Download the Global Fraud Survey 2018
Download full report as a pdf.
The digital disruption of business and increased data privacy legislation is increasing fraud, corruption and compliance risks.
We are in an era of digital transformation that continues to challenge how all aspects of business are conducted – and the implications for the legal, compliance and internal audit functions are significant.
Ninety-one percent of our survey respondents stated that their organization will be using advanced technology, such as digital payments, “Internet of Things” (IoT), robotics and artificial intelligence, regularly within the next two years. Organizations, of course, are embracing these technologies with differing levels of enthusiasm. It is worth noting that, while the majority of our respondents state that their organizations will soon be regularly utilizing digital payment systems, just 4% expect to be conducting business using cryptocurrencies.
However, digital transformation has also created new risks.
With ever-expanding volumes of customer and employee data, the proliferation of digital technologies will create more complexity for companies regarding data privacy. Given the recent high profile data breaches and elevated levels of consumer concern regarding data privacy, as well as robust new regulation in this area, companies will be challenged as never before by information governance.
Open and connected business models are likely to result in increased exposure to cyber threats and ransomware. In the last two years, cyber attacks have been widespread and have included a global ransomware campaign that impacted over 45 countries. It is therefore not surprising that 37% of our respondents see cyber attacks as one of the greatest risks to their business.
The good news is that advances in technology, particularly in artificial intelligence, machine learning and automation, can be used to transform legal and compliance functions. Incorporating FDA into a company’s digital strategy is an opportunity to enhance risk mitigation and improve business transparency.
Our recent Global FDA Survey “How can you disrupt risk in an era of digital transformation?”* demonstrated a strong recognition by respondents of FDA’s effectiveness in managing various risks including corruption, financial statement fraud, data protection and data privacy compliance, and cybersecurity.
A growing digital footprint alters the traditional risk landscape for individual companies and entire industry sectors. Out-of-date risk assessments and antiquated policies, procedures and controls can result in companies missing opportunities to help employees comply with company policy. Worse yet, such gaps can be exploited by rogue employees intent on fraud, data theft or other illegal acts. It is important that the effectiveness and efficiency of compliance is improved. Failing to do so exposes the company to regulatory and law enforcement scrutiny.
* Global Forensic Data Analytics Survey 2018: How can you disrupt risk in an era of digital transformation?, EY, 2018.
The survey found that more than one-third of business leaders see fraud and corruption as one of their greatest risks. Indeed the scale of fraud and corruption remains significant and we have seen no improvement in the results at a global level since 2012.
More than 1 in 10 of our respondents are aware of a significant fraud in their company in the last two years. In the Middle East, Latin America and Japan, this percentage is higher. The propensity of respondents who would justify fraud to meet financial targets has increased on a global level since 2016. We found that 12% of respondents would justify extending the monthly reporting period, 7% would backdate a contract and 7% would book revenues earlier than they should be meet financial targets.
Responses to this survey over the last eight years show that countries and organizations are moving too slowly to tackle corruption.
In 2018, 38% of our respondents stated that bribery/corrupt practices happen widely in business in their country, with no improvement since we first asked that question in 2012 (38%). We continue to see a trend that respondents perceive risk to be higher in their country than in their business, with only 11% of our respondents believing it is common to use bribery to win contracts in their sector.
A significant minority (13% globally) of our respondents would justify making cash payments to win or retain business. This increases to 22% of respondents in the Middle East and 29% of respondents in Far East Asia. Worryingly, 18% of our respondents in a financial position would justify these payments and even 6% of the heads of compliance surveyed.
We found that respondents under 35 years of age are more likely to justify fraud or corruption to meet financial targets or help a business survive an economic downturn, with 1 in 5 younger respondents justifying cash payments compared to one in eight respondents over 35.
We also found that the under-35 age group would be more likely to act unethically to meet financial targets than older respondents. This observation is consistent with the results of our 2017 EMEIA and Asia Pacific Fraud Surveys.
