• wblogo
  • wblogo
  • wblogo

KPMG's global anti-bribery-and-corruption survey: mixed results

Chris Hamblin, Editor, London, 4 November 2015

articleimage

The accountancy giant's latest survey of 659 respondents around the world explores a new era of ABC regulation and the pressures that all companies feel to look the other way when a third party acts as intermediary for a bribe.

It is 18 years since member-governments of the Organization for Economic Co-operation and Development (OECD) signed a convention in which they promised to establish legally binding standards that would criminalise the bribery of public officials. Since then, more and more governments have passed anti-bribery and corruption (ABC) laws. The US is no longer the lone policeman on the beat; China, Brazil, the UK and some European governments now have anti-corruption regulations as well. KPMG's latest survey of 659 respondents around the world explores this new era of ABC regulation and the pressures that all companies feel to look the other way when a third party acts as intermediary for a bribe.

In 2011, KPMG asked respondents in the US and the UK for their views on bribery and corruption and the latest research compares those responses with today's. Over the four-year period there has been a surprisingly steep increase in the proportion of respondents who said that ABC compliance was "highly challenging." More than double the number than in 2011 found it difficult to monitor and evaluate compliance. Added to this, a growing number of companies were finding it more difficult to deal with ABC issues because of their complexity, the increasing globalization of their operations and the need to deal with these matters in many different jurisdictions. Jimmy Helm, the partner in charge of the subject, said: “There’s a greater understanding of the issues, but this doesn’t mean they are easier to deal with.”

Third-party risk

The management of third-party risk is the biggest headache that companies face in the field of bribery and corruption. KPMG's respondents broke the problem down into six categories, listed here in declining importance.

  • Auditing third parties for compliance.
  • Variations between countries' requirements for data privacy etc.
  • Difficulty in conducting 'due diligence' over foreign agents/third parties.
  • Lack of internal resources. (This ranked third for companies listed on stock exchanges outside the US and the UK.)
  • Difficulty in identifying and assessing risk.
  • Cultural and linguistic issues.

The accountancy firm asked the respondents: "Do you have a formal process to identify high-risk third-party intermediaries/associated persons from an ABC perspective?" Their response was 53% yes, 34% no and 13% don't know.

The firm then asked them: "Do you have a formal business-risk-based process for on-boarding your third-party intermediaries/associated persons?" They replied 57% yes, 31% no, 12% don't know.

Often, compliance officers have to apply the brakes during the onboarding process. It is their job to be cautious about whom they bring onboard and not only check the probity of the company, but also identify the people who stand behind it. This provides a more complete evaluation of whether or not they should form a partnership with them while at the same time ensuring that the amount paid to the third party is at market value. For this, companies need to see how the performance of the third party is measured.

Once they have their third parties on board, 60% of respondents say that their companies distribute their ABC policies to all third parties or selected third parties, but there is a language problem. The report stated: “We have found that companies operating in Africa do not always translate their ABC policies into local languages.

In South Africa, there are 11 official languages including English, and ABC policies are mostly available in English only. According to the survey, two-thirds of respondents do conduct a third-party risk assessment, but the questions are not exhaustive: half do not ask whether the third parties provide highly risky services.

Their owners and directors may not appear to have personal links to government officials, but this does not mean that their business operations are not tied to dubious dealings."

Of the 524 respondents with formal ABC compliance 'programmes,' a word that KPMG is presumably using to mean 'plans of action,' 424 had communcation and training 'programmes' as well. 73 out of those stated that they had had trouble developing these.

Cutting corners

It is not surprising, except perhaps to KPMG, that companies are always being tempted to cut corners when evaluating the risks of bribery and corruption. One interesting passage reads: "It may be surprising to some, but the fact is that many companies are reluctant to police their third parties directly. There’s a significant internal reluctance from the likes of the procurement function and the sales force to enforce compliance on third parties. Then there is push-back by the corporate’s business partners; on the other side, management is often hesitant to offend them, particularly strategic suppliers or distributors. Third-party corporations can be equally shy about opening their books to clients and corporate customers. One answer is to engage an independent service provider with access to relevant databases to monitor third parties continually to identify changes that might affect the risk rating. Performing a single Google search of a third party is inadequate."

When it comes to compliance...

