Today, we celebrate an event, which is not ‘the day the music died’ but one that might properly be called one of the seminal moments in the creation of Rock N’ Roll. On this date in 1955, Chuck Berry recorded his first song, Maybellene. John Lennon once said of Chuck Berry “if you tried to give rock and roll another name, you might call it ‘Chuck Berry.’” Chuck Berry created the do-it-yourself template that most rock-and-rollers still seek to follow. If there can be said to be a single day on which his profound influence on the sound and style of rock and roll began, it was this day in 1955, when the unknown Chuck Berry paid his first visit to a recording studio and cut the record that would make him famous.
I am attending Compliance Week 2014 for the 5th consecutive year. Once again Matt Kelly and his team have put together one of the top compliance events of the year. The sessions have been first rate, the conversations highly informative and the sponsors are talking about their compliance solutions in an exciting and engaging manner. If you did not make Compliance Week 2014, I hope that you will make it next year for Compliance Week 2015.
One of the sessions I attended was a presentation of the joint Kroll/Compliance Week 2014 Anti-Bribery and Corruption Benchmarking Report. Compliance Week Editor, Matt Kelly, moderated the panel with Kroll Inc., representatives Alan Brill, Senior Managing Director, and Lonnie Keene, Managing Director, which discussed some of the reports key findings, the highlights of which are as follows.
For the second year in a row, large US Corporations were much more likely to say they expect bribery and corruption risks to increase than smaller or overseas
Corporations do. Some 51 percent of respondents said they expect more such risks in the next two to three years – as did 57 percent of US companies, and 57 percent of large companies, which was defined as having $5 billion or more in annual revenue. However, only 37 percent of overseas businesses, and 46 percent of smaller companies expect their corruption risks to keep rising. A question that Chief Compliance Officers (CCOs) may ask, then, is whether their assessment of bribery risks is accurate? The “risk perception gap” between large and small, or US and overseas, does exist, and an erroneous understanding of one’s risk profile can have dire consequences.
The conundrum of third party risks continues to be a major weakness for anti-corruption programs and the problem may well be getting worse. The respondents this year reported an average of 3,868 third parties, yet 58 percent say they never train third parties on anti-corruption efforts. That number is higher than last year, when 47 percent said they do not educate third parties on anti-corruption policies. Significantly, the number of companies that conduct due diligence on third parties has increased, from 87 percent in 2013 to 97 percent this year – which suggests that companies do now grasp the importance of performing due diligence and have the processes in place to do so. That next step of training third parties (which can indeed be expensive) is where compliance programs start to falter.
Third party risks do hinge on several factors, such as the number of third parties one has or the corruption environments where they are. Another question that CCOs can ask themselves, then, is how the need for the services provided by their third parties matches up with the risk they pose to their companies.
This was an area noted to be “a bright spot in the 2014 ABC Report.” In addition to the 97 percent of respondents who perform due diligence on third parties, 92 percent say they perform at least some due diligence on merger and acquisition (M&A) targets to identify possible corruption risks before a deal is done. What’s more, 74 percent say they start by investigating the target company’s management team – which is where the most serious corruption risks typically hide. Due diligence on a target company’s third parties fell off sharply: only 54 percent also performed due diligence on a target’s agents, 52 percent on its distributors, 50 percent on its consultants, and 46 percent on its suppliers. The report indicates that larger companies were much more likely than smaller ones to perform due diligence on a target’s third parties.
Overall Compliance Program Effectiveness
The Report revealed that seventy percent of respondents rated their policies for domestic employees as effective or very effective – and larger companies were more bullish about their domestic employees than smaller ones (77 percent to 61 percent, respectively). That statistic edged downward for confidence in training overseas employees, to 66 percent, driven by considerably fewer companies saying they were very confident in their training of overseas workers.
However, compliance practitioners were more confident in their ability to vet third parties at the start of a relationship, but less confident in monitoring third parties once that onboarding examination had passed. Fifty-seven percent of respondents rated their vetting procedures as effective or very effective. Then the numbers marched downward for monitoring compliance after a relationship starts, auditing compliance of third parties, and training third parties on anti-bribery and corruption procedures.
This led to the conclusion that effective compliance programs can help a company identify corruption risks when the CCO is not specifically hunting for them. That may come from strong training in a speak-up culture, or strong audits of third parties, or any number of other techniques. The key question here is to ask what metrics and corruption risk indicators match the risks you believe you have, and how your compliance can implement those solutions.
These trends stand against a background where large US Corporations report that they expect bribery and corruption risks to increase considerably more than smaller or overseas corporations do. Given the globalized nature of modern business, with more regulatory scrutiny from more regulators, and the “extended enterprise” extending to include even more third parties, the Report then asks “Do smaller or non-U.S. businesses truly have fewer corruption risks, or do they misunderstand the risk profile they have?”
While perhaps not as groundbreaking as Chuck Berry’s achievement in 1955, this 2014 Anti-Bribery and Corruption Benchmarking Report, captures important information about the current state of compliance and, more importantly, where it may need to go.
For a YouTube clip of Chuck Berry belting out Maybellene, click here.