The fast-paced and competitive business environment might be a cause of this with more pressure on junior professionals to succeed. A 2018 study of 40,000 college students in the US, UK and Canada found that today’s young adults feel significantly more pressure to measure up to their peers. *
By 2025, 75% of the global workforce will be comprised of millennials. ** Born in the ’80s and ’90s, millennials have never known the world without internet, email or instant messages. As this tech-savvy generation take leadership roles, they will influence the behaviors and values of generations to come.
The responses of our interviewees indicate that younger generations are more likely to justify corruption. It would be interesting to see if organizations are cognizant of this indication from polling of employees within their organization and/or the root cause analysis of instances of misconduct.
* ”Perfectionism Is Increasing Over Time: A Meta-Analysis of Birth Cohort Differences From 1989 to 2016,” York St. John University. Psychological Bulletin, 28 December 2017.
** “A global study on work-life challenges across generations”, EY Global generations.
Business is changing fast — and with that comes the challenge of influencing the behavior of diverse, dispersed employees and third parties amidst intense competitive pressures and increased regulation. With this pace of change, management and compliance functions need to evolve how they work to identify new fraud and compliance risks.
There is an increased pressure for organizations to make acquisitions to both accelerate growth and profit from less familiar developed markets. With global M&A activity on the rise, companies are increasingly acquiring distribution networks and new relationships with third parties that can expose the parent company to additional or unfamiliar risks.
In many cases, the acquirer has relied on the anti-corruption due diligence performed by previous management. Higher-risk business practices, including substantial volumes of cash payments to third parties, could be common in the acquired company’s operations, posing new and complex challenges to the acquirer.
Addressing these multiple challenges is often made more difficult by the budget pressures facing the compliance and internal audit functions. Sixty-six percent of heads of compliance surveyed stated that compliance spend needs to increase.
For many companies, there is an opportunity for compliance functions to better optimize their resources. A compliance program that more intensively leverages data analytics can lead to more effective risk management and increased business transparency.
Traditional classroom training and web-based learning are not inexpensive, including the cost to productivity. More importantly, the lessons provided to employees may have been long forgotten before they face a situation for which they had been trained previously.
Our experience also shows that most companies do not disaggregate employees based on risk factors. A “one-size-fits-all” approach is not the most efficient or effective way to deliver key compliance messages.
Extending FDA’s benefits beyond basic risk functions can increase business transparency and improve operational efficiency. With the right level of investment and leadership support, data and technology will better address fraud and compliance risks while also offering business insight that can inform strategy.
Our experience with a number of major corporations suggests that there are ways to increase effectiveness and efficiency by more intensively leveraging FDA.
Are organizations ready for GDPR?
The EU General Data Protection Regulation (GDPR) will be in force from 25 May 2018. The GDPR will apply to any company that does business with residents of EU countries. Companies found to be non-compliant could face fines of up to 4% of their global turnover. The legislation also includes “the right to be forgotten” which entitles any individual to request a company to erase their personal data.
Each request to have personal data erased would require an organization to identify the relevant data, communicate with the customer and provide formal statements.
Alarmingly, one in four of respondents are likely to assert their right to have personal data erased. Even if only half of this percentage of respondents assert their right to be forgotten, the technology and administrative burden on companies will be immense.
Interestingly respondents in the under 35 age group are significantly more likely (30%) to assert their right to have personal data erased. This may be explained by under 35s more intensive use of e-commerce and social media and a greater concern for their data being put at risk by cybersecurity breaches.
Our survey suggests that many organizations are not prepared for this impact with just 40% of respondents globally knowing GDPR at least fairly well. Worryingly, over 1 in 10 of legal and compliance respondents within the EU do not know GDPR at least fairly well. The lack of awareness for global companies headquartered outside of the EU that hold EU citizens’ data is a significant risk. Our recent Global Forensic Data Analytics Survey found that only one in three of respondents had a plan to address GDPR compliance.