www.pwc.ru/en/forensic-services Russian Economic Crime Survey 2016 Looking to the future with cautious optimism 48 % of respondents have experienced an economic crime in the past 24 months 30% of respondents were affected by bribery and corruption which lower compared to 2014 50% of organisations that have suffered an economic crime highlighted its significant negative effect on employee morale Economic crime rate falls by 20% as anti-fraud measures take hold 95% of respondents believe that the vendor selection stage is the area of procurement that is most susceptible to fraud 65% of organisations surveyed perform risks assessment at least once a year, while 83% have a formal ethics and compliance programme in place
Transcript
www.pwc.ru/en/forensic-services
Russian Economic Crime Survey 2016
Looking to the future with cautious optimism
48%of respondents have experienced an economic crime in the past 24 months
30%of respondents were affected by bribery and corruption which lower compared to 2014
50%of organisations that have suffered an economic crime highlighted its significant negative effect on employee morale
Economic crime rate falls by 20% as anti-fraud measures take hold
95%of respondents believe that the vendor selection stage is the area of procurement that is most susceptible to fraud
65%of organisations surveyed perform risks assessment at least once a year, while 83% have a formal ethics and compliance programme in place
3Russian Economic Crime Survey 2016
Contents
08
08 Incidents of economic crime
10 Fraud detection and investigation
14 Procurement fraud
15 Bribery and corruption
15 Fraud horizon34
Economic crime trends
Contacts
22 Cybercrime
04 Foreword
26 Anti-money laundering
32 Terminology
06 Highlights of the survey
16 Ethics and compliance
We are pleased to present the results of the 2016 Economic Crime Survey in Russia. The results are based on the responses submitted by the Russian participants in the eights Global Economic Crime Survey conducted by PwC.
Over 6,000 participants from 115 countries, including representatives of 120 Russian organisations participated in the global survey.
Since 1999, the purpose of the survey is to seek respondents views on economic crime in general, on its causes, method of detection and prevention, and consequences of economic crime.
Our survey this year focuses on three key areas: Ethics and compliance programmes, Anti-Money laundering and Cybercrime. In addition to highlighting specific areas of economic crime worth focusing on, we emphasise the things you can do better to tackle them – implementing more sophisticated and effective measures that can reduce these risks.
Though the economic crime is still a major issue for businesses in Russia our survey shows a positive trend – a drop in economic crime in Russia by 20%, which we believe is the result of anti-corruption developments in Russia, strengthening of the internal audit function and other measures which are discussed further in our survey.
Our survey covered a wide range of organisations operating in Russia including private companies (34%), publicly traded companies (59%) and government sector entities (3%). Respondents represented activities across the industry spectrum including financial services (23%), manufacturing (12%), energy, utilities and mining (9%), pharmaceuticals and life science (9%), retail and consumer (7%), transportation and logistics (7%).
The majority of respondents occupy the senior positions such as chief financial officers/treasurers/controllers or heads of business units/departments. In addition, 50% of respondents worked in organisations with over 5,000 employees.
We are very grateful to all the respondents of this survey. Most important we really hope that the results of our survey will help the readers in their fight against economic crime.
Best regards,
Jeremy Outen Partner, Forensic Services Leader, PwC Russia
Jeremy OutenPartner Forensic Services Leader PwC Russia
Foreword
4 PwC
72%of respondents were managing the Finance, Executive Management, Audit, Compliance and Risk Management Functions
59%of the survey population represented publicly traded companies
25%of respondents employed by organisationswith more than 1,000 employees and lessthan 5,000 employees
38%of respondents employed by organisationswith more than 10,000 employees
48%C-suite
43%Head of
Department or Business unit
Industry sectors
7%Retailand consumer
7%
23%Financial Services
9%
9%
12%Manufacturing
Respondents
Transportation and logistics
Energy, utilities and mining
Pharmaceuticals and life science
Participation statistics
5Russian Economic Crime Survey 2016
6 PwC
• 48% of companies and organisations in Russia have experienced an economic crime in the past 24 months. This is significantly lower than the result for 2014 (60%), but, nonetheless, it is higher than the respective global result (36%).
• This decrease in economic crime may have been driven by following market trends: the enhanced role of internal audit within organisations and development of other systems of detection.
• 65% of respondents in Russia stated that they perform fraud risk assessments at least once a year. Globally, only 51% of respondents perform risk assessments at least once a year. At the same time, 83% of respondents in Russia reported that their organisations have a formal ethics and compliance programme in place (this figure corresponds with the global average).
• Our respondents state that the majority of economic crimes in Russia were initially detected by internal audit functions and corporate security (20% and 15%, respectively), which is a change from the 2014 survey, when the majority of cases were detected by corporate security (19%), while internal audit procedures were cited by 10% of those surveyed. This means that internal audit is now the most effective measure for detecting fraud in Russia. Reporting of suspicious transactions as a detection mechanism, which plays a predominant role globally, has significantly increased in Russia compared to 2014 (11% in 2016 vs 3% in 2014). Russian companies appear to have started putting measures in place to respond to risks identified during assessments.
• However, fraud is still considered a significant potential threat. At least 41% of respondents believe that their organisations are likely to experience an economic crime over the next 24 months.
• The profile of economic crimes remains along traditional lines in Russia. The most common types of fraud are asset misappropriation, procurement fraud, bribery and corruption. Furthermore, whilst cybercrime has moved up to second position globally, in Russia, it remains fourth on this list.
• Amongst those who have suffered an economic crime over the last two years, asset misappropriation remains the main type of fraud (cited by approximately 72% of respondents in Russia and 64%, globally) and this has not changed significantly since 2014. Asset misappropriation has traditionally been regarded as one of the easiest of frauds to detect, thus its prevalence in our survey from year to year is to be expected.
• In Russia, asset misappropriation is followed by procurement fraud. The number of responses noting procurement fraud is higher in Russia (33%) than globally (23%). Furthermore, vendor selection is highlighted as the most vulnerable area. For instance, 95% of our respondents think that procurement fraud occurs during this stage. It is also noteworthy that our respondents in Russia expect procurement fraud to be more common than asset misappropriation over the next two years.
• There are many causes of economic crime. Our survey shows that the opportunity or ability to commit crime is perceived to have risen in Russia by 8% since 2014, and remains by far the most important factor (84%), followed by incentive or pressure (8%) and the ability to rationalise such an action (8%). Generally, this breakdown is in line with global trends where the opportunity or ability to commit fraud is also the most significant factor (69%).
• In Russia, 44% of respondents reported having lost less than USD 100,000 to economic crime in the past 24 months, while 25% experienced losses between USD 100,000 and USD 1 million, and 23% experienced losses in excess of USD 1 million. Furthermore, in addition to financial losses, every economic crime produces collateral damage.
• In Russia, every second respondent reported a negative effect on employee morale as the most significant result of economic crime in the past 24 months, while globally, only 44% of respondents noted this. In addition, the possible negative impact on business relations and reputation or brand strength raises slightly less concerns in Russia than worldwide.
Highlights of the survey
7Russian Economic Crime Survey 2016
• Both in Russia and globally, internal actors continue to dominate the profile of fraudsters operating against companies. However, there was a 12% decrease in the number of respondents reporting that external actors were perpetrators of fraud. In Russia and globally, internal perpetrators originate from middle management (42% and 35% respectively), while junior management also contributed a great deal to the perpetration of internal fraud (31% and 32%, respectively). The majority of internal fraudsters were male (77%), aged from 31 to 40 years old (62%), with a higher education (72%). The proportion of fraudsters coming from senior management in Russia decreased from 36% to 15% over the last two years.
