A joint Kroll/Compliance Week survey recently demonstrated that businesses still have ground to cover when it comes to achieving robust and effective ideal anti-corruption compliance programs. Nearly 250 companies from various industries responded to the survey. Questions focused on resources and authority available to Chief Compliance Officers for addressing corruption risk, what those risks are, and what due diligence and other tools the CCOs use to manage those risks.
A handful of issues had positive survey responses such as basic policy implementation. “A majority of CCOs now say their anti-bribery policies are formal, written documents, usually embedded in the company’s Code of Conduct,” and two-thirds review those policies annually or more frequently.
Other common compliance issues fared less well such as cross-functional coordination, which caused a lack of confidence in financial auditing for a number of CCOs surveyed. The primary reason for CCO lack of confidence was related to catching books and records violations due to “poor reporting relationships or collaboration.” Those surveyed doubted whether employees in the finance department were aware that they should bring concerns about improper payments to the CCO.
Least favorable were the answers on third parties. The report mentions that 92% of respondents depend on third parties to do business to some degree, with the average business using more than 2,900 unique third parties. And while 92% of those surveyed perform due diligence, 48% never train their third party business partners on anti-corruption requirements.
These third party concerns are likely why automation has become part of the survey as well. Training the large number of third parties that businesses deal with on a regular basis can become a daunting task when supply chains can span dozens of languages and hundreds of countries. With so many third parties, automation will play an increasingly important role in effective compliance, but so will risk-based due diligence.
Similar to Assistant Attorney General Leslie Caldwell’s comment about not expecting companies to “boil the ocean” during internal investigations, companies also are not expected to burn the midnight oil when performing due diligence on every individual third party. A risk-based, tiered approach allows companies to keep their due diligence cost-effective by assessing business partner risk and allocating resources accordingly.
Sign up for CREATe’s June 4th webinar to learn more about third party due diligence for anti-corruption.