At the anti-corruption compliance crossroads
Deciding which way to turn
Many businesses feel a growing pressure to mitigate the risk of fraud, corruption, and other regulatory risks, while managing costs and reducing losses resulting from such activities. The pressure is coming from boards, management, shareholders, regulators, employees, and other constituents who are demanding that companies take these risks seriously. The consequences of not getting it right are growing more serious, too, including brand damage, imprisonment, lawsuits, fines, penalties, and potential suspension or disbarment from government contracting, among others. Compliance with growing regulatory and legal requirements, simply stated, is an inescapable duty.
A closer look at the converging guidance
The push to establish standards and guidance for addressing fraud and corruption risk began with the Internal Control—Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. Many of the framework concepts were derived from recommendations made a year earlier in the 1991 Federal Sentencing Guidelines Manual, issued by the US Sentencing Commission.
The guidelines were a landmark effort to outline broadly what is expected of corporations in terms of effective ethics and compliance. Most recently, in October 2016, the International Organization for Standardization (ISO) published the final version of ISO 37001, a certifiable anti-bribery minimum standards program intended to help businesses address bribery risk across their enterprise, including their global supply chains.
A challenge for companies is to understand how these requirements map to, and integrate into, their current and existing anti-fraud and anti-corruption compliance program(s), as well as the organization’s enterprise compliance program, so they meet regulatory requirements while aligning with each company’s risk profile and operating structure.
Coordination and collaboration among various capabilities that exist within an organization related to fraud, corruption, and other compliance risk areas can help bring the right resources to a particular situation while avoiding unnecessary gaps and redundancy. The intent is not necessarily to centralize all compliance and risk management functions. Rather, the goal is to create an enterprise-level point of contact, which increasingly is a designated chief compliance officer, who oversees and coordinates compliance activities related to fraud, corruption, and regulatory risk.
Three keys for unlocking the potential of leveraged efforts
Different groups involved in mitigating and addressing fraud and corruption risks will face distinct issues and have tailored approaches to addressing them. However, taking several steps now, in a heightened enforcement and regulatory environment coupled with uncertainty at various levels of the geopolitical and economic environments, can help tap and harvest the potential of various stakeholders operating under the enterprise umbrella:
- Share information. An objective that many companies often fail to achieve in establishing robust fraud and corruption compliance programs as part of a broader enterprise compliance program is to undertake a process to understand what is currently in place to identify, address, mitigate, monitor, and investigate a compliance breach. Identifying and understanding the root cause of a given issue is another common shortcoming. A lack of capabilities in this vital area of any mature compliance program may lead to similar matters arising again and again. Information is power, and the more people throughout the organization know about and share the risks related to fraud and corruption, the better equipped they can be to help respond to and mitigate those risks.
- Understand what the government really wants. Regulatory authorities are not solely focused on how fraud and corruption compliance programs are structured. They want to know that these programs are addressing the organization’s specific risks effectively. Whether functions are distributed or consolidated, the ultimate measure is how well they identify, understand, mitigate, and respond to risks.
- Maximize assets. Substantial, diverse talent and capabilities exist in the various groups involved in establishing, conducting, and monitoring fraud and corruption efforts. Leveraging the strengths of these different resources can help in establishing and maintaining broad-based, effective risk management.