• In cases of economic crime involving third parties, the number of respondents engaging law enforcement against the perpetrators of such crimes has increased (67% vs 60% in 2014). Globally, this also remains the most common action against external perpetrators. Interestingly, cessation of business relationships has become a less popular action in Russia (56% vs 70% in 2014), but this is still significantly more common than the global result (25%).
• While globally asset misappropriation, bribery and corruption, procurement fraud and accounting fraud showed a slight decrease this year over 2014’s statistics, cybercrime jumped to second place (32%). In Russia, however, only 23% of respondents suffered from cybercrime in the last two years, which is 2% lower compared to 2014. The perception of the threat posed by cybercrime has also changed. For instance, 53% of our respondents globally believe this risk has increased in the last two years while only 32% of our respondents in Russia perceive an increase in this type of risk. According to our CEO survey, executives in Russia highlighted cybercrime and weak data protection among key business risks (43%).
• Bribery and corruption are still a challenge in Russia. For instance, 30% of respondents in Russia were affected by bribery and corruption compared
to 24% globally. This year’s results demonstrate a decrease compared to 2014, when 58% of respondents suffered from this type of economic crime. In addition, 21% of our survey respondents stated that they have been asked to pay a bribe, which is lower compared to 41% in 2014. Furthermore, 17% of respondents lost an opportunity to a competitor, whom they believed to have paid a bribe, compared to 42% in 2014. This positive shift may be explained by two factors. Firstly, over the last four years, Russia has adopted various anti-corruption regulations and laws and we might be now seeing the results of these measures. Secondly, the share of publicly traded companies in our current survey has increased from 40% to 59% compared to 2014. Our experience shows that publicly traded companies tend to have more robust ethics and compliance programmes.
• However, bribery and corruption remains one of the major risks for business. For example, 70% of executives in our recent Russian CEO survey reported it as one of the most important issues in their eyes.
• In Russia, 87% of respondents reported that their organisations have developed a comprehensive code of conduct. However, only 68% of these respondents indicated that regular training on their respective codes of conduct have been carried out.
• Our survey shows that enforcement of anti-money laundering (AML) has resulted certain challenges even for financial institutions with sophisticated and robust AML compliance programmes. The biggest challenge for effective AML compliance cited by the respondents in Russia is the pace of regulatory change (58%) (this is significantly higher than the global result (19%). AML regulation in Russia has also experienced significant transformations recently. Another challenge in AML compliance specified by respondents globally is lack of skilled staff (19%), while only 4% of our respondents in Russia consider this an important issue.
Highlights of the survey
High
lights of th
e survey
8 PwC
OverviewIn Russia, almost half of all companies and organisations (48%) reported that they had an experienced economic crime in the past 24 months. However, this is a significantly lower result compared to 2014 (60%). Nevertheless, the rate of economic crime in Russia remains higher than the global average (36%), the results for the Emerging 7 countries (29%)1 and Eastern Europe (33%).
Fig 1: Reported rate of economic crime
49%
59%
71%
37%
60% 48%
0%
10%
20%
30%
40%
50%
60%
70%
80%
2005 2007 2009 2011 2014 2016
Fig 1: Reported rate of economic crime
It is worth noting that, out of those who have experienced economic crimes, 33% had suffered more than 10 instances in the past 24 months.
The decrease in economic crimes in Russia may be explained by various reasons.
Firstly, the results of our survey show that the role of internal audit has strengthened while other fraud detection mechanisms have also developed further. In our experience, organisations that have developed fraud detection mechanisms and implemented fraud risk management programmes are better prepared to detect and prevent fraud.
Secondly, we have seen some major developments in the measures adopted against corruption in Russia over recent years, including legislative initiatives aimed at applying best global practices.
Further in our survey, we will touch on these reasons in more detail.
Change in types of economic crimeThe most pervasive economic crimes reported by our respondents in 2016 are highlighted below.
Asset misappropriation is seen as the most common form of economic crime, both in Russia and globally. For instance, 72% of respondents in Russia who experienced economic crime and 64% globally reported being victims of asset misappropriation. The prevalence of asset misappropriation among other types of economic crimes is not surprising. Typically, asset misappropriation is easier to detect, since this type of fraud is not as complicated as, for example, bribery and corruption or cybercrime.
Economic crime trends
Fig 2: Main types of economic crime in Russia compared to global trends
0% 10% 20% 30% 40% 50% 60% 70% 80%
Russia Global
Fig 2: Main types of economic crime in Russia compared to global trends, % relates to respondents who have suffered crimes
Asset misappropriation
Procurement fraud
Bribery and corruption
Cybercrime
Money laundering
Accounting fraud
Intellectual property (IP) infringement
64%
23%
30%
32%
12%
18%
7%
72%
33%
24%
23%
11%
23%
14%
1 Emerging 7 countries comprise Brazil, Russia, India, China, Indonesia, Mexico and Turkey.
Incidents of economic crime
9Russian Economic Crime Survey 2016
Procurement fraud was commonly cited (33%), making it the second most frequently reported type of fraud experienced in Russia. It is worth noting that the number of responses in Russia is 10% above the global average. We see this type of fraud as a double threat with a negative impact both on business and public sector.
The number of responses related to bribery and corruption is higher in Russia (30%) than the global average (24%). However, there is a significant decrease in the number of responses related to bribery and corruption over the last two years, from 58% in 2014 to 30% in 2016.
Globally, cybercrime has moved up to second position (32%). At the same time, the number of responses related to cybercrime in Russia is lower (23%) and has not changed much since 2014 (25%). Does this mean that Russian business is less exposed to cybercrime? We should remember that a significant percentage of those who did not report cybercrime could have suffered an event, but may not even have known about it.
Negative consequences of economic crimeIn Russia, 44% of respondents who experienced an economic crime in the past 24 months reported loss up to USD 100,000 and 25% of respondents reported loss between USD 100,000 and USD 1 million. 23% of our respondents reported losses in excess of USD 1 million, while globally only 14% of those surveyed had experienced such significant damage.
Top 3 most commonly reported types of economic crime in 2016
Asset misappropriation
Procurement fraud
Bribery and Corruption
Тор 3 most commonly reported types of economics crime in 2016
Assetmisappropriation
Procurementfraud
Bribery and corruption
72% 33% 30%
The true costs of economic crime are difficult to estimate, especially considering that actual financial losses only comprise a small component of the fallout from a serious incident.
Our survey respondents consistently note wider collateral damage, including business disruption, investigative and preventive interventions, remedial measures and, crucially, damage to employee morale and business reputation as having a significant impact on long-term business performance.
In Russia, 50% of organisations that have suffered economic crime in the past 24 months stated that this has had a significant negative effect on employee morale. Globally, only 44% of respondents noted such crimes’ impact on the overall mood of employees. Furthermore, respondents in Russia are less concerned with the negative impact on business relations (35%) and reputation/ brand strength (34%).
