A rise in reputational risk is driving many boards of directors to get more involved in the oversight of anti-corruption compliance efforts, according to a new benchmark report.

Released on March 15, the 2017 Anti-Bribery and Corruption Benchmarking Report, conducted by Kroll and Ethisphere, examined the types of bribery and corruption risk compliance officers face and discussed the know-how necessary to mitigate those risks. One overall trend to come from this year’s report is a clear focus on reputational risk.

As a direct result of this, boards are “increasing their activities and enhancing their knowledge and expertise” to better evaluate and monitor the effectiveness of anti-bribery and anti-corruption compliance programs, according to the report. In particular, the findings revealed a “marked increase in discussions about potential bribery and corruption exposure among boards of directors.”

Additionally, more companies this year than last year are including anti-bribery and anti-corruption matters in director onboarding and periodic training. Similarly, more companies now cover anti-bribery and anti-corruption concerns during their ethics and compliance program updates with the board.

“Directors, particularly independent directors, know that this is a significant reputational risk for the organizations they are charged to oversee, and they want to be well-grounded in the steps the company is taking to address the risk,” said Erica Salmon Byrne, executive vice president at Ethisphere. “Equally importantly, they want to know how they can help.”

In addition to a rise in reputational risk, mounting regulatory expectations place additional pressure on boards to escalate compliance-related matters and enhance their levels of expertise. The Department of Justice’s recently released “Evaluation of Corporate Compliance Programs” is just one example.

When evaluating the effectiveness of corporate compliance programs, one element it will consider is board oversight. Specific questions the Department of Justice mentions include:

What compliance expertise has been available on the board of directors?

Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions?

What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?

The report further indicates that senior leadership engagement regarding anti-bribery and anti-corruption efforts also is on the rise. Fifty-one percent of 388 ethics and compliance professionals said that their senior leadership is “highly engaged” with anti-bribery and anti-corruption efforts, reflecting a four-percentage point increase over the previous year.

“No matter how many compliance controls and procedures you have in play, the finance function and, ultimately, the CFO will always be the third line of defense.”
Zoe Newman, Managing Director, Kroll

Finance as a partner. Another notable finding from this year’s report is the invaluable role that the chief financial officer and the finance team play in regard to anti-bribery and anti-corruption efforts.

According to the report, 37 percent of respondents said the CFO plays an “active” role, while another 36 percent said the CFO plays a “supportive or passive role.” Fourteen percent said that the CFO is “not involved” in such efforts.

With an enterprise-wide view of operations and transactions, including dealings with complex cross-border accounting controls and awareness of customs regarding local payment terms, “the finance team is turning into a formidable line of defense against corruption,” the report states.

“No matter how many compliance controls and procedures you have in play, the finance function and, ultimately, the CFO will always be the third line of defense,” said Zoe Newman, managing director at Kroll. “Local country operations are often the most at risk in terms of bribery and corruption; they’re often small, acquired, and isolated from the head office.”

“As a result, the practicalities of implementing head-office compliance controls locally are more complex and fraught with risk, particularly when dealing with an autocratic country head,” Newman added. “In these situations, the finance function plays an even more important role.”


In the Kroll Anti-Bribery and Corruption report, respondents were asked to rank the reasons that potential third parties fail to meet their standards. Below are the 2017 responses in comparison to the 2016 responses.

It is critical that the CFO provide sufficient oversight, she said, “and that the local function is empowered to question transactions, ensuring that they are carefully reviewed before being signed off and authorized by finance.”

Respondents who said their CFOs played an active role in their company’s anti-bribery and anti-corruption compliance programs were almost four times as likely to feel “extremely prepared” to manage bribery and corruption risks. On the opposite end of the spectrum, those who did not have an actively involved CFO felt they did not have enough resources to manage bribery and corruption risk.

“With a growing universe of third parties and regulatory enforcement driving an increase in overall risk, the finance department’s oversight of local business records and close eye on local operations remains one of the best ways to limit potential exposure,” the report stated.

Mitigating reputational risk. The report also discussed ways in which companies can mitigate reputational risk in the context of anti-bribery and anti-corruption compliance programs. That starts with understanding where vulnerabilities in the program lurk.

Survey respondents cited third parties as the biggest risk to their company’s anti-bribery and anti-corruption programs. Specifically, their top concerns with third parties focus on reputation, as well as bribery and corruption risks.

“Consistent with these stated concerns for the respondents who rejected one or more third parties at the outset of screening, general reputation concerns were the most likely reason,” the report stated. This finding is in stark contrast to last year’s report, when general reputation and integrity concerns were the least likely reason third parties failed to meet company standards, “a stunning reversal in just one year,” the report notes.

Managing personal risk.  The report also revealed that respondents continue to be concerned about personal liability, with one-third of respondents reporting a greater level of concern in this area than the prior year.

A series of recent regulatory developments around the world may be fueling this concern, including the U.K. Senior Managers Regime, the Yates Memo in the United States, and new, stringent legislation, such as France’s Sapin II law. “Together, these regulatory changes make higher fines and prison sentences a much sharper risk for directors and risk professionals,” said Kevin Braine, Kroll’s managing director and head of compliance, EMEA.

Another troubling aspect to this development: “Qualified compliance professionals may be chilled from taking on this key governance role in organizations in high-risk industries,” creating the potential for even greater risks to emerge, the report warns.

Particularly in an era of regulatory uncertainty in combination with a greater focus on personal liability by regulators, it is more important than ever before for ethics and compliance professionals to reevaluate and develop their anti-bribery and anti-corruption compliance efforts as one of the most effective measures in preventing both reputational and financial damage. It is of increasing importance, too, that boards of directors and senior management get actively involved and seek ways to foster these efforts.