Day in and day out, businesses in India have to deal with numerous corruption-related risks. A majority of these are in the form of theft of physical assets and information, bribery, and internal financial frauds. This trend, combined with a stringent regulatory and enforcement environment, has brought risk management to the fore. It is not a choice anymore, but a necessity. Neville Dumasia, National Leader, Risk Advisory Services, India, EY discusses ways to leverage internal control to tackle corruption.
If you look back at India Inc. in recent times, you will observe how scandals and frauds have become ‘business as usual’. FICCI’s recent India Risk Survey 2014 rates bribery and corporate fraud as the biggest risks affecting Indian corporates this year. Businesses are required to develop a robust internal control program to assess, as well as mitigate, these risks. We now see Indian companies deploying targeted anti-corruption compliance programs, financial controls, trainings, internal audits and other monitoring mechanisms.
In fact, anti-corruption watchdog Transparency International has rated Tata Group companies as the best in emerging markets for their measures to combat corruption.
Designing a suitable anti-corruption risk program
The starting point for designing an anti-corruption risk program is a holistic assessment of risks inherent in the business; the portfolio of projects in the pipeline; dealings with government entities and intermediaries; and complexity of the operational and regulatory environment.
For instance, a large Europe-based utility has a clearly laid out anti-corruption program called ‘Zero Tolerance of Corruption’. It enlists guidelines for matters such as contributions to political parties, facilitation payments, and relations with third parties.
A ‘one-size-fits-all’ approach is not appropriate for India’s diverse and dynamic business environment. Businesses are required to develop a program which is well-balanced between control policies and business necessities. This is especially relevant as there are vast differences in the customer segments that companies serve. For instance, cash is a preferred mode of payment in rural India. A company that relies on the rural market cannot afford to have a control policy restricting the use of petty cash.
Due diligence on third parties
An essential element of an effective compliance program is third party due diligence. Companies are constantly put at risk due to their dealings with third parties and their exposure to corruption schemes.
Businesses should have a due diligence framework in place for third parties, that covers an assessment checklist for local employees, external verification, and periodic audits and site visits. It is also advisable to train local sales and finance personnel on how to identify ‘red flags’ when offered/requested payments over and above the services rendered.
There should also be a well-defined policy for facilitation payments:Many a times, corruption is disguised in the form of facilitation payments. To alleviate such risks, companies should set in place a clear corporate policy on facilitation payments that dictates the extent to which such payments are allowed and ensures their accurate documentation.
Safeguarding whistle blowers
Turning a blind eye to violations can result in criminal and civil liabilities for the company as well as for individuals. But still, many a times, employees shy away from disclosing violations fearing negative implications of the disclosure.
As a response, companies should deploy mechanisms such as an ombudsman or helplines that facilitate and encourage its people to report any suspected malpractice. These mechanisms will initiate the necessary investigation while maintaining the anonymity of the person.
Moreover, India’s regulatory watchdog SEBI has made it mandatory for listed companies to have a whistle-blower mechanism for their employees and directors. To be effective, the whistle-blower policy should prompt timely action from the management and ensure protection of people who raise their voice against malpractices.
For instance, a leading Indian automobile company has a whistle-blower policy that sets a 15-day deadline for the Whistle Officer or committee submit an investigation report about the complaint. This ensures timely redressal.
Firm-wide anti-corruption culture through training
Employees are the face of a company and their conduct constantly exposes it to various types of risks. As fraud manifests itself in minor transactions across an organization, it is very important to drive anti-corruption as a cultural element.
It is essential for the senior leadership to motivate all its employees to be vigilant. Companies should introduce mandatory training on the company’s code of conduct and anti-corruption practices.
One such example is Cisco, which has made its global anti-corruption training a mandate for all its sales and marketing employees, channel partners, distributors, as well as sales supporting consultants.
A training module, which takes into consideration employees’ roles and responsibilities and is periodically renewed for new as well as transitioning employees, can go a long way in creating a firm-wide anti-corruption culture.
Leveraging forensic data analytics
Companies can use data analytics as a tool for compliance monitoring. This can help in identifying high-risk vendors, track email communications carrying sensitive words, and determine which locations to audit.
A Fortune 500 company recently conducted an anti-fraud/anti-corruption review covering 15 countries and thousands of employees and vendors. The company analysed more than 2 terabytes of data, comprising over 25 million documents, using forensic data analytics tools such as data visualization and text mining. The exercise resulted in improved project efficiencies and identification of high-risk vendors, customers and employees.
As the business environment becomes more dynamic than ever, companies will be constantly exposed to more regulatory changes and new types of risks. What is required from businesses is to periodically conduct risk assessments to ensure the relevance and effectiveness of their anti-corruption programs.
In today’s world, no organization is immune to bribery, corruption or fraud. Those that understand the risks and implement proper controls will be best prepared to compete in the global economy.
However, businesses will be required to measure the cost of implementing such measures and see that they do not overrun the benefits of risk control programs. Proper budget allocation and tracking of records are required for successful implementation of these programs.
It is clear that there are no quick fixes for managing corruption-related risks, but building best practices to deal with such risks is the need of the hour. The risk profile of a company changes with every strategic decision that it takes, and thus, it is important to review and update risk assessment on a regular basis. Those who fail to do so will expose themselves to countless risks in this corruption-prone environment.