Compliance fatigue leaves companies open to risk of fraud


By Samantha White

A recent raft of new regulations and high-profile enforcement activity focusing on fraud, bribery, and corruption have increased the incentives for companies to implement robust compliance systems. Despite these efforts, companies around the world still have a long way to go to adequately mitigate the risks, according to EY’s 13th Global Fraud Survey, based on interviews with more than 2,700 executives in 59 countries. While many organisations have done well on the quick wins, the report found, efforts on more complex areas have stalled, pointing to “compliance fatigue”. 

However, the risks remain prevalent, according to the report, Overcoming Compliance Fatigue. Incidences of fraud increased in ten countries over the past two years, including in the US (16% in 2014, up from 8% in 2012), China (8%, up from 4%), Japan (10%, up from 6%), and Russia (16%, up from 10%). In Egypt, 44% of survey participants reported having experienced significant fraud in the past two years, while the figure for respondents in Germany and Norway was 26%.

Likewise, the perceived level of bribery and corruption has not diminished over the past two years. In 40% of the countries surveyed, more than half the respondents said corruption was widespread. In Egypt, Kenya, and Nigeria, the proportion who deemed corruption to be widespread was over 80%.

A key bribery risk to emerge from the study involves requests for charitable donations. Almost 20% of all respondents and 39% of CEOs polled said they had been asked to make a charitable contribution by a customer or client. “Companies and individuals should be alert to the risk that a charitable donation can be used to buy influence by indirectly transferring value to an interested party,” the report says.

The survey reveals that a minority of executives appear to be willing to justify unethical practice to win or retain business if it helped a company survive an economic downturn. Twenty-nine per cent of participants thought that offering entertainment could be justified in those circumstances, personal gifts were deemed acceptable by 14%, and cash payments were considered acceptable by 13%. Six per cent of respondents considered misstating a company’s financial performance justifiable.

Forty-two per cent of respondents, and 46% of the CEOs polled, deemed one or more of those options justifiable. In Singapore, 28% thought misstating performance was justifiable; in India, 24%; and in South Africa, 10%. Furthermore, CFOs were more likely than other executives to justify changes to assumptions relating to valuations and reserves in order to meet financial targets.

Compliance fatigue

Many companies had not implemented the full range of policies available to mitigate risks, according to the report. For example, one in five businesses did not have an anti-bribery and corruption (ABAC) policy, and fewer than 50% of respondents had attended ABAC training. Forty-five per cent of organisations did not have a whistle-blower hotline. Similarly, 38% of businesses never conduct forensic or anti-corruption due diligence as part of their mergers-and-acquisitions processes.

In addition, board involvement in compliance issues appears to have declined over the past two years. In both developed and emerging markets, boards were less likely to receive regular updates on fraud, compliance allegations, and investigations than they were in 2012. In this context, the authors suggest that compliance efforts are losing momentum.

Recommendations for more effective compliance

When asked how the effectiveness of compliance efforts in their organisation could be improved, 54% of participants preferred greater collaboration between legal, compliance, and internal audit; 28% said the executive leading compliance should not have responsibilities in other areas; and 27% said compliance would be improved if the chief compliance officer had greater access to the board. Twenty-four per cent of respondents chose each of the following measures: publishing statistics on disciplinary measures, outsourcing activities such as training and hotlines, and greater testing of travel executives’ expenses.

The report recommends that companies implement the following procedures to ensure adequate levels of fraud protection:

  • Have boards actively engage with compliance issues, requesting regular updates on fraud, bribery, and corruption risk, and holding senior management accountable for the outcomes.
  • Mine Big Data using forensic data analytics to maximise the potential of companies’ own information to identify fraud indicators and support investigations.
  • Conduct anti-corruption due diligence.
  • Establish clearly defined escalation procedures (eg, to respond to a whistle-blower or a cyberfraud incident).
  • Implement tailored ABAC training programs for all staff, including C-suite executives.

Related CGMA content

Fraud Risk Management: This CGMA report offers a guide to good practice in fraud prevention, detection, and response.   

Samantha White (swhite@aicpa.org) is a CGMA Magazine senior editor.

Don't miss out on additional news and features from CGMA Magazine.
Sign up for our free weekly e-newsletter.