UK companies lax on supply-chain risk

Half of UK companies are failing to investigate the potential legal and reputational risks posed by their supply chain, according to new research by Ernst & Young.

The study, which polled procurement managers and directors, found that 48% of companies had failed to vet their suppliers for compliance with the new Bribery Act, and that 12% would do nothing if they discovered their suppliers were not compliant.

Part of the reason British companies do not investigate supply-chain corruption risk is that there is no legal imperative, due to a lack of enforcement action, according to Steve Caine, E&Y’s executive director of fraud investigations and dispute services.

“A company’s level of concern is strongly affected by the level of prosecution,” he said. “You can compare it to parking fines – if you know there are no traffic wardens to monitor illegal parking on a street, you are still going to park (illegally) on the yellow lines.”

Low legal pressure

The Bribery Act 2010, which came into force on July 1st 2011, outlines an organisation’s responsibility to prevent bribery on its behalf. But the rules are largely focused on individuals, said Caine.

“What we do not have is the prosecution of a company under the Bribery Act. That would help companies understand better what the Bribery Act requirements are and make them sit up and pay attention,” Caine said.

Although the majority of UK companies have not faced legal pressure to manage bribery risk, larger multinationals listed on US stock exchanges are exposed to the US Securities and Exchange Commission’s enforcement powers under the Foreign Corrupt Practices Act (FCPA), which prohibits companies from bribing foreign officials.

Caine said the history of FCPA prosecutions should serve as a warning to UK companies now that the Bribery Act has come into force, particularly those companies that have no plans to vet their supply chains.

“Almost every US prosecution has involved an intermediary of some description – a third party outside of a company that has got the company into trouble,” he said. “That’s why companies in America pay attention to the FCPA; they know they will get prosecuted if caught and that the consequences are serious.”

Supply-chain complexity

E&Y’s study highlights a broader problem of modern supply-chain management – spiralling complexity. A lax attitude toward supply-chain due diligence was also exposed this year, when food retailers were forced to recall products that were advertised as beef but were found to contain horsemeat, causing reputational damage and costly re-testing of food, Caine said.

Caine said companies increasingly rely on supply chains and are carrying out fewer in-house activities.

“I know from the experience of clients what a challenge it can be for them to even understand their supply chain and where the risks are,” he said. “In our opinion, risk assessment tends to be too narrow. It tends to focus on the risk of a supplier’s fulfilment of contract – such as supplier financial stability and capacity to deliver – rather than taking a wider perspective on how a supplier can get a company in trouble, such as legal or reputational risk.”

A robust risk-assessment procedure and shortening supply chains to a manageable number could help companies improve bribery risk control.

“I think you will see companies moving in that direction,” Caine said.

Related CGMA Magazine content:

Brush Up on Your Anti-Corruption Controls”: The US Department of Justice (DOJ) and SEC released a 120-page guide providing a detailed analysis of the agencies’ approach to enforcement of the FCPA.

Despite Exposure to Corruption Risk, Due Diligence on Third-Party Business Partners Remains Low”: All of the FCPA enforcement actions brought last year by the DOJ and the SEC involved alleged bribes by companies’ third-party business partners, Deloitte researchers found. Nonetheless, a poll shows that corporate due diligence and risk assessments on third-party business partners remain low.