Fig 4: Negative consequnces (high and medium impact) suffered due to economic crime
0% 10% 20% 30% 40% 50% 60%
Russia Global
Fig 4: Negative consequnces (high and medium impact) suffered due to economic crime
Employee morale
Business relations
Organisation's reputation /brand
Relations with regulators
Share price
44%50%
32%35%
32%34%
27%28%
9%10%
Collateral damage, of course, while not always quantifiable, can dwarf the relatively shorter-term impact of financial losses over time.
Fig 3: Financial loss from economic cirmes
36%
17%22%
9%
4%1%
26% 18%
25%
19%
4%
0
5
10
15
20
25
30
35
40
Russia Global
Less thanUSD 50,000
USD 50,000 –100,000
USD 100,000 –1m
USD 1m –5m
USD 5m – 100m
>USD 100m
Econ
omic crim
e trend
s
10 PwC
Causes of economic crimeThere are many causes of economic crime. Experts often point to three factors that are commonly found when fraud occurs (the so-called “Fraud Triangle”): opportunity or ability to commit a crime, incentive or pressure, and rationalisation.
In Russia, perception of the significance of opportunity or ability to commit crime has risen by 8% since 2014 and remains by far the most important factor (84%). Incentive or pressure and ability to rationalise are at the same level (8%). Generally, the structure of the fraud triangle in Russia is similar to the global situation with opportunity or ability to commit fraud being the most significant factor (69%).
The trend of rising opportunities or ability to commit economic crimes is worrying. This means that companies should mitigate such loopholes by taking a proactive approach in order to ensure that fraud prevention and detection mechanisms are effective in addressing the significant risks of fraud.
Fraud triangle
Incentive or pressure
Rationalisation
Opportunities
2016 2014
88
84
129
76
Fraud detection and investigation
Risk assessmentFraud risk assessments are essential for identifying threats and weaknesses in controls that give rise to opportunities to commit fraud.
In Russia, respondents tend to perform risk assessments on a regular basis (every six months or annually). The numbers of companies that have never performed a risk assessment in Russia, or have performed it only once, is lower than the global results (23% and 32%, respectively). Overall, Russian respondents claim that they conduct fraud risk assessments much more frequently than their global peers.
As mentioned above, respondents both in Russia and around the world consider the opportunity or ability to commit fraud to be the most important factor contributing to the occurrence of such crimes. Thus, it is even more vital that companies conduct risk assessments, as they can help to identify internal control weaknesses and, thereby, prevent or at least to mitigate the risk of economic crime.
Detection of economic crime
Our survey shows that the majority of economic crimes in Russia were initially detected by organisations’ internal audit functions and corporate security (20% and 15%, respectively). However, the global results are different, at 11% and 5%, respectively.
Globally, the leading method for detecting economic crime is reporting on suspicious transactions.
In Russia, fraud detection methods have undergone various changes in the past 24 months.
The role of internal audit functions in detecting economic crime has significantly changed since our previous survey (10%), compared to 20% in 2016. In addition, the role of corporate security departments in detection of fraud weakened in 2016.
Reporting on suspicious transactions and fraud risk management are becoming important methods of detecting economic crimes (20%).
Russian organisations appear to have implemented proper measures to respond to the risks identified during risk assessments and are shifting to more effective internal risk management systems in order to identify cases of fraud.
Fig 5: Minimum frequency of performance of fraud risk assessmentsFig 5: Minimum frequency of fraud risk assessments
4%
10%
6%
31%
9%
18%
9%
29%
More often thanquarterly
Quarterly Every six months Annually
Russia Global
11Russian Economic Crime Survey 2016
Fig 6: Fraud detection methods in 2014 and 2016
20142016
Fig. 6: Fraud detection methods in 2014 and 2016, % relates to respondents who suffered crimes
10%
19%
3%
9%
3%
20%
15%
11%
9%
9%
0% 5% 10% 15% 20%
Internal audit
IT and physical security
Suspicious transactionreporting
By accident
Fraud risk management
Perception of law enforcementWe asked respondents to comment on whether they believe local law enforcement to be adequately equipped and trained to investigate and prosecute economic crimes. The majority of respondents expressed their doubts in this regard, both globally and in Russia (44% and 38%, respectively).
Main fraud culprits46% of our respondents in Russia and globally reported that internal perpetrators dominate the profile of fraudsters.
Investigation
When an incident of potential fraud has been identified, in most cases (85%), respondents stated they will rely on their internal resources to perform internal investigations. Globally, this percentage is lower (72%). In our previous survey for 2014, we reported even higher figures (93% and 79%, respectively). However, the survey also shows that one or more other types of actions usually accompany internal investigations. We believe that, in some situations, external assistance can add value (e.g., relying on specific expertise, independence, resources, etc.).
In general, respondents in Russia tend to use the same approach as their global counterparts.
Fig 7: Fraud investigation methods in 2014 and 2016
20142016
Fig. 7: Fraud detection methods in 2016 and 2014
93%
15%
13%
18%
10%
85%
22%
20%
19%
7%
0% 20% 40% 60% 80% 100%
Use internal resourcesto perform an internal
investigation
Contact an externallegal advisor
Consult with an auditor
Engage a specialforensic investigator
Wait to see if furtherindications of potentialfraud in the same area
may arise
Fig 8: Perpetrators of fraudFig 8: Perpetrators of fraud
Russia Global
0% 10% 20% 30% 40% 50%
Internal actor
External actor
Don't know
46%46%
33%41%
13%21%
Econ
omic crim
e trend
s
12 PwC
Most likely characteristics of internal fraudster
MaleUniversity/college
graduate31–40 years
old3–5 yearsservice
Internalactor
49%2014
46%2016
Externalactor
45%2014
33%2016
3%Decrease
12%Decrease
In Russia, there was a 3% decrease in a number of respondents who reported internal actors as perpetrators of fraud, from 49% in 2014 to 46% in 2016. Globally, there was a significant decrease (10%), from 56% in 2014 to 46% in 2016.
In Russia, there was a 12% decrease in the number of respondents who reported that external actors were perpetrators of fraud, from 45% in 2014 to 33% in 2016. Globally, an opposite trend was observed - a 1% increase from 40% in 2014 to 41% in 2016.
Internal perpetratorsBoth in Russia and globally, economic crimes are largely committed by middle management (42% and 35%, respectively). At the same time, junior management also contribute largely to the perpetration of internal fraud (31% and 32%, respectively).
In Russia, the proportion of fraudsters from junior management has increased from 18% to 31%, almost reaching the level reported globally (32%).
Conversely, the proportion of fraudsters from senior management in Russia has decreased from 36% to 15% over the last two years, also aligning with the global average (16%).
Typical profile of an internal perpetratorIn Russia, the majority of internal fraudsters were male (77%), aged from 31 to 40 years old (62%), with a higher education (72%) and who had joined the company within the past three to five years (62%). This profile is similar to the profile reported globally.
External perpetratorsIn Russia, respondents who have experienced an economic crime reported that the external perpetrator had been a customer or client in 35% of cases, an agent/intermediary (29%), or a vendor (6%).
Our survey shows that the share of agent/intermediary involvement increased by 9% in the past 24 months, representing a risky area in regards to relations with external parties.
