Survey shows companies falling short on compliance

Companies across the world are not backing up their rhetoric on compliance with the appropriate level of resources and prioritisation, according to a research report from Control Risks.

The specialist risk consultancy’s report of international business attitudes to legal and compliance risk, published today, is based on a survey of senior executives responsible for compliance at 1,000 companies worldwide.

The two countries best represented in the sampling are the US (26% of the total) and the UK (27%). Other respondents came from Africa (5%), Asia/Pacific (15%) continental Europe (11%), Latin America (11.5%) and the Middle East (4.5%). Five sectors were represented: financial services, manufacturing, infrastructure/construction, life sciences and oil/gas.

The research reviewed a range of global compliance issues, from anti-corruption to anti-money-laundering (AML), anti-trust, privacy and data protection.

Responses shows that large companies (with more than 10,000 staff) are still not putting enough resources into compliance; 26% those companies surveyed reported that they invest less than $25 (£19/€23) per person a year on compliance. Similarly, 28% of large companies have compliance teams of just five people or less.

The extent to which compliance functions are stretched contrasts with the increasingly aggressive and joined-up activity of enforcement agencies across the world and the punitive fines imposed on companies for non-compliance.

In 2016, 30 companies were fined a total of US$2.4bn for non-compliance under the US Foreign Corrupt Practices Act (FCPA) for example, and in the UK the Serious Fraud Office (SFO) is stepping up its efforts to enforce the Bribery Act. In January 2017, Rolls Royce paid nearly £500m to settle a longstanding SFO anti-bribery investigation, as well as a further US$170m to the US authorities on related charges.

“Companies are in danger of putting themselves at risk by failing to prioritise and integrate compliance within their businesses,” said Richard Fenning, chief executive officer (CEO), Control Risks. “While the necessary investment will vary widely between organisations, many companies are woefully under-resourced to deal with the increasingly complex, constantly evolving and often contradictory regulatory environment.

“Those companies that get it right recognise that, as well as mitigating against heavy fines, legal fees and reputational damage, well planned and executed compliance risk management can help capitalise on opportunities that they would otherwise miss, especially in high-risk markets.”

According to the report; “there is no single compliance model – nor should there be – however, only 27% of respondents reported that their companies’ chief compliance officers attend all board meetings. Furthermore, only 56% of large companies said they have an ethics and compliance committee.

“Compliance officers must also be more pro-active in managing compliance risks and trying to mitigate issues before they arise. There is a tendency to rely on whistleblowing to detect misconduct (64% of companies); in contrast only 41% of the organisations surveyed use compliance audits and just 18% use surprise fraud audits.”

Global consistency in compliance is essential and 55% of companies reported that their compliance policy applies worldwide, without any local exceptions. The UK is one of the best performers, with 63% having a single global policy against 51% for the US.

However, 40% of companies have local policy exceptions for gift-giving (33% of UK companies and 44% of US companies), 30% allow “permitted interactions with government employees’, and 20% permit the use of “facilitation payments” to expedite services to which they are entitled (inevitably leaving them in breach of local laws as well as the UK Bribery Act).




Related reading