Enter at your own risk
In a tough economic environment, growth and ethics may appear to be competing priorities, especially in emerging markets. Anita Kim-Reinartz reports on how utilities can manage the risks of global fraud.
Our 12th annual Global Fraud Survey indicates that companies are highly aware of the risks posed by fraud, bribery and corruption. A substantial majority of these companies are doing many of the right things to mitigate the risks.
Despite this, significant weaknesses remain in many companies’ responses, including inadequate use of technology and lack of due diligence, particularly during acquisitions.
Technology to prevent, identify and report
As they expand into emerging markets, power and utility (P&U) companies are facing challenges in dealing with third parties. Implementation of the right technology can be vital for a robust compliance program, enabling a company to:
- Identify indicators of risk within enormous volumes of third-party information
- Conduct effective checks against varied sources of data in multiple languages
- Treat each third party consistently and objectively against established criteria
- Increase automation of due diligence processes and effective reporting of emerging issues
- Provide a robust and defensible audit trail to demonstrate that appropriate actions have been taken
Mitigate third-party risks
Business partner screenings, ideally combined with forensic data analytics, can help focus a P&U company’s resources on identifying and assessing third parties that represent the greatest risk. This kind of third-party due diligence is increasingly expected by regulators and has led to the introduction of new legislation and regulations such as the UK’s Bribery Act.
Another significant area of risk relates to acquired entities. In 2011, in the US alone, there were three Foreign Corrupt Practices Act (FCPA) settlements relating to prior violations by recently acquired subsidiaries. Through these and other settlements, the Department of Justice has reinforced the importance of pre-acquisition and post-acquisition due diligence.
Despite recent breaches, our research shows American companies continue to understand the importance of pre-acquisition due diligence — 77% of our US survey respondents said it was always performed. However, our findings reveal many other countries are cutting back on this important process.
There is also a concern around the timing of much of this anti-bribery/anti-corruption (ABAC) due diligence, with many companies starting too late. It is essential that the process starts early because the earlier issues are identified, the sooner an acquirer can understand the corruption risks of a deal, discuss any issues with the relevant regulators or walk away, if necessary.
Done properly, ABAC due diligence is time-consuming and arduous. Many companies are turning to external advisors such as EY to assist. During this process, it is essential that local resources and knowledge are brought to bear, or key evidence can be missed. Acquired companies will often require higher levels of monitoring in the immediate period following acquisition.
Lead from the front
Our research has found that the most important pillar of effective fraud management is a company’s leadership. A company’s board and senior management, including chief financial officers (CFOs), must operate with integrity and send a message to all employees of the ethical standards expected of them.
Education and training are important tools here. But our survey results showed that, as internal audit and compliance functions are trimmed back, their lower priority areas of responsibility, such as training, also appeared to have suffered. The survey noted that as many as 42% of respondents had not received training on ABAC policies.
Education of staff in rapid-growth markets is especially important because the challenge to combat bribery and corruption is even greater. As they move into less mature markets, P&U companies may need to ensure the specific definition of compliance and its importance are communicated.
Moving to different regions and markets will also require technology adaptation that considers local culture, the regulatory environment and organizational standards.
Trends toward external advisors
Perhaps as a result of resource pressures on internal audit and compliance, the role of professional service firms in assisting senior management in this area is expanding.
Of the respondents, 75% identified external audits as a tool for monitoring ABAC compliance. Companies listed in Germany are adopting the new assurance standard, IDW AssS 980. Companies outside Germany may find its principles a useful road map for maintaining an effective compliance program.
At EY, we are assisting P&U clients through auditing in regard to the AssS 980 and other compliance management systems. We also engage in executive integrity assessments during the recruitment of C-level executives.
P&U companies must weigh the upside and downside risks associated with varying degrees of compliance enforcement within their organizations. Moving into new rapid-growth markets brings additional risk.
Growing beyond requires a nuanced view of individual markets and cultural norms balanced against the statutory language of a proliferating number of ABAC laws. Changes to a company’s culture to mitigate the risks of fraud, bribery and corruption cannot be made overnight.
P&U companies need to ensure they are using technology, leadership, training and specialist external advice to target areas of potential exposure. Only then will they be able to properly balance the priorities of growth and ethical business conduct while seizing opportunities in these highly adverse economic conditions.
For more information
Growing Beyond: a place for integrity is our 12th annual Global Fraud Survey. Read the full report here.
We are grateful to our clients whose additional insights on the survey have helped us build a more complete picture of our results.