How effective are firms' ABC compliance efforts? The KPMG report quotes one of its own called Layton: “Companies often think they have built a good programme, but when we audit it, we find they haven’t. They may have good policies and procedures, but they are not good at cascading it down to third parties. They have not done an overall risk assessment. They have not trained people to follow the policies at the level where individuals are asked to pay bribes."

Compliance-related functions were heavily represented in the survey of 2015, with 22% in compliance, 20% in internal audit and 10% in legal departments. Executives comprised 21%, line managers 9% and board members 6%. Industries were widely represented: banking comprised 20%, life sciences12%, manufacturing 10% and energy & natural resources 8%. 77 people were at US-listed entities and 55 at UK-listed ones.

The ABC of M&A

When asked whether they took part in mergers and acquisitions, a hefty 60% of respondents said that they did. Against this background, and in view of the fact that there is nothing like a merger to bring skulduggery at a firm out of the woodwork, it is surprising how few firms applied ABC policies to the people they were taking over (or being taken over by). KPMG asked: "Does your company include ABC considerations as part of the pre-acquisition due diligence process?" Only 69% of US/UK-listed companies said yes; only 55% of non-US/UK-listed companies said yes; and only 54% of unlisted entities (there were 222 of these) said yes.

Changes over the years

In order to understand how attitudes to ABC have changed since KPMG undertook its survey in 2011, the firm asked some of the same questions of senior executives at companies listed in the US and the UK, the only countries that were polled four years earlier. Firms are, as mentioned earlier, saying that their ABC compliance has become more difficult, but formal ABC compliance 'programmes' - KPMG's word again - are becoming more mature and more common and now stand at more than 90%.

'Whistleblower' mechanisms are more common among British respondents. A committee overseeing ABC compliance is found more frequently than before in the US, as is a full-time ABC compliance officer.

But all is not well. There has been a big fall in the proportion of UK respondents who say that they have right-to-audit clauses in their third-party contracts. The same is true for periodic compliance certifications. In the US there has been a decline in the proportion that claims to have ABC training programmes, internal audit protocols and compliance certifications. The picture is therefore a mixed one. Companies listed in the US and UK are doing more to combat corruption, but the difficulties of compliance have grown as well.

KPMG's latest fraud survey

This summer KPMG also produced its annual "Fraud Barometer," which showed that the cost of fraud has continued to rise in the heart of the United Kingdom's economy, London and the South East of England. It stated: "The losses reported through criminal trials is likely [sic] to be just the tip of the iceberg when considering the full and damaging cost of fraudsters’ activity."

The latest data shows, for example, that a significant increase in insider fraud caused an increase in volume in the £1-10 million bracket, with the number of employee-perpetrated frauds in this value range increasing more than ten-fold. One case study showing the trend for insider activity – and the youthful nature of conmen – revolved around a 24-year-old bank clerk who attached a device to a computer at the branch where he worked. The device allowed fictional deposits worth £1.1 million to be made into 15 customer accounts, which were then withdrawn by the customers and a colleague – all of whom had been colluding with the ring-leader.

In another case, twin brothers defrauded more than 70 people out of £1.6 million. Their victims lost up to £110,000 each, after they were persuaded to invest in properties in Bulgaria and Cape Verde, when the money was in fact used to repay the fraudsters’ business and personal bank overdrafts as well as on shopping sprees.

Ken Milliken, Head of Forensic, Scotland, said: “Individuals who gave false information to acquire mortgages are now paying the price as banks and then police look to crack down on mortgage fraud. The numbers do not mean that mortgage fraud is on the increase but rather that investigation and enforcement activity is on the increase.

There were two separate cases involving ex-professional footballers. The first saw Gabriel Edwards, who once played for Wigan Athletic’s second team, join a gang of cyber-criminals to hack into bank accounts across the globe, stealing £130,000. The second case saw a former Oldham Athletic player steal the identity of Chelsea and France star Gael Kakuta in a £163,000 scam.

A case involved an accountant who promised neighbours and friends returns of up to 25% if they allowed him to invest their money.  He conned victims out of £2.4 million, blowing the cash on gambling and an extravagant lifestyle, whilst using doctored bank statements to convince victims that their savings were thriving.

Latest Comment and Analysis

Latest News

Award Winners

Most Read

More Stories

Latest Poll