The siren song of emerging markets is calling out louder than ever for small- to medium-sized companies in mature economies. Labor, talent, R&D costs and regulatory compliance are all obviously far less expensive in places such as China, Russia, India, South Africa and Central and South America. Moreover, the consumer economies in these regions are experiencing transformational growth while the US, Europe and Japan are in decline.
But global expansion comes with global risk. As more and more firms expand their supply chains into high-risk emerging markets – often using networks of vendors and agents to rapidly put boots on the ground in these regions – they are increasingly exposed to the kinds of fraud risks that can sink their global aspirations.
At the center of the issue are two laws that have created serious compliance challenges for multinational corporations: The US Foreign Corrupt Practices Act (FCPA) and The UK Bribery Act. In most basic terms, these laws make it illegal for firms based in the US and UK – or doing business in those regions, either directly or through agents or vendors – to engage in any form of bribery of foreign officials anywhere in the world. For the UK Bribery Act, this is even more broadly defined as any type of bribery of any party for the purpose of winning or retaining a contract. A business dinner, sports tickets, even an invitation to the corporate Christmas party are now all fair game.
The FCPA was enacted in 1977 and was largely unenforced until the early 2000s, when the U.S. government stepped up its focus on corporate accounting and governance practices post-Enron and with the passage of the Sarbanes-Oxley Act. The UK Bribery Act was passed in 2010. Both are now being enforced vigorously. According to information compiled from the US Department of Justice, Securities Exchange Commission and industry sources, between 2006 and 2009, there was a 272 percent increase in FCPA actions filed by the DOJ and SEC. The total dollar value of settlements for the first six months of 2010 topped $1.32 billion, more than any other full year in the last decade.
While large multinationals have seen this trend evolving and have started to implement comprehensive anti-bribery and corruption compliance programs, smaller firms have lagged behind. A new survey from Deloitte notes that smaller companies are almost three times as likely (37 percent) as larger companies (13 percent) to fail to conduct internal audits of each of their foreign operations to identify potential corruption activity. This is neither surprising nor acceptable.
Taking the first step is often the hardest. Many companies have historically been so focused on growth that they simply did not know where to begin on the compliance side. That is changing quickly as companies undergo a sea-change in governance, and compliance re-emerges with a seat at the table with an immediate mandate and budget to gain control of commercial partnerships.
For this reason, we’ve developed a seven step risk segmentation process that helps companies get a handle on their global exposure to corruption risk and start the process of managing it. Perhaps not surprisingly, the list begins and ends with thorough analysis of third-party relationships because this is the most common weak link in the compliance chain. The seven points of analysis are:
1. Country Risk: Third parties from countries with less mature corporate governance laws/regulations are more likely to create a compliance breach for a multinational firm. It is critical to segment vendors, suppliers and marketing partners on a continuum of high-to-low risk based on their country of origin.
2. Industry Risk: Some industries are riskier than others. Each vendor industry/product may itself pose risks to a multinational firm which are unrelated to location, but highly correlated to specific lines of business. It is therefore necessary to segment third parties based on whether or not they are operating in high risk industries.
3. Consolidated Spend Exposure: Follow the money. A multinational firm should focus its highest level of scrutiny on vendors that make up the largest portions of its annual spend. This includes smaller vendors who may not show up as large line items on the corporate budget, but account for 80% or more of a specific business unit spend.
4. Compliance Commitment: Size matters. Commercial partners who are themselves large, public companies will be more highly regulated and may have equally sophisticated third party compliance processes. But compliance commitment is critical for all companies and starts with a formal compliance function, a code of conduct and tools for measuring how partners comply.
5. Communication of Disclosed or Discovered Exposures: It is not uncommon for third parties operating in emerging markets to have had some exposure to corruption in the past. Commercial relationships with partners who have disclosed a history of corruption but who have implemented remedial efforts and controls are lower risk than those who have issues by have not disclosed them. Identifying the problem is often half the battle.
6. Business Criticality: Certain business relationships are very difficult to replace. If disruptions in a critical partner’s operations would have significant financial impact your organization, then by virtue of their criticality, all partners in this category are high risk.
7. Dependency: Companies who are highly dependent on you as a partner have a higher financial risk, but may be more amenable to compliance controls. Dependency is a category highly dependent on other functions stated above.
By going through the process of segmenting their third party risk in this manner, companies are well on their way to creating a risk map of their global exposures and, perhaps more importantly, developing a guide to apply to future commercial relationships. The opportunities in emerging market are very real, but the risks must be weighted equally if companies are going to develop successful global strategies.