictional anomalies and cultural nuances to ensure that the control environment is adapted to changing circumstances. Such careful compliance testing is not only crucial given the rising dependence on complex international supply chains, but also now a legal requirement under many international anti-bribery laws.
Our respondents revealed that an unexpectedly high number (86%) of organizations are now using data analytics to detect bribery and corruption risk proactively. Adoption is particularly high in the Asia Pacific region, especially within China (98%), Singapore (97%) and India (92%), as well as in western nations like the UK (91%) and the U.S. (91%).
But is this mass uptake reflected in what we see on the ground? While most organizations can be expected to use some form of data analysis to monitor bribery and corruption risk, such an extensive and consistent level of adoption across most regions and industries is quite surprising. When coupling this with almost half our respondents (46%) citing a lack of visibility over third parties as a main driver of bribery and corruption risk, it points to data analytics capabilities not focusing on key risks and/or organizations not maintaining the proper collection/governance of data points to effectively monitor those risks. Effective use of data analytics should be able to counter this threat by combining internal and external information to identify red flags and detect anomalies. Organizations also need to consider whether the data they are analyzing is current. Using real time data analytics and applying the latest AI techniques is likely to be much more effective in detecting bribery than simply focusing on historical data, which may already be redundant.
Managing Third-Party Risk
Given the challenges organizations are facing with third-party risk, we can infer that most are not exploiting the full potential of data gathering and analytics as part of their ongoing third-party due diligence to provide adequate assurance over these elements.
To take control of both internal and external risks, companies must consider creative ways to receive reliable and timely on the ground information in all the places they do business. Organizations should then deploy a sophisticated approach to analyzing this information–running bespoke algorithms to spot anomalies not only at their headquarters and satellite offices, but also in their global supply chains. The pioneers of this approach are now regularly gathering data from their suppliers and distributors, so anomalies can be detected rapidly. This “real-time monitoring” raises red flags that deserve further analysis to reveal either false positives or genuine issues.
Therefore, while it is heartening to see so many organizations embracing data analytics as a powerful defense against bribery and corruption, our survey reinforces the importance of on the ground data gathering. Furthermore, organizations need the ability to carefully calibrate their analytics based on a deep understanding of their business and corresponding risk profile, as well as the expertise to interrogate and verify results correctly.
Only with such a sophisticated approach can organizations bridge the great divide between the C-suite, regional business practices, and third parties to effectively combat the risk of bribery and corruption.