13Russian Economic Crime Survey 2016
Fig 9: Most common external perpetrators in RussiaFig 9: Most common external perpetrators in Russia
Customers
Agents /Intermediaries
Vendors
20142016
7%
53%
20%
6%
35%
29%
0% 10% 20% 30% 40% 50% 60%
We believe that common types of customer fraud are likely to be various schemes related to receiving commercial bribes (i.e., money paid by customers to sales managers in order to receive favourable terms) and giving commercial bribes (i.e., money paid to customers so as to retain business).
Actions against perpetratorsIn Russia, dismissal2 remains the most frequent action against internal perpetrators (58%), which corresponds with the global trend. However, this rate decreased in comparison with the results of our previous survey (88%). Civil actions and informing law enforcement are not frequent actions against internal perpetrators as compared to the global averages.
Our survey also shows that, in 15% of cases of fraud involving internal perpetrators, no actions were taken. This may have a negative effect on organisational culture, primarily with respect to employee morale.
Fig 11: Actions taken by organisations against external perpetratorsFig. 11: Actions taken by organisations �against external perpetrator(s)
GlobalRussia
67%
56%
22%
22%
6%
53%
25%
38%
28%
9%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Informed lawenforcement
Terminated businessrelationship (if applicable)
Notified relevantregulatory authorities
Took civil action
Took no action
In Russia, in regards to cases of economic crime involving third parties, the number of respondents engaging law enforcement against the perpetrators of such crimes has increased (67% in 2016 vs 60% in 2014). Globally, this also remains the most common action against external perpetrators (53%).
Cessation of business relationship has become a less frequent action against external perpetrators in Russia (56% in 2016 vs 70% in 2014). However, this is still significantly more common than on the global level (25%).
2 We interpret “dismissal” in this context as any termination of an employment relationship (e.g., by mutual agreement).
Fig 10: Actions taken by organisations against internal perpetratorsFig. 10: Actions taken by organisations �against internal perpetrators
GlobalRussia
58%
23%
15%
15%
12%
4%
15%
76%
32%
43%
4%
14%
21%
3%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Dismissed theperpetrator(s)
Took civil action
Informed lawenforcement
Transferredperpetrator(s)
internally
Issued warning/reprimand
Notified relevantregulatory authorities
Took no action
Econ
omic crim
e trend
s
14 PwC
It is noteworthy that 95% of the respondents in Russia reported that most cases of procurement fraud were related to vendor selection. Fraud taking place at the bid and quality review stages is also higher in Russia compared to the global results. In contrast, fraud in the payment process is quite common worldwide (41%), but not in Russia (16%).
It appears that procurement fraud could be significantly reduced by strengthening controls in several key areas: conducting due diligence on vendors, checking for conflicts of interests, and ensuring that proper controls in the bid process and vendor contracting/maintenance are in place.
When focusing on tenders and vendors as external parties, it is also important not to ignore the potential threat from internal actors. An employee of a purchasing department may have a pre-existing and often indirect relationship with a certain vendor. It may take months or even years to detect such conflicts of interest.
Fig 12: Areas of procurement fraudFig 12: Areas of procurement fraud
GlobalRussia
42%
64%
42%
17%
41%
42%
95%
68%
42%
16%
Invitation of quotes/bid process
Vendor selection
Vendor contracting/maintenance
Quality review
Payment process
0% 20% 40% 60% 80% 100%
Procurement fraud
The potential for procurement fraud arises when a company takes part in a commercial or public tender, or acquires goods and services for its own use. In Russia, our respondents note that they had experienced procurement fraud more frequently than the global average (33% and 23% respectively).
We see procurement fraud as a double threat. It does damage to businesses with respect to their own acquisition of goods and services. Furthermore, it prevents organisations from competing fairly and successfully for business opportunities in commercial or public tenders.
Fraud at different stages of the procurement cycleIn Russia, the stages of the procurement cycle where fraud usually occurs are slightly different from those highlighted by our respondents globally.
Mitigating risks in procurementA detailed procurement analysis may be one of several effective solutions to ensure that a procurement function is operating properly. This would require using advanced data analytics, as well as qualitative assessments, in order to identify risks of procurement fraud and inefficiencies in the process.
However, what if some organisations have hundreds or even thousands of vendors and need to understand which of them are not as reliable as they appear? A sophisticated integrity check using automated solutions may be an option to reveal negative information and identify potential conflicts of interest: a) between vendors and employees of the organisation; and b) among vendors or groups of vendors. Such an analysis may also help a company’s management to reach preliminary conclusions in a very short time.
Procurement analysis stages
Discover
• Extract requisite data from ERP using IT solutions;
• Identify key facts about the procurement process in an organisation by relying on analytical tests of data complemented by tailored questionnaires or interviews with responsible employees.
Analyse
• Reveal unusual trends in the data;
• Perform a detailed analysis of those unusual patterns and understand the causes by using a combination of analytic tests and data visualisation techniques.
Our survey shows that vendor selection, the bid process and vendor contracting / maintenance are the stages most susceptible to fraud, both in Russia and globally. However, fraud during these stages is more frequent in Russia when compared to the global average.
15Russian Economic Crime Survey 2016
Bribery and corruption
In Russia, 30% of our respondents experienced bribery and corruption, which is higher than the global average (24%). This year’s results show a decrease compared to our previous survey in 2014 (58%).
In Russia, 21% of our respondents stated that they have been asked to pay a bribe, which is lower than 41% as reported in 2014. In Russia, 17% of our respondents have lost an opportunity to a competitor, whom they believed to have paid a bribe. This is significantly lower compared to the results of our previous survey (42%).
3 In April 2012, Russia became the 39th party to the OECD Anti-Bribery Convention. In January 2013, Article 13.3 of Russian Federal Law No. 273- FZ “On Preventing Corruption” was enacted.
In November 2013, Russian Ministry of Labour and Social Protection issued “Guidelines for Developing and Adopting Measures to Prevent Corruption”.
In April 2014, the National Anti-Corruption Plan for 2014- 2015 was enacted.
Fig 13: Percentage of organisations asked to pay a bribe and that lost opportunities due to a bribe paid by a competitor
Fig 13: Percentage of organisations asked to pay a bribe and that lost opportunities due to a bribe paid by a competitor
Organisations asked
to pay a bribe
Organisations losingan opportunity to a competitor
that paid a bribe
Russia 2014Russia 2016Global 2016
13%
17%
21%
15%
0% 10% 20% 30% 40% 50%
41%
42%
We believe that this positive trend may be the result of two factors. Firstly, in recent years, Russia has adopted various anti-corruption regulations and laws, and we may now be seeing the positive outcomes of these initiatives.3 Secondly, the share of publicly traded organisations in our survey has increased from 40% to 59% compared to 2014 results. Publicly traded companies are usually quite eager to develop ethics and compliance programmes.
However, our recent survey of CEOs in Russia showed that 70% of top managers indicated bribery and corruption as one of the major risks for their organisations.
Fraud horizon
Our survey shows that economic crime is still considered a significant potential threat.
We asked respondents to comment on which economic crimes they believe pose the highest risks to their companies in the next two years. At least 41% of the respondents believe that their organisations will likely experience economic crimes (procurement fraud) over the next 24 months.
Fig 14: Main types of expected economic crime
Fig. 14: Who is respponsible for business ethics & compliance programmes?
26%
36%
24%
34%
12%
41%
40%
26%
25%
14%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
Procurement fraud
Asset misappropriation
Bribery and corruption
Cybercrime
Money laundering
GlobalRussia
Overall, the expectations of respondents in Russia appear to reflect global trends with the following exceptions.
