Global Fraud and Risk Report 2021/22 – At Your Fingertips: Why Aren't More Businesses Leveraging Data to Prevent Bribery and Corruption?
When does the pressure to succeed surpass the obligation to comply? All businesses are vulnerable to the tension inherent to this quandary, carefully balancing their profit and desire for growth with their values and ethics. Dissipating this tension is perhaps the number one challenge facing businesses in their attempt to curb bribery and corruption, but it’s far easier said than done. Do they enforce zero-tolerance at the expense of growth, or allow individual staff members the freedom to do the right thing?
Where blanket compliance policies fall short in preventing corruption, cultural shifts built on actionable “on the ground” intelligence from the very fringes of an organization can succeed. It’s a question of balance. Just because a compliance policy is in place does not automatically mean it’s working. A company’s compliance goals may be crystal clear in their idealism, but in practice the route there is far from simple to navigate.
America’s first post-modern novelist, William Gladdis, who grew up during the Great Depression and subsequent Wall Street boom, once wrote, “Power doesn’t corrupt people, people corrupt power.” Once the cultural seeds of bribery and corruption have been sown in an organization, they’re near impossible to weed out. While it’s tempting to scapegoat external parties, players and environmental factors, businesses need to first turn their attention inward if they are to stop these seeds from germinating. Poor record-keeping or the inability to adequately monitor frontline teams and regional offices are typical vulnerabilities that are often overlooked. Whatever their weaknesses when it comes to mitigating corruption risk, the silver lining is that businesses are starting to sit up and pay attention.
Kroll’s own survey found that more than seven in 10 businesses believe that bribery and corruption are now being given sufficient board-level attention and investment. Many of those businesses have started using data analytics to proactively detect risks and have structures in place to conduct enterprise-wide risk assessments. So why, in the very same survey, did 82% of businesses still feel that corruption was having a marked and detrimental impact on their organization, and what more can be done about it?
The Human Touch
An organization can have the best possible analytics system in place, but if the human elements of the chain aren’t well managed, educated or equipped to act, things will undoubtedly fall through the cracks. Like any enterprise-wide system, the procedures employed to mitigate risk are only as strong as their weakest link which, in most circumstances, is the human mind. Despite businesses now ostensibly investing more in anti-bribery and corruption and giving it the attention it deserves in the boardroom, that’s only half the battle.
Data from Kroll’s survey suggests that nearly three-quarters of C-suite executives believe that their organization’s anti-bribery and corruption controls are effective at preventing and detecting high-risk activity, which seems to run counter to the “significant” impact corruption is said to be having on eight in 10 businesses, as outlined above. Humans are fallible and leaders can be a poor influence, but what we’re seeing here is a gap between the human element of anti-fraud and risk management and the role of automation. Both elements are essential, but they must work together hand-in-hand if a business is to move toward proactive prevention rather than reactive remedial action.
Businesses must also strive to make fraud prevention an enterprise-wide responsibility, rather than simply a siloed service. Managing this risk is not a one-person or even a one-department job; it’s a cultural value that must be regularly communicated, upheld and reinforced.
Thankfully, companies appear to be shifting toward enterprise-wide risk assessments and, crucially, enterprise-wide responsibility. Some of these trends include educating staff on the latest risks and vulnerabilities around bribery and corruption, as well as designing tailored control frameworks instead of having one blanket solution in place. However, where businesses can really step up their anti-bribery and corruption efforts is with the technology that’s employed, and, critically, how it’s employed.
Data-Driven Assessments
Data analytics is a very broad area and is often misunderstood in terms of its specific applications and vast potential. It has almost become trite for a business to say that it’s “data-driven,” but almost all businesses are. However, just because a business collects and uses data doesn’t automatically make that business untouchable. Some will be very effective in their data-driven approach by using everything that’s available to them, but some won’t have the internal technology, talent or resources to properly combine complex queries and analysis with the intelligent setting of criteria.
But if a business is properly resourced–either by hiring internally or leaning on a partner–it can start relying more heavily on technology to solve the corruption conundrum rather than its innately fallible human workforce. Then it becomes less about human judgements and more about objective data. Data can be misinterpreted, but it cannot lie. Corporations that have mastered the mitigation of corruption risk understand this, and instead of blindly pouring resources solely into human-led anti-bribery measures, they’re tempering them with objectivity, live monitoring and 360-degree visibility in the form of data analytics.
Like most things that elude humans, risk itself can be detected through the identification of anomalies and patterns, particularly over large data volumes. If a sophisticated data analytics platform is deployed within an organization, it can monitor activity and mine information in even the most far-flung corners of the businesses, regardless of geography. A human intelligence team can then investigate, and red flags raised by the system to establish whether it warrants investigation or is merely a false positive. Such technology would allow one person to do the work of ten auditors, amplifying the ability of small risk management teams.
While it’s encouraging that more businesses are leveraging these tools to their advantage, there are still doubts as to whether that advantage is being pressed hard enough. Live, data-driven monitoring that reaches every tendril of a company’s reach is what is needed, from field operatives to regional offices, and the technological potential is there. The question is, are businesses able to combine this technology with the human element of their business in a balanced and effective way?