Cyber security, corruption and unethical behavior pose significant risks for business enterprises, according to a new survey by EY titled “Overcoming Compliance Fatigue’ (here). At the same time business organizations may be focusing their efforts in the wrong area while not effectively implementing the effective building blocks of a good compliance system.
Cyber security: Cyber security is a critical risk faced by many business organizations The point is emphasized regulators, yet business organizations do not seem to agree. Regulators ranging from Mary Jo White, Chair of the Securities and Exchange Commission, to a UK Government minister who recently reported that about 93% of large organizations in that country have faced a breach in the past year have expressed concern over cyber security. The point is underscored in part by survey results concluding that 74% of those who suffered a breach last year had not publically disclosed it, a point which may pose a serious issue for the SEC.
Despite these warnings and statistics, many business organizations do not view cyber security as a significant risk. Almost 50% of those responding to the EY survey viewed it as a fairly low risk to their business. Indeed, 17% viewed it as a very low risk while only 19% saw it as a high risk.
Fraud: In contrast, fraud is perceived as a serious threat to business enterprises. More than 1 in 10 executives in the survey reported that they have experienced a significant fraud in the last two years. The level overall of fraud reported in the survey has remained largely unchanged in the last six years. Ten countries, however, reported significant increases. Those include the U.S., up to 16% in 2014 from 8% in 2012, China, up to 8% from 4%, Japan, up t 10% from 6% and Russia, up to 16% from 10%.
Bending the rules: To achieve financial goals, a significant number of executive indicated a willingness to bend the rules. This suggests that in certain instances executives may be leading in the wrong direction. Overall 6% of those responding in the survey indicated a willingness to misstate financial performance under some circumstances. In the survey 11% of CEOs indicated a willingness under some circumstances to misstate financial performance while 7% of CFOs, or those in finance, responded in the affirmative.
The number of executives willing to bend the rules or break the law is surprising, particularly in view of the zeal of enforcement officials in areas such as financial reporting and overseas corruption Regarding financial performance the survey found that:
- 33% may be willing to alter product return policies
- 14% may be willing to change assumptions determining valuations/reserves
- 11% may be willing to extend monthly reporting periods
- 8% may be willing to backdate a contract
- 47% may be willing to use at least one of the items listed above
Overall CFOs were more likely than others to justify changing assumptions regarding valuations and reserves; general counsels were most likely to justify backdating a contract to meet financial targets; and sales and marketing executives were most likely to introduce more flexible return policies to meet financial targets.
Anti-corruption: Consistent with these findings are those regarding bribery and corruption. This has been a focus of U.S. enforcement officials for years and, despite a dwindling number of cases recently, there should be no doubt that the focus continues. While the U.S. continues to be the leader in these enforcement efforts, other countries are stepping up theirs, according to the Report. Those include Germany, Italy, France, the Netherlands, China and Mexico.
Despite the increasing efforts of enforcement officials, there is no change in the perception of executives regarding the risks of bribery and corruption. The Report concludes that there has been no reduction in the perceived level of bribery and corruption over the last two years. There also continues to be a willingness on the part of a significant number of executives to participate in unethical actions to win or retain business. The Report found that in the C-suite:
- 35% would use entertainment to win/retain business
- 18% would use personal gifts to win/retain business
- 13% would use cash payments to win/retain business
- 41% overall would use one of the methods listed above to win/retain business
Compliance: Despite an emphasis on compliance there may be what the Report calls “compliance fatigue.” Overall the Report found that:
- One in five business still do not have an anti-corruption policy
- Less than 50% of executives have attended anti-corruption training
- There has been a reduction in the level of reporting on compliance issues to boards
Finally, even for those who have anti-corruption compliance programs, there are suggestions that critical issues are not being addressed. For example, less than one third of business organizations are always, or very frequently, conducting anti-corruption due diligence as part of their mergers and acquisitions process. About 45% of companies have not implemented a whistleblower hotline. And, sales and marketing executives are the least likely to be included in risk assessment despite being exposed to significant risks. Overall, the Report findings present surprising and disturbing trends regarding potential threats of fraud and corruption, the willingness of executives to engage in unethical or wrongful conduct and compliance efforts.