Managing Third Parties

The KPMG survey identifies the top risk associated with anti-bribery and corruption activities as the risk from third parties associated with the company. These third parties, although a part of the organization, are typically far removed from management and its culture, making compliance efforts difficult. The survey states “according to the Foreign Bribery Report of the intergovernmental OECD, more than three-quarters of 427 corruption cases analyzed involved third parties.” Although many companies acknowledge the risk with third parties, more than 34 percent of respondents admitted that they do not formally identify high-risk third parties. The acknowledgement of this risk and a lack of processes to manage this risk suggest that there is a large gap organizations need to fill to proactively address these issues. 

Enforcing ABC Risk Management Programs

Compounding the issue of third party risk is the fact that many companies do not manage the third parties effectively. Although the company itself may not have direct control over the related party there are steps that they can take to reduce or prevent bribery and corruption. The survey mentions that many companies have policies and procedures related to risks arising from ABC activities but that it not applied to third parties or at lower levels within the organization. However, more companies are now paying attention to the issue and know they are not doing enough. The survey reports, “five years ago, people thought they were doing enough in the area of ABC compliance, and now they realize they are not. They know it’s a problem and that they have to do more.” 

Merger and Acquisition Risks from Bribery and Corruption

A large contributor to the increased risk of bribery and corruption can be attributed to the increased levels of cross-border mergers and acquisitions. For companies listed in the U.S. and UK almost 71 percent of respondents stated that they take part in some form of M&A activity. The issue is that many companies do not take ABC activities adequately into account when going through a merger or acquisition. Only 69% of U.S. and UK companies state that they put ABC considerations in the due diligence process at the start of an M&A deal. Making matters worse, most target companies attempt to restrict information about how they perform their operations and with whom they do so. The survey states that the best solution to this issue includes hiring an independent party that signs a non-disclosure agreement to assess the bribery and corruption risks before the M&A is complete.

A Need for Controls

Effective internal controls can greatly reduce the risk of bribery and corruption. This holds true for third party organizations as well as the company itself. The problem facing many companies is the lack of resources to thoroughly evaluate a third party’s control framework. As such, many third party organizations know that they are most likely not going to be held accountable. The survey reports that companies are failing to compel business partners to follow compliance programs, have failed in following through with right-to-audit clauses, and do not implement tailored training programs to deal with local circumstances and customs. 

Leveraging Data Analytics

Many of the problems with managing ABC are related to the lack of resources and manpower that companies are facing. Data analytics provides companies with an effective low cost solution. When asking companies if they used data analytics to monitor ABC issues, only 42 percent stated that they continuously monitor data looking for violations. Given that ABC can represent a sizable risk to companies for both reputation and their operations, the survey questions why a data analytics approach is not employed in a majority of organizations. The explanation that is most commonly offered relates to a lack of integration between the computer systems of the company and the third party. This lack of integration greatly increases the cost and difficulty of implementing an effective data analytics solution.