Benefits of Compliance and Risk Management

ORIGINAL ARTICLE 

SILVA, Lilian Reis da ^[1]

SILVA, Lilian Reis da. Benefits of Compliance and Risk Management. Revista Científica Multidisciplinar Núcleo do Conhecimento. Year. 06, Ed. 12, Vol. 04, pp. 123-147. December 2021. ISSN: 2448-0959, Access Link: https://www.nucleodoconhecimento.com.br/business-administration/benefits-of-compliance, DOI: 10.32749/nucleodoconhecimento.com.br/business-administration/benefits-of-compliance

ABSTRACT

Compliance is a program that aims to protect organizations from the occurrence of financial fraud, corruption, behavior and/or misconduct of employees linked to them, preventing their good reputation and financial soundness from being shaken. It is a tool whose purpose is to establish rules, standards and guidelines for internal processes within organizations. It was developed in the United States in 1970, and its practices were transformed into a legal institute, through the enactment of the Pioneer Law against Corruption FCPA (Foreign Corrupt Practices Act), motivated by the Watergate Case, which involved then-President Richard Nixon and members of his administration, by paying bribes in surveys in favor of his re-election. In this context, this article has as its main question: how do the benefits offered by the Compliance and Risk Management program collaborate to reduce the risks of fraud, illicit and corruption within organizations? The aim of this study was to present the benefits provided by the adoption of the Compliance and Risk Management program in public and private companies, in their internal processes and relationships with their segment of activity, and how they collaborate for fraud mitigation. The methodology was adopted as a bibliographic research, and it was about the benefits caused by fraud prevention programs. It was found that Compliance and risk management programs bring effective risk protection benefits, mitigating fraud and corruption, combined with new Information Technology Governance (IT) solutions, such as Enterprise Governance, Risk Management and Compliance (EGRC).

Keywords: Fraud within organizations, Prevention of corruption risks, Compliances.

1. INTRODUCTION

Discussing the Benefits of Compliance and Risk Management implies presenting concepts about what a compliance program is and what are the risks that companies run when they fail to adopt this type of program, in view of the different types of fraud, including corruption, money laundering, manipulations with internal information and/or when employees commit actions that can hurt the image of an organization, may even cause financial losses.

According to Michelotti (2020, p. 6), the adoption of a Compliance and risk management program provides transparency to organizations, demonstrating the existence of ethical conduct; in addition, it collaborates with the practices of good Corporate Governance, which is the “set of processes by which companies are managed”.

According to Sobreira Filho, Leite e Martins (2019, p. 23), “the compliance program is a corporate tool whose methodology for its implementation is based on business ethics and integrity as its greatest value”.

The term compliance, born of the English verb “to comply” is defined, summarized by Coelho and Santos Jr (2021, p. 8) as “satisfy the impositions of legal order or internal order of the company” (griffins of the original). To this concept, Gonsales (2016) adds that “if in the beginning, compliance meant “following the rules”, from the great Brazilian investigations, it also came to mean “follow the anti-corruption law”.

It is noteworthy that compliance applies to public or private companies, of different sizes and segments, located in all countries, organizations that have the longing to act with ethics, morals and in the promotion of human, social, economic and financial development.

This article was developed as a bibliographical research, for which the following question was defined: how do the benefits offered by the Compliance and Risk Management program collaborate to reduce the risks of fraud, illicit and corruption within organizations? In turn, the general objective was to present the benefits provided by the adoption of the Compliance and Risk Management program in public and private companies, in their internal processes and relationships with their segment of activity, and how they collaborate for fraud mitigation.

2. COMPLIANCE

2.1. CONCEPT

For a company to be considered reliable, inspiring security in its segment of activity and before society, it is important that it has values based on morals, ethics and justice. It should act with transparency, which allows it to build its credibility, and also attract human talents that enhance its capacity to act, aiming at its growth (JORGE and TOMAZ, 2018).

In this perspective, for an organization to act with ethics, good principles and competitiveness, the fight against fraud is a fundamental issue, inhibiting any kind of illicit, through the adoption of practices and processes to protect its values and objectives, adopting a compliance program.

Compliance presupposes “compliance and respect for standards and regulations”. According to Antonik apud Jorge and Tomaz (2018, p. 108), “compliance” comes from English, ” to comply “, which translated means “rules, instructions, norms, guidelines or simply respond to a command”.

