Our thinking

2023 Global compliance risk benchmarking survey

In collaboration with

KPMG

 

Industry perspectives on the state of compliance today and effective strategies for managing compliance risk within the changing regulatory landscape

 

Introduction

Darryl Lew
Partner
White & Case LLP
T: +1 202 626 3674

Matthew McFillin
Partner, Forensic Services
KPMG LLP
T: +1 267-256-2647

In today's fast-paced and interconnected world of global business, a robust and comprehensive compliance program is not merely a choice, but a critical imperative for any organization. Drawing on the opinions of 201 senior decision-makers from more than 30 countries.

White & Case LLP and KPMG LLP's "2023 Global compliance risk benchmarking survey" offers powerful insights into compliance practices across industries worldwide and strategies employed by companies to manage their compliance risks—from anti-corruption risk assessments, third-party management and employee risk awareness to environmental, social and governance (ESG) practices and cybersecurity.

Among the key findings are the importance of regular anti-corruption risk assessments and robust third-party management practices—essential components for creating a culture of compliance and transparency.

Use of data analytics is gaining momentum in compliance programs, though many companies are still in the developmental stage. Testing anti-corruption programs for effectiveness is crucial, as is consistent measurement of hotline awareness and effectiveness, along with addressing employee concerns about hotline integrity.

ESG has increasingly become an area of focus, but our respondents reveal a lack of consistency in addressing ESG risks. This inconsistency in approach can hinder the effective implementation of organization-wide policies and procedures and lead to uncertainty among employees. Clearer guidance and communication are essential in navigating the complexities of ESG and ensuring successful integration into business practices.

Looking ahead, cybersecurity takes center stage as the top compliance priority for the next 12 months, as safeguarding sensitive data and proactively addressing digital threats become more important than ever.

By proactively addressing these compliance challenges, organizations can ensure ethical business practices, mitigate risks and safeguard their reputation in an increasingly complex regulatory environment. We hope you will find our "2023 Global compliance risk benchmarking survey" an insightful read.

Key insights at-a-glance

Drawing on the opinions of 201 senior decision-makers from more than 30 countries, White & Case LLP and KPMG LLP's "2023 Global compliance risk benchmarking survey" offers insights into compliance practices across industries worldwide and strategies employed by companies to manage their compliance risks—from anti-corruption risk assessments, third-party management and employee risk awareness to ESG practices and cybersecurity.

In today’s fast-paced and interconnected world of global business, a robust and comprehensive compliance program is not merely a choice, but a critical imperative for any organization

Global compliance risk benchmarking survey: ABC risk assessments

tea garden

Global compliance risk benchmarking survey: Third-party management

labyrinth garden

Use of data analytics in compliance programs

mountain tea garden aerial

Global compliance risk benchmarking survey: Monitoring and review

labyrinth

Global compliance risk benchmarking survey: Compliance escalations

maze aerial view

Global compliance risk benchmarking survey: ESG

garden maze

Impact of remote working on compliance and investigations

aerial view of tea plantation

Looking to the future: Cybersecurity tops the list of compliance priorities for the next 12 months

garden maze

Survey methodology and demographics

corn maze
tea garden

Global compliance risk benchmarking survey: ABC risk assessments

In collaboration with

KPMG

Insight
|
2 min read

Key Takeaways

01

Most companies conduct regular anti-bribery and corruption (ABC) risk assessments

02

Companies conducting anti-corruption risk assessments report more engaged boards

03

Use of third parties cited as the biggest corruption risk

79%

More than three-quarters of respondents (79%) report conducting documented anti-corruption risk assessments

The risk assessment process is important to establishing a well-designed and effective compliance program tailored to the unique risks a particular company faces. The risk assessment achieves a number of important compliance objectives for a company, including:

  • Fostering discovery of relevant risks, processes and controls
  • Educating leadership about compliance concerns
  • Promoting preventive and early detection strategies over reactive strategies
  • Identifying business strengths and stakeholders
  • Facilitating satisfaction of corporate director obligations

Most companies conduct regular anti-corruption risk assessments

The risk assessment process is important to establishing a welldesigned and effective compliance program

More than three-quarters of respondents (79%) conduct documented anti-corruption risk assessments, and almost half (48%) conduct these assessments annually or more frequently.

Almost one in five companies (18%) with fewer than 10,000 employees did not conduct an anti-corruption risk assessment and do not plan to conduct one.

Companies in the energy & natural resources and pharma/healthcare industries are most likely to conduct risk assessments, with 94% and 93% of respondents in these industries, respectively, conducting risk assessments.

Companies in the financial services and technology, media & telecom industries were comparatively less likely to report that they conducted (15%) or planned to conduct (17%) risk assessments.

Companies conducting anti-corruption risk assessments report more engaged boards

59%

Use of third parties is seen as the most significant corruption risk (59%) among respondents

Anti-corruption risk assessments are a foundational element of an effective compliance program. They help companies identify and prioritize risk and provide an important means of communicating internally, including with senior management and the board, about the anti-corruption compliance program and how best to deploy resources to manage and mitigate risk. Having senior management and the board appropriately informed about and engaged on compliance issues is important in establishing and maintaining the company‘s overall culture of compliance and "tone at the top."

Our results show that respondents that perform risk assessments were more than twice as likely to agree with the proposition that their boards are adequately engaged with respect to their anti-corruption compliance programs, resources and risks. Conversely, respondents not conducting anti-corruption risk assessments were approximately four times more likely to disagree with the proposition that their boards are adequately engaged with these topics.

Use of third parties cited as the biggest corruption risk companies face

Use of third parties is seen as the most significant corruption risk (59%) among respondents.

For all industries other than financial services, use of third parties is seen as the biggest risk. Companies from the pharmaceuticals/healthcare industry and the technology, media & telecommunications industry consider this risk to be particularly significant, scoring 83% and 72%, respectively.

As the size of the organization increases (both by revenue and number of employees), it is more likely to consider the use of third parties as the biggest corruption risk. This may be because larger entities engage with a wider range of third parties.

White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.

This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.

© 2023 White & Case LLP

Top