The EY Forensic & Integrity Services practice has a global reach. Find out who our country leaders are and how you can get in touch.
Our 2017 survey finds considerable evidence of increasing fraud risk. Significant numbers of respondents do not know about or do not understand compliance policies. A third do not feel comfortable reporting unethical behavior. Many are unaware of key fraud, bribery and corruption risk areas. As a result, as many as two-thirds of APAC employees said they are taking actions that they know are unethical or risky. A quarter say their colleagues are failing to report misconduct. Against a backdrop of economic and geo-political uncertainty, organizations need strong ethical leadership to give employees a better moral compass when making day-to-day workplace decisions.
Global cooperation is on the rise, with the work of the G20 (Group of 20) and B20 (Business 20) platforms and others having a noticeable effect. Never before have governments cooperated so extensively in combating bribery and corruption and imposing legal sanctions against fraud. As a further complicating factor, anti-corruption and anti-trust regulations are becoming entwined, increasing the complexity and difficulty of compliance.
Ethical standards are not improving
Despite survey respondents reporting that the majority of organizations have expanded or sustained their efforts to combat fraud, bribery and corruption, this investment in compliance policies and processes are not always translating into ethical conduct. More than a third of our respondents report that bribery is commonplace in their industry.
Standards are not being applied consistently
Almost half of our respondents warn that managers are ignoring unethical behavior and justifying misconduct to meet business targets, resulting in organizations where people do not feel comfortable reporting fraud, bribery and corruption. Distrust in whistleblowing hotlines has reached the point where some employees would rather go direct to the authorities than use an internal communications channel.
Compliance lacks clarity
Our survey also finds a significant number of employees do not understand critical elements of compliance policies and processes, highlighting areas where organizations need to strengthen their ethical leadership. For example, the findings indicate worrying levels of misunderstanding around ABAC policies and the risks surrounding.
With an increased number of respondents prepared to start looking for another job if their organization were to become involved in a major corruption scandal, providing strong ethical leadership has never been more critical. To ensure compliance policies deter unethical conduct, APAC business leaders must provide absolute clarity and consistency around how to reduce the risks associated with fraud, bribery and corruption. Companies should:
1. Revisit ABAC policies
Existing ABAC policies should be simplified, made more succinct, provided in the local language and explained in terms of real-world examples. Organizations that don’t have them need to introduce clear gift-giving and entertainment policies. To make policies effective, all leaders, including line managers, must proactively educate employees that compliant behavior is not a hindrance to commercial success, and incentivize and empower employees to make compliance a top priority.
2. Harness forensic data analytics
Forensic data analytics (FDA) is key to keeping up with the mountains of data organizations must sift through to prevent and detect fraud, bribery and corruption. Compliance teams need to harness FDA to monitor the full range of data points — not just looking for red flags in financial data, but also proactively using sentiment analysis of emails (where legally permissible), and text to detect early warning signs of misconduct.
3. Raise the bar for third parties
As companies look to grow their businesses in the region’s emerging markets, compliance programs will need to raise the bar to include multiple ABAC and anti-competition laws and regulations, especially with APAC regulators continuing to focus on the risks third parties pose to companies.
4. Benchmark whistleblowing
Hotlines benchmarking will help organizations to identify how to improve their whistleblower protection and effective reporting mechanisms. APAC companies must adopt and enforce policies to protect whistleblowers from retaliation and ensure appropriate, consistent and transparent follow-up to their disclosures.
5. Treat data risk as one holistic program
Cyber criminals, hackers and malicious insiders are targeting organizations for their sensitive commercial information as well as their cash. Companies are increasingly vulnerable through careless employees and others not following technology security protocols. As a result, cyber and insider threats have become part of one larger data risk that will require a holistic approach for its prevention, detection and investigation.
Q. Are any of the following increasing the challenges for the growth or success of your business?
Base: Total respondents (1,638), except government / public sector employees