Prioritizing the integrity agenda in times of uncertainty (Second part)

Roderick M. Vega

Second of two parts

The difficulties of dealing with the pandemic have aggravated current integrity issues while presenting new ones for emerging markets all over the world. The emerging markets perspective of the EY Global Integrity Report, which surveyed more than 1,700 employees across all levels of large organizations in 21 emerging market countries, reveals that corruption and fraud remain major threats to long-term success for businesses in the wake of remote working conditions and regulatory scrutiny following the New Normal.

The Global Integrity Report, conducted by global market research agency Ipsos MORI, presented relevant insights into the ethical challenges the organizations faced. By considering how the respondents dealt with areas of risk, businesses may gain insights about how to overcome some of the challenges to post-pandemic recovery.

In the first part of this two-part article, we discussed the first of four key areas identified by the Integrity Report: prioritizing corporate integrity and encouraging the use of whistleblower channels. In this second part of the article, we discuss the need for an increased focus on data protection and cybersecurity, and the need to address integrity issues in third party service providers.

Remote working during the pandemic has heightened the risk of cyber breaches, with more cyber criminals exploiting weak networks and targeting unsuspecting employees. The year 2020 saw a spike in ransomware and cyberattacks, infecting networks with malware and even selling fake COVID-19 treatments through phishing e-mails.

Data breaches can result in devastating financial and reputational consequences for an organization, making it imperative to prioritize data protection. The EY report encouragingly shares that 55% of emerging market companies address this by offering employee training on how to prevent security breaches, a higher value than the 45% of companies doing so in developed markets. Should a security breach occur, 42% have an incident response plan in place. Moreover, as much as 86% even share confidence that they are doing everything they can to protect the data of their customers.

With such high stakes, organizations should consider building a data privacy and protection framework guided and supported by the board. The increasingly sophisticated nature of cyberthreats and strict regulations result in the need to implement industry-leading practices and raise the bar to protect sensitive data. Companies can improve vigilance and identify issues by utilizing the latest technology, strengthening their virtual infrastructure, and raising cybersecurity and digital risk awareness among stakeholders. In addition, companies must consider developing thorough diagnostics scans, strong monitoring frameworks and incident response strategies.

Though it is no mean feat to uphold integrity within an organization, external factors such as third-party partners can undermine existing efforts. The reputation of a retailer, for instance, will suffer greatly if one of its suppliers engages in malpractice, exploits loopholes, pays bribes, or engages in other similarly unethical behavior. These acts tarnish the reputation of the partnered retailer and subjects them to the high likelihood of financial loss, heavy penalties, or legal ramifications.

The integrity report reveals that emerging market companies are aware of this particular threat, but with only 35% showing confidence that their third-party partners operate with integrity. Businesses cannot afford to place just their supply chain partners under scrutiny — sources of third-party risk can be found in distributors, joint-venture partners, contractors and consultants. However, despite the added challenge of restricted operations, remote working and limited mobility, 31% of emerging market companies address this risk through training and processes that highlight third-party due diligence.

These challenging times pose an increased possibility of lapses in conducting due diligence, impeding internal reference checks, physical site visits and informal discussions that help identify potential gaps in conduct. However, this also gives companies the opportunity to reframe how they assess third-party risk. Digital solutions can be leveraged to streamline the assessment process, such as using data analytics to automate risk scoring and using automated dashboards for more efficient monitoring.

Risks to integrity have existed before and will persist beyond the pandemic. Employees may be tempted to risk the easy path regardless of accountability, cyberthreats increase in complexity and potential to expose vital data, and third-party risk creates more points of vulnerability in growing ecosystems.

The report proves that emerging market companies recognize these threats and are making progress in addressing them, but there is still much to do. Businesses must expand their scope of focus past traditional aspects of integrity such as fraud, corruption and bribery, and must include measures in environmental, social and governance (ESG) criteria. With more customers prioritizing businesses with ethically sound practices, it is more important than ever to champion a culture of integrity not just because it is the right thing to do, but to also create long-term value.

This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinions expressed above are those of the authors and do not necessarily represent the views of SGV & Co.

Roderick M. Vega is a Partner and the Forensic and Integrity Services (FIS) Leader of SGV & Co., and Dennis F. Antonio is an FIS Senior Manager of SGV & Co.

Leading the way in business

Other SGV News and Publications