Coelho and Santos Júnior (2021, p. 8) point out that “the objective of compliance standards is to focus on the result to be achieved, that is, to avoid the risks arising from the committing of personal or organizational conduct considered illegal or inconsistent with the principles, missions, vision or objectives of a company”.

Over time, between 1907 and 1977, laws have emerged applicable in the United States with international scope as well, to control and punish citizens, companies and government agencies that engage in corruption actions.

According to Nascimento (2018), Compliance was created in the United States, around the 1970s, elevated as a legal institute from the enactment of the Pioneer Law Foreign Corrupt Practices Act (FCPA). Such legislation was developed and implemented after the Watergate case occurred, which culminated in the resignation of then-President of the United States, Richard Nixon.

Furtado and Rocha (2015, apud MICHELOTTI, 2020, p. 7-8) report that in the period prior to the FCPA Law, the practices of capitalism in opening new markets included the payment of bribes, “considered a necessary and natural step in the corporate environment. There was the clearest possibility of the bribe being posted as expenses in the balance sheet. And bribery to obtain contracts or concessions in these countries was part of the rules of the game.”

Since corruption is a global problem, and involves – from the beginning – governments, people, public and/or private institutions, Ubirajara Costódio Filho, referred to by Nascimento (2021) states that it is something that harms all social spheres, with regard to the environment, free competition, public finances, international trade, democracy and republican precepts.

Still on corruption, Nascimento (2021, n.p.) also reports Eduardo Cambi, to highlight that:

a corrupção atrasa o desenvolvimento econômico e social. Restringe a vontade soberana do povo. Apropria a coisa pública para a realização de interesses privados. Gera promiscuidade entre o poder público e o poder econômico. Concentra renda. Ressalta privilégios e desigualdades. Impede a universalização de políticas públicas e a concretização de direitos fundamentais. Destrói a cidadania e enfraquece a democracia.

The purpose of the Foreign Corrupt Practices Act (FCPA) was to punish fraudulent actions by companies that would offer/pay bribes to public service, with the aim of expanding businesses around the world. From the adoption of the practices prescribed in the FCPA law, all organizations were obliged to follow internal and external regulations based on the ethical and moral issues necessary for commercial and economic relationships with their partners (NASCIMENTO, 2018).

2.2 EMERGENCE OF LEGISLATION FOR COMPLIANCE PRACTICES

According to Nascimento (2018, p. 26), the global movement to combat bribery and the entrenched practice of corruption “began with the Foreign Corrupt Practices Act (FCPA)”. This author clarifies that the “degree of corruption in a given country varies according to the way multinationals act there.”

Among the corruption rates verified, Nascimento (2018, p. 26-27) reports the proportion of companies around the world where the illicit corruption and money laundering persist:

23% das empresas na União Europeia e Europa Ocidental; 66% das empresas na América Latina; 64% das empresas na Ásia; 95% das empresas na Europa Ocidental e da Ásia Central; 84% das empresas do Oriente Médio e do Norte da África; 90% das empresas da África Subsaariana.

This author (NASCIMENTO, 2018, p. 26-27) says that economic globalization “brought about the global crime of corruption related to money laundering and offshore corruption”.

It is observed, therefore, that the literature on compliance and risk management programs shows that, at a given time, several countries and their governments decided to confront illegal practices – both in public institutions and in private organizations – that since then, they have been forced to adopt punitive and restrictive measures for citizens and countries that commit fraud, corruption and money laundering, among others, resulting in international treaties.

Countries adopting fraud prevention programs are signatories to the Organization for Economic Cooperation and Development (OECD), including: Germany, Australia, Austria, Belgium, Canada, Chile, Korea, Denmark, Slovenia, Spain, United States, Estonia, Finland, France, Greece, Hungary, Ireland, Iceland, Israel, Italy, Japan, Latvia, Luxembourg, Mexico, Norway, New Zealand, Netherlands, Peru, Poland, Portugal and United Kingdom (NASCIMENTO, 2021, s.p.).

To clarify how these countries chose to adopt good corporate governance practices, it is important to bring about the emergence of U.S. institutions and laws that allowed the adoption of protective institutes regarding the different types of unlawful against organizations, causing the enactment of laws for the same purposes around the world.

In 1907, the Hague Conference was held, which is “an international court of justice to investigate international conflicts”. With it, a scope was developed for the foundation of the Bank for International Settlements (BIS), aiming to promote “cooperation between central banks to achieve greater financial stability”. This objective is considered by experts as “the first roots of Compliance”(NASCIMENTO, 2021, s.p.).

