EY India - 15th Global Fraud Survey for Fraud Risk Management

Views:
 
     
 

Presentation Description

This PDF is the 15th edition of the Global Fraud Survey conducted by EY. In today's times of major advancement in technology, business leaders give their points of view on the risks and challenges big firms face in terms of fraud and corruption. The survey also sheds light on how organizations are tackling these risks through upgraded technologies and growing compliance efforts. Download now to read in detail.

Comments

Presentation Transcript

slide 1:

Integrity in the spotlight The future of compliance 15th Global Fraud Survey

slide 2:

Contents Foreword 3 Executive summary 4 The outlook for fraud and corruption 6 The effectiveness of anti-corruption efforts 12 Putting integrity on the management agenda 18 Conclusion — the future of compliance 22 Survey approach 24 Contact information 26 • Visit the fraud surveys website ey.com/forensics 15th Global Fraud Survey 2018 2

slide 3:

As the new global leader of EY’s Forensic Integrity Services practice I am delighted to share EY’s 15th Global Fraud Survey. It contains insights from business leaders on the risks and challenges organizations face in fghting fraud and corruption in an era of signifcant technological advance. The survey also discusses how companies are addressing these risks through enhanced technologies and increased compliance efforts. Between October 2017 and F ebruary 2018 we interviewed 2550 executives from 55 countries and territories. The interviews show that fraud and corruption in business is not going away . We used the results to understand whether existing fraud prevention efforts by management and increased government enforcement are effective enough to fght fraud and corruption. Organizations increasingly use digital technology to change the way they do business which is heightening their exposure to fraud corruption and other risks. In the era of changing technology anti-corruption enforcement by agencies such as the Department of Justice DoJ and the Securities and Exchange Commission SEC in the US the Serious Fraud Offce in the UK and prosecutors in countries including Brazil Netherlands and France continues to accelerate. In this report we consider the impact that recent enforcement has had on the prevalence of corruption and whether companies’ compliance efforts are keeping up. We found that many businesses have reached a certain level of maturity in their compliance programs with the vast majority of executives interviewed aware of anti-corruption policies procedures and intent from management. However we see a mismatch between this awareness and employee behavior — and we continue to see ethical failures business losses and consequent reputational damage. So why integrity and why now The survey results suggest that the benefts of demonstrating organizational integrity go beyond the avoidance of penalties and can actually improve business performance. This makes sense: doing the wrong thing is a lost opportunity to do the right thing. Finally we explore the future of the compliance function. Advances in technology particularly in artifcial intelligence machine learning and automation can be used to transform legal and compliance functions. What is the new role of the compliance offcer when monitoring is performed by data analytics and real time training is delivered by artifcially intelligent robots What lessons have we learned for data protection compliance Increased global connectivity means that anyone with access to company data anywhere in the world can exploit weaknesses in data security . Companies’ critical digital and physical assets are therefore at greater risk of theft damage and manipulation by insiders than ever before. Our survey was conducted against a backdrop of controversy regarding customer data breaches and the forthcoming implementation of the EU General Data Protection Regulation. The survey results suggest a signifcant gap in awareness of GDPR for countries both inside and outside of the EU. T o ensure effective compliance with GDPR business will need to consider the required organizational changes and not just the introduction of more “paper policies”. It will be interesting to see if companies with a reputation for integrity give more confdence to consumers and therefore make their customers less likely to request deletion of their personal data. This report is intended to raise challenging questions for boards. It will we hope drive better conversations around fraud corruption and integrity more broadly . We thank all those who participated in our survey for their contributions and insights. We invite you to see our website ey .com/forensics which provides additional country — and industry-specifc information based on responses to key survey questions. Foreword Do the right thing because it’s the right thing to do and not just because the code of conduct says you should Andrew Gordon Global Leader F orensic Integrity Services 15th Global Fraud Survey 2018 3

slide 4:

Changing regulation increased enforcement and the adoption of new technologies are changing the risk landscapes that organizations must face. Our survey respondents see fraud and corruption among the greatest risks to their business and our results show there remains a signifcant level of unethical conduct. Executive summary No reduction in fraud and corruption Our survey found that although there were some improvements in certain countries fraud and corruption have not declined globally in the last two years. Although fraud and corruption remain more prevalent in emerging markets a signifcant minority of respondents reported widespread corruption in developed markets. The impact of enforcement The last two years have seen an unprecedented level of fnes from governments with dramatically increased penalties being imposed by Brazil the Netherlands the UK and Switzerland among others. We continue to see more governments across the world introducing and enforcing anti-corruption laws. However our global results show that occurrences of fraud and corruption have not reduced since 2014. From our experience there is often a lag between the introduction of laws and real change being made by organizations. respondents aged under 35 justify cash payments 1 in 5 Justifying fraud and corruption . Q Which of the following can be justifed if they help a business survive an economic downturn Base: 15th Global Fraud Survey 2550 Under 35s 328 35 and over 2222 respondents aged 35 and over justify cash payments 1 in 8 Base: 15th Global Fraud Survey 2550 Applies It appears that our younger respondents are more likely to justify fraud or corruption to meet fnancial targets or help a business survive an economic downturn. With increased pressure for individuals and businesses to succeed the problems of fraud and corruption do not appear to be going away . 11 of companies have experienced a signifcant fraud in the last two years 11 of respondents stated it is common practice to use bribery to win contracts in their sector 38 of respondents stated bribery/ corrupt practices occur widely in business in their country 13 of respondents would justify cash payments to win/retain business when helping a business survive an economic downturn 35 35 • Visit the fraud surveys website ey.com/forensics 15th Global Fraud Survey 2018 4

slide 5:

