Chief compliance officers today face growing data privacy regulations; cyber-security controls being stressed by remote work and surging ransomware attacks; and intensified attention being paid to environmental, social, and governance (ESG) disclosures. It’s all happening at a time when cash-strapped organizations are at their wit’s end.
It is against this backdrop that a panel of experts with Kroll held a Webinar on July 1 to explore key findings from the risk consulting firm’s “2021 Anti-Bribery and Corruption Benchmarking Report,” which garnered responses from 200 senior risk professionals from around the world.
The survey highlights current third-party risk management (TPRM) trends such as evolving challenges with enhanced due diligence, the rise of automation, the growing incorporation of ESG matters into compliance programs today, and more.
According to the survey’s findings, 90 percent of respondents expect bribery and corruption risks to increase or remain the same as compared to last year. Most respondents (51 percent overall) rated their anti-bribery/anti-corruption (AB/AC) program as highly effective.
This high level of confidence shows the progress compliance departments have made over the last five to 10 years, noted Judith Barendse, an associate managing director in the Compliance Risk and Diligence practice at Kroll.
By region, the United States and Canada expressed the highest level of confidence in AB/AC compliance at 66 percent. In the United States, given President Joe Biden in a recent directive instructed U.S. federal agencies to make combating corruption a national security interest, “this is the appropriate time for compliance professionals to take another look at their program,” Barendse said. “Showing your senior management and board this renewed focus from this administration I think will really be helpful for compliance officers in terms of getting additional resources, if needed.”
European respondents expressed the least amount of confidence in AB/AC compliance at 40 percent. This might highlight, in part, that European companies are still playing catch-up with the United States as awareness of AB/AC implementation continues to grow, noted Veronique Foulon, a senior manager in the Compliance Risk and Diligence practice at Kroll.
Enhanced due diligence
More than 85 percent of respondents said their third parties undergo some level of enhanced due diligence. Additionally, 31 percent reported their organizations now conduct enhanced due diligence on more than half of their third parties. That’s compared to just 12 percent in last year’s survey.
For the first time this year, Kroll took a closer look at the process-related challenges compliance departments encounter when conducting enhanced due diligence externally. According to the findings, 22 percent of respondents listed data security as their greatest threat at the enhanced due diligence stage of the third-party onboarding process. Closely behind was costs (19 percent) and “lack of knowledge” (18 percent).
Kroll also asked respondents what triggers they look for in conducting enhanced due diligence. Top responses included red flags identified from a screening database or onboarding (35 percent), high-risk jurisdiction operations (34 percent), and potential relationships with politically exposed persons (28 percent).
In the survey, 72 percent of respondents reported they have sufficient technology to address current challenges, but just 36 percent said they use an automated solution to aid in the due diligence process.
Before they can even think about implementing any new technologies, compliance officers must first ensure they correctly calibrate their risk assessment and rating process of third parties, Barendse said. It’s also important that data be kept in a central repository accessible to all business functions—legal, compliance, risk, and internal audit—she said.
Spotlight on ESG
For the first time, Kroll assessed how companies are incorporating ESG compliance into their AB/AC compliance program. An important point here, however, is that compliance and ESG are two very different pillars.
“Naturally, the governance aspect of ESG is where there is clear coordination,” said Michael Watt, associate managing director in the Compliance Risk and Diligence practice at Kroll.
Practical examples might include compliance having third parties attest to the company’s environmental and social policies or conducting due diligence and third-party risk assessment questionnaires.
While 65 percent of respondents agreed bribery and corruption risk relative to ESG is important, the survey also found region-specific needs and interests drive whether ESG is integrated into compliance programs. “For example, the push for ESG in Latin America is primarily driven by environmental and social concerns stemming from the extractive industry’s negative impacts, while in the Asia-Pacific region, the focus lies on business resilience and employee rights,” Kroll stated in its report.
By region, 36 percent of respondents in North America (United States and Canada) said their organizations currently integrate ESG into their AB/AC compliance program, compared to 64 percent in Asia Pacific, 62 percent in South America, and 52 percent in Europe.
Currently, a lot of confusion surrounds the criteria for ESG implementation and reporting. Such ambiguity “may have led respondents to feel that, for now, the workload to implement ESG outweighs the rewards of any ESG program in an anti-bribery and anti-corruption compliance program,” Foulon said.
As regulators pay more attention to ESG matters, particularly in North America, it may further necessitate compliance officers making additional changes to their AB/AC compliance programs. From a TPRM perspective, this action might require, for example, incorporating additional ESG topics—such as modern slavery and climate-related impact issues—into third-party questionnaires.
Concluded Barendse, “This is rapidly becoming a more important topic.”