Firstly, fewer respondents in Russia consider cybercrime as a significant future threat (25% in Russia vs 34% globally). This might be a sign of over-confidence or non-awareness leading to the underestimation of potential threat.
Secondly, more respondents in Russia expect procurement fraud to occur in the next two years, which is different from the global trend (41% in Russia against 26% globally). Uncommonly, this type of fraud is expected to overtake traditional asset misappropriation in the next two years. This also confirms that procurement fraud represents a significant threat to Russian organisations and prevention of this type of fraud should be a point of focus.
Econ
omic crim
e trend
s
16 PwC
Ethics & compliance
81% of companies rely on internal audit to ensure effectiveness of their programmes
SUCCESS
BRIBERY
?
But is this the most effective path? Almost half of the incidents of serious economic crimes were perpetrated by internal parties
??
?1 in 5 respondents are not aware of a formal ethics and compliance programme
...though 83%of companies say they have businessethics and compliance programme
26 %of companies believe it is likely they willexperience bribery and corruption
...and 50%or every second respondent claim employeemorale is the largest casualty of economic crime ST
RATE
GY
HR
SALE
S
How is your business strategy aligned withand led your organisational values?
17Russian Economic Crime Survey 2016
81% of companies rely on internal audit to ensure effectiveness of their programmes
SUCCESS
BRIBERY
?
But is this the most effective path? Almost half of the incidents of serious economic crimes were perpetrated by internal parties
??
?1 in 5 respondents are not aware of a formal ethics and compliance programme
...though 83%of companies say they have businessethics and compliance programme
26 %of companies believe it is likely they willexperience bribery and corruption
...and 50%or every second respondent claim employeemorale is the largest casualty of economic crime ST
RATE
GY
HR
SALE
S
How is your business strategy aligned withand led your organisational values?
Eth
ics & com
plian
ce
18 PwC
Aligning decision-making with values
OverviewThe current business environment is characterised by growing globalisation, increasingly vigilant enforcement and greater demand for public accountability. A risk-based approach to ethics and compliance, which begins with an understanding of economic crime risks and compliance weaknesses, should be in place. Based on this approach, organisations should develop effective programmes, which can mitigate these risks, while also allowing them to achieve their business goals.
Many companies have been cutting costs, both in their headcounts and training programmes, or stretching their existing compliance teams’ responsibilities to include additional duties. This may be a strategic miscalculation, as bribery and corruption still represent significant threats for business in Russia. While risks and threats are always changing, a successful compliance programme should foresee and address those evolving risks.
It appears a perception gap exists between what CEOs and boards think is occurring, as well as what is actually happening in their organisations, particularly among senior and middle managers. According to our survey, middle managers remain the most likely group to commit economic crime, as well as the most likely to feel that values are not being clearly stated, or that incentive programmes are not fair.
Our recent Russian CEO survey supported this theme of a gap existing between intention and execution. For example, 70% of executives cited bribery and corruption as the top threats facing their organisations. A lack of trust in business was another key threat, underscoring the importance to leadership teams of having sophisticated credible corporate ethics programmes in place.
Five steps towards a more effective compliance programme
• Communicating and positioning your programme in line with your organisation’s corporate strategy;
• Evaluating and potentially reimagining the identity of your compliance function;
• Ensuring that all owners of compliance obligations fully understand (a) the “big picture” across the organisation, and (b) the scope of their own responsibilities;
• Remember that policies and training on values are not enough; credible and consistent engagement are essential;
• Never downsize while risks are on the rise.
Making sure your compliance programme is suitableBelow are four key areas of focus for enhancing the effectiveness of ethics and compliance programmes:
• People and culture. Maintaining a values-based programme, measuring and rewarding desired behaviour;
• Roles and responsibilities. Ensuring they are correctly aligned with current risks;
• High-risk areas. Better implementation and testing of the programme in high-risk markets and divisions;
• Technology. Better use of detection and prevention tools (e.g., big data analytics).
19Russian Economic Crime Survey 2016
People and culture: your first line of defenceEvery economic crime is based on decision made by an individual. Therefore, people should be the focus of attention. This means that organisations not only need to state principles to employees, but also create a culture where compliance is directly connected to values.
In Russia, every second respondent reported that the greatest organisational damage they experienced as a result of economic crime was in regards to employee morale. Negative consequences for business reputation and organisation’s reputation/brand were noted by 34% of our respondents. In both cases, the nature of how a business is perceived (from the inside, as well as the outside) was an area of great concern. This underscores the key role played by values in a successful business strategy.
A values-based compliance programme will help attract the best and the brightest to your organisation. In other words, responsible people want to work for responsible companies.
A well-designed compliance programme, supported by a strong focus on ethical behaviours, can offer a clear strategic benefit to an organisation.
Nonetheless, to be effective, your compliance programme must also be more than an updated code of conduct, a policy, and a few hours of training. Fundamentally, it must also address the deep connection between values, behaviour and decision-making.
Fig 15: Perceptions of business ethics and compliance
Organizational values are clearly stated and well understood
There is a Code of Conduct that covers key risk/policy areas and sets out theorganizational values and the behaviours expected of all in the organization
Ethical business conduct is a key component of our HR procedures includingobjectives, promotion, reward, recognition and disciplinary procedures
There are confidential channels for raising concerns(including a clear whistleblowing policy and procedure)
Senior Leaders and Managers convey the importance of ethical businessconduct in all that they do, setting a positive example and treating it as a priority
Training on the Code of Conduct (and supporting policies) is providedregularly, supported by regular communications and various advice channels
Irrespective of level, role, department or location, rewards are fair and consistent
Irrespective of level, role, department or location, disciplinary proceduresand penalties are consistently applied
Concerns can be raised confidentially, without fear of retaliation, and feedback is provided on a timely basis
Agree strongly Agree Neither agree or disagree
Disagree Disagree strongly
41% 44% 9% 4% 2%
37% 50% 7% 4% 2%
28% 50% 13% 5% 4%
42% 37% 9% 7% 5%
27% 58% 5% 7% 3%
30% 38% 16% 10% 6%
18% 52% 13% 15% 2%
15% 49% 19% 13% 4%
28% 51% 10% 6% 5%
Fig 15: Perceptions of business ethics and compliance
Mind and measure the (perception) gapsIn Russia, 85% of our respondents confirmed that their organisations had clearly stated and well-understood corporate values.
However, only 70% of our respondents believe that rewards are fair and consistent, irrespective of level, role, department or location. Moreover, only 64% of respondents think that disciplinary procedures and penalties are consistently applied. Thus, our survey might indicate a gap in how values are perceived, especially between what senior leaders communicate and what employees actually see.
To compete at the highest level, today’s organisations need to embed ethical behaviour throughout their operations at every level without exception.
Eth
ics & com
plian
ce
20 PwC
Aligning roles and responsibilities: who’s in charge?Our survey shows that 17% of respondents told us that they knew of no formal ethics and compliance programmes in place at their organisations.
In Russia, 83% of respondents noted that their organisations have established a formal business ethics and compliance programme. This result almost corresponds with the global average (82%).
Fig 16: How many organisations have a formal business ethics and compliance programme in place?
83%Yes
9%No
8%Don’t know
Fig 16: How many organisations have a formal business ethics and compliance programme?
