The report (available here in pdf) amplifies the growing bribery and corruption risks that third parties present and the challenges companies face in monitoring these intermediaries. It also examines companies’ lack of monitoring efforts in their own anti-bribery and corruption (ABC) compliance programs. And, it explores the compliance pressures organizations face as a growing number of governments have passed ABC regulations.
KPMG, together with Singapore Management University, performed a survey across 64 countries, receiving 659 responses. Respondents considered themselves “one of the most senior persons in charge of day-to-day ABC matters at their companies” and represented companies of varying size across a spectrum of industries including banking, life sciences, manufacturing and energy and natural resources.
Some key findings:
- Only 29 percent of respondents said their companies have right-to-audit clauses over third parties and 41 percent of those with such clauses exercised these rights.
- Auditing third parties for ABC compliance ranked as the most challenging ABC issue faced by respondents.
- 8 in 10 respondents said their companies have a formal, written ABC compliance program, but only 58 percent said these programs include continuous monitoring and internal audit protocols.
- Only a quarter of respondents use data analytics to identify potential bribery and corruption violations and less than half of them continuously monitor the data.
- 60 percent of respondents indicated that mergers and acquisitions are part of their growth strategy; however, only 45 percent said their companies include ABC considerations in pre-acquisition due diligence.
As businesses globalize, the role of third parties that help facilitate cross-border transactions has expanded, heightening this source of bribery and corruption risk. According to the 2014 Foreign Bribery Report of the Organisation for Economic Cooperation and Development (OECD), more than three quarters of the 427 corruption cases analyzed involved third parties.
While many companies are performing due diligence when bringing third parties aboard, they are not taking the next steps to monitor these intermediaries as demonstrated by the shortfall in those utilizing data analytics for such things as identifying ABC risks or to help determine which third party audit rights should be exercised. The lack of ongoing monitoring is not limited to third party policing efforts. There is also room for improvement in regular monitoring in companies’ own ABC compliance programs.
Data analyticsintegral to effective monitoring
Since business activities are often captured electronically, it is critical that companies have data analytics technology and resources needed for ABC compliance. To properly analyze data for potential violations, an organization must understand the risks and how to flag data to identify abnormal activity.
Regulation sweeping the globe
The Foreign Corrupt Practices Act and the UK Bribery Act are also prompting suppliers and partners of U.S. and UK companies to develop ABC compliance programs. 79 percent of respondents listed outside of the U.S. and UK have developed formal ABC compliance programs.
Companies conducting business globally must also contend with the growing number of governments introducing new ABC regulations or tightening existing ones. Such businesses require global compliance programs that account for national regulatory differences.
M&A ABC due diligence challenges
ABC due diligence may be difficult when information about the M&A target is restricted — particularly in auctions or when buyers are competitors. ABC monitoring challenges can also continue post-acquisition, beginning with integrating compliance programs and data.
Prioritizing risk assessment
Risk assessments help companies determine where risks are heightened and controls are lacking. As their compliance programs mature, U.S.-listed companies in particular appear to be prioritizing risk assessments, with more than 80 percent of those respondents saying their companies undertake ABC risk assessments as part of overall risk assessments or as a separate activity compared with 58 percent of unlisted respondents and those not listed in the U.S.
Phillip Ostwalt is a partner and global investigations network leader at KPMG LLP. He has nearly three decades of accounting and advisory services experience with public accounting firms and in private industry. He specializes in performing financial, accounting and regulatory investigations on behalf of public and private companies, organizations, audit committees, special committees and their counsel.
Marc Miller is the advisory risk consulting service leader for life sciences and partner in KPMG LLP’s forensic advisory services. His experience includes forensic accounting investigations in connection with management and audit committee investigations, U.S. Department of Justice, Securities and Exchange Commission and international enforcement relating to alleged violations of the bribery and corruption laws, financial reporting and disclosure issues and misappropriation of assets.