More than six years after the beginning of the financial crisis, high-profile regulatory enforcement actions continue to dominate the headlines. The prosecutions, fines and disgorgements have not been limited to just banks and insurers, but have spanned across all industries and sectors.
The latest instalment of EY’s long-running series of global fraud studies includes interviews with more than 2,700 executives across 59 countries helping us understand unwelcome trends in various markets. More importantly, our findings have facilitated meaningful dialogue within organisations now asking themselves tougher questions more than ever.
EY’s research suggests that there may be a persistent level of inappropriate conduct that cannot be eradicated. That’s not to say that companies and their stakeholders should accept illicit behaviour — rather, companies need to uncover such conduct much earlier and focus on minimising negative impact on the business.
Unethical behaviour persists in the Middle East
The incidence of fraud and reported levels of corruption are not declining. A persistent minority of executives appear willing to justify unethical behaviour; 6 per cent of global respondents — including C-suite executives — are willing to justify misstating company financial performance.
Twenty-two per cent of Middle East respondents experienced significant fraud in their organisation in the last two years, compared to 12 per cent of organisations around the world, highlighting a major need for change.
Out of four types of unethical behaviour — misstating company’s financial performance, offering entertainment, personal gifts, cash payments to win/ retain business — 50 per cent of Middle East respondents thought that at least one of these behaviours could be justified if they help a business survive an economic downturn.
Companies need to address emerging external threats, such as cybercrime — which, like other threats has the potential to cause significant reputational and financial damage. Cybercrime is a fast growing risk in the region; 66 per cent of Middle East respondents thought that cybercrime poses a high or very high risk to their organisation compared to 49 per cent of businesses globally.
Robust board oversight and senior management engagement is critical
Compliance risks cannot be effectively addressed without robust oversight by the board. It is essential that the board sets a demanding plan, continues to ask tough questions and actively holds senior management accountable for results. An increased level of scrutiny will drive a higher level of engagement among senior executives and should reduce the risk of compliance activities being delegated too far.
Furthermore, senior management are more exposed to risks compared to other levels in the organisation. For example, our survey shows that CEOs across the world are three times as likely as other respondents to have been asked to pay a bribe. Yet the results show C-suite respondents being less likely than their teams to attend anti-bribery and anticorruption (ABAC) training or participate in ABAC risk assessments.
Engagement in compliance efforts is not just about protecting the business, but also protecting oneself. While attendance for ABAC training for senior management was 22 per cent higher in the Middle East compared to their global counterparts, the fact remains there is a disconnect between what is learnt in the classroom and what is practised on the field. Companies, CEOs and managers alike need to realise that ABAC training for the purpose of marketing their business does not mitigate any risks.
Engagement and application of the training are essential if a company is going to safeguard itself from threats, all of which starts from the tone at the top.
Six leading practices in fighting fraud
1. Boards need to appropriately challenge management regarding the quality and frequency of their risk assessments, particularly around new threats like cyber fraud and cybercrime. Board members can push the company to foster better collaboration between legal, compliance and internal audit, ultimately leading to regular updates from management on fraud, bribery and corruption risk.
2. Among other things, with the surge of greater technological advances, mining big data using forensic data analytics (FDA) tools can invariably improve compliance and investigation outcomes. When correctly performed, FDA allows management to effectively present and illustrate relevant information to the board in a more digestible format.
3. Specialised due diligence should be the norm, not the exception. If conducting such work pre-close is not possible, then performing robust post-close procedures are essential to identify and disclose any illicit activities to the regulators, given that liability may be held by the company if events are not disclosed to the regulators in time.
4. Companies need to have clearly defined escalation procedures to minimise the damage and speed the process of board notification. When necessary, organisations should consult with outside legal counsel, forensic accounts and IT security professionals.
5. Companies should have ABAC training programs tailored to general job functions and levels of seniority. The training should be offered in local language and should include a mix of classroom and various media components. Participant information should be tracked and business unit leaders, including those in foreign locations should be evaluated on participation levels.
C-suite executives need to lead from the front on training and cannot be exempt from it. Ideally, board members should be trained as well.
6. There needs to be budget support for internal audit and compliance functions. While the business needs to own the risk, internal audit and compliance play essential roles in both improving standards of business conduct and in keeping the company out of trouble.
Companies, their boards and other stakeholders would be well served to deliver on these important priorities. With more focus on driving revenues from less mature markets, the challenges for companies are getting increasingly complex. At the same time, regulators are working together across borders as never before to hold companies and their executives accountable.
The time to reinforce the commitment to ethical growth is now.
The writer is a Partner, MENA Fraud Investigation & Dispute Services, EY, the global consultancy.
