EY’s 13th Global Fraud Survey, Overcoming compliance fatigue: reinforcing the commitment to ethical growth, has found concerning levels of perceived fraud, bribery and corruption across the world. And, regarding emerging threats, despite the apparent global consensus on the significant scale of the threat of cybercrime, almost half of the respondents (48%) considered it to represent a very or fairly low risk to their business.
These survey findings suggest that executives may not have a proper appreciation of cybercrime risks. Respondents see hackers as the biggest concern (48%) and are underestimating the risk from organized crime syndicates as well as foreign states.
The survey included in-depth interviews with more than 2,700 executives across 59 countries, including chief financial officers, chief compliance officers, general counsel and heads of internal audit. Nearly 40% of all respondents believe that bribery and corruption are widespread in their country.
With respondents portraying a business environment of pervasive corruption in many countries, it would appear that management and boards are struggling to respond to long-standing threats, let alone addressing emerging risks such as cybercrime.
David Stulb, Global Leader of EY’s Fraud Investigation & Dispute Services (FIDS) practice says, “With high-profile cybercrime incidents making headlines on a regular basis, boards should expect management to have a robust incident response strategy in place. Pressure on companies for timely disclosure of breaches is rising in many jurisdictions as well, so these issues require attention from the legal and compliance functions. The U.S. Securities and Exchange Commission is increasingly focused on cyber risks as they relate to the integrity of financial statements too, so audit committee members have to be alert to today’s cyber threat environment.”
Is the C-suite making the right risk management choices?
The C-suite’s difficulties can only be heightened by insufficient awareness of the risks they face. Our survey found that they are less likely than their teams to attend anti-bribery/anti-corruption (ABAC) training (38%) or participate in an ABAC risk assessment (30%).
This is alarming given that these executives are apparently exposed to circumstances which threaten their integrity on a regular basis. Twenty-one percent of CEOs said that they had been approached to pay a bribe in the past, compared with 10% of all C-suite interviewees.
Worryingly, given their role in setting an ethical tone from the top, a significant minority (11%) of CEOs considered misstating financial performance to be justifiable in order to help a business survive an economic downturn, compared with 6% of all respondents.
Stulb continues, “Given the risk of management overriding financial controls, the implications for boards from these findings about C-suite integrity are serious. Enhancing board connectivity with business and finance leaders in the company – but below the C-suite – would be useful to confirm that the board is getting the full and accurate picture. With regulators committing additional resources to prosecuting financial statement fraud, and cooperating frequently with prosecutors from other jurisdictions, the stakes have never been higher.”
Kenan Burcin Atakan, EY’s Romania Fraud Investigation & Dispute Services Leader, highlights: “There is no universally applicable set of measures to put in place for an affective compliance program. Compliance teams should be doing all they can to find fresh approaches to tackle regulatory risks. Especially when emerging markets are concerned, without losing its spirit, the global compliance solutions should be customized to address local challenges for a smooth transition”.
The need to reinvigorate compliance
The survey also found that compliance fatigue within businesses appears to have set in at a time when they can least afford it. In a regulatory environment in which international cooperation is becoming more frequent, our respondents described a largely static internal compliance environment:
? One in five businesses still do not have an ABAC policy
? 45% of organizations have not introduced a whistleblowing hotline
? Less than 50% of respondents have attended ABAC training
? Less than a third of businesses are conducting anti-corruption due diligence as part of their mergers and acquisitions process.
“Enforcement of anti-bribery/anti-corruption laws has become more intensive, with significantly strengthened cross-border cooperation among regulators,” explains Stulb. “With new, tougher laws in numerous jurisdictions, and enhanced prosecutorial powers and bigger budgets for law enforcement in certain key geographies, this trend is not just a US phenomenon. Despite numerous recent high-profile prosecutions of major multinationals and their executives, many companies continue to miss opportunities to implement robust ABAC policies and risk assessments. Too few are regularly conducting anti-corruption due diligence. CEOs can do more to lead from the front on these matters, and boards and other stakeholders should intensify their efforts to challenge management to reinforce their commitment to ethical growth.”
