As fraud, bribery and corruption continue to pose risks for businesses, two recent regional EY fraud surveys suggest that new technological solutions are a crucial element of an effective program to combat unethical and illegal behavior.
Businesses today are operating in an increasingly uncertain world, driven by a period of rapid political, regulatory and economic change. This environment has created new risks for companies as they seek to meet ambitious revenue targets, and two EY fraud surveys published this year – one covering the Europe, Middle East, India and Africa (EMEIA) region and the other Asia-Pacific (APAC) – examine what this means for fraud and corruption.
Both surveys were commissioned by EY’s Fraud Investigation and Dispute Services (FIDS). Despite increased spending on compliance programs and other initiatives, they suggest that tolerance of unethical behavior continues. In APAC, significant numbers of the almost 1,700 employees surveyed believe a wide range of unethical behaviors are justified to help a business survive, and more than one third of respondents report that bribery is commonplace in their industry:
52% of APAC respondents believe that ethical standards have not improved in their local business operations.
43% of APAC respondents have seen people with questionable ethical standards being promoted.
Meanwhile, the EMEIA survey (which consisted of 4,100 interviews across 41 countries with people working in a range of roles, company sizes and sectors) found that 20% of respondents would be prepared to act unethically to improve their own career progression, and 40% believed their colleagues would be prepared to do so.
“Information is the key to mitigating the risks and businesses should maximize the value they get from their data”
Alarmingly, the EMEIA survey found that respondents from Generation Y (25- to 34-year-olds) are more likely than any other age group to justify unethical behavior to help a business survive, to meet financial targets and for their own career progression: one in four of Generation Y respondents could justify offering cash payments to win or retain business, compared with one in ten aged over 45.
The APAC survey findings were similar. Even though Generation Y employees in the Asia-Pacific region are the group least willing to work for unethical companies, they are more likely than any other age group to be prepared to offer cash payments to win or retain business – 38%, compared with 28% of all other employees. Similarly, 42% of Generation Y would extend the monthly reporting period to meet financial targets, compared with 31% of all other employees.
These findings underscore the importance of companies providing younger staff with clear guidance and ethical training. This generation is the future of our businesses. If companies do not take action now to combat unethical conduct at all levels of their organizations, such behaviors may increase in the future.
While the vast majority of large companies appear to have whistleblowing hotlines in place, only 21% of respondents to the EMEIA survey were aware of their existence.
The survey also found that 73% of respondents would consider providing information about fraud, bribery and corruption in their business to a third party, although the majority said they would only do so if no action was taken after reporting internally. Of those who said they would provide information to a third party rather than reporting internally, 57% said they would report to a law enforcement agency, 49% to a regulator and 15% to a journalist.
The APAC survey findings also suggest a lack of faith in whistleblowing hotlines. Given the choice, only 27% of respondents would opt to report misconduct using their in-house whistleblowing hotline, with 23% preferring to go directly to senior management. In contrast, 20% would prefer to go directly to the law enforcement authorities:
While allegations of impropriety made through whistleblowing hotlines often uncover unethical practices from the bottom up, technology can offer a top-down alternative. The EMEIA survey highlights how advances in technology have given companies access to new information, insights and ways of working that can help in the fight against fraud, bribery and corruption.
By focusing on behavioral patterns such as anomalies in employee work hours, attempts to access restricted work areas and the use of unauthorized external storage devices, companies can identify individuals who may pose a higher risk to the business.
Despite the need to collect such data, the survey identified a tension between opinions about what channels companies should monitor and the types of surveillance that their employees consider a violation of privacy (see chart below). Companies should bridge this gap by raising awareness of the importance of collecting such data and of the potential consequences if company data is leaked or stolen. Employees need to understand that companies can only protect themselves from such exposure by embedding an integrated insider threat program into their business.
When it came to cybercrime – another key threat to companies worldwide – only 37% felt that their company had a robust cyber breach management plan in place. In fact, only 59% thought their company needed one, which seems to indicate that this very real threat is not being taken as seriously as it should be.
As for APAC, there appears to be a wide range of levels of understanding of cybersecurity threats and how to guard against them. The survey identifies personal mobile devices as a specific area where organizations are vulnerable to cyber breaches through their employees. Just under half (47%) of respondents said their organizations have no policies against using personal devices for work-related activities. Almost half (49%) admitted to conducting business using their personal mobile device, even though their organization provided them with a work device – and 36% do so frequently. These figures were even more prevalent among senior management, 53% of whom said they frequently conduct business using their personal mobile device.
Both reports suggest that technology creates an opportunity and a threat. The APAC report says that “cyber and insider threats are part of one larger risk that will require a holistic approach for its detection, investigation and prevention,” while the EMEIA report concludes: “Information is the key to mitigating the risks and businesses should maximize the value they get from their data. This can be achieved by making better use of machine logic and embracing the opportunities arising from an increasingly disrupted world.”
One of the key issues highlighted by the research and previous studies conducted by FIDS is a lack of clarity in organizations’ compliance policies, coupled with a lack of consistency in the way they are applied.
Chris Fordham, EY Asia-Pacific Leader for FIDS, comments: ‘Organizations need to rethink their approach to compliance. Employees are telling us that compliance policies are too complex, they are full of jargon and are difficult to comply with. Employees need absolute clarity around what policies mean and what compliant behavior looks like.”
Please go to ey.com/fraudsurveys to download the reports:
Human instinct, Machine logic: Which do you trust most in the fight against fraud and corruption? Europe, Middle East, India and Africa Fraud Survey 2017
Economic uncertainty, Unethical conduct: How should over-burdened compliance functions respond? Asia-Pacific Fraud Survey 2017