Are companies in control of their anti-bribery risks?

A recent DNV study reveals that while companies seem concerned over bribery and corruption, few go beyond issuing an anti-bribery policy.

  • As many as 54.6% have issued an anti-bribery policy.
  • Only 24.7% have set goals and as few as 14.5% have set KPIs.
  • Procurement (82.1%) and sales (61.2%) seen as the highest risks.
  • Only 37.4% perform due diligence on sales agents and fewer a risk assessment (33.5%).
  • Only 3% indicate to be very familiar with ISO 37001 or similar anti-bribery standards.

While companies seem concerned over bribery and corruption, few go beyond issuing an anti-bribery policy, reveals recent study by DNV.  Managing regulatory compliance, reputation and ethical risks is their primary objective, but with no or limited investments in tangible actions such as risk assessments, due diligence or whistle-blowing mechanisms, the question becomes whether these companies know their anti-bribery risks and if they are equipped to manage them.

“While 55% set a policy, only 25% set goals and 15% set KPIs. Only around one-third perform due diligence on sales or risk assessments. Few companies say they intend to invest more, which puts a real question mark on the degree of implementation and control companies have when it comes to anti-bribery,” says Barbara Frencia, CEO of Business Assurance in DNV.

With an estimated 2.6 trillion USD or 5% of global GDP lost to corruption annually around the world, there is a strong argument for companies to dig a bit deeper to proactively manage risks and implement measures to prevent or detect issues in due time rather than being forced to mitigate a costly incident.

The DNV survey does show that companies recognize the benefits of an anti-bribery management system.  However, few seem to adopt a structured approach until forced to due to an incident. Only 3% say they are very familiar with the anti-bribery management system standard ISO 37001.  Worldwide there are only 2,896 certificates issued to this standard. Comparatively over 1 million certificates are issued to the quality standard ISO 9001 and over 400,000 issued to the environmental standard ISO 14001.

“It is becoming increasingly costly to not know the company’s risks. Anti-bribery is no exception. When knowing that most fraudsters display behavioural red flags and that most victim companies modify their controls after an incident, there is a big argument to be made for implementing preventive, structured approach in the form of a management system compliant with ISO 37001,” says Barbara Frencia.

Companies adopting an anti-bribery approach based on the internationally recognized ISO 37001 standard take more active steps to map their risks and ensure that they are better equipped to prevent and manage incidents. As many as 61% of those with a policy have established KPIs, 64% perform risk assessments and 57% due diligence on sales functions.  Moreover, as many as 43% have a dedicated anti-bribery function, preventing the potential conflict of interest which can occur when responsibility is allocated to a Chief Executive or top manager also responsible for operations and P&L.