Announced intentions vs. performance The majority of respondents stated that management has introduced anti-corruption policies whistleblowing hotlines and statements of ethics. However we do not see a corresponding decrease in unethical conduct and business failures. Organizations should focus their efforts on improving the effectiveness of these programs by assessing the corporate culture controls and governance from an integrity perspective leveraging new technologies to provide better data insights. The future of compliance With the introduction of digital compliance tools such as predictive analytics and real-time risk alerts forensic data analytics FDA can signifcantly improve the effectiveness and effciency of monitoring and reporting strengthening the second line of defense. Compliance has a role in the frst line of defense. It is important that compliance professionals embed themselves within the operational and strategic parts of business sharing insight and promoting a culture of integrity . Operating with integrity of respondents recognize it is important to demonstrate that their organization operates with integrity 97 . Q How important do you think it is to be able to demonstrate that your organization operates with integrity Base: 15th Global Fraud Survey 2550 It is our respondents’ perception that the benefts of acting with integrity include improved customer and public perception and successful business performance while the cost of non- compliance with laws continues to increase. So why do we still see unethical conduct One reason may be that it is not clear who within an organization is responsible for integrity . F ewer than one in four of our respondents believe it is primarily an individual’s responsibility . Businesses should set a clear expectation of their employees and third parties as to their responsibility for integrity . Employee integrity: Who is responsible . Q Who in your organization is responsible for ensuring that employees behave with integrity Base: 15th Global Fraud Survey 2550 Legal and compliance HR The board Individual responsibility Management 41 22 15 11 9 • Visit the fraud surveys website ey.com/forensics 15th Global Fraud Survey 2018 5

slide 6:

The outlook for fraud and corruption The digital disruption of business and increased data privacy legislation is increasing fraud corruption and compliance risks. 1 15th Global Fraud Survey 2018 6

slide 7:

We are in an era of digital transformation that continues to challenge how all aspects of business are conducted — and the implications for the legal compliance and internal audit functions are signifcant. Ninety-one percent of our survey respondents stated that their organization will be using advanced technology such as digital payments “Internet of Things” IoT robotics and artifcial intelligence regularly within the next two years. Organizations of course are embracing these technologies with differing levels of enthusiasm. It is worth noting that while the majority of our respondents state that their organizations will soon be regularly utilizing digital payment systems just 4 expect to be conducting business using cryptocurrencies. However digital transformation has also created new risks. With ever expanding volumes of customer and employee data the proliferation of digital technologies will create more complexity for companies regarding data privacy . Given the recent high profle data breaches and elevated levels of consumer concern regarding data privacy as well as robust new regulation in this area companies will be challenged as never before by information governance. Open and connected business models are likely to result in increased exposure to cyber threats and ransomware. In the last two years cyber attacks have been widespread and have included a global ransomware campaign that impacted over 45 countries. It is therefore not surprising that 37 of our respondents see cyber attacks as one of the greatest risks to their business. The good news is that advances in technology particularly in artifcial intelligence machine learning and automation can be used to transform legal and compliance functions. Incorporating FDA into a company’s digital strategy is an opportunity to enhance risk mitigation and improve business transparency . Our recent Global FDA Survey “How can you disrupt risk in an era of digital transformation” 1 demonstrated a strong recognition by respondents of FDA’s effectiveness in managing various risks including corruption fnancial statement fraud data protection and data privacy compliance and cybersecurity . A growing digital footprint alters the traditional risk landscape for individual companies and entire industry sectors. Out-of-date risk assessments and antiquated policies procedures and controls can result in companies missing opportunities to help employees comply with company policy . Worse yet such gaps can be exploited by rogue employees intent on fraud data theft or other illegal acts. It is important that the effectiveness and effciency of compliance is improved. F ailing to do so exposes the company to regulatory and law enforcement scrutiny . T oday’s complex risk landscape Percentage of respondents who believe that the following categories pose the greatest risks to their business . Q Which of the following poses the greatest risks to your business Base: 15th Global Fraud Survey 2550 43 Changing regulatory environment 42 Macroeconomic environment 37 Cyber attack 36 Fraud and corruption 1 Global Forensic Data Analytics Survey 2018: How can you disrupt risk in an era of digital transformation EY 2018. The transformation of business models due to the rapid evolution of digital technology is making the landscape of fraud bribery and corruption risk ever more complex. 15th Global Fraud Survey 2018 7

slide 8:

The responses to this survey over the last eight years show that countries and organizations are moving too slowly to tackle corruption. In 2018 38 of our respondents stated that bribery / corrupt practices happen widely in business in their country with no improvement since we frst asked that question in 2012 38. We continue to see a trend that respondents perceive risk to be higher in their country than in their business with only 11 of our respondents believing it is common to use bribery to win contracts in their sector . A signifcant minority 13 globally of our respondents would justify making cash payments to win or retain business. This increases to 22 of respondents in the Middle East and 29 of respondents in F ar East Asia. Worryingly 18 of our respondents in a fnancial position would justify these payments and even 6 of the heads of compliance surveyed. The survey found that more than one-third of business leaders see fraud and corruption as one of their greatest risks. Indeed the scale of fraud and corruption remains signifcant and we have seen no improvement in the results at a global level since 2012. More than 1 in 10 of our respondents are aware of a signifcant fraud in their company in the last 2 years. In the Middle East Latin America and Japan this percentage is higher . The propensity of respondents who would justify fraud to meet fnancial targets has increased on a global level since 2016. We found that 12 of respondents would justify extending the monthly reporting period 7 would backdate a contract and 7 would book revenues earlier than they should be to meet fnancial targets. Scale of bribery and corruption Base: 15th Global Fraud Survey 2550 Developed 1100 Emerging 1450 38 Global 20 Developed 52 Emerging of respondents believe that bribery/ corrupt practices happen widely in business in their country 11 Global 5 Developed 16 Emerging of respondents believe it is common to use bribery to win contracts in their sector 13 Global 6 Developed 19 Emerging of respondents can justify cash payments to win/ retain business when helping a business survive an economic downturn Fraud — a persistent global issue 11 Global 14 Latin America 16 Middle East 16 Japan of companies have experienced a signifcant fraud in the last two years . Q Has your company experienced a signifcant fraud in the last 2 years Base: 15th Global Fraud Survey 2550 Latin America 300 Middle East 50 Japan 50 15th Global Fraud Survey 2018 8

slide 9:

