In June, Deloitte published One Step Ahead: Obtaining and maintaining the edge, the report of our 2017 survey on bribery and corruption in Australia and New Zealand. Our survey asked risk leaders across the private, public and non-profit sectors for their perceptions and experiences of bribery and corruption, and their management of the risk. At a time when this issue is experiencing growth in public scrutiny and political focus – with a number of initiatives taking place across the region that could tighten and heighten corporate responsibilities – some might expect our survey to show a rise in activity since our 2012 and 2015 surveys. But that was not the core theme of our findings. Instead, our findings might indicate a plateauing – even a slowdown – in the development of Anti-Bribery and Corruption (ABC) frameworks here. While respondents appreciated the serious reputational implications of a bribery incident, the activity that they reported would not adequately manage that risk. Most senior risk leaders in Australia and New Zealand want to do the right thing, so a key question for reflection might be – why are we not doing as much as we could to manage the risk of bribery and corruption? In this article, we unpack some common reflections from clients, explore the findings of our survey, and suggest some potential ways ahead. Alternative compliance priorities Most respondents told us that bribery did not appear in their organisation’s ‘top five’ risks, and this might seem reasonable when considering the blistering array of risks that a modern organisation needs to manage. Similarly, other risks can carry much more intensive regulatory requirements than bribery at present, perhaps compelling many risk managers to move it down the organisational to-do list. But actually, bribery and corruption are part of a wider family of financial crime risks sharing similar drivers and enablers that should be a key concern for any organisation. After all, organisations are collections of humans, and humans are frail. Their integrity is not static, but capable of evolution in response to factors such as their environment. Even where organisations may be unwilling to recognise financial crime as a key risk, much ABC activity can be integrated with other priority programmes and organisational activities, unlocking uplifts in effectiveness or efficiency. Examples might include cultural development initiatives, and incident detection programmes. They might also include thematic issues such as human trafficking and slave labour in supply chain risk management – drawn into focus by recent British legislation. Furthermore, today’s priorities need to reflect tomorrow. This is a post FCPA and Bribery Act world, in which failures to prevent or detect bribery are increasingly subject to scrutiny. Although the pace may vary, the trajectory towards greater ABC regulation – and in particular, corporate liability – seems unlikely to reverse. As organisations consider how to position themselves, it is important to recognise that delivering change in behaviour, culture and ways-of-working takes time. Starting now will put an organisation in a great position to place themselves one step ahead should regulatory change crystallise. Stakeholder support As bribery and corruption controls can be perceived as a cost, it can be a challenge to obtain the buy-in of stakeholders. This can be as true at Board level as it is at all tiers of management. Most of our respondents told us that developing the right culture was a key tool for preventing bribery. This is true – awareness raising is critical to building support, at all levels, and is an important starting point. But a second consideration is whether stakeholders have truly connected with the relationship between corruption and business sustainability. Not only can a personal and corporate brand be mortally wounded by a corruption incident, but relying on corruption to grow business comes at the opportunity cost of more sustainable models. And thirdly, in a world of heightened uncertainty and complexity, a critical question for every organisation is whether its risk architecture is fully optimised and correctly resourced. The management of complex risks like bribery and corruption can benefit from a dedicated risk function, headed by independent executive leadership such as a Chief Risk Officer. This can help to provide the powerhouse necessary to build critical mass across stakeholder groups. Proportionality of risk and activity Corruption, like other financial crime, is a risk whose DNA is to hide. Its visibility, then, requires effort to maintain. Boards need to take an active – not passive – approach. In our survey, we found that only one in five respondents had detected an incident of corruption in the last five years. Taking into account the full array of corruption risks (including bribery, unmanaged conflicts of interest and nepotism), this is unlikely to be a credible measure of the true scale of the problem, and which instead suggests under-detection. This is critical. Without detection, our perception of the risk drifts away from reality. We can neither accurately perceive the nature of the threat, nor whether our preventative measures are appropriately targeted. Consider the coherence, breadth and effectiveness of the detection component of your bribery and corruption control plan. Critical questions might include, do you make use of whistleblowing mechanisms, data analytics and structured proactive review protocols? Are they embedded in the life of the business, and how do you know? Does your internal culture help or hinder them? Satisfaction with current framework One of our starkest findings was that amongst respondents for whom the risk of foreign bribery was relevant, 70% had not conducted a foreign bribery risk assessment. We also found that since 2015, the number of respondents reporting the existence of internal foreign bribery policies and compliance frameworks had dropped. And further, despite the change in public perception and looming possibility of regulatory change, nearly half of respondents did not plan to update their ABC frameworks in the next five years. This is dangerous. Without a risk assessment, how can you be sure that your countermeasures are proportionate or effective? And without regular review, how can you be sure that your approach takes account of your changing business environment? Instead, Boards should look outwardly, not inwardly, seeking independent views of their business and industry – both in terms of the risks, and the best practice available to mitigate them. In the last year, ISO37001:2016 – the international standard for anti-bribery management systems – has grown in prominence. Singapore, for example, has already ‘endorsed’ its use in public procurement. Whether an organisation adopts the standard in full or in part, it represents increasing consensus on good practice. Appreciating the value As a principally preventative matter, the value of a strong ABC framework is often realised in its absence – similarly to the value of physical security equipment like locks and walls. Seeing the value of ABC work can require a shift in mental gears for some stakeholders. In our report, we explain some of the advantages of meaningful ABC programmes. We discuss the reduction of reputational risk, how ABC frameworks help organisations to take control in a world of uncertainty, and the evidencing of stewardship, for example. But appreciating these intangible benefits can require a change in perspective: What are the opportunities that tackling bribery and corruption creates? Whistleblowing mechanisms are an example. Do you see your whistleblowing hotline as a passive tool, which offers comfort to dissatisfied employees and is a source of occasional resource demand as you respond to their concerns? Or is it part of an early warning system for wider organisational problems –well-socialised and utilised, subject to thematic strategic analysis to identify emerging risks, part of a coherent detection plan, and linked to regular management information that keeps your Board appraised of those risks? In short, does it help you respond to the present, or prepare you for the future? This is the key takeaway for readers of our report, and requires a fundamental question about the kind of organisation that you perceive yours to be. Are you reactive, or proactive? Do you live in the now, or prepare for the future? Are you treading water – or One Step Ahead? For more information, click here to read the Bribery and corruption survey 2017.