A crucial component of any business is managing compliance risk. An effective compliance program must include a clear and transparent path for whistleblowers to report risk while mitigating fears of retaliation. These are the key take-aways in this year’s 2023 Global compliance risk benchmark survey by KPMG and White & Case.
Based on the opinions of 201 senior decision-makers across 34 countries, the survey offers insights into the strategies companies employ, or fail to employ, in managing compliance risks.
More than half of respondents (59%) cited corruption risk through the use of third parties in business dealings as their greatest compliance challenge. This is particularly true in certain industries, such as financial services, pharma/healthcare, technology and media, and energy and natural resources, where respondents noted they felt more pressure to approve contracts with “heightened risk” third parties. Despite these risks, only 62% of survey respondents audited third parties to assess compliance with anti-corruption requirements, 40% audited third parties based only on a “triggering event,” and less than one-third of respondents required third parties to engage in any sort of anti-corruption training at all. Clearly companies could improve their compliance risk associated with third parties with a more proactive approach.
The survey identified other areas of risk including the pressure to meet sales targets (36%), lack of employee awareness about anti-corruption risks (29%), import and export of goods (14%), securing government permits/approvals (13%), and responding to government inquiries, inspections, and audits (13%). Unsurprisingly, these areas of risk correlate to the types of matters that whistleblowers bring to us regularly: e.g., financial and investment fraud, healthcare fraud, FCPA violations, environmental claims, government contracting, customs fraud, housing and mortgage to name a few.
With respect to the use of technology in compliance, the survey reported that companies with more robust compliance practices were further along in integrating data analytics into their compliance programs to address risks. Even still, only 9% of companies reporting considered themselves to be at an advanced stage of doing so, while 45% were still developing systems, and 24% considered themselves at a rudimentary stage of implementing data analytics into their workflow. As expected, many companies were focusing their technology-based compliance efforts in the areas of cybersecurity and data protection.
Other steps businesses should take to mitigate their compliance risks include tracking employee awareness of internal compliance procedures and determining why employees may fear reporting. Almost one-third of respondents reported that their companies did not regularly test the effectiveness of their internal reporting programs. Only half of the respondents said their companies measure employee awareness of reporting mechanisms; more than a third reported their companies do not track employee awareness at all.
Whistleblowers must not only understand the process of reporting but feel secure in doing so. The survey results showed that the number one concern inhibiting reporting is a fear of retaliation (55%), and in companies with over 50 billion in revenues, that figure jumped to 75%. Other concerns were that nothing would be done if a complaint was lodged (50%), the whistleblower would not remain anonymous (47%), and that there was lack of familiarity with the reporting channels (29%).
What is particularly confounding with the survey results is the number of sophisticated compliance personnel themselves who did not know how or whether their companies monitored employee awareness of reporting protocols. Twenty-five percent of these people were investigation directors, 19% compliance and ethics officers and 33% from legal teams.
The failure to ensure a safe and robust internal reporting system leaves employees with no choice but to take their concerns outside the company. Until many of these internal corporate reporting challenges are tackled by companies large and small, whistleblowers will continue to find comfort in reporting externally by filing private qui tam suits for treble damages and reporting through other regulatory programs like the SEC, CFTC, or IRS.
Read More
Whistleblower FAQs
I Think I Have a Whistleblower Case
Contact Us Confidentially
Read Survey Says . . . Whistleblowers Are Key to Global Compliance at constantinecannon.com
Leave A Comment