Who has ownership? Adopting a risk-based approachOur survey shows that, in most organisations, the chief compliance officer and human resource director are responsible for business ethics and compliance programmes.
Fig 17: Who is responsible for business ethics and compliance programmes
Fig. 17: Who is responsible for business ethics and compliance programmes?
GlobalRussia
34%
15%
21%
3%
18%
38%
13%
18%
8%
7%
0% 5% 10% 15% 20% 25% 30% 35%40%
Chief ComplianceOfficer
General Counsel
Human ResourcesDirector
Chief FinancialOfficer
Chief AuditExecutive
It is important that all people across a business, not just compliance professionals, understand their roles and responsibilities for ensuring the business is aligned with its ethics and compliance programme. However, many organisations indicate a degree of confusion about who has ownership for what.
“Ownership” of a programme should belong to a business unit’s management, as their responsibility is to understand risks and determine the unit’s appetite for such risk. The role of the compliance function, on the other hand, is oversight and providing guidance. In some organisations, however, there is a tendency to view compliance as a kind of insurance policy upon which passive responsibility can rest.
Ultimately, all members of an organisation must work towards the same compliance goals.
21Russian Economic Crime Survey 2016
Opportunities for crime on the riseOur survey shows that 84% of respondents believe that opportunity is the main driver of internal economic crimes. This outweighs the other two elements of the fraud triangle, which are incentive/pressure to commit a crime and rationalisation of such an action.
In Russia, a large majority of respondents (81%) noted that their organisations rely on internal audit functions to assess the effectiveness of their compliance programmes. This result is higher than the global average (76%).
Monitoring whistleblowing hotline reports to ensure that ethics and compliance functions are effective is a more popular approach in Russia than globally (60% and 42%, respectively). At the same time, at the global level, management reporting is placed second. This is an area for further development in Russia.
While internal audit is an important part of the framework for assessing a compliance programme’s effectiveness, on its own it is not a sufficient means of assuring compliance, as its interventions are both periodic and historical.
Since prevention must ideally occur during the decision-making stage, internal audit mechanisms should be integrated with management reporting and real-time monitoring, so that problems can be detected and prevented in time.
Implementation in high-risk areasIn Russia, 87% of our respondents noted that their organisations had a code of conduct in place, but only 68% of them confirmed that relevant training is provided regularly and their codes were supported by regular communications.
Such a gap shows that good policies, procedures and controls will not suffice. Strong words must be supported by actions and practical solutions. Obviously, a well-designed compliance programme must be more than an updated code of conduct, policies, and a few hours of training.
Compliance is effective only if is not limited to “tick the box” exercises. It is essential that employees at all levels of an organisation share the same values.
Using technologies in pursuit of complianceToday, there are several sophisticated tools (e.g., big-data analytics for effective transaction monitoring), which can help bring compliance initiatives closer to operations by handling a variety of structured and unstructured data.
However, apart from transaction-monitoring systems (which are used primarily by financial sector clients), our survey shows that very few organisations are using these technologies to help detect and prevent economic crimes.
Some organisations pay too much attention to monitoring certain areas, while completely ignoring other critical issues. Others duplicate their expenditures on different tools. Nevertheless, others follow a "tick-the-box" approach to compliance and do not always gather or use the right data.
Our experience shows that the best place to start is not with the “big data” used for transaction monitoring, but rather with the “small data” from risk assessments. What matters most is collecting consistent and comparable data.
The optimal model should encompass the spread of risks an organisation faces and allow for reporting based on business units, geography or third parties. To achieve this, three things are needed:
• a consistent approach to defining risk;
• transparency in risk measurement;
• a common data platform
Data alone can never be a panacea. Nevertheless, if used effectively, it can offer companies additional power to stay ahead of their compliance risks.
Fig 18: How does your organisation ensure that your compliance and business ethics programme in effective
0% 20% 40% 60%
Russia Global
Fig 18: How does your organisation ensure that your compliance and business ethics programme is effective
81%
60%
44%
35%
2%
12%
76%
42%
54%
40%
2%
8%
Internal audit
Monitoring reports fromwhistleblowing hotlines
Management reporting
External audit
Other external monitoring
Other internal monitoring
80% 100%
Eth
ics & com
plian
ce
PwC22
Cybercrime
23 % of organisations affected
...and 25%think they will be affectedin the next two years
Only 26% of organisations have a cyber incident response plan
Most companies are still not adequatelyprepared for or even understand therisks faced and the make up of this team varies widely
43% of CEOs are concerned about cyber security
HR?
?
IT
? ??
In Russia cybercrime almost has notchanged in the past 24 months
How will your cyber-response planstand up to reality?
Cybercrime jumped to the second place globally
23Russian Economic Crime Survey 2016
23 % of organisations affected
...and 25%think they will be affectedin the next two years
Only 26% of organisations have a cyber incident response plan
Most companies are still not adequatelyprepared for or even understand therisks faced and the make up of this team varies widely
43% of CEOs are concerned about cyber security
HR?
?
IT
? ??
In Russia cybercrime almost has notchanged in the past 24 months
How will your cyber-response planstand up to reality?
Cybercrim
e
24 PwC
Furthermore, business leaders tend to worry that cybercrime may be holding back their organisations. Our recent Russian CEO survey showed that 43% of executives expressed concern about the growing threat of cybercrime, while 52% of them see speed of technological change as another challenge.
Impact of cybercrime
Our respondents in Russia reported reputational damage and theft of personal information as having the most damaging impact in regards to cybercrime, followed by loss of intellectual property, as well as legal and enforcement costs. Globally, respondents assigned a higher level of impact for service disruption, regulatory risks and actual financial losses.
Boundless threats
OverviewDigital technology is continuing to transform and disrupt the world of business, exposing organisations to both opportunities and threats. Therefore, it is hardly surprising that cybercrime on a global scale is rising (e.g., ranking as this year's second most reported economic crime globally).
Cybercrime is not just an IT problem. Technology today is so widespread, both within and outside of organisations, that cybercrime may now be considered as a fundamental business problem.
However, our survey shows that cybercrime in Russia is somewhat different. Almost a quarter of our respondents reported that they had been affected by cybercrime in the past 24 months (23%). This has not significantly changed since our previous survey in 2014 (25%).
Fig 19: Change of perception towards the risks of cybercrime
Russia Global
Fig 19: Change of perception regarding cybercrime risks
41%
53%
5%
60%
32%
8%
Remained the same
Increased
Decreased
0% 20% 40% 60% 80%
Fig 20: Level of impact of cybercrime
Rep
utat
iona
lda
mag
e
Act
ual f
inan
cial
loss
Lega
l, in
vest
men
tan
d / o
ren
forc
emen
t cos
ts
Reg
ulat
ory
risks
Inte
llect
ual P
rope
rty
(IP
) th
eft,
incl
udin
gth
eft o
f dat
a
Ser
vice
disr
uptio
n
The
ft or
loss
of
pers
onal
iden
tity
info
rmat
ion
High Medium Low None Don't know
10%
17%
33%
37%
3%
3%
30%
27%
37%
3%
7%
13%
33%
37%
10%
3%
7%
45%
34%
10%
7%
27%
27%
27%
13%
3%
37%
23%
23%
13%
10%
17%
30%
43%
Fig. 20 Level of impact of cybercrime
In Russia, 60% of our respondents did not change their perception of cybercrime risks in the last 24 months. Conversely, 53% of respondents globally believe that this risk has increased over the last two years, while only 32% of respondents in Russia have seen an increase in this type of risk.
