Manage integrity risks in M&As
M&As offer an avenue to quickly gain a foothold in the market. When working on an M&A deal, it is vital to involve the compliance team from the outset. The compliance team should have sufficient influence and authority for compliance-related issues and concerns about the deals to reach the board. Forensic professionals may be called in to conduct forensic due diligence procedures. Investors should note that while higher-risk markets have strong growth opportunities, potential penalties and the high costs of cleaning up improper operations should also be considered.
Effective whistle-blower program
Whistle-blowers are the first line of defense against corruption, fraud and wrongdoing. An effective and independent whistle-blower program acts as an early warning system while promoting an integrity-focused culture. It is the organization’s alarm system, which can be triggered by anyone — employees, customers or business partners. An effective whistle-blowing process sets out how individuals can report actions that they believe are problematic and provides adequate safeguards to protect whistle-blowers from retaliation so that they are not afraid of speaking up.
Third-party risk management (TPRM) program
The resilience of companies is related to the resilience of their third parties. A TPRM program governs the conduct of due diligence and monitoring of business partners so that they meet expectations under local and international standards. The most effective TPRM programs are enabled by digital and artificial intelligence tools, along with advanced analytics and algorithms to evaluate risks.
Digital and artificial intelligence tools, together with advanced analytics and algorithms to evaluate risks, can enhance the effectiveness of TPRM programs.
Continuous monitoring of compliance data
Compliance programs are more effective when measured using data. Monitoring, together with carefully calibrated risk indicators and scoring models, can be a game changer for detecting risks. With digital scorecards that aggregate different data points, companies can have a broader view of their overall compliance performance. This not only facilitates effective communication with regulators and senior leadership on the organization’s compliance efforts but also allows them to drive year-on-year improvements in such efforts.
Cyber compromise detection
With many high-profile cases of cybercriminals bypassing companies’ cyber defenses where attackers are not caught, companies need to rethink their cybersecurity strategy and shift their mindset from one of prevention to resilience. Cyber compromise detection involves identifying forensic data that suggest a system or network may have been breached. This allows companies to detect attacks, act quickly to prevent further breaches and limit damage by stopping attacks in earlier stages.
Strategically located at the crossroads of global trade, Southeast Asia provides investors with opportunities and access to the wider Asian region. However, as with any investment, these opportunities present risks too. Before investing in the region, companies first need to assess business integrity risks and implement effective measures to manage such risks. This will allow them to better position themselves for success compared with businesses that fail to do so.
This article was first featured in The Edge Singapore on 1 February 2024.
Our related articles
Summary
Investors seeking to benefit from Southeast Asia’s growth potential need to enhance risk management capabilities relating to fraud, corruption, cyber breaches and non-compliance. To this end, management of integrity risks in M&As, an effective whistle-blower program, a robust third-party risk management program, continuous monitoring of compliance data and cyber compromise detection are crucial.