Skip to main content

Conclusion

Our 2017 survey finds that Call to action APAC organizations will continue to be challenged to prevent fraud, bribery and corruption in an environment of greater scrutiny. The impact of fraud is increasing on all fronts, from intensifying regulatory pressure, the increasing complexity of third-party relationships and pervasive and ever more sophisticated cyber threats. At the same time, the economic volatility that is squeezing compliance budgets is also putting management and employees under pressure, leading some to make unethical decisions in a misguided attempt to achieve better results.


Without more assertive action from boards and management to assess the risks and take robust action, we can expect more large-scale fraud, bribery, corruption and competition scandals in APAC involving major corporations. As a priority, senior management in APAC need to undertake an urgent assessment of the spiraling threats facing their organizations and strengthen their defenses around both people and technology.

1. Revisit ABAC policies

Existing ABAC policies should be simplified, localized and explained in terms of real-world examples. Organizations that don’t have them, should introduce precise gift-giving and entertainment policies. To make policies effective, all leaders, including line managers, must proactively educate employees that compliant behavior is not a hindrance to commercial success, and incentivize and empower employees to make compliance a top priority. Managers must model appropriate behavior and give people incentive to comply with policies at all times, even if it means losing a sale. Organizations must link reward and remuneration to ethical behavior.

 

2. Harness forensic data analytics

Harness forensic data analytics Compliance teams are being asked to review an ever-increasing volume of transactions but with fewer resources and greater time constraints. FDA is key to keeping up with the mountains of data organizations must sift through to prevent and detect fraud, bribery and corruption. Compliance teams need to use FDA to monitor the full range of data points — not just looking for red flags in financial data, but for example, using sentiment analysis of emails, text and chat, where legally permissible, to detect early warning.

 

 

3. Raise the bar for third parties

The region is moving at different speeds when it comes to the level of transparency and access to information about third parties. This is a challenge for businesses working in multi-jurisdictional environments and contracting across borders. As companies look to grow their businesses in the region’s emerging markets, compliance programs will need to raise the bar to include multiple ABAC and anti-competition laws and regulations, especially with APAC regulators continuing to focus on the risks third parties pose to companies.

 

4. Benchmark whistleblowing hotlines

Benchmarking will help organizations to identify whether their whistleblowing hotline is fit for purpose, if employees are aware of, trust and use the service. This will not happen unless people feel safe reporting fraud, bribery or corruption and have confidence that action will be taken as a result. Companies must adopt and enforce policies to protect whistleblowers from retaliation. They should also implement programs to encourage employees to report unethical behavior and ensure appropriate, consistent and transparent follow-up to their disclosures.

 

5. Treat data risk as one holistic program

Traditional cyber defenses are not coping with the evolving threat landscape and increased regulatory demands. Cyber criminals, hackers and malicious insiders — employees, former employees, contractors, business partners — are targeting organizations for their sensitive commercial information as well as their cash. Companies are increasingly vulnerable through careless employees and others not following technology security protocols. As a result, cyber and insider threats are part of one larger risk that will require a holistic approach for its detection, investigation and prevention.

Back to top