RIMS Australia: Corruption risk ‘has never been greater’

Despite the risk expectations around the threats attached to bribery and corruption, many organisations are failing to cover themselves in terms of policies and employee training.

EY partner, fraud investigation and dispute services, Campbell Jackson said the firm’s Asia-Pacific Fraud Survey 2015 provides a startling insight into the corporate bribery and corruption landscape.

Speaking at the RIMS Australia conference in Melbourne yesterday, Jackson said “there is no good news for corporates. The risk is just getting greater and greater”.

The survey of 1,508 interviews in 14 Asia-Pacific territories found that business success is being challenged by three aspects: increasing regulation, slower than expected economic growth and stronger local anti-corruption enforcement.

“The really interesting aspect in the survey is the expectation requiring strong and robust controls around anti-bribery and corruption,” Jackson said.

“These expectations come from staff members who want to see an ethical culture and a robust environment.

“The thing which really shocked me in the survey was that eight out of 10 people surveyed said they would be unwilling to work for a company involved in a bribery and corruption event, or with a history of bribery and corruption.”

According to the survey, some 45% of companies do not have a whistleblowing hotline, one in four companies do not have an anti-bribery and anti-corruption policy, and a further 40% do not provide any training around anti-bribery and anti-corruption policies.

“This is all astounding considering the risk attached to bribery and corruption,” Jackson said.

“The risk has never been greater, people expect a robust program to be in place, but organisations are still not doing enough in the basic areas of anti-bribery and anti-corruption risk, and mitigation,” he said.

Risk manager solutions

When it comes to the role that risk managers play in mitigating bribery and corruption risk, Jackson said communication is key.

“If you are not talking to your employees about the company procedures, mechanism and controls, then you are not address the risk,” he said.

“If ever a risk manager was going to do anything, now is the time. This is not scaremongering, the risk has never been greater.”

Jackson said a bribery and corruption event not only has ramifications for the share price and value of the organisation, but the reputation and integrity of the management.

“There is an expectation at a corporate level that risk managers should be across bribery and corruption risks, but this is not a one-size-fits-all exercise,” he said.

“Certainly, from experience, it requires consideration and a clear strategy to do what is important at the right time and pick off the low-hanging fruits, and strengthen and customise their ethics and corruption program.

“There is no point taking some ‘off-the-shelf’ risk management solution and embedding it if you are not going to promote the program, customise it and actually think about it periodically.

“Yes, this risk is on risk managers’ radar, but they are probably not doing enough currently,” he said.

In terms of how risk managers can successfully communicate bribery and corruption risks to employees and management, Jackson said risk managers must “tell the story”.

“There are high profile examples of bribery and corruption everywhere. Profit from the misfortune of other organisations – look at what they have gone through in terms of an bribery and corruption event, look at the impact on the organisation, including the resources it consumes, look at the impact on the share price and look at the overall perception of the customer base.

“That is before you even get to the financial implications.”

The seven stages of managing bribery and corruption risk

Jackson said risk managers can mitigate bribery and corruption risk by following seven steps:

1. Assessing risk at a granular level

2. Developing an anti-bribery and corruption program which is robust and dynamic

3. Defining and implementing policies that are clearly articulated and digestible by employees and management

4. Build, enhance and operate effective internal controls through the use of technology and data analytics

5. Training and education

6. Monitoring and evaluation

7. Review, realign and report.

“No industry is immune from bribery and corruption,” Jackson said.

“We are seeing an increasing trend in financial institutions but, ultimately, the opportunity to influence an outcome [through bribery and corruption] is widespread.

“In short, you cannot stick your head in the sand anymore. The expectation is too great,” adds Jackson.