We found that respondents under 35 years of age are more likely to justify fraud or corruption to meet fnancial targets or help a business survive an economic downturn with 1 in 5 younger respondents justifying cash payments compared to one in eight respondents over 35. We also found that the under-35 age group would be more likely to act unethically to meet fnancial targets than older respondents. This observation is consistent with the results of our 2017 EMEIA and Asia Pacifc Fraud Surveys. The fast-paced and competitive business environment might be a cause of this with more pressure on junior professionals to succeed. A 2018 study of 40000 college students in the US UK and Canada found that today’s young adults feel signifcantly more pressure to measure up to their peers. 2 By 2025 75 of the global workforce will be comprised of millennials. 3 Born in the ’80s and ’90s millennials have never known the world without internet email or instant messages. As this tech-savvy generation take leadership roles they will infuence the behaviors and values of generations to come. The responses of our interviewees indicate that younger generations are more likely to justify corruption. It would be interesting to see if organizations are cognizant of this indication from polling of employees within their organization and/ or the root cause analysis of instances of misconduct. respondents over 35 years of age justify cash payments respondents under 35 years of age justify cash payments 1 in 5 1 in 8 Y ounger generations: Pressure to act unethically . Q Which of the following can be justifed if they help a business survive an economic downturn Base: 15th Global Fraud Survey 2550 Under 35s 328 35 and over 2222 2 ”Perfectionism Is Increasing Over Time: A Meta-Analysis of Birth Cohort Differences From 1989 to 2016” York St. John University. Psychological Bulletin 28 December 2017. 3 “A global study on work-life challenges across generations” EY Global generations. • B usine s s is changing f as t — and with that c ome s the challenge o f in fuencing the beha vior of diverse dispersed employees and third parties amidst intense competitive pressures and increased regulation. With this pace of change management and compliance functions need to evolve how they work to identify new fraud and compliance risks. • Visit the fraud surveys website ey.com/forensics 15th Global Fraud Survey 2018 9

slide 10:

There is an increased pressure for organizations to make acquisitions to both accelerate growth and proft from less familiar developed markets. With global MA activity on the rise companies are increasingly acquiring distribution networks and new relationships with third parties that can expose the parent company to additional or unfamiliar risks. In many cases the acquirer has relied on the anti-corruption due diligence performed by previous management. Higher-risk business practices including substantial volumes of cash payments to third parties could be common in the acquired company’s operations posing new and complex challenges to the acquiror . Addressing these multiple challenges is often made more diffcult by the budget pressures facing the compliance and internal audit functions. Sixty-six percent of heads of compliance surveyed stated that compliance spend needs to increase. F or many companies there is an opportunity for compliance functions to better optimize their resources. A compliance program that more intensively leverages data analytics can lead to more effective risk management and increased business transparency . T raditional classroom training and web-based learning are not inexpensive including the cost to productivity . More importantly the lessons provided to employees may have been long forgotten before they face a situation for which they had been trained previously . Our experience also shows that most companies do not disaggregate employees based on risk factors. A “one-size-fts- all” approach is not the most effcient or effective way to deliver key compliance messages. Extending FDA’s benefts beyond basic risk functions can increase business transparency and improve operational effciency. With the right level of investment and leadership support data and technology will better address fraud and compliance risks while also offering business insight that can inform strategy . Digitalization of compliance Compliance guidance in near real time A major challenge for organizations is to deliver effective compliance training and communications that engage the hearts and minds of employees in an effort to better deter fraud. EY supported a F ortune 100 company in addressing these perennial challenges. Using FDA the company’s compliance function is now able to provide timely tailored guidance to individual employees throughout the organization very close to the time at which the employee would likely encounter a challenging situation. T o increase the effectiveness of this approach we used behavioral insights to design and help deliver the content. Data mined from enterprise resource planning ERP systems investigation and due diligence case management tools travel and entertainment systems and others is used to determine which employees receive guidance from whom and in what format. In the most serious situation this may be a call from the global compliance offcer directly. Case study 2 Case study 1 Risk scoring in post-acquisition integration F ollowing a multi-billion dollar acquisition EY assisted a client with its post-acquisition due diligence and compliance monitoring. An analytics platform was developed that combines data from fnance and other business systems to identify transactions and third parties that pose an elevated risk of fraud or corruption using risk scoring. T ransaction risk scoring provides a repeatable mathematical process for identifying higher-risk transactions. The risk scoring was built into analytics dashboards for sales and payment transactions and was automatically refreshed on a daily basis. This scoring was further integrated with information on third-party due diligence and results from investigations conducted by the company . These dashboards which align to the key expectations expressed in the DoJ’s recent guidance see page 17 helped compliance professionals at the company to perform continuous transaction monitoring to better prevent and detect fraud. Case studies Our experience with a number of major corporations suggests that there are ways to increase both effectiveness and effciency by more intensively leveraging FDA 15th Global Fraud Survey 2018 10

slide 11:

