The incidence of fraud in the United States doubled from 8 percent to 16 percent over the last two years at select companies, according to a new EY Global Fraud Survey. It also appears many top executives may be underestimating risk from cybercrime.
As an illustration of the prevalence of fraud globally, 1 in 5 CEOs report they have been asked to pay a bribe. Another finding that should be a concern to general counsels and other in-house attorneys is that one in five businesses participating in the survey did not have an anti-bribery/anti-corruption policy in place.
In a statement, EY said it is “imperative” for companies to have a “robust” strategy to respond to incidents.
The EY survey of over 2,700 executives located in 59 nations show that close to 40 percent of executives saw that bribery and corruption were widespread in their nations. Yet, some 48 percent of those surveyed, saw cyber-crime to be a very low risk or fairly low risk to their business. EY says the respondents apparently underestimate risk from organized crime and foreign governments.
For instance, Crowdstrike is tracking more than 20 hacker groups with ties to the Chinese government, InsideCounsel reported recently. (The Chinese government has denied allegations of organized cyber-tactics.)
The survey included interviews with chief financial officers, chief compliance officers, general counsel and heads of internal audit.
Brian Loughman, EY Americas Leader of Fraud Investigation & Dispute Services (FIDS), called the jump from 8 to 16 percent in the United States a “significant increase.”
In a statement sent to InsideCounsel, Loughman said the survey data “suggests there is much work to be done in compliance because only 38% of c-suite executives responded they had been through ABAC [anti-bribery/anti-corruption] training.”
“To the extent compliance reports to legal there is an opportunity for improved advocacy by general counsels to strengthen the ‘tone at the top,’” he added. “Separately, 70% of our respondents in the U.S. viewed cyber security as a significant threat and considering the increasing regulatory pressure to disclose cyber incidents this should be an important area of focus for GCs in the near term.”
GCs should also find the data important, because “The implications that compliance efforts are potentially running out of steam and the evolving landscape, surrounding cyber-attacks and disclosures, will require guidance from the legal department – because of the risks posed to the organization, as well as reporting obligations,” he added.
The survey comes as cybercrime is becoming more prevalent, and the U.S. Securities and Exchange Commission (SEC) is increasingly focusing on cyber risks, Loughman said. As a result, company boards and their audit committees “need to be vigilant in monitoring these risks,” Loughman said.
The survey also showed that among the companies surveyed some 38 percent take part in ABAC training and 30 percent take part ABAC risk assessment. Similarly, one in five businesses does not have an ABAC policy, and 45 percent of the businesses do not have a whistleblowing hotline. And less than a third of businesses said they are conducting anti-corruption due diligence as part of their mergers and acquisitions, the survey showed.