RiskFinancial CrimeSurvey shows companies falling short on compliance

Survey shows companies falling short on compliance

The latest annual report on international business attitudes by Control Risks finds that companies are failing to back up their rhetoric.

Companies across the world are not backing up their rhetoric on compliance with the appropriate level of resources and prioritisation, according to a research report from Control Risks.

The specialist risk consultancy’s report of international business attitudes to legal and compliance risk, published today, is based on a survey of senior executives responsible for compliance at 1,000 companies worldwide.

The two countries best represented in the sampling are the US (26% of the total) and the UK (27%). Other respondents came from Africa (5%), Asia/Pacific (15%) continental Europe (11%), Latin America (11.5%) and the Middle East (4.5%). Five sectors were represented: financial services, manufacturing, infrastructure/construction, life sciences and oil/gas.

The research reviewed a range of global compliance issues, from anti-corruption to anti-money-laundering (AML), anti-trust, privacy and data protection.

Responses shows that large companies (with more than 10,000 staff) are still not putting enough resources into compliance; 26% those companies surveyed reported that they invest less than $25 (£19/€23) per person a year on compliance. Similarly, 28% of large companies have compliance teams of just five people or less.

The extent to which compliance functions are stretched contrasts with the increasingly aggressive and joined-up activity of enforcement agencies across the world and the punitive fines imposed on companies for non-compliance.

In 2016, 30 companies were fined a total of US$2.4bn for non-compliance under the US Foreign Corrupt Practices Act (FCPA) for example, and in the UK the Serious Fraud Office (SFO) is stepping up its efforts to enforce the Bribery Act. In January 2017, Rolls Royce paid nearly £500m to settle a longstanding SFO anti-bribery investigation, as well as a further US$170m to the US authorities on related charges.

“Companies are in danger of putting themselves at risk by failing to prioritise and integrate compliance within their businesses,” said Richard Fenning, chief executive officer (CEO), Control Risks. “While the necessary investment will vary widely between organisations, many companies are woefully under-resourced to deal with the increasingly complex, constantly evolving and often contradictory regulatory environment.

“Those companies that get it right recognise that, as well as mitigating against heavy fines, legal fees and reputational damage, well planned and executed compliance risk management can help capitalise on opportunities that they would otherwise miss, especially in high-risk markets.”

According to the report; “there is no single compliance model – nor should there be – however, only 27% of respondents reported that their companies’ chief compliance officers attend all board meetings. Furthermore, only 56% of large companies said they have an ethics and compliance committee.

“Compliance officers must also be more pro-active in managing compliance risks and trying to mitigate issues before they arise. There is a tendency to rely on whistleblowing to detect misconduct (64% of companies); in contrast only 41% of the organisations surveyed use compliance audits and just 18% use surprise fraud audits.”

Global consistency in compliance is essential and 55% of companies reported that their compliance policy applies worldwide, without any local exceptions. The UK is one of the best performers, with 63% having a single global policy against 51% for the US.

However, 40% of companies have local policy exceptions for gift-giving (33% of UK companies and 44% of US companies), 30% allow “permitted interactions with government employees’, and 20% permit the use of “facilitation payments” to expedite services to which they are entitled (inevitably leaving them in breach of local laws as well as the UK Bribery Act).

 

 

Related Articles

Why working in silos is a killer when battling financial crimes

Cyber Security & Fraud Why working in silos is a killer when battling financial crimes

3m Andrew Simpson
PSD2: dull name, but seismic effect

Clearing & Settlement PSD2: dull name, but seismic effect

5m Alex Kwiatkowski
Staying one step ahead: PSD2 and the future of fraud

Financial Crime Staying one step ahead: PSD2 and the future of fraud

6m Seth Ruden
8 predictions for treasury in 2018

Financial Crime 8 predictions for treasury in 2018

6m Bob Stark
FDIC sues 9 European banks over Libor

Banking FDIC sues 9 European banks over Libor

10m Victoria Beckett
Appreciating supply chain cyber risk

Cyber Security & Fraud Appreciating supply chain cyber risk

10m Peregrine Storrs-Fox
The death of the password: biometric banking

Automation The death of the password: biometric banking

10m Paul Sheldon Foote
The insecurity of fraud victims in the fight against cyber-assailants

Bank Relationships The insecurity of fraud victims in the fight against cyber-assailants

10m Keiron Dalton