Are organizations ready for GDPR F ocus on GDPR The EU General Data Protection Regulation GDPR will be in force from 25 May 2018. The GDPR will apply to any company that does business with residents of EU countries. Companies found to be non-compliant could face fnes of up to 4 of their global turnover . The legislation also includes “the right to be forgotten” which entitles any individual to request a company to erase their personal data. Each request to have personal data erased would require an organization to identify the relevant data communicate with the customer and provide formal statements. Alarmingly one in four of respondents are likely to assert their right to have personal data erased. Even if only half of this percentage of respondents assert their right to be forgotten the technology and administrative burden on companies will be immense. Interestingly respondents in the under 35 age group are signifcantly more likely 30 to assert their right to have personal data erased. This may be explained by under 35s more intensive use of e-commerce and social media and a greater concern for their data being put at risk by cybersecurity breaches. Our survey suggests that many organizations are not prepared for this impact with just 40 of respondents globally knowing GDPR at least fairly well. Worryingly over 1 in 10 of legal and compliance respondents within the EU do not know GDPR at least fairly well. The lack of awareness for global companies headquartered outside of the EU that hold EU citizens’ data is a signifcant risk. Our recent Global Forensic Data Analytics Survey 4 found that only one in three of respondents had a plan to address GDPR compliance. Time running out on GDPR compliance Respondents who believe they know GDPR fairly or very well Time to get personal on data Respondents who would assert their right to have their personal data erased . Q How likely or unlikely are you to assert your right to have your personal data erased Base: 15th Global Fraud Survey 2550 Inside EU 1100 Outside EU 1450 4 Global Forensic Data Analytics Survey 2018: How can you disrupt risk in an era of digital transformation EY 2018. 24 19 29 Global Countries inside EU Countries outside EU 40 All respondents Base 2550 Global EU 66 Legal and compliance respondents Base 312 . Q How well if at all would you say you know the EU General Data Protection Regulation Base: 15th Global Fraud Survey 2550 Inside EU 1100 Outside EU 1450 All respondents Base 1110 62 Legal and compliance respondents Base 182 88 15th Global Fraud Survey 2018 11

slide 12:

2 The effectiveness of anti-corruption efforts With a signifcant minority of respondents still willing to justify unethical acts is enforcement a deterrent and is management doing enough to tackle these challenges 15th Global Fraud Survey 2018 12

slide 13:

Is enforcement a deterrent Governments across the world continue to introduce and enforce corporate criminal liability laws. Despite over 11bn in fnes being issued globally under the FCPA by the U.S. Department of Justice and the SEC and the UK Serious Fraud Offce since 2012 38 of global executives still believe bribery and corrupt practices remain prevalent in business. The last four years have seen the introduction of new legislation and greater levels of enforcement outside the US. What do our survey results tell us about the effectiveness of anti-corruption laws and enforcement Analysis of the number of FCPA enforcements over the last four years shows a changing focus on countries in which corrupt payments are alleged to have been made. Over the four-year period 30 of the 130 enforcement actions related to Latin America. In 2016 enforcement activity was dominated by China and Latin America with 16 enforcement actions in Latin America and 15 in China. T welve of the Latin American enforcement actions related to alleged corrupt activity in Brazil. The Clean Company Act in Brazil came into force in 2014 and over the last three years there has been a dramatic increase in anti-corruption enforcement. However Brazilian respondents are yet to see any signifcant reduction in bribery and corruption with 96 of respondents in 2018 stating that bribery / corrupt practices occur widely in business in their country increasing from 70 in 2014. The UK Bribery Act came into force in 2011 however the percentage of respondents in the UK that stated corrupt practices happen widely increased from 18 to 34 from 2014 to 2017. It is worth noting that the frst prosecution did not occur until 2016 and there has been signifcant enforcement activity in 2017. The US FCPA was passed 40 years ago however signifcant enforcement began from the mid 2000s. Our survey found that 18 of respondents in the US stated that bribery / corrupt practices happen widely in business in their country: a reduction from 22 who believed this to be the case in 2014. 2017 2016 2015 2014 FCPA Enforcement Actions by region Source: The U.S. Department of Justice website https://www.justice.gov/ criminal-fraud/related-enforcement-actions accessed April 2018. The U.S. Securities and Exchange Commission website https://www.sec.gov/litigation.shtml accessed April 2018. 0 5 10 15 20 25 30 35 40 45 50 2017 2016 2015 2014 Africa North America Association of Southeast Asian Nations Central and Southern Europe Commonwealth of Independent States Greater China India Latin America Middle East and North Africa 10 16 4 1 8 5 7 1 15 2 4 3 10 4 3 4 2 6 2 2 10 3 1 1 4 1 1 15th Global Fraud Survey 2018 13

slide 14:

US 18 4 F oreign Corrupt Practices Act enacted in 1977 Signifcant enforcement increase from 2004 Czech Republic 56 13 Increase in enforcement in recent years. New regulation improving transparency such as the Act on Criminal Liability of Corporations Romania 34 12 Signifcant enforcement from National Anti-Corruption Directorate in last 10 years China mainland 16 8 Chinese anti-corruption campaign began in 2013 with signifcant enforcement to 2017 Brazil 96 26 Clean Company Act 2013 effective from 2014 Signifcant FCPA and local enforcement Percentage Point Change 2014–2018 -21 to -30 -11 to -20 -10 to 0 0 to 10 11 to 20 21 to 30 UK 34 16 UK Bribery Act effective from 2010 frst corporate prosecution in 2016 Signifcant corporate penalties in 2017 Saudi Arabia 46 20 Creation of anti-corruption committee and prominent arrests of individuals in November 2017 from Australia and New Zealand Brazil Saudi Arabia and the UK show increases in the percentage of respondents who believe corruption to be widespread. In these countries it is notable that there has been signifcant enforcement in 2017. The survey results from China Czech Republic Romania and the US show decreases in the percentage of respondents who believe corruption to be widespread. In these countries enforcement agencies were active prior to 2014. So has the enforcement activity resulted in real change to compliance programs and company culture Or is it simply that the perception of corruption decreased as enforcement has dropped In our experience there is often a lag between the introduction of anti-corruption laws and a response from management. The initial reaction of many organizations to the introduction of laws is for compliance functions to draft high level policies or deliver training. Unfortunately for some companies regulation it seems is not enough it is not until governments start enforcing laws and publicizing fnes and penalties that management take legislation seriously and introduce real change. The views of respondents on the level of widespread corruption in their country therefore might initially increase. In the chart below we have compared respondents’ views on widespread corruption from 2014 to 2018. The survey results Q: Bribery/corrupt practices happen widely in business in this country. Applies and movement from 2014 results Base 15th Global Fraud Survey: Australia and New Zealand 50 Brazil 50 China mainland 50 Czech Republic 50 Romania 50 Saudi Arabia 50 United Kingdom 50 US 50. Base 13th Global Fraud Survey: Australia and New Zealand 51 Brazil 50 China mainland 50Czech Republic 51 Romania 50 Saudi Arabia 50 United Kingdom 50 US 50. The impact of enforcement on widespread corruption Australia and New Zealand 38 30 Major enforcement in the last two years by US regulators in the extractive and FS sectors with only modest levels of state level enforcement 15th Global Fraud Survey 2018 14