Does this mean that Russian organisations are less exposed to cybercrime? The insidious nature of this threat is that a percentage of those who say they have not experienced a cybercrime were actually affected without knowing it. Sometimes hackers manage to remain on organisations’ networks for extended periods of time without ever being detected.
In Russia, 47% of respondents indicated that their organisations lost up to USD 1 million owing to cybercrime incidents over the last two years. In addition, 6% of respondents reported they had suffered losses in even bigger amounts. It is worth mentioning that a significant proportion of respondents who have experienced cybercrime could not estimate the size of the resulting loss (23%).
25Russian Economic Crime Survey 2016
Cybercrim
e
Responses to cybercrimeIn Russia, only 26% of respondents have a fully operational incident response plan, compared to 37% of respondents surveyed around the world. Furthermore, 20% of organisations have no plan and are not considering the implementation of one.
It appears that, in cases of cybercrime, only 45% of organisations have personnel who are “fully trained” to act as first responders, of which the overwhelming majority (74%) are IT security staff.
Corporate cybercrime is one of the most complex and challenging issues an organisation can face. An effective response requires the skills, knowledge, and experience of a range of corporate functions working in tandem (e.g., legal, human resources, media and public relations, communications, privacy counsel, audit and risk, finance, corporate security, etc.)
IT threats and their mitigation are the responsibility of an entire organisation.
Executive level:• Institute sound cybersecurity strategy
• Ensure quality information is received and assimilated
• Implement user security awareness programmes
• Support strategy-based spending on security
Audit & Risk:• Ensure a thorough understanding and
coverage of technology risks
• Conduct up-front due diligence to mitigate risks associated with third parties
• Address risks associated with operational (non-financial) systems
• Address basic IT audit issues
IT threats & mitigations are the responsibility of the entire organisation
Legal:• Track the evolving cyber-regulatory
environment
• Monitor decisions made by regulators in response to cyber incidents
• Be aware of factors that can void cyber insurance
IT:• Conduct forensic readiness assessments
• Be aware of the changing threat landscape and attack vectors
• Test incident response plans
• Implement effective monitoring processes
• Employ new strategies cyber attack simulations, gamifications of security training and awareness sessions and security date analytics
Fig 21: Do organisations have Incident Response Plans to deal with cyber-attacs?
Fig 21: Do organisation have Incident Response Plans to deal with cyber-attacs??
26%Yes, fully inoperation
27%Don’t know
10%Yes, not yet
implemented
17%No, assessing
feasibility
20%No, do not intendto implement
a plan
26 PwC
in Russia 52 %of financial services respondents cite challenges with complexity of implementing/upgrading systems
...only 57 %of money laundering or terrorist financing incidents were detected by system alerts
29 % financial services respondents have experienced enforcement actions by a regulator
How would your organisation fare in the face of regulatory scrutiny?
...and 58%claim that the pace of regulatory
change is the biggest challengeto AML compliance
?
Anti-money laundering
The place of regulatory changes has increased
27Russian Economic Crime Survey 2016
An
ti-mon
ey lau
nd
ering
in Russia 52 %of financial services respondents cite challenges with complexity of implementing/upgrading systems
...only 57 %of money laundering or terrorist financing incidents were detected by system alerts
29 % financial services respondents have experienced enforcement actions by a regulator
How would your organisation fare in the face of regulatory scrutiny?
...and 58%claim that the pace of regulatory
change is the biggest challengeto AML compliance
?
Anti-money laundering
28 PwC
Risk assessments should be conducted on a regular basis and closely tailored to variable circumstances such as operating environments, global standards and local regulations.
Our survey shows that the overwhelming majority of respondents in the financial sector (88% in Russia and 74% globally) perform AML and combating the financing of terrorism (CFT) risk assessments across their business and territories of operation.
Fig 22: Percentage of organisations that carry out AML/CFT Risk assessment
OverviewMoney laundering destroys value. It facilitates economic crime and nefarious activities such as corruption, terrorism, tax evasion, and drug and human trafficking, by holding or transferring the funds necessary to commit these crimes. It can be detrimental to an organisation’s reputation and its bottom line.
Global money laundering transactions are estimated to account for 2 to 5% of global GDP, or roughly USD 1-2 trillion annually. However, according to the United Nations Office on Drugs and Crime (UNODC), less than 1% of global illicit financial flows are seized by authorities.4
Growth in money laundering and terrorist financing is becoming more alarming for governments in almost all countries. Furthermore, over the last few years, heavy fines in the hundreds of millions to billions of dollars were imposed by regulators on global financial institutions for money laundering.
However, not just financial services institutions are affected. Any organisation that facilitates financial transactions, including non-bank money service businesses such as digital/mobile payment services, life insurers and retailers, is also the focus of anti-money laundering (AML) legislation worldwide. Many of these new participants are still not ready to meet the requirements of regulators.
As regulation evolves and becomes more complex, the cost of AML compliance rises. According to new figures from WealthInsight, global spending on AML compliance is set to grow to more than USD 8 billion by 2017 (compounded annual growth rate of almost 9%).5 However, large penalties resulting from compliance failures outweigh rising compliance costs.
Risk assessments are crucialOver the last decade, improved money laundering control measures have forced fraudsters and criminals to seek new methods to transfer their funds. Therefore, regular risk assessments are crucial, as they enable organisations to identify and address money laundering and terrorist financing risks.
GlobalRussia
Fig 22: Percentage of organisations that carry out AML/CFT Risk assessment
74%
4%
5%
3%
13%
88%
6%
8%
Yes
No, we do not believethis is necessary
No, but we plan to carryout a risk assessmentin the next 12 months
No, but we plan to carryout a risk assessment
in next 24 months
Don't know
0% 20% 40% 60% 80% 100%
However, our survey shows that 29% of financial institutions in Russian and 18% of financial institutions globally have recently been subject to enforcement actions on the part of a regulator (through either an enforced remediation programme or major feedback to address pressing matters).
Fig 23: Instances of regulatory enforcement actionsFig. 23: Instances of regulatory enforcement actions
GlobalRussia
Yes, we had a regulatoryinspection but with
no major feedback/consequences
Yes, we had a regulatory inspection and received
feedback on majorissues to addres
No, we have not had a regulatory inspection in the past 24 months
Yes, we were/are currently under a
mandatory remediation programme
Don't know
33%
21%
17%
8%
21%
32%
13%
32%
5%
18%
0% 5% 10% 15% 20% 25% 30% 35%
Challenges faced Our respondents indicated that the level of enforcement of AML / CFT measures has created challenges for even the most sophisticated of financial institutions.
In Russia, 58% of respondents reported that the pace of regulatory change was the most significant challenge to ensuring compliance with AML / CFT requirements. Globally, only 19% of respondents indicated this as a challenge.
Globally, respondents also indicated the following additional significant challenges (which were not highlighted by respondents in Russia): ability to hire experienced AML / CFT staff (19% globally and only 4% in Russia) and technology requirements (14% globally and only 4% in Russia).
