19 Apr 2016

Companies not doing enough to protect themselves from fraud, according to EY report

Boards could do significantly more to protect themselves and their companies from fraud and corruption, according to EY’s latest global fraud report

The report found that many businesses have "failed to execute anti-corruption programs to proactively mitigate their risk of corruption".

It also revealed that many businesses are failing to take advantage of information that could help them identify and mitigate fraud, bribery and corruption issues earlier.

The research also found that companies are frequently failing to take appropriate steps to respond and reduce their risk exposure, particularly when expanding into new markets.

According to the report, one in five do not identify third parties as part of their anti-corruption due diligence, one in three do not assess country or industry-specific corruption risks before making investments and only half of the respondents utilise technologies such as forensic data analytics to identify and mitigate risks.

The report also highlighted that some CFOs lack appropriate risk awareness, with only 41% of CFOs viewing cybercrime as a concern.

EY’s research also revealed that almost half of the respondents did not believe that boards had an adequate understanding of what the specific risks of fraud, corruption and bribery were to their business.

The findings come at a time when the escalating threats of cybercrime, terrorist financing and, more recently, the revelations regarding widespread possible misuse of offshore jurisdictions and tax havens combined with global commitments to combating corruption and enhanced cooperation by international law enforcement agencies have increased pressure on companies to identify and mitigate fraud, bribery and corruption risks.

The survey highlighted overwhelming corporate support for enhanced beneficial ownership transparency, with 91% of executives recognising the importance of establishing the ultimate beneficial ownership of entities with which they do business.

David Stulb, EY’s global fraud investigation and dispute services leader, said, “With the continuing anti-corruption enforcement focus on third-party conduct, and the recent revelations on the possible misuse of offshore financial structures, business leaders are right to be focused on securing a deeper understanding of their clients, partners and suppliers. Enhanced transparency is clearly a focus of broad public interest.”

Despite increased transparency and support for combating bribery and corruption, the report highlighted that bribery and corruption still pose an ongoing challenge with 39% saying it is widespread in their country, up from 38% in 2014.

The situation appears to have deteriorated in developed markets where 21% of respondents reported that such behaviours were widespread, increasing from 17% in the last survey.

Almost a third (32%) of respondents report that they have had personal concerns about bribery and corruption in their workplace.

Despite increased cooperation across borders to hold individuals accountable for illegal acts, and 83% agreeing that prosecuting individuals will help deter future fraud, bribery and corruption, the survey identified a perception in emerging markets that individuals responsible for corruption are not held accountable with 70% of respondents in Brazil and 56% in both Africa and Eastern Europe believing that although governments are willing to prosecute, they are not effective in securing convictions.

The report also found that a significant minority of executives continue to justify unethical acts to improve a company’s performance.

Almost half (42%) of respondents admitted that they could justify unethical behaviour to meet financial targets, and 16% of finance team members below the CFO would make a cash payment to win or retain business.

It also found that 7% of finance team members below the CFO would misstate financial performance and 8% would be prepared to backdate contracts.

The report warned that such behaviour puts businesses at continued risk of illegal conduct, which could lead to enforcement action.

It highlighted that regulators are focusing particularly on financial fraud, including the manipulation of books and records and are also increasingly focusing their investigations on individual culpability when looking at corporate misconduct.

Following the data leak from Panamanian law firm Mossack Fonseca earlier this month, the UK has announced plans to introduce a new law that means companies that fail to stop their employees from helping firms to evade tax could be held criminally responsible.

“Increased levels of global cooperation between law enforcement agencies are making it harder for fraudsters and bribe-payers to evade prosecution. However, with respondents indicating that such misconduct is showing no sign of abating, companies continue to be exposed to major risks driven by the illegal actions of a small minority of employees,” Stulb said.

The report recommended that boards should stay alert to fraud, bribery and corruption risks and reinforce expectations of acceptable behaviour throughout their organisations.

“Better use of technology is certainly part of the answer. More can be done to leverage forensic data analytics to manage these risks and improve compliance and investigative outcomes,” Stulb said.

Whistleblowers also remain a critical source of information on alleged misconduct. According to this year’s survey, 55% of companies have whistleblower hotlines in place yet such mechanisms are not always effective. Survey respondents report barriers to using such mechanisms: 18% cite that loyalty to colleagues would deter them from reporting an incident of fraud, bribery and corruption and 19% cite loyalty to their company as a deterrent.

Stulb said, “What we are seeing clearly is that some employees, with widely varying motivations, are prepared to misappropriate – or enable others outside the firm to have access to – the confidential data of their companies. The balance between data privacy and security creates further complications. Dealing with such cyber and insider threats should be a top priority for management and boards. Yet 59% of CFOs view cybercrime as a low risk – a perspective that deserves robust challenge.”

Stulb called on companies to bolster their defences against the increased risks of fraud, corruption and bribery and suggested that businesses should take steps to minimise the risk of corruption in their operations, so that it is quickly identified and mitigated in the event that it occurs.

It recommended companies adequately resource their compliance and investigation functions so that they can proactively engage before any regulatory action takes place. It also recommended undertaking regular fraud risk assessments, including an assessment of potential data-driven indicators of fraud and/or forensic data analytics of (FDA) indicators of fraud.

The report also suggested applying an anti-corruption compliance programme that incorporates FDA and tailored bribery and corruption training, undertake robust due diligence on third parties before entering into a business relationship, develop a cyber breach response plan and encourage and support whistleblowers to come forward with confidence.

“Above all, with an increasing focus on the accountability of the individual, company leadership needs to set the right tone from the top. It is only by taking such steps that boards will be able to mitigate the impact should the worst happen,” Stulb added.

Companies and their boards need to deliver on these priorities, according to the report. The risks faced by companies as they continue to expand their global reach are evolving, "and the scrutiny under which businesses and individuals now come is greater than ever".

It added that, "Boards must respond proactively and be able to demonstrate that they are stepping up to the challenge".

Sinead Moore

Related articles

HMRC still not doing enough to tackle fraud, says PAC

UK fraud almost double to £1.5bn

PwC paid Spanish government €32m to stop employees going to jail for fraud

Theresa May launches fraud taskforce