slide 15:

The key challenge for compliance professionals is to increase the effectiveness and effciency of their anti-fraud and corruption program in a complex risk environment with challenging budget constraints. Our survey found that the majority of organizations have implemented infrastructures policies and high-level communications. Ninety-three percent of respondents stated that senior leaders demonstrate a commitment to compliance and 95 stated senior leaders set examples of good ethical behavior . However when asked specifc questions on the implementation and effectiveness of the compliance programs our survey highlighted a number of differences between management statements and conduct by their organizations. 1. When asked if their organization has an anti-corruption policy and/ or a code of conduct 97 of heads of compliance and 92 of heads of internal audit surveyed stated this was the case. This was signifcantly lower for sales and marketing respondents at 77. This suggests that high level policies may be in place but there are key employees within organizations that are still not suffciently aware of them. 2. When asked if their organization had a tailored risk-based approach to due diligence that varies by country industry or nature of activity of the third party the results suggest a mismatch between the 66 of internal audit compliance and legal respondents who felt this applied in their organization and the 56 of internal audit compliance and legal who would generally be responsible for engaging a third party . More worryingly 29 of sales and marketing and 20 of other management were not able to answer the question regarding the due diligence approach at their organization. 3. We found that management had often set clear intent regarding penalizing non-ethical conduct with more than three in four respondents stating that there are clear penalties for breaking their policies. However only 57 are aware of people actually being penalized. 4. More than one in four of respondents stated that people managing relationships with third parties are not required to complete fraud and compliance risk training. 5. Our research shows that only one-third of organizations have incentivized their third parties to act ethically . Bespoke risk-based due diligence Respondents who believe that their organization has a tailored risk-based approach to due diligence 66 53 Head of internal audit head of compliance head of legal Sales marketing and other management . Q We have a tailored risk-based approach to due diligence that varies by country industry or nature of activity of the third party — Applies does not apply don’t know Base: 15th Global Fraud Survey 2550 Head of internal audit Head of compliance Head of legal 337 Sales marketing and other operational management 299. Delivering compliance effectiveness Doing the right thing or fear of enforcement Applies 78 57 of respondents state that there are clear penalties for breaching policies of respondents are aware that people have been penalized for breaching policies . Q Does the following apply or does not apply to your organization or whether you don’t know Base: 15th Global Fraud Survey 2550 15th Global Fraud Survey 2018 15

slide 16:

In a March 2018 article the Harvard Business School Professor Eugene Soltes and former DoJ compliance counsel commented that: “The DoJ recognized that frms might be spending a lot and creating all the components of compliance programs but actually producing hollow facades.” 5 The DoJ has called for prosecutors “to determine whether a corporation’s compliance program is merely a ‘paper program’ or whether it was designed implemented reviewed and revised as appropriate in an effective manner .” • We see a mismatch between the announced ethical intentions of an organization and the conduct of the organization. 5 “Why Compliance Programs Fail and How to Fix Them” Harvard Business Review March-April 2018 issue 2018. “ Anti-corruption compliance is not just a question of checking boxes and it shouldn’t happen only when things go wrong. T aking a proactive approach to compliance by putting in place strong controls and making anti-corruption compliance part of one’s corporate culture is the best way to prevent corrupt acts before they happen.” Angel Gurría Secretary-General OECD 15th Global Fraud Survey 2018 16

slide 17:

. Q How well if at all would you say you know the United States Department of Justice’s 2017 guidance document on the evaluation of corporate compliance programs CFO 597 Head of compliance 163 Head of internal audit 189 Head of legal 158 Other 26 Other board members 242 Other fnance 519 Other internal audit risk 252 Other senior management 404 Evaluation of corporate compliance programs Please refer to the website for a full interactive heat map which includes the ability to analyze the survey results by sector type of business size of business and region. U.S. DoJ 2017 guidance document 1 in 4 Heads of compliance say they know the U.S. Department of Justice’s 2017 guidance document on the evaluation of corporate compliance programs 1 in 10 C-suite respondents say they know the U.S. Department of Justice’s 2017 guidance document on the evaluation of corporate compliance programs 12 of respondents say they know this guidance fairly or very well In 2017 the US DoJ released a guidance document consisting of a series of questions that prosecutors should consider when conducting an investigation of a corporate entity. But is management aware of this guidance And if so is it making a difference The results from a DoJ investigation determine whether they will bring charges or be willing to negotiate an agreement with the organization. We found that globally only 12 of respondents knew this guidance fairly or very well this increased to one in four for heads of compliance and decreased to only one in ten for the C-suite. In recent years enforcement agencies are holding individuals and senior executives accountable for unethical actions this lack of awareness is therefore worrying. We asked our respondents 18 questions from the DoJ Evaluation of Corporate Compliance Programs guidance document. We found that from an industry sector perspective companies in fnancial services FS have the most mature compliance programs with the consumer products/retail/ wholesale sector the relatively less mature. Although FS appear to have the strongest compliance programs this does not correlate to reduced incidents of fraud and corruption. Sectors in the spotlight Contradiction in terms — strong compliance program vs. incidence of fraud and corruption In our sector it is common practice to use bribery to win contracts Has your company experienced a signifcant fraud in the last two years Financial services 13 14 Consumer products/ retail/ wholesale 11 9 Global 11 11 Base: 15th Global Fraud Survey 2550 Financial services 233 Consumer retail 626 15th Global Fraud Survey 2018 17

