4 ways to ensure anti-corruption programmes are up-to-date

Efforts to enforce financial crime regulations have increased worldwide, but multinational companies haven’t fully aligned their due diligence, research suggests.

Regulators have increased their pursuit of bribery, fraud, and corruption within individual countries and across borders in past years. For example, the G20, the group of finance ministers and central bank governors of the world’s 19 largest economies and the EU, committed to co-operate more on enforcing financial crime regulation; and between 2013 and 2015 the US Securities and Exchange Commission more than doubled its financial reporting and disclosure actions.

More and more multinationals have implemented anti-corruption programmes – from 82% in 2014 to 92% in 2016, according to a global Dow Jones survey involving 330 respondents. But more than one-third (37%) of the respondents had doubts about their company’s due diligence.

Of the more than 2,050 accounting and finance professionals survey by Deloitte, only 28% of the respondents were highly confident in their organisation’s ability to identify and mitigate corruption, fraud, money laundering, and sanctions risks. Forty-four per cent were somewhat confident, and 9% were not confident.

About half (51%) of the Deloitte survey respondents expected enforcement of anti-corruption, anti-fraud, anti-money laundering, and sanctions regulations to increase in 2017.

“Forty-four per cent, that’s a sizable number of accounting and finance professionals who feel their organisation has not fully addressed the risk,” said Chris Georgiou, CPA, a partner in Deloitte’s forensics and investigations practice and an expert in the US Foreign Corrupt Practices Act.

The biggest challenges respondents in the Deloitte survey named to identifying and mitigating corruption, fraud, money laundering, and sanctions risks were:

• Lack of visibility into the ultimate beneficial ownership structure of organisations, including potentially restricted entities and thinly capitalised foreign holding companies (21%).
• Inadequate third-party and/or customer due-diligence policies and procedures (16%).
• Limited use of advanced analytics to monitor payments to holding companies in high-risk foreign locations (13%).
• Inadequate client selection policies and procedures (5%).

Respondents in the Dow Jones survey said they weren’t fully confident in their companies’ due-diligence process because of:

• Difficulty evaluating the credibility of the information (61%).
• Difficulty accessing information (42%).
• Insufficient staff to gather information (39%).
• Time pressure or uncertainty about where to get relevant information (31% each).

To improve financial crime risk management, Deloitte and EY suggest that multinational companies:

Conduct sufficient third-party and customer due diligence. Adequately resource compliance and investigations functions so they can proactively engage before regulatory action. Establish clear whistleblower channels and policies that raise awareness of reporting mechanisms and encourage employees to report misconduct.

Scrutinise new relationships, but also review existing relationships. Due diligence performed on parties and clients many years ago may have been much less detailed than today’s efforts.

Scrutinise ultimate beneficial ownership structures. Revisit existing relationships. Find out the identities of beneficial owners, especially for potentially restricted entities and thinly capitalised foreign companies. Determine whether the business rationale for maintaining the relationships is still valid.

Analyse high-quality data to monitor payments. Undertake regular fraud risk assessments, including an assessment of potential data-driven indicators and/or forensic data analytics indicators of fraud.

Robust use of advanced analytics can help determine whether payments are made to thinly capitalised holding companies in riskier jurisdictions, or by potentially restricted entities and their third parties. Move data from disparate systems to a uniform, global platform, and look at all offshore payments to ensure the analysed data are of high quality.

Execute a comprehensive anti-corruption compliance programme. Incorporate bribery and corruption training. Develop a cyber breach response plan that brings all parts of the business together in a centralised response structure.

—Sabine Vollmer (svollmer@aicpa.org) is a CGMA Magazine senior editor.