Even a quick glance back at the enforcement landscape of recent years can send a proverbial chill down the spine of any compliance officer—the legislative aftermath of the financial crisis, corporate enforcement penalties routinely adding up to hundreds of millions of dollars, and, in 2011, the highest financial sanctions ever assessed against individuals in a Foreign Corrupt Practices Act (FCPA) case.
Yet, in a recent Deloitte survey of 1,200 industry-diverse business executives during a Dbriefs webcast program on “The Changing Global Anti-Corruption Legal Landscape,” only 24 percent said they have actually changed their anti-corruption programs to comply with major new regulations under the UK Bribery Act. This is while at the same time, 51 percent acknowledge they expect the number of executives individually charged with corruption violations to increase in the second half of this year, and 62 percent say the financial crisis has produced an increase in corporate corruption activities globally.
What’s wrong with this picture? For starters, it would seem that companies may not be moving fast enough in making the required organizational changes and investments to bolster their compliance programs, even in the face of the UK Bribery Act, perhaps the broadest and most stringent regulatory scheme currently on the books. There’s no question that awareness of the risks runs high, but preventing and detecting fraud and corruption is a highly work-intensive effort at a time when many corporate staffs and compliance departments find themselves challenged for resources lost during the economic downturn.
Material risks can reside in seemingly immaterial areas
Regular and detailed auditing and testing for expense account fraud and corruption, for example, may not be an area of focused attention of some compliance programs—much less does it keep most c-suite management and board members awake at night. Nevertheless, expense account fraud and corruption can generate substantial legal and reputational risks for a company long before it has any material effect on a company’s financial statements.
According to a 2010 study by the Association of Certified Fraud Examiners, about 15 percent of all asset misappropriation cases were related to expense reimbursement schemes. Add to this that expense accounts are a common hiding place for FCPA violations, and companies have a possible recipe for material reputational, if not financial, risk.
Stated differently, financial statement materiality is not the only filter through which compliance risk is properly measured. While expense account fraud can be bad enough in its own right, it can also serve as an early warning indicator of other, significant, compliance issues in other areas of the payables ledger accounts.
In addition to concealing improper expenses in expense reports, employees can commit the same type of violations through payments made to outside consultants and other third party intermediaries for office supplies, in charitable donations and licensing fees, and other inaccurate journal entries. The possibilities are limited only by the creativity of the employee who endeavors to conceal improper payments and expenses.
These are generally not the problems of small or struggling enterprises; some of the best known brands in the world experience these issues and the enforcements that come with them.
Is your company’s anti-corruption program up to date with these types of risk management threats in a global economy? Does it have an enterprise strategy and appropriate internal and external resources when it comes to anti-fraud and anti-corruption audits? In today’s enforcement environment, it is important that companies take proactive steps to help confirm the organization has a compliance program that features strong, consistent controls and monitoring efforts in areas where improper expenses can be hidden, or improper payments made.
An essential aspect of having an effective compliance program is integrating appropriate audit, monitoring, and testing processes for key areas of compliance risk, with due attention to divisions and subsidiaries in emerging and growth markets. The last thing a company wants is for the government to uncover these improprieties before the company has identified and remediated them—as we see in the media reports almost daily, such investigations are extremely costly and time consuming, and devastating from a reputational risk point of view.
Aligning your compliance program with today’s realities
Following are six steps to consider for improving your anti-corruption compliance program:
- Create a culture of compliance—senior management and the board play an indispensable role in setting the right tone at the top
- Implement—with the help of independent, external support—effective and detailed compliance auditing and monitoring procedures
- Obtain managerial consensus and alignment on compliance priorities between the compliance function and the business units—everyone must work together on these issues and compliance and risk management principles should be incorporated in performance management objectives
- Educate and communicate—make sure that employees at all levels and in all locations understand the implications of their actions and are aware of the company’s vigilance in even financially immaterial, but legally material, areas; everyone needs to be responsible and accountable;
- When intentional wrongdoing is uncovered, mete out swift and consistent disciplinary actions that will leave an indelible impression on everyone in the organization—top to bottom
- Put an issue response and triage plan in place—inevitably there will be compliance failures, and when they occur the organization must be prepared to respond quickly and effectively, through effective internal investigation protocols
Bad things can—and do—happen to good companies: the growing number of regulations and enforcements should be a compliance program wake up call. As with so many aspects of business life in a volatile risk environment, our interconnectedness in a global economy has greatly increased the speed and momentum of crisis evolution. All the more reason that it is critical to continuously advance a company’s state of compliance, and to invest in appropriate internal and external resources to effectively prevent, detect, and remediate compliance violations.
About the Author
Rob Biskup brings 25 years of in-depth experience in both professional services and the corporate sector to his current role as a director in Deloitte Financial Advisory Services LLP. His responsibilities comprise service as a regional leader of Corporate Compliance, Corporate Investigations and Forensic Accounting, and Foreign Corrupt Practices Act (FCPA) practice areas. In addition, he serves as the national automotive sector leader for Deloitte Financial Advisory Services.
This document contains general information only and Deloitte is not, by means of this document, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This document is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this document.
About Deloitte: Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
Copyright © 2011 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited
As used in this document, ‘Deloitte’ means Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, and Deloitte Tax LLP, which are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.