slide 18:

Putting integrity on the management agenda In a world of changing business models the explosion of data increased regulation and enforcement the integrity of an organization becomes the most important driver for ethical business. 3 15th Global Fraud Survey 2018 18

slide 19:

Ninety-seven percent of respondents recognize it is important that their organization acts with integrity and rank “operating with integrity” at the top of their list of what they would like people to say about their organization. Interestingly although 43 of respondents recognize the importance of demonstrating integrity to avoid regulatory scrutiny and penalties they also see integrity as a business advantage. Customer perception public perception successful business performance recruitment and retention of employees were deemed more important benefts than avoiding scrutiny and penalties. Respondents from developed markets saw a broader range of benefts than those from emerging markets of their organization demonstrating integrity . The link between integrity and successful business performance is supported by research performed by Ethisphere Institutes which found that the World’s Most Ethical Companies outperformed the US large cap sector by over 10 over a fve-year period. 6 Acting with integrity makes it easier for organizations to operate reducing scrutiny and fnes attracting the best employees and customers. It is therefore not surprising that respondents believe that successful business performance and improved customer and public perception are important benefts of integrity. Integrity: important to “walk the talk” of respondents recognize it is important that their organization operates with integrity 97 . Q How important do you think it is to be able to demonstrate that your organization operates with integrity Base: 15th Global Fraud Survey 2550 6 ”2018 world’s most ethical companies” Ethisphere website www.ethisphere.com/2018-worlds-most-ethical-companies” accessed 12 February 2018. . Q Which if any of the following are the most important benefts of demonstrating integrity Base: 15th Global Fraud Survey 2550 respondents who answered that operating with integrity is fairly or very important 2484 Demonstrating integrity — the customer is king 15th Global Fraud Survey Developed markets Emerging markets 0 20 40 60 80 100 Avoid regulatory scrutiny and penalties Benchmarking against global standards Shareholder perception Recruitment and/or retention of employees Successful business performance Public perception Customer perception 72 83 63 62 71 55 59 59 59 55 63 49 52 62 46 43 47 41 43 54 34 15th Global Fraud Survey 2018 19

slide 20:

Despite respondents recognizing the importance of integrity we continue to see a prevalence of fraud and corruption as well as signifcant business failures. The results show a mismatch between the 97 of respondents that believe it is important to demonstrate their organization acts with integrity and 13 who would still justify making a cash payment to win a contract. Integrity: someone else’s responsibility Legal and compliance HR The board Individual responsibility Management 41 22 15 11 9 Integrity . Q Who in your organization is responsible for ensuring that employees behave with integrity Base: 15th Global Fraud Survey 2550 A potential explanation for this mismatch is that there is little or no clarity as to who in the company is primarily responsible for ensuring that employees behave with integrity . This appears to be common across industry sectors and geographic regions. We found that fewer than one in four respondents believe that individuals should take primary personal responsibility for behaving with integrity . On a regional level the outliers are Oceania at 38 and Japan at only 4 who believe that individuals should take personal responsibility . The remainder believe the primary responsibility for ensuring integrity sits with other groups in the organization such as human resources compliance legal senior management and even the board. We also found that the group who did not believe it was primarily an individual responsibility to ensure that employees behave with integrity is signifcantly more likely to act inappropriately including making cash payments to win or retain business. These same respondents are also more likely to extend the monthly reporting period or change assumptions that determine valuations or reserves in order to meet fnancial targets. . Q Which if any of the following do you feel can be justifed if they help a business survive an economic downturn Base: 15th Global Fraud Survey 2550 . Q Given the pressure that often exists to meet fnancial targets which if any of the following activities do you feel can be justifed to meet those targets Base: 15th Global Fraud Survey 2550 Unethical behavior — individual integrity versus corporate agenda Extend monthly reporting period Personal gifts 7 12 Cash payments 11 14 9 14 Change assumptions that determine valuations or reserves 10 14 Respondents who believe behaving with integrity is primarily an individual’s responsibility Respondents who believe behaving with integrity is not primarily an individual’s responsibility • The importance of integrity in a changing business environment increases as compliance functions regulators and enforcement agencies may struggle to keep up with the pace of change. Business leaders should focus on instilling the concept of employees taking individual responsibility for the integrity of their own actions. 15th Global Fraud Survey 2018 20

slide 21:

