[00:00:00] Speaker A: Hi everyone. In this episode we're going to discuss how you can prevent, detect and respond to swiftly evolving business risk. I'm your host Bill Coffin and this is the Ethicast.
In today's nonlinear, accelerated, volatile and interconnected or navi business environment, organizations are facing unprecedented pressure to keep pace with change.
Yet most compliance functions remain underpowered under resourced and unaligned with the evolving risk landscape.
As a result, many businesses are struggling to manage rising threats from AI enabled cyber attacks to complex third party risks. All while tasked with meeting demands for faster, smarter compliance outcomes.
With us today to discuss this is Cecilia Melzi. Cecilia is partner of the Forensics and Integrity Risk Services from EY Peru. She is a certified fraud examiner and has more than 20 years of experience in projects related to design and implementation of compliance programs related to anti corruption, aml, antitrust and anti fraud investigation of irregular situations, forensics, data analytics, among others.
Cecilia leads a team of 170 professionals. Cecilia, welcome to the Ethicast. It's wonderful to have you today.
[00:01:28] Speaker B: Thank you very much Phil for the invitation to the Ethicast and thanks for the introduction. Really happy to be here and talk about these interesting topics.
[00:01:36] Speaker A: Businesses today are facing a dramatic business environment. To put it lightly, EY approaches this within its Navi framework, I.e. forces of change that are nonlinear, accelerated, volatile and and interconnected. With that in mind, how is this all making ethics and compliance's traditional role of preventing misconduct more complicated? And why might these teams be at risk of not being able to protect the enterprise as much as they could in the past?
[00:02:02] Speaker B: Wow, great question, Bill. Yes, according to a recent survey conducted by FT on behalf of EY, 71% of businesses say the complexity and volatility of the current operating environment make it harder than ever to keep pace with change.
So what this means is that a big percentage of companies cannot keep integrity standards in changing or disrupting times. But I think the key question is when in the world and especially in emerging markets like Latin America where I come from, there are not changing or disrupting times, Right?
And as I mentioned, in times of change or disrupting times, what happens is more difficult to maintain integrity standards. And especially considering the fraud triangle.
The fraud triangle is a really well known theory which tries to explain why someone makes a bad decision and commits a fraud.
The first factor is pressure, personal or organizational pressure to achieve the goals, pressure to comply with what is requested, but not doing the right thing, crossing the line.
Then the second factor is the opportunity, the lack of control.
And the third factor is Rationalization, which is nothing more than the justification that the person builds to think that what he or she is going to do is good and what he or she deserves.
So I think this is what the compliance role should face in these disruptive times.
So prevention becomes more complicated, especially due to the third factor, rationalization or justification, and how that impacts the culture of the company, which is how things are done, what is accepted and what is not accepted. Right. So in a compliance program, the prevention pillar has several the code of conduit, the policies and procedures, trainings.
But compliance programs should not only exist because paper stands for everything. They should work right and do so effectively. So a company could have a code of conduct, could have tons of policies and procedures, but no one knows for them, Right. It's not enough to be sure about having a compliance program and that we can mark a check, right? In the checklist, we have a compliance officer check, we make trainings check, we make due diligence check. We must be sure that the program works, that the culture of the organization embraces integrity, you know, and the adequate indicators to monitor the program are effective. Something that could not be measured, could not be monitored. And if we do not monitor, we can know if it really works or not.
So I think effective monitoring is a must. So I think the main challenge, Bill, is What are the KPIs that are being measured?
[00:05:00] Speaker A: Right?
[00:05:00] Speaker B: Are they the right ones? Are they providing valuable information to decision makers? So I think that's the key in these disruptive times.
[00:05:09] Speaker A: 41% of compliance teams are using AI to detect and flag emerging or anomalous risks in real time. Cecilia, what does this tell you about the role that emerging technology is playing as a component of ethics and compliance risk detection?
And I guess, more importantly, what does that tell you about how compliance teams should change their thinking about how much of their work should focus on risk detection in general?
[00:05:36] Speaker B: Yeah, Also great question, Will. I think technology is key, and I think the first advice to compliance departments is to incorporate people who have a technology background to be part of the compliance department. So you have to wait for the normal IT line, the organization to be attended. Right? So I think this is key. So ask for help and have a background of technology in the compliance department. I think that's key. And also focus on risk. And you, as you mentioned, all the norms, all the regulations, and all the best practices about compliance put the risks in the center of the compliance program. It's the heart of the compliance program, Right? So because we need to know which are the high risk Areas, processes and issues to prioritize and talking about technology.
It serves to prevent, for example, having all the affidavits, you know, and call of conduct, sign and digital documents, and also trainings. But above all, I think technology serves for detection. Right, because through machine learning, for example, the technology learns from fraud findings or from issues that already happened and implements controls to prevent it from happening again.
