Fraud risk and cybercrime exposure keep growing, as does regulator scrutiny

Companies and their boards are struggling with increased regulatory burden and the risks associated with operating in emerging markets. Regulators are challenging corporate compliance and governance models as companies aim to mitigate risk while shareholders expect growth. The changing landscape for cross-border disputes, bribery and corruption, and cyber-crime continues to test compliance and governance models, especially in new markets.

Brian Loughman, the Ernst and Young Americas leader for Fraud Investigation & Dispute Services (FIDS), says, “Our clients are continually looking for ways to improve their approach to antibribery and corruption risk in emerging markets. However, we see related risks gaining traction with multinationals as well as industry-specific risk issues that will persist into 2014. FIDS has identified [several] key themes where we expect our clients to focus in 2014.”

Here’s what is expected to emerge in 2014:

•            The impact of regulation will be felt stronger than ever by the financial services industry. Notwithstanding the billions of dollars in restitution, fines, and litigation costs incurred to date by banks and securities firms, regulatory pressure is not expected to dissipate in 2014. Important themes from 2013 will likely continue as the industry responds to broad regulatory focus on systemic risk and reacts to Consumer Financial Protection Bureau (CFPB) rulemaking on mortgage loans, student loans, and credit cards. Regulatory enforcement pressure, which heretofore has focused on the largest institutions, may also migrate to midsized banks in 2014 prompting reassessment and enhancement of risk and compliance efforts at this tier.

•            Anti-money laundering and corruption programs to face greater scrutiny. Global regulators and the Department of Justice continue to press large, global financial institutions on the issues of money laundering, trade sanctions, and bribery and corruption, stressing the need for robust program controls, sophisticated monitoring systems, and knowledgeable personnel at the watch. The regulatory scrutiny is now moving beyond the traditional banking sector into nonbanks, including credit card issuers, insurance providers, and gaming enterprises, prompting the need to seriously review and enforce their compliance programs and controls.

•            Dealing with reputational harm and the business risk associated with cyber-crime will become part of a general counsel's responsibility set. Traditionally the chief information security officer (CISO) focused on information security attacks and compromises due to their damaging and potentially public nature. These risks are requiring immediate and planned responses organized by inside and outside counsel. Additionally, the potential shareholder impact, risk due to state-run and industrial cyber-espionage, loss of highly valuable business process or client data elevates the responsibility of cyber-security to a board-level exercise. The related disclosure issues can be complex.

•            The opportunity to leverage big data in the context of compliance and anticorruption will allow companies to ask new questions. Data analytics, traditionally the domain of marketing and sales, has effectively migrated into the realm of internal audit, compliance, and corporate oversight. Companies now have opportunities to use forensic data analytics for proactive monitoring of business data. Organizations will be able to develop a better understanding of the risks and rewards of forensic data analytics and how these techniques can be used to transform data to help detect potential instances of fraud and implement effective fraud risk mitigation programs.

•            Balancing significant growth opportunities in Africa with perceived corruption risk. With a number of rapidly growing economies and increasingly sophisticated consumer markets, multinationals continue to heavily invest across a wide range of industry sectors. However, the perceived level of corruption in the region, and the attention of US authorities on business conduct in the region, is prompting organizations to reassess their controls, testing and compliance programs. Indeed, an Ernst and Young survey found that 83% of African respondents polled viewed bribery and corrupt practice as widespread. Organizations setting up operations in Africa will need to perform robust due diligence in order to manage these risks.