The Risk of Employee Misconduct
Companies are hyper-focused on third-party risks, especially when it comes to anti-corruption risks. And for good reason – a large percentage of FCPA enforcement actions involve illegal use of third parties to carry out illegal bribery schemes. In this era of third-party risk management, however, companies may be missing a more significant risk – employee misconduct.
In the global economy, companies face a number of serious risks – cybersecurity threats, foreign bribes, conflicts of interest, employee fraud and other employee risks of illegal conduct. Interestingly, when it comes to cyber-security risks, including theft of intellectual property, customer data, financial information and other valuable corporate data, companies face a significant threat from “insiders,” or to put it another way, from their employees. Nearly half of all cybersecurity incidents involve an internal actor, half of whom intentionally gain access to valuable corporate information, and half of whom unintentionally compromise valuable corporate information.
Overall, employee misconduct continues to hover around one-in-three or 33 percent of employees observe misconduct each year. The rates of observed employee misconduct is highest in Brazil, India and Russia.
In stark contrast to third parties, companies exercise control and responsibility for their employees. If a company suffers significant employee misconduct, there is a reason – a company has to maintain a culture of trust and integrity, filter that culture throughout the organization, and make it clear that employees should not cut corners or engage in misconduct to improve the bottom line. A company that is a slave to its quarterly reporting is bound to encourage, at least implicitly, employee misconduct and shady activities to advance the company’s all might quarterly financial results.
Once you recognize the control and responsibility a company has to minimize employee misconduct, the company has to mitigate such risks through a robust code of conduct, compliance communications and conduct from top level officials, and a consistent reporting and internal investigation function that includes positive incentives and strict disciplinary actions against violators.
A key to employee risk mitigation is to understand the risk of an employee group and tailor communications and training to that risk. An example illustrates how such an approach should work. A foreign-based sales staff is under pressure to meet target incentive requirements. In carrying out their jobs, they face significant anti-corruption risks when interacting with foreign officials, bidding on foreign government tenders, and acting to meet their incentive targets. A basic risk assessment of these employees will confirm that they pose serious and significant risks of misconduct.
Sales incentives, while a significant factor, cannot be the sole explanation for an employee to engage in foreign bribery. Of course, structuring sales incentives to reward group performance rather than individual performance may mitigate such risks and increase cooperation and joint sales efforts.
There is more to the equation – an employee’s supervisor, if committed to anti-corruption compliance, can exercise significant oversight of the employee’s activities and observe signs of misconduct – inexplicable or unjustified expense reports, unusual financial transactions, changes in tendering activities, including access to government tender specifications.
A tailored training message to these high-risk employees is important as well to emphasize the risks they face, the controls that are in place to detect and investigate potential misconduct, and the company’s overall commitment to ethical behavior rather than short-term financial gain. A bland, legal FCPA discussion will have little to no impact on employee behavior and conduct – instead a fulsome message capturing all of the elements of risk mitigation – culture, discipline, positive incentives, and promoting sustainable growth – will reduce misconduct and promote ethical behavior by sales employees operating in high-risk markets.