Leveraging data analytics to prevent bribery and corruption
Kroll has released its Global Fraud and Risk Report, an in-depth study into the state of fraud in 17 countries worldwide. Cem Ozturk and Gary Gill, ANZ leaders at the global consultancy, reflect on the key results for Australia and outline how leveraging data analytics can help in curbing bribery and corruption.
America’s first post-modern novelist William Gladdis, who grew up during the Great Depression and the subsequent Wall Street boom, once wrote, “Power doesn’t corrupt people, people corrupt power.” Once the cultural seeds of bribery and corruption have been sown in an organisation, they’re near impossible to weed out.
While it’s tempting to scapegoat external parties, players and environmental factors, businesses need to first turn their attention inward if they are to stop these seeds from germinating. Poor record-keeping or the inability to adequately monitor frontline teams and regional offices are typical vulnerabilities that are often overlooked.
Where blanket compliance policies fall short in preventing corruption, cultural shifts built on actionable “on-the-ground” intelligence from the fringes of an organisation can succeed. It’s a question of balance. Just because a compliance policy is in place, does not automatically mean it’s working. A company’s compliance goals may be crystal clear in their idealism but in practice the route there is far from simple to navigate.
Considering the importance of having these organisation-wide approaches led from the boardroom, results from Kroll’s Global Fraud and Risk Report indicate a somewhat concerning trend in Australia, with fewer than two-thirds (58%) of respondents saying their board was giving bribery and corruption risk adequate attention and investment. This is well below the global average (72%) and one of the lowest in the world.
Australia also appears to have work to do when it comes to conducting enterprise-wide bribery and corruption risk assessments, with only 66% of respondents saying that such an assessment has taken place over the past five years.
Yet despite comparatively low confidence in its ability to identify risk, Australia performs quite well when it comes to the adoption of technology to identify bribery and corruption risk, with 82% saying their organisation employed data analytics to proactively combat risk.
While globally the tides appear to be turning when it comes to effectively monitoring and identifying risk, 82% of businesses still feel that corruption is having a marked and detrimental impact on their organisation. So, what more can be done about it?
The human touch
An organisation can have the best possible analytics system in place but if the human elements of the chain aren’t well-managed, educated or equipped to act, things will undoubtedly fall through the cracks. Like any enterprise-wide system, the procedures employed to mitigate risk are only as strong as their weakest link, which, in most circumstances, is the human mind.
When it comes to assessing their own organisations’ vulnerabilities, more than half (54%) of Australian respondents cited a lack of visibility over third parties as their biggest internal threat related to bribery and corruption, followed by employees’ actions at 22%.
Compounding this, Covid-19 has almost uniquely isolated Australia, decreasing visibility and control over complex global supply chains and increasing third-party fraud, bribery, and corruption risks.
At the same time, there is heightened public and board concern over environmental, social and governance issues – particularly modern slavery and environmental destruction issues – which are frequently correlated to issues of bribery and corruption.
Australia’s relatively low level of enforcement action coupled with an underinvestment in risk mitigation – especially in cross-border scenarios – could be further contributing to increased exposure and risk, signalling a clear need for stronger deployment of defence measures such as intelligence-led risk assessment and technology-enabled due diligence to help manage third-party risks.
Humans are fallible and leaders can be a poor influence but what we’re seeing here is a gap between the human element of anti-fraud and risk management and the role of automation. Both elements are essential, but they must work together if a business is to move toward proactive prevention rather than reactive remedial action.
Businesses must also strive to make fraud prevention an enterprise-wide responsibility rather than simply a siloed service. Managing this risk is not a one-person or even a one-department job; it’s a cultural value that must be regularly communicated, upheld and reinforced.
Thankfully, companies appear to be shifting towards enterprise-wide risk assessments, and crucially, enterprise-wide responsibility. Some of these trends include educating staff on the latest risks and vulnerabilities around bribery and corruption and designing tailored control frameworks instead of having one blanket solution in place.
However, where businesses can really step up their anti-bribery and corruption efforts is with the technology that’s employed, and critically, how it’s employed.
Data-driven assessments
Data analytics is a broad area and is often misunderstood in terms of its specific applications and vast potential. It has almost become trite for a business to say that it’s “data-driven” but almost all businesses are. However, just because a business collects and uses data doesn’t automatically make that business untouchable.
Some will be effective in their data-driven approach by using everything that’s available to them, but some won’t have the internal technology, talent, or resources to properly combine complex queries and analysis with the intelligent setting of criteria.
But if a business is properly resourced – either by hiring internally or leaning on a partner – it can start relying more heavily on technology to solve the corruption conundrum rather than its innately fallible human workforce. Then it becomes less about human judgements and more about objective data. Data can be misinterpreted, but it cannot lie.
Corporations that have mastered the mitigation of corruption risk understand this, and instead of blindly pouring resources solely into human-led anti-bribery measures, they’re tempering them with objectivity, live monitoring and 360-degree visibility in the form of data analytics.
Like most things that elude humans, risk itself can be detected through the identification of anomalies and patterns, particularly over large data volumes. If a sophisticated data analytics platform is deployed within an organisation, it can monitor activity and mine information in even the most far-flung corners of the businesses, regardless of geography.
A human intelligence team can then investigate, and red flags can be raised by the system to establish whether an investigation is warranted, or the risk is merely a false positive. Such technology would allow one person to do the work of 10 auditors, amplifying the ability of small risk management teams.
While it’s encouraging that more businesses are leveraging these tools to their advantage, there are still doubts as to whether that advantage is being pressed hard enough. Live, data-driven monitoring that reaches every tendril of a company’s reach is what is needed, from field operatives to regional offices, and the technological potential is there. The question is, are businesses able to combine this technology with the human element of their business in a balanced and effective way?
About the authors: Cem Ozturk is Managing Director at Kroll and Oceania Head of the Forensic Investigations and Intelligence practice. Gary Gill leads the firm’s Investigations service line.