The announced intentions of an organization may be clear: policies and codes of conduct are in place senior leaders demonstrate commitment via formal and informal communications. Yet recent high profle scandals at major corporations show that aberrational misconduct by executives has persisted and gone unnoticed for long periods of time. When the misconduct fnally surfaced publicly expensive investigations have ensued fnes have mounted and individuals have been prosecuted while market values have declined. The Integrity Agenda — intentions conduct and measurement The Integrity Agenda has four foundational elements that align an individual’s actions with an organization’s objectives. The core challenge is infuencing behavior over diverse and dispersed employees and third parties amidst intense competitive pressures and rapid technological change. Spotlight on the Integrity Agenda Culture Governance Data insights Controls Measurable effectiveness A successful organization stays true to its mission keeps its promises respect laws and ethical norms and fosters public trust in the free enterprise system Business leaders commit to do the right thing but organizational failures persist Closing the gap between intentions and behavior — the Integrity Agenda Intentions Mis sion and values statement Code of conduct S t andar ds policies and practices Management communications Actual behavior Defned principles and behavioral standards Verifable data about organizational behavior and culture Improved metrics and enhanced accountability • Visit the fraud surveys website ey.com/forensics 15th Global Fraud Survey 2018 21

slide 22:

Conclusion — the future of compliance Business models are changing and with that compliance functions will also need to transform the way they better prevent detect and respond to fraud and corruption. 4 15th Global Fraud Survey 2018 22

slide 23:

Our experience suggests compliance policies and procedures backed up by training and consistently applied enforcement are necessary but not suffcient to deliver effective compliance. For many companies there are substantial gains to be secured by better leveraging FDA which can signifcantly improve the effectiveness and effciency of monitoring and reporting strengthening the second line of defense. The frst line of defense has typically been the responsibility of operational management within the business and included management controls and internal control measures. Compliance should work with the business to reinforce front-line compliance by sharing insight from data analytics and promoting the Integrity Agenda. The chief compliance offcer role should be seen as a fully-fedged management role in the organization responsible for proactively safeguarding the corporation’s reputation not just helping it comply with laws and regulations. For some companies the role of compliance has been largely a reactive role working as the second line of defense to monitor and enforce their policies. In other companies the role has also included managing legal and compliance risks without necessarily embedding compliance into the business. In the era of digital transformation products and the business processes that bring them to market are changing rapidly creating signifcant challenges for the compliance function to keep pace. How can the compliance function of companies that refresh their risk assessments just once every year or two play an effective role Compliance professionals need to be much more involved in strategic and operational business decisions. F or some companies therefore management’s existing efforts to tackle fraud and corruption are lagging behind business change. So what is the future of compliance T echnological advances in compliance such as enhanced data analytics combined with an employee-centric approach to providing guidance will result in compliance acting as a key driver of innovation in the use of forensic data analytics. Examples include the following: 1. The proliferation of data analytics as a management tool is likely to challenge the traditional monitoring role of the compliance function. Our 2018 F orensic Data Analytics Survey 7 shows that more and more companies are using advanced analytics technologies for continuous monitoring. 2. Advances in the predictive capabilities of “big data” 8 means that analytics can be used to make real-time decisions helping to identify and prevent fraud and providing management with more effective oversight. 3. Leading companies are using artifcial intelligence technology to replace classroom and web-based training with individualized risk-based communications in real time. • For the future digital disruption will signifc an tly imp act c omplianc e pr ogr ams evolving them from a reactive rules-based approach to proactive engagement with the business and promotion of the Integrity Agenda. 7 Global Forensic Data Analytics Survey 2018: How can you disrupt risk in an era of digital transformation EY 2018. 8 Big data refers to the dynamic large and disparate volumes of data created by people tools and machines. The transformation of business models and the high profle scandals and consequent loss of reputation show a need to redefne the compliance function. 15th Global Fraud Survey 2018 23

slide 24:

Between October 2017 and February 2018 our researchers — the global market research agency Ipsos MORI — conducted 2550 interviews in the local language with senior decision makers in a sample of the largest companies in 55 countries and territories. The polling sample was designed to elicit the views of executives with responsibility for tackling fraud bribery and corruption mainly CFOs CCOs general counsel and heads of internal audit. Survey approach For the purposes of this report “developed” countries include: Australia Austria Belgium Canada Denmark Finland France Germany Greece Ireland Italy Japan Luxembourg Netherlands New Zealand Norway Portugal Spain Sweden Switzerland UK and USA. “Emerging” countries and territories include: Argentina Brazil Bulgaria Chile China Colombia Cyprus Czech Republic Hong Kong SAR Hungary India Indonesia Israel Kenya Lithuania Malaysia Mexico Middle East — Jordan Middle East — UAE Nigeria Peru Philippines Poland Romania Russia Saudi Arabia Singapore Slovakia South Africa South Korea Taiwan Turkey and Ukraine. Participant profle — region and territory Number of interviews Number of interviews Far East Asia Japan China mainland 50 Japan 50 Hong Kong SAR 50 Middle East India and Africa Indonesia 50 India 50 South Korea 50 Israel 25 Malaysia 50 Kenya 50 Philippines 50 Middle East Jordan and UAE 50 Singapore 50 Nigeria 50 Taiwan 50 Saudi Arabia 50 Eastern Europe South Africa 50 Bulgaria 50 Oceania Cyprus 25 Australia 40 Czech Republic 50 New Zealand 10 Hungary 50 Western Europe Lithuania 25 Austria 50 Poland 50 Belgium 50 Romania 50 Denmark 50 Russia 50 Finland 50 Slovakia 50 France 50 Turkey 50 Germany 50 Ukraine 25 Greece 50 North America Ireland 50 Canada 50 Italy 50 US 50 Luxembourg 50 South America Netherlands 50 Argentina 50 Norway 50 Brazil 50 Portugal 50 Chile 50 Spain 50 Colombia 50 Sweden 50 Mexico 50 Switzerland 50 Peru 50 UK 50 15th Global Fraud Survey 2018 24

slide 25:

