“Boards and senior managers need to lead by example — to demonstrate their commitment to deal with fraud.” - Survey respondent, Kenya
Key elements of an effective ABAC compliance program require significant board input and sponsorship.
Insufficient knowledge of business operations
Our survey respondents suggest that not all boards are seen to be doing enough to properly understand the way their company is conducting business. Globally, 52% of c-suite interviewees think that the board needs a more detailed understanding of the business if it is to be an effective safeguard against fraud or corrupt practices.
Respondents in rapid-growth markets see board understanding as being in need of development.
A need for better, not more, information
From our leading practice interviews, we found many boards felt increasingly swamped by risk management and control information. Combined with a growing sense of ABAC compliance fatigue, this contributes towards a ‘tick the box’ approach to managing risk.
It is inevitable that the board will have a less detailed understanding of the business than senior management. However, board members need to be deep enough into the detail of the operations to be able to focus on key risk areas by demanding more tailored and focused reporting.
New rewards for blowing the whistle
In 2010 the US adopted the Dodd-Frank Act, which created new financial incentives for whistleblowers. According to prosecutors, the Act has markedly increased both the quantity and quality of whistleblower claims.
To respond to the risks of external whistleblowing, we recommend that companies take a dual approach:
- First, companies must strengthen their compliance and ethics programs. Employees have choices, so the company should provide a credible alternative to external whistleblowing. They also should have robust risk assessment, compliance and monitoring processes to prevent and detect problems.
- Second, companies need to be prepared to deal with investigations and enforcement actions resulting from whistleblowing complaints made directly to regulators. Processes need to be in place for prompt investigation and communication with enforcement agencies.
<< Previous | Next >>