The following is an opinion piece written by Ray Flynn (pictured), CMIRM, IRM board member and risk management consultant. The views expressed within the article are not necessarily those of Corporate Risk and Insurance.
There has been a growing mountain of prosecutions and allegations of misconduct, over the last few years, at an individual and organisational-wide level, ranging from corrupt practices to inadvertent involvement in modern slavery, sanctions busting, sexual harassment, anti-competitive behaviour and the misuse of personal data. Despite nearly all of these being covered by recent legislation in a number of countries, this trend is likely to continue in 2019.
Why? The fact is that organisations tend to be a lot better at addressing external than internal risks, and risks involving unethical or illegal behaviour, in particular, are either overlooked or considered more remote than they should be. There is a reluctance to entertain the prospect of fellow workers, or even business partners, suppliers or sub-contractors, as capable of underhand practices.
“That sort of thing would never happen here” is often the sum total of any risk assessment carried out on unethical or illegal behaviour, before proceeding to the development of policies and procedures. This complacency, which can border on arrogance, leaves those entities affected unprepared, resulting in a much heavier price in remediation than they would have forked out in mitigation, with the right approach before an ‘incident’ has taken place.
The risk of exposure is also increasing. There is an element of iconoclasm and bloodletting involved, as the gap between the ‘haves’ and ‘have nots’ increases, which supports whistleblowing and puts pressure on regulatory bodies to act.
The good news is that there are plenty of resources out there to reverse this trend. Both the UK Bribery Act and the US FCPA guidelines urge organizations to undertake bribery risk assessments and suggest that “…. organizations might wish to consider seeking some form of external verification or assurance of the effectiveness of anti-bribery procedures.”
There is remarkable similarity between the advice given in legislative guidelines to combat bribery and in those designed to stamp out data breaches, unfair competition and modern slavery, with organisations being required to complete certain actions to address the risks involved. In addition, there are a number of IRM publications that can help, such as “An introduction to understanding and managing regulatory risk” and “Horizon Scanning: A Practitioner’s Guide.”