21 respondents either refused to provide or did not know the annual turnover of their company Number of interviews Job title CFO/FD 597 23 Head of compliance 163 6 Head of internal audit 189 7 Head of legal 158 6 Other 26 1 Other board member 242 9 Other fnance 519 20 Other internal audit risk 252 10 Other senior management 404 16 Sector Automotive 125 5 Consumer products/retail/wholesale 626 25 Financial services 233 9 Government and public sector 55 2 Life sciences 122 5 Manufacturing/chemicals 370 15 Oil gas and mining 180 7 Other transportation 137 5 Power and utilities 124 5 Professional frms and services 116 5 Real estate 154 6 T echnology communications and entertainment 162 6 Other sectors 146 6 Revenue More than US5b 140 5 US1b—US5b 467 18 US500m—US0.99b 341 13 US100m—US499m 863 34 US99m or less 713 27 Above US1b 607 24 Below US1b 1917 75 Participant profle — job title sector and revenue 15th Global Fraud Survey 2018 25

slide 26:

Local contact Name Telephone Global Leader Andrew Gordon +44 20 7951 6441 Americas Leader Brian Loughman +1 212 773 5343 Asia-Pacifc Leader Emmanuel Vignal +86 21 2228 5938 EMEIA Leader Jim McCurry +44 20 7951 5386 Japan Leader Ken Arahari +81 3 3503 1100 Afghanistan and Pakistan Shariq Zaidi +92 21 3567 4581 Argentina Andrea Rey +54 1145 152 668 Australia and New Zealand Rob Locke +61 28 295 6335 Austria Andreas Frohner +43 1 211 70 1500 Baltic States Liudas Jurkonis +370 5 274 2320 Belgium Frederik Verhasselt +32 27 74 91 11 Bolivia Javier Iriarte +591 2 2434313 Brazil Marlon Jabbur +55 11 2573 3554 Bulgaria Ali Pirzada +359 2 817 7100 Canada Zain Raheel +1 416 943 3115 Chile Jorge Vio Niemeyer +56 2 676 1722 China mainland Diana Shin +86 21 2228 2371 Czech Republic and Slovakia Tomas Kafka +420 225 335 111 Denmark T orben Lange +45 2529 3184 Ecuador Geovanni Nacimba +593 22 555 553 Finland Markus Nylund +358 405 32 20 98 France Philippe Hontarrede +33 1 46 93 62 10 Germany Stefan Heissner +49 221 2779 11397 Greece Y annis Dracoulis +30 210 2886 085 Hong Kong SAR Chris Fordham +852 2846 9008 Hungary and Croatia Ferenc Biro +36 30 567 0582 India/ Bangladesh Arpinder Singh +91 12 4443 0330 Indonesia Alex Sianturi +62 21 5289 4180 Ireland Julie Fenton +353 1 221 2321 Israel Ofer Erez +972 3 6278661 Contact information Local contact Name Telephone Italy Fabrizio Santaloia +39 02 8066 93733 Japan Ken Arahari +81 3 3503 1100 Kenya Dennis Muchiri +254 20 2886000 Luxembourg Gérard Zolt +352 42 124 8508 Malaysia Joyce Lim +60 374 958 847 Mexico/Colombia Ignacio Cortés +52 55 1101 7282 Middle East Charles de Chermont +971 4 7010428 Netherlands Brenton Steenkamp +31 88 40 70624 Nigeria Linus Okeke +234 1 271 0539 Norway Frode Krabbesund +47 970 83 813 Peru Rafael Huamán +51 1 411 4443 Philippines Roderick Vega +63 2 8948 1188 Poland Mariusz Witalis +48 225 577 950 Portugal Pedro Subtil +351 211 599 112 Romania Simona Radu +402 120 47970 Russia Denis Korolev +74 95 664 7888 Singapore Reuben Khoo +65 6309 8099 South Africa/ Namibia Sharon van Rooyen +27 11 772 3150 South Korea Steven Chon +82 102 791 8854 Spain Ricardo Noreña +34 91 572 5097 Sri Lanka Averil Ludowyke +94 11 2463500 Sweden Erik Skoglund +46 8 52059939 Switzerland Michael Faske +41 58 286 3292 Taiwan Chester Chu +86 62 2757 2437 Thailand Wilaiporn Ittiwiroon +66 2264 9090 Turkey Dilek Cilingir +90 212 408 5172 UK Richard Indge +44 20 7951 5385 US Brian Loughman +1 212 773 5343 Venezuela Jhon Ruiz +58 21 2905 6691 Vietnam Saman Wijaya Bandara +84 90 422 6606 The EY Forensic Integrity Services practice has a global reach. See below for a list of our country and territory leaders. For more information see www.ey.com/forensics. 15th Global Fraud Survey 2018 26

slide 28:

EY | Assurance | T ax | Transactions | Advisory About EY EY is a global leader in assurance tax transaction and advisory services. The insights and quality services we deliver help build trust and confdence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing we play a critical role in building a better working world for our people for our clients and for our communities. EY refers to the global organization and may refer to one or more of the member frms of Ernst Young Global Limited each of which is a separate legal entity. Ernst Young Global Limited a UK company limited by guarantee does not provide services to clients. For more information about our organization please visit ey.com. About EY Forensic Integrity Services Dealing with complex issues of fraud regulatory compliance and business disputes can detract from efforts to succeed. Better management of fraud risk and compliance exposure is a critical business priority — no matter the size or industry sector. With approximately 4500 forensic professionals around the world we will assemble the right multidisciplinary and culturally aligned team to work with you and your legal advisors. We work to give you the beneft of our broad sector experience our deep subject-matter knowledge and the latest insights from our work worldwide. © 2018 EYGM Limited All Rights Reserved. EYG no. 02281-183Gbl ED None In line with EY’s commitment to minimize its impact on the environment this document has been printed on paper with a high recycled content. This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting tax or other professional advice. Please refer to your advisors for specific advice. The views of third parties set out in this publication are not necessarily the views of the global EY organization or its member firms. Moreover they should be seen in the context of the time they were made. ey.com/forensics

authorStream Live Help