Right. So forensic data analytics, analytics allows anticipating problems and detecting fraud quickly to avoid losses. And also it's key because these risk detection procedures are also a deterrent factor for people who is thinking of crossing the line because they know that someone is doing something with the data, you know, so analytical tools allow performing tests, not with just a sample, with a universe of data structure and not structured, and detecting red flags, abnormal patterns, and for some specific cases, making a deep dive to understand the rationale behind some transactions.
So these are descriptive models that provide results based on what happened. But as I mentioned, there are also predictive models that through machine learning, machine learning could anticipate misconduct and stop it before it happens.
Right. But to be honest, I think it's not easy to change the mind of compliance departments to have resources to convince board of directors and invest in these new technologies.
I think that's the challenge. An important highlight, according to the recent survey I mentioned conducted by FT on behalf of EY, is that the largest proportion of Latin American business, 43% say they plan to stay the course and just 18% are transforming their compliance function. So it's a really low percentage still that want to transform and to invest in new technologies. Right. So I think we are in the process, but the way is still on about embracing technology.
[00:08:35] Speaker A: More than three quarters of businesses say that their compliance teams work closely and effectively with legal audit and other key functions. Can you speak to why this level of integration is so important for helping companies transform their compliance functions, especially compared to less integrated companies that take a more piecemeal approach to change?
[00:08:55] Speaker B: Yeah, so you know, integration with other areas is 100% relevant because, you know, compliance is not the only responsible for things being done right or for acting with integrity.
There are three lines of defense. Right. The first is about all employees doing what they have to do and executing their controls. Then the second is compliance and risks. And the third line of defense is internal audit that must supervise everything.
So if there is no adequate communication between compliance, legal and internal audit, I can assure that things will get complicated. Right.
And also because when there are fraud incidents and the company has to respond normally, the committees that are formed to investigate or to respond to these problems. Include those three areas, right? Legal, internal audit and compliance.
So the integration, the communication and the transparency is key.
And according to the survey I have been mentioning in Latin America, 68% say it is easy to work with other areas, but the percentage is still not so high. It's 68.
What happened with the other 32, you know, and this is the lowest percentage worldwide in Latin America. So what is my hypothesis? I think there could be resistance because the compliance area is not being seen as an advisor, is more seen like the one that wants blood, you know, like an auditor.
Yeah, Compliance area should have seen as an advisor, the ones that helps, the one that gives good advice, the one that will prevent you from having problems and make things go better. So as I mentioned, instead of that, I think compliance areas are being seen as the auditors, the ones that want a guilty person to be responsible of something, you know, so people should know that it's the opposite way. Right. The compliance is the one that could help. And it's not thinking in the past, it's thinking in the future to go together and improve things.
And also, Bill, I think personal should have certainty that the culture of integrity does not exist just because it's something that the company needs to have to comply with some regulation or to avoid any penalty or to be in the good picture, you know?
No, the compliance program and the culture work and exist because the company really cares and really believes that integrity is a value that is critical and a priority. And of course, top management embrace it and goes with that. Right? Top management conduct and tone is critical. And finally, Bill, I think we should not forget that reputation is the most valuable asset we all have, right?
Personally and in the organization. So I think that's the most precious asset to take care of.
If all work together, that will be an easier task.
I think the company should understand that all of us are on the same journey. If one is doing good, everyone is doing good. And if someone has a problem, everyone has a problem. Right? So I think that's the key as a message for companies to start maybe changing some messages and reinforcing integrity and integration. Integrity and integration.
[00:12:33] Speaker A: Well, Cecilia, that is a wonderful insight to end a fantastic conversation. So thank you very much for coming onto the program today and sharing your insights with us.
[00:12:42] Speaker B: Thank you, Bill. It has been a really pleasure to be here with you.
[00:12:45] Speaker A: To learn more from Cecilia on this very topic, check out our free on demand webcast. Why Accelerating Compliance Transformation is Critical in an era of disruption Available now in the Ethisphere resource
[email protected] resources and be sure to read EY's in depth report, how can Reimagining Risk prepare you for an unpredictable world?
[email protected] this report dives even deeper into the NAVI concept and how true risk strategists are achieving better outcomes and delivering valuable insights for others to achieve best practice.
Thanks for joining us. We hope you've enjoyed the show. For new episodes each week, be sure to subscribe to us on YouTube, Apple Podcasts, and Spotify. And if you haven't already, please follow us on LinkedIn to learn more about how Ethisphere can help organizations strengthen, advance, and improve their ethics and compliance programs. Together, we can make the world a better place by advancing business integrity. That's all for now, but until next time, remember, strong ethics is good business.
