Much like blind spots around a vehicle pose a danger to pedestrians and cyclists, blind spots in communication pose a threat to organisations. What better time for fraudsters to exploit blind spots than now, then, when people aren’t even working from the same office?
Well, despite this unlikely set up, we must welcome that, from informal talks with compliance professionals, risk managers, controllers, internal auditors, and other individuals in charge of anti-fraud and corruption work within our client organisations, we have seen some positive development since the adoption of the home office regime due to the pandemic. While day to day operations have indisputably taken on a different form, we found that, especially for organisations of a certain size, having regular virtual meetings with local resources and those in charge of the daily business – as opposed to sending compliance and audit teams across the world on their usual inspections – seems to have brought unexpected improvements: suddenly unable to travel due to the covid-19 restrictions, compliance and internal audit teams have to rely on their local capacities, who now feel more invested in the audit processes and therefore more empowered and willing to take responsibility. The opposite kind of approach, characterised by the endemic mistrust of local resources and with compliance and audit teams taking on a “police” kind of attitude, which might have worked in physical audits, risks amplifying potential dissonances between the central management practices and the policies they encourage. Instead of trying to apply that old school attitude to the new landscape and generating frustration on all sides, thus contributing to a negative impact on motivation and loyalty, those compliance and audit teams that are able to adopt an approach based on trust and cooperation could obtain beneficial and unexpected advantages.
If directly involved in the audit work, in addition to an increased sense of ownership, local resources will be able to proactively be in charge of following up on the findings and ensuring the implementation of the agreed mitigating actions. This in turn can free up resources within audit and compliance, who rather than getting “lost” in the details and petty actions, can concentrate their efforts in improving their monitoring and early detections systems as well as ensuring adequate communication and knowledge transfer when needed.
Another positive change we have registered in parallel with regular virtual meetings and augmented communication within organisations is the development of a fruitful process of collaboration and increased desire to share experiences across different organisations. Working from home made us all a bit lonesome but has also enabled everybody to spend much more time online. Thanks also to instruments such as professional networks, blogs and LinkedIn forums, professionals from different places can rely increasingly on each other’s knowledge bank, also in matters of preventive measures, early detection of fraud and corruption, managing of incidents, root cause analysis and follow-up activities. Despite the global slowdown, 2020 has been a record year so far for FCPA settlements, with 9 resolutions adding up to USD 2.94 billion, approximately 40 million more than the sum of the 14 settlements recorded for 2019. When the cost of not knowing has become so high and given that reaching people outside of one’s organisation is now as easy as talking to colleagues, we might as well make the most of this opportunity and share experiences: the former shame due to having to admit to the occurrence of fraud becomes negligible if that piece of information can be bargained to prevent hundreds of millions worth of settlements.
Whether these two trends will be followed by an improved way of managing the ever-present risks of fraud and corruption is yet to be seen, and while correlation does not imply causation, it is also true that malpractice does not happen in a vacuum. Things should be seen in light of a changed landscape, a lower level of activity in general and a different way of doing business. However, as champions of the importance of talking to each other, learning from each other and sharing information to prevent fraudsters from getting room for action, we are glad to see that there are positive outcomes even in the middle of unfortunate circumstances.
Hopefully, this will altogether help organisations move away from a “normative” approach to compliance and more towards a practical and sustainable one. Even if all our boxes are ticked and the checklists completed, it is talking among our team and colleagues which can make the real difference when it comes to finding out whether a change to that one delivery has been approved by the right department, or whether that urgent payment request really came from the supplier. In over two decades of anti-fraud work, we have seen how even the most compliant corporations can fail because of this gap between compliance in theory and proactive fraud and corruption targeting in practice: programs may look excellent on paper, but if we end up making “exceptions” on a regular basis when applying them, their validity can be put into question.
Brainstorming and mapping our risks by talking to people who might know more than us on a particular issue enables us to pinpoint exactly where we are exposed, which are our threats, and how big our gaps are. This allow us to appreciate from different perspectives where we stand with respect to concrete and specific risks of fraud and corruption, thus understanding how to protect our organisations and become holistically more resistant to fraud and corruption.