- Cybersecurity concerns take center stage
- Anti-bribery/anti-corruption enforcement increasing on a global scale
- Data privacy and continued cyber-attacks challenge information governance
New York (December 14, 2015) – Today, EY Fraud Investigation & Dispute Services (FIDS) announced top fraud and corruption trends for 2016. A dramatic rise in geopolitical instability and persistent cyber attacks are pushing organizations to be more vigilant about planning to guard against, and respond to, internal and external threat actors.
New guidance for prosecutors from the United States Department of Justice (DoJ) in the form of the Yates Memorandum, as well as the ongoing protection provided to whistleblowers, suggest that law enforcement and regulators will play a bigger role as an integrity gatekeeper. Meanwhile, renewed interest in data privacy in Europe is forcing organizations to revisit their strategies for information governance.
Brian Loughman, EY Americas FIDS Leader, commented, “The geopolitical risk facing companies is manifesting itself with increased exposure to bribery, fraud, cyber breaches and terrorist financing. Companies are being confronted with risks on all fronts at the same time that their ability to invest in the compliance function is under pressure. Companies will need to stay vigilant, work harder at providing the right training to their employees and focus more on monitoring risks proactively.”
EY FIDS identified these top trends that companies should address in their 2016 planning:
- Preparing for the inevitable cyber breach. Cyber breaches will continue and recent destructive attack techniques will be adopted by hacktivists to drive their agenda. With more than one-third of global organizations still lacking confidence in their ability to detect sophisticated cyber attacks, according to EY’s Global Information Security Survey, companies are looking to technology to reduce cybersecurity risks associated with both insider and external threats. “Cyber savvy” companies and their Boards are demanding more information about the specific threats they face, evaluating their resources, bolstering protection for critical assets and preparing for incursions by advanced threat actors.
- Focusing on the individual. As the United States Securities and Exchange Commission (SEC) and DoJ have continued to invest in specialized resources to combat fraud, bribery and corruption, there is increased focused on the individual. While statutory safeguards exist to protect and motivate whistleblowers, the DoJ Yates Memorandum advances expectations for companies to fully identify all individuals who took part in corporate wrongdoing if they are to secure credit for cooperation with the authorities.
- Data privacy and information sharing. The European Court of Justice recently invalidated the Safe Harbor Data Privacy regulation between the U.S. and the European Union that enabled the movement of personal information across the Atlantic. In addition, In addition, the Cybersecurity Information Sharing Act passed the Senate and is close to being signed into law. If passed, corporations will be sharing information to help reduce cyber breaches and attacks, but will need to protect the data privacy of individuals using their systems. The ongoing focus on how personal information is handled internationally and how commercial information is shared between companies and the government during a cyber-breach investigation will drive companies to revisit their information governance strategies.
- Sanctions and their commercial implications. As governments continue to enforce trade sanctions against individuals, companies and other governments, companies are left navigating a difficult regulatory compliance environment. They need to be vigilant about understanding risks posed by third parties and individuals that are often masked by corporate structures involving illicit drug trade or terrorist financing. Companies will need to build more robust local compliance teams and increase oversight and training.
In addition to these four trends, there are special considerations for regulated industries.
Life Sciences
- Specialty pharmacy and distributors should expect increased scrutiny. There will be greater examination of third-party relationships such as therapeutic and specialty pharmacy relationships. Pharma companies will need to be even more careful with service-based agreements and marketing/distribution contracts.
- Use of data analytics in monitoring will be on the rise. More companies will use sophisticated forensic data analytics to self-identify issues combined with Centers for Medicare & Medicaid Services open payment databases. Elements under investigation will include average payment per doctor.
Energy
- Economic challenges will impact compliance standards. The fall of oil prices has roiled the energy sector, and geopolitical tensions are rising. These issues will challenge investment in compliance at all levels and companies operating in this segment will need to be thoughtful and vigilant about maintaining anti-bribery/anti-corruption compliance efforts. In addition to working with third parties, companies will need to be aware of insider threats posed by disgruntled employees. Weighing these concerns with performance expectations will require a balanced approach.
- Dodd-Frank transparency reporting for extractive industries will mean additional compliance reporting and challenges. The SEC is expected to release a revised transparency rule in 2016 to replace Dodd-Frank Section 1504 that was struck down by a federal court in 2013. Registered extractive companies will have to actively capture payments made to all foreign governments – both federal and local – and file those payments with the SEC.
Financial Services
- Compliance expectations will be expanded for broker-dealers and investment advisors. Continued areas of focus will include protection of confidential customer information, potential Market Access Rule violations and compliance with recordkeeping requirements. New and evolving areas of focus are likely to include broker-dealers’ anti-money laundering compliance programs and how domestic broker-dealers address risk exposure to foreign wrongdoers.
- There will be more oversight into retail asset management. Regulators are bringing scrutiny to asset managers’ supervisory systems, fee disclosures and marketing incentives relating to the sale of municipal bonds, mutual funds and closed-end-funds. Noted failures to adequately monitor customer account concentrations and leverage suitable customer risk tolerances resulted in censures and fines that will likely continue.
- Increased controls and protection will be required for customer assets. The UK’s Financial Conduct Authority has already fined financial institutions for failing to comply with rules that protect customer money and assets in the event of insolvency. This action has triggered inquiries by the SEC and similar enforcement for failures to comply with the Customer Protection Rule, which requires the safeguarding of customer money and full-paid-for and excess-margin securities.
About EY’s Fraud Investigation & Dispute Services
Dealing with complex issues of fraud, regulatory compliance and business disputes can detract from efforts to succeed. Better management of fraud risk and compliance exposure is a critical business priority — no matter the industry sector. With our more than 4,200 fraud investigation and dispute professionals in member firms around the world, we assemble the right multidisciplinary and culturally aligned team to work with you and your legal advisors. And we work to give you the benefit of our broad sector experience, our deep subject matter knowledge and the latest insights from our work worldwide.
About EY
EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization and may refer to one or more of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.
This news release has been issued by Ernst & Young LLP, an EY member firm serving clients in the US. For more information, please visit ey.com.