The scale of bribery and corruption has shown no improvement globally since 2012, despite the unprecedented level of enforcement activity and introduction of new corporate criminal liability laws in that time. This is according to the 15th EY Global Fraud Survey, which surveyed 2,550 professionals across 55 countries.
This year’s survey found that despite regulators and law enforcement agencies around the world imposing more than US$11b of financial penalties since 2012, 38% of global executives still believe bribery and corrupt practices remain prevalent in business.
Romania ranks below the average
The difference in levels of corruption between countries remains significant, with 20% of respondents in developed markets indicating that bribery and corruption occurs widely in business, compared with more than half (52%) of those in emerging markets.
According to the survey results, Romania is currently placed below the average of all markets with 34%. It should be noted that the perception was decrease from 36% in comparison to prior year’s survey results but still far from the average of developed countries’ score of 20%.
“The survey has been capturing the response of Romanian participants for the last 6 years and there were visible improvements on the perception of corruption in the country. Romania is a great case study for EU on how institutional measures would address the country’s concerns on corruption”, says The Leader of Fraud Investigation and Dispute Services (FIDS) in EY Romania, Kenan Burcin Atakan.
Regions in which corruption risks were higher than the global average included Central and Eastern Europe (47%), the Middle East (62%) and Latin America (74%), despite improved anti-corruption legislation and more active enforcement in some countries.
Mismatch remains between intention and performance
Integrity sits high on the board agenda, the survey finds, with 97% recognizing the importance of their organization being seen to operate with integrity. Although improved customer perception, staff retention and business performance were all seen as benefits of demonstrating integrity, there remains a mismatch between intentions and actual behaviour.
Thirteen percent of respondents say they would justify making cash payments to win or retain business. Interestingly, this rises to 20% among those that are under the age of 35 years old.
The report suggests that organizations need to make it clear that acting with integrity is everyone’s responsibility, and while that includes the importance of management setting the right tone from the top, it also involves individual employees.
The findings show that 22% of respondents feel that individuals should take primary responsibility for their organization behaving with integrity, while 41% say it is management’s primary responsibility. And the report indicates that there may be some level of disillusionment among companies with regards to their ability to “walk the walk” when it comes to managing misconduct. Seventy-eight percent of respondents believe their organizations have the clear intent of penalizing misconduct, but only 57% are aware of people having actually been penalized.
Ensuring that ethical conduct is managed effectively is not only an issue that needs to be dealt with internally, but also with third parties and those acting on behalf of the organization, according to the report. Yet third-party due diligence also seems to be a low priority, with only 59% of respondents indicating they have a tailored risk-based approach to due diligence on third parties.
The new EU General Data Protection Regulation (GDPR) already had and will continue to have a meaningful impact on every organization which collects, processes, uses and stores EU citizens’ personal data as part of their daily business activity. As such, the companies should not only be aware of the GDPR provisions, but deeply understand them, along with the new rights which the data subject will have, by following a holistic model and strategy, focusing on the following areas: regulatory compliance, domestic and international legal environment, as well as IT security.
When asked how well their companies know the GDPR provisions, 38% of the Romanian respondents replied positively. This level of awareness is close to the global average of 40% but still less than developed countries’ and Central and Eastern Europe average of 54% and 42% respectively.
Kenan Burcin Atakan, FIDS Romanian Leader claims that “Romanian business is not yet ready to comply with GDPR. While Financial Institutions in Romania and large companies took action for addressing the new legislation, local businesses should reconsider their stand point as of today, less than a month prior to the enforcement.”
As a result of market digitalization and the amazingly fast technological development, companies continue to face an ever increasing number of cyber-attacks, initiated either by individual attackers or organized crime and terrorist groups. When breaches occur, they may have highly disruptive impact on operations, potentially resulting in higher operating losses and generating compliance concerns from a GDPR perspective.
The participants to the survey position cyber-attacks as the second greatest risk for business after Macro economic environment, with 38% positive answers.
“The digitalization of business, combined with poor investments in security can expose companies to huge losses when it comes to fraud”, highlights Romanian FIDS Leader Kenan Burcin Atakan.