Ensure due diligence is a business strategy, not just a reaction
23 July 2018
Alex Wilkinson, Commercial Director, EMEA & APAC
Bribery and corruption looks very different today compared to 10 years ago. Corrupt business activities pose far more severe reputational, financial and operational risks than they once did, so misconduct should be top of the agenda for any board.
There is a constant pressure for businesses to build revenues and profits. Often the best way to achieve this is to expand internationally. But with that comes complicated variances in how bribery and corruption are viewed around the world, a situation that frequently leads to violations of global laws.
Bribery and corruption scandals involving respected, well-known companies are a staple in today’s news, as businesses become increasingly global, with more international reach and more complex supply chains.
Coupled with enforcement agencies today being bigger, better resourced, and able to act on new regulations with more vigour than ever before, the financial and reputational impact is enormous. In 2018 I predict we’ll see penalties for an individual punishment eclipse $1billion. And this doesn’t even touch on the less-easily-quantifiable reputational damage of a media scandal.
Paradoxically, we are seeing an increasing number of businesses successfully use ethics as a valuable marketing boast: “look how ethical and honourable we are, come and trade with us”, they claim. And it’s working.
The rise of social media has encouraged a growing global culture of scrutiny. So it is increasingly challenging for businesses to manage this complex environment.
The best way businesses can protect themselves is to embed third-party vetting within their business workflow, and early in the process. Technology can help marry the common sense of human experience with the large-volume efficiencies of automation, no matter how complex the scenario. Ultimately, better due diligence is quicker and more appropriate for their business needs.
Start using third-party due diligence proactively as a business strategy, not just a reaction.
Welcome to Business Reporter's risk management campaign, exploring bribery and corruption. I'm Alastair Greener. Bribery and corruption can look very different today compared with a decade ago. Whether from internal sources or through third party relationships corrupt business activities pose severe financial and operational and reputational risks.
Bribery and corruption misconduct, a phrase that should be top of all board members minds, is a staple in today's news. Regular, high profile scandals within well-respected organisations demonstrate that it's not just bad press and the business's reputation that's at stake. To discuss these issues and investigate how businesses can navigate successfully through their compliance responsibilities, I'm talking to Alex Wilkinson from Navex Global.
So what do you see as the main reasons surrounding this increase in scrutiny and compliance for businesses today?
I think two reasons. The first is that there is a growing global culture of scrutiny. And the second is significantly heightened anti-bribery and corruption regulations. So let's go back to the first. There is a constant pressure on businesses to build revenue streams and grow profit margins. To do that, often the best way for them to achieve it is to expand internationally.
With expansion internationally comes significant complexities. The crux of that is that the way bribery and corruption is viewed globally varies enormously. There are different common business practises around the world and, simply, what's considered socially acceptable.
With that, there is a complex environment for businesses to manage. Inevitably, that will lead to some violations of anti-bribery and corruption laws. And each time those violations occur, there will inevitably be increased scrutiny on it.
The second I mentioned was the increase in anti-bribery and corruption regulations. Recently in the last few years, we've seen not only an increase in the number of regulations that exist governing this topic, but also has the vigour with which they are enforced. The most commonly cited ones are the US Foreign Corrupt Practises Act, the UK Bribery Act, and more recently France's Loi Sapin II.
And what you're talking about are effectively external pressures on the stricter relations. So what impact is that having?
Yeah, the impact is enormous, primarily financial and reputational. What we've seen recently are significant fines, disgorgements, which is essentially the paying back of assets that are illicitly accrued through corrupt means, and individual punishments. Now, for businesses, the punishments we've seen recently have come frighteningly close to a billion US dollars.
I would predict in 2018, we're likely to see an FCPA-oriented punishment of more than a billion US dollars. That hasn't even factored in yet the less easily quantifiable damage created by the reputational harm when a business gets itself embroiled in a corruption media scandal. Now, these regulators are only getting bigger and better resourced. They're collaborating internationally. There are a vast number and a growing number of open investigations.
Given the huge consequences for not complying, how do you think organisations should protect themselves against third party risks?
The best way businesses can protect themselves against third party risks is to start seeing third party due diligence proactively as a business strategy and not just a reaction. There is often a bit of a nonchalance about the risks of third party business partners, the sort of attitude that a scandal won't affect us. So third party due diligence is often seen as just a financial burden, or perhaps a reason that delays making sales or trades.
So if businesses started to see third party due diligence productively as the protective activity that it is, we also think that they'll start to see ancillary advantages as well. We've seen recently many more businesses say outwardly, look how ethical and honourable we are, come and trade with us. Equally, we've had other businesses claim that they sell better or quicker as a result of third partly due diligence being a part of that proactive business plan.
And part of that would be to have a vetting programme when dealing with third parties. So how would you recommend organisations assess the effectiveness of such a programme?
The best way I would recommend businesses can assess their programme is talking to others about what works well. There are three ways I would suggest businesses can do that the first is some sort of professional online forum. The second would be in-person events with expert speakers. The third would be a more bespoke consultative engagement.
So jumping back to that first one, there are excellent online professional forums that people can go and ask questions of like-minded compliance or legal officers about such topics. And they'll get answers back that perhaps share experience or best Practises, maybe even some innovative new ideas. The second is this in-person event idea. There are out there some, frankly, excellent industry events, where people much cleverer than me stand on stage and present what's worked well, what perhaps hasn't worked so well, pitfalls for people to avoid, and necessary must-haves that should fit into any third party vetting programme.
And for businesses that want to ensure that they're building a really proper and rigorous third party vetting programme, I would recommend a consultative, bespoke, professional services engagement from an expert that will come in and work together with you as a business, take what is already existing in your setup that you want to preserve, think about your risk appetite and any niche regulations that you want to be able to demonstrate that you, as a business, are abiding by, and piece them all together in with your ultimate business objectives. That way, third party due diligence is implemented and embedded within your business processes. That way, it is efficient and effective-- ultimately, better due diligence more quickly and more appropriate to your business.
How can organisations better understand their risk exposure when they're dealing with complex supply chains and third party networks?
What we tend to see as the ideal scenario is to find a piece of technology that can help fix the unacceptable compromise. The unacceptable compromise is, on one hand, the human level of common sense and experience is vital and always will be. On the other hand, the automation and consistency of technology can handle large volumes globally in complex environments. So what we're looking for here is a piece of technology that can marry together those two advantages. I would recommend businesses treat third party due diligence proactively as a business strategy and not just a reaction.
And we know that risk is going to be here for a long time to come. And it's probably never been more important to manage it and deal with it as today. So it's been great to get a real insight into what organisations can do to protect themselves. Alex Wilkinson from Navex Global, thank you very much indeed.
Thank you, Alastair.