Fig 24: Most significant challenge to compliance with AML/CFT requirements
Russia Global
Fig 24: Most significant challenges to compliance with AML/CFT requirements
58%
12%
12%
4%
4%
4%
4%
19%
13%
11%
19%
14%
8%
6%
0% 20% 40% 60%
Pace of regulatory change
Complying with AMLrequirements from multiple
jurisdictions
Cost
Ability to hire experiencedAML / CFT staff
Technology requirements
Negative impact oncustomers
Data privacy limitationson information sharing
across jurisdictions
Our survey shows that the most significant challenges in regards to organisations’ AML / CFT systems are the complexity of implementing or upgrading systems, data quality, and maintenance of client information in electronic formats and monitoring systems generating large numbers of false alerts.
In Russia, the majority of respondents stated that the most significant challenge is the complexity of implementing or upgrading systems. This might be due to use of legacy monitoring systems, which seem to be burdensome and extremely expensive to run, maintain and update as local regulatory frameworks change.
Fig 25: AML/CFT systems: most significant challenges faced
Russia Global
Fig 25: AML / CFT systems: most significant challenges faced
52%
24%
12%
4%
8%
24%
33%
23%
11%
9%
0% 10% 20% 30% 40% 50% 60%
Complexity of implementing/upgrading systems
Data quality and maintenanceof client informationin electronic format
Monitoring systemsgenerating large numbers
of false positive alerts
Data privacy limitationson information sharing
across jurisdictions
Other
30 PwC
Effectiveness of methods applied Our survey shows that Russian financial institutions more frequently use transaction monitoring (57%) as a key method for identifying suspicious money laundering or terrorism financing.
Our research also indicates that internal reporting on the part of employees of financial institutions is more frequently used in Russia than globally (24% and 10%, respectively).
Fig 26: Methods by which suspicious activities are identified
Russia Global
Fig 26: Methods by which suspicious activities are identified
57%50%
0% 10% 20% 30% 40% 50% 60%
Alerts from scenario-based automated systems(transaction monitoring)
Tip-offs/leads from a Financial CrimeIntelligence Unit
Internal reporting from sales staff/relationshipmanagers/branch staff
Other
24%10%
33%14%
6%5%
Our survey shows that organisations undertake varying activities to reduce AML /CFT risks. The leading measures are transaction monitoring, data validation, enhancing “know your customer” (KYC) requirements for certain client segments, and boosting compliance with respect to monitoring escalation and reporting systems.
Reduced exposure by exiting high-risk jurisdictions or client segments
68%
60%
52%
44%
24%
12%
8%
4%
4%
8%
43%
60%
55%
52%
31%
43%
15%
12%
3%
4%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Aligned people, technology or processesto ensure a consistent global approach
Introduced data privacy limitations oncross-jurisdictional information sharing
Reduced outsourcing/offshoring of transactionsurveillance functions
Considered relocating headquarters or certainfunctions to other jurisdictions
Other
As mentioned above, financial institutions in Russia are more focused on identification of suspicious transactions and its further validation (68% in Russia compared to 43% globally). We also learned there are differences in how people, technology and processes are aligned across different jurisdictions (12% in Russia and 43% globally). This approach has yet to be developed in Russia.
An
ti-mon
ey lau
nd
ering
An
ti-mon
ey lau
nd
ering
32 PwC
TerminologyDue to the diverse descriptions of individual types of economic crime in the legal statutes of different countries, we have developed the following categories for the purposes of this survey. These descriptions were defined as such in our web survey questionnaire.
Accounting fraudWhen financial statements and/or other documents are altered or presented in such a way so that they do not reflect the true value or financial activities of an organisation. This can involve accounting manipulations, fraudulent borrowings/raising of finance, fraudulent application for credit and unauthorised transactions/rogue trading.
Asset misappropriation, including embezzlement/deception by employeesThe theft of assets (e.g., monetary assets/cash or supplies and equipment) by directors, persons in fiduciary positions or other employees for their own benefit.
AMLAnti-money laundering
BriberyThe unlawful use of an official position to gain an advantage in contravention of duty. This can involve the promise of an economic benefit or other favour, as well as the use of intimidation or blackmail. It can also refer to the acceptance of such inducements. Specific examples include kickbacks, extortion, gifts (with strings attached), facilitation payments, etc.
CorruptionDishonest or fraudulent conduct by those in power, typically involving bribery.
CFTCombating the financing of terrorism
CybercrimeAlso known as computer crime, cybercrime is an economic offence committed using a computer and/ or Internet. Typical instances are the distribution of viruses, illegal downloads of media, phishing & pharming, and theft of personal information (e.g. bank account details). This excludes routine fraud, whereby a computer is used as a byproduct in order to carry out a fraud, and only includes such economic crimes where a computer, Internet or use of electronic media and devices is the main element and not simply incidental.
Economic crimeThe intentional use of deceit to deprive another of money, property or a legal right.
Financial lossWhen estimating financial losses due to fraud, participants should include both direct and indirect losses. Direct losses are the actual size of the fraud in question, while indirect losses would typically include the costs involved with investigation and remediation of the problem, penalties levied by the regulatory authorities and litigation costs. This should exclude any amount estimated due to “loss of a business opportunity”.
Fraud risk assessmentsAssessments are used to ascertain whether an organisation has undertaken initiatives to specifically consider:
a. the fraud risks to which its operations are exposed;
b. an assessment of the most threatening risks (i.e., evaluating risks for significance and likelihood of occurrence);
c. identification and evaluation of controls (if any) that are in place to mitigate key risks;
d. assessment of the general anti-fraud programmes and an organisation’s control; and
e. actions to remedy any gaps in such controls.
33Russian Economic Crime Survey 2016
Incentive/pressure to performWhen an individual has some financial problem that he/she is unable to solve through legitimate means, so he/she considers committing an illegal act as a way to solve the problem. The financial problem may be professional (e.g., job is in jeopardy) or personal (e.g., personal debt).
Intellectual property (IP) infringementIP infringement covers trademarks, patents, counterfeit products and services. This includes the illegal copy and/or distribution of fake goods in breach of patent or copyright, as well as creation of false currency notes and coins with the intention of passing off as genuine.
KYCKnow your client/customer
Money launderingActions intended to legitimise the proceeds of crime by disguising their true origin.
Opportunity or abilityWhen an individual uncovers a way where he/she can use (abuse) his/her position of trust in order to solve a financial problem with a low perceived risk of getting caught.
Procurement fraudIllegal conduct by which an offender gains an advantage, avoids an obligation or causes damage to his/her organisation. The offender might be an employee, owner, statutory board member, an official, a public figure or a vendor who was involved in the purchase of services, goods or assets for the affected organisation.
RationalisationWhen an individual finds a way to justify the crime to himself/herself in a way that makes it an acceptable or justifiable act.
PwC Russia (www.pwc.ru) provides industry-focused assurance, tax, legal and business consulting services. Over 2,500 professionals working in PwC offices in Moscow, St Petersburg, Ekaterinburg, Kazan, Novosibirsk, Rostov-on-Don, Krasnodar, Voronezh, Vladikavkaz and Ufa share their thinking, experience and solutions to develop fresh perspectives and practical advice for our clients. The global network of PwC firms brings together more than 208,000 people in 157 countries. * PwC refers to OOO PricewaterhouseCoopers Advisory, or, as the context requires, other member firms of PricewaterhouseCoopers International Limited, each of which is a separate legal entity.
