The 2024 Global Economic Crime Survey offers insights into how boards and business leaders are addressing daily economic crime risks. While leaders express confidence in their compliance programmes, many neglect preventive measures. Only half of Irish companies have a third-party risk management programme or include risk scoring in their processes.
While cybercrime continues to be the most reported fraud for Irish and UK companies, supply chain fraud and procurement fraud are on the rise. Fraud within your supply chain or procure-to-pay process can take many forms, including supplier favouritism, kickbacks, bid rigging, counterfeit goods, fraudulent billing, misappropriation of assets, and even cybercrime attacks.
Not surprisingly, the four most frequently reported frauds, corruption or economic crimes are also the most disruptive and serious in terms of impact on organisations. These are cybercrime, customer fraud, supply chain fraud and procurement fraud.
Worryingly, the survey highlights that Irish companies are lagging behind global efforts to mitigate fraud risk. Only 38% of Irish companies completed an enterprise-wide fraud risk assessment in the last 12 months, with an additional 6% planning to do so within the next year. This compares unfavourably with the global response rates of 59% and 12%, respectively.
Our survey also highlights that 25% of Irish respondents do not use data analytics to identify procurement fraud, waste or abuse within their business, higher than the global rate of 18%. Additionally, only 31% of Irish businesses attempt to quantify their losses to procurement fraud, compared to 53% globally. These findings indicate substantial room for improvement in mitigating fraud risk and using available tools to combat it.
Rising public scrutiny and a rapidly evolving regulatory landscape are placing increased pressure on companies to identify and mitigate supply chain risks. These risks include sanctions, environmental issues, forced labour and other human rights abuses. Many new EU regulations mandate supply chain mapping and human rights-related risk assessments. For example, in March 2024, the European Council and Parliament announced a provisional agreement to prohibit products made with forced labour. More recently, the European Council adopted the Corporate Sustainability Due Diligence Directive, requiring large companies to establish due diligence procedures to prevent, identify and mitigate adverse impacts on human rights and the environment caused by their operations or those of their business partners.
78% of Irish companies report confidence in their understanding of third parties (vendors, suppliers, distributors, customers, etc.). They claim to have developed a comprehensive understanding, using a risk-based approach to due diligence and continuous monitoring to note changes in risk profiles.
However, the survey suggests that Irish executives may have false confidence or a blind spot regarding supply chain risks, as most do not universally employ best practices to mitigate third-party risk effectively. We take a deeper look below.
Risk scoring is a crucial component of an effective third-party risk management programme. Without it, there is no way to tier the level of due diligence and ongoing monitoring that one party merits relative to another. Yet only 25% of Irish companies include risk scoring in their risk management programmes. This compares unfavourably with other jurisdictions, where 74% of UK companies and 54% of global companies risk-score their suppliers.
To fully understand where the highest risks lie within their supply chains, many companies have begun supply chain mapping. However, this momentum is not as pronounced within Irish companies. As illustrated in the chart below, 77% of UK companies have mapped their supply chains, whereas only 41% of Irish companies report having done so. This is an area of concern.
More than one in three executives globally (34%) believe that assessing the risk of forced labour in their supply chain is a priority for their company. However, this frequency drops to just 22% among Irish respondents.
Given the scrutiny on forced labour in supply chains, boards of directors should prioritise this issue before it escalates into a crisis. This begins with requiring annual updates from management, including progress on supply chain mapping. These updates should encompass a comprehensive risk assessment of the company’s supply chain, identifying potential risk factors or red flags that may indicate forced labour. Reassessments of supply chain maps should occur at least annually. Additionally, companies should include contractual language with key suppliers, obligating them to update the company regarding changes to at least their own ‘tier one’ suppliers (those they contract with directly).
Geopolitical tensions, including the Russia-Ukraine conflict, US-China tensions and uncertainty in the Middle East, have intensified the regulatory environment around export controls and sanctions. Multinational companies, regardless of their stance on policy priorities, must comply with these legislative and regulatory changes.
Our research indicates that the business community is indeed attentive to these developments. Among Irish executives surveyed, 53% agree that sanctions and export controls imposed by governments have grown more complex in the last two years, and 44% report that sanctions are being enforced more robustly.
Third parties are recognised as posing the biggest threats to sanctions compliance for Irish organisations.
Given the complexity and constantly changing environment, senior management and board members should actively address the organisational plan for mitigating third-party risks. Here are specific actions they can take:
Assess the sufficiency of your third-party risk management approach.
Revisit third-party risk assessment processes to incorporate leading practices.
Support the case for investment in analytics, including artificial intelligence (AI) and generative AI (GenAI).
Ensure alignment with the CEO and board regarding the nexus between growth and risk.
Identify strategies for collaboration between internal audit and legal/compliance, including third-party risk assessments and onsite audits.
Reconsider if briefings on third-party risk are of sufficient frequency and insight.
Help break down functional silos that may interfere with effective compliance and risk mitigation.
Encourage collaboration between the first, second and third lines to increase efficiency and effectiveness.
Our experienced team of forensic accountants, investigations experts and corporate intelligence specialists have worked on some of the largest commercial litigation and forensic investigations in our jurisdiction and beyond.
We support our clients in investigating accounting issues or financial irregularities, whether they have arisen through fraud, economic crime or genuine errors. Our integrity due diligence team uses deep open-source intelligence searches to help clients understand risk areas, including sanctions, the environment, forced labour and other adverse media reports regarding parties in their supply chains.
For assistance with any of these matters, contact us today.
PwC’s 2024 Global Economic Crime Survey is the latest in a series of studies dating back more than 20 years. In our research, conducted between January and March 2024, PwC surveyed nearly 2,500 companies across 63 territories, including more than 30 in Ireland. Two-thirds of respondents were C-suite executives, including 450 General Counsel, Chief Compliance Officers and Chief Audit Executives. We also conducted over 45 interviews with senior executives from major corporations around the world to discuss their leading practices. This body of research gave us a unique lens on how today’s boards and business leaders are addressing the economic crime risks their organisations are navigating daily. PwC Research, PwC’s global Centre of Excellence for market research and insight, conducted this survey.