COVID-19: An opportunity to enhance compliance

Because of the social and economic changes caused by COVID-19, regulators warn of a significant surge in fraud, bribery, and corruption. In times of distress, there is a greater tendency for people to justify their dishonest behavior.

We explore what drives employees toward occupational fraud and how organizations can take proactive steps to keep their operations secure.

What drives unethical behavior?

We draw on Donald Cressey's model, the Fraud Triangle, to understand why today's situation is the perfect backdrop for bribery, fraud, and corruption. The framework has three elements: opportunity, rationalization, and pressure (figure 1).

The opportunity for fraud and corruption increases with social disarray. Companies need to act to mitigate the risk. For instance, healthcare organizations might have to accelerate new supplier onboarding without proper due diligence so the business can meet urgent demand. Also, personal financial pressure or the need to meet sales targets can increase fraud risk.

Companies must also pay special attention to how COVID-19 puts employees' mental wellness at risk due to illness, travel restrictions, and job loss, says senior ethics and compliance professional Sabina Sudan, who joined me on a recent panel session. These factors increase pressure and rationalization, making them more vulnerable to fraud and bribery.

What types of risks are spiking?

Across industries, companies need to address a range of risks, including:

• Improper payments to government officials, such as bribing customs officials to move goods across borders to meet urgent need
• Third-party risks. For example, working with vendors without proper due diligence could result in sanctions and reputational damage
• Internal fraud, such as duplicate payments and payment for work not performed
• Improper donations to charitable institutions to influence decision-making
• Cybercrime, phishing, and digital fraud are on the rise as people work remotely

During the webinar, we asked more than 600 attendees – which included ethics, compliance, and procurement professionals from Fortune 500 companies – about the key risks to their organizations from COVID-19. Among the top risks respondents highlighted were fraud within accounts payable (AP) and procurement, and travel and expense (T&E).

How can organizations sustain compliance and mitigate fraud?

There are three principal ways that companies can protect themselves from increased risk:

1. Drive awareness: help employees reduce this new wave of risk. "Train people on how to balance the need for speed with the need to have proper controls and oversight," says Cardinal Health's Hollie Foust. Strong, frequent communication will help them follow the guidelines and foster an ethical culture.

2. Perform risk assessments: take steps to enhance policies and procedures. For example, you might need an additional oversight committee to monitor charitable donations and maintain a consistent response to growing requests.

3. Enhance monitoring processes: ensure you identify red flags, like fictitious vendors, improper payments, or requests to override due diligence by:

• Using digital technologies for corroborative logic-based analytics to spot fraud and maintain policies and regulatory compliance
• Reviewing 100% of transactions before payment to minimize the risk of improper payouts
• Using external data sources in audits (such as the US Office of Foreign Asset Control's Specially Designated Nationals list) to identify fraudulent or unallowable transactions
• Performing root-cause analysis and action-item tracking to continuously enhance compliance
• Adopting benchmarks to align with regulatory requirements, such as the recent DOJ guidance on corporate compliance programs, and industry standards

Embrace digital technologies to stay vigilant

Many organizations still rely on manual audits, which limit their ability to focus beyond transactional issues and see the bigger picture. For example, for spend monitoring, 32% of webinar attendees said they use Excel-based analytics. Only 13% use artificial intelligence or machine learning.

With digital technologies, organizations can future-proof their compliance functions. From automating spend monitoring and improving the accuracy of exception generation to analyzing behaviors and breaking down language barriers, digital technologies can provide deeper insights that reduce risk and improve compliance.

Let's look at the prerequisites for implementing a digitally enabled compliance program:

• Tone from the top: you need leadership buy-in. Show them how they'll prevent fraud and gain their commitment to nurturing a culture of integrity.
• Infrastructure readiness: to build a comprehensive monitoring solution, your remote teams must be equipped to run and manage compliance programs effectively. And if your organization has different ERP or T&E systems across business units, work with IT or a third party to ensure your infrastructure supports a robust data analytics program.
• Defined roles and responsibilities: after identifying exceptions through analytics, have a clear definition of roles and responsibilities and an action plan to fix issues.
• Risk and compliance expertise: "To build an insight-driven program, you either need the expertise in-house or the ability to tap into a wider talent pool from your partners," says Foust. "People with the right skills and a deep understanding of your organization can identify red flags, false positives, or new regulatory requirements, and highlight gaps in internal controls," she adds.

Today's uncertainty is an opportunity for organizations to ramp up their compliance efforts and minimize the risk of fraud and loss. Adapting existing policies and processes to address today's circumstances and adopting a data-driven, digitally enabled approach will help you respond better today and build greater resilience for the future.

Read more on how companies are using digital technologies in their compliance programs here.