In April 1948, the Organisation for European Economic Cooperation (OEEC) was born in Portugal, aiming at economic cooperation between European countries. Its initial composition had 18 countries to highlight: Austria, Belgium, Denmark, France, Greece, Holland, Ireland, Iceland, Italy, Luxembourg, Norway, Portugal, United Kingdom, Sweden, Switzerland, Turkey and West Germany.

Also in 1948 was the Organization of American States (OAS), based on four pillars: “democracy, human rights, security and development”. (NASCIMENTO, 2021, s.p.).

Still Nascimento (2021, s.p.), highlights what Sanches and Renee (2017, p. 18) defend about the OAS: “this convention aims to promote and strengthen the necessary mechanisms to help prevent, detect and punish corruption in the exercise of public functions, as well as acts of corruption specifically linked to its exercise”.

In December 1960, OEEC members signed with the U.S. and Canada a new Convention that created the Organization for Economic Cooperation and Development (OECD), then replaced the OEEC. Thus, in 1961 came the Organization for Economic Co-operation and Development (OECD), in succession to the Organization for European Economic Cooperation, whose objectives were to “cover the economic development and financial stability of member countries” (NASCIMENTO, 2021, s.p.).

In 1975, the Basel Committee on Banking Supervision (BCBS) was founded, whose purpose was to “regulate and supervise best financial practices”. In 1998, it promoted a uniformity of the rules applicable to financial institutions, aiming to maintain the good practices of Corporate Governance (NASCIMENTO, 2021, s.p.).

In 1977, in the face of the Watergate scandal, the American Law Against The Practices of Corruption Abroad (FCPA) was developed, being the 1st. anti-corruption law, later issued in 1988 and 1998. According to Nascimento (2021, s.p.), with the purpose of “adopting civil, criminal and administrative punishments to individuals and legal entities against corrupt practices, the Foreign Corrupt Practices Act (FCPA)” (NASCIMENTO, 2021, s.p.).

It is noteworthy that the FDCA describes as “crime the payment of bribes directly or indirectly, payments to foreign civil servants, political parties, the payment not recorded concisely, there must be books of accounting records” (NASCIMENTO, 2021, s.p.).

Such investigations were addressed by the Getúlio Vargas Foundation (FGV) (2021, s.p.), reporting the emergence of the Securities and Exchange Commission (SEC), which is “an administrative organization to oversee and combat corruption practices in international transactions”.

The SEC “found practices of illegal payments to public officials by an average of 400 U.S. private and public companies, and foreign ones as well.” In such a statement, the SEC found that “together they paid more than $300 million in bribes to foreign government officials” (FGV, 2021, s.p.).

In 1989 – for joint action with the OECD – the Financial Action Task Force (FATF) was created, aimed at policy-making and legislative and regulatory reforms, based on international laws, aimed at combating money laundering and terrorist financing. FATF also acts in the composition of periodic evaluation mechanisms of other countries (NASCIMENTO, 2021, s.p.).

In practice, the OAS text brought the Inter-American Convention against Corruption, signed in 1996, aimed at “protecting the interests of the United States in terms of terrorism and corruption.”

In 2002, the Sarbanes Oxley Act (SARBANEs-Oxley Act – SARBOX) was implemented to better promote “corporate governance, monitoring and prevention of harmful practices, increasing controls and transparency”. With the creation of the Work Supervision Body of Independent Auditors, it also instituted independent audits for suspected cases, reinforcing “responsibility for corporate or criminal fraud, increasing the level of disclosures of financial information, raising penalties for white collar crimes (NASCIMENTO, 2021, s.p.).

Nel 2010 compare nel Regno Unito lo UK Bribery Act (BA), che caratterizza quattro reati: “corruzione attiva di soggetti pubblici e privati, corruzione passiva di soggetti pubblici e privati, corruzione di agenti pubblici stranieri, fallimento aziendale nella prevenzione della corruzione” (NASCIMENTO, 2021, sp).

In turn, Madruga and Belloto developed a guide presenting 10 pillars that, once adopted, allow the implementation of an efficient Compliance Program (NASCIMENTO, 2018, p. 8-9):

1. 1. 1. Compromisso de todos os níveis da gerência e política anticorrupção claramente articulada; 2. Código de conduta e política e procedimentos de compliance; 3. Fiscalização interna do programa, autonomia da área de compliance e recursos adequados; 4. Avaliação dos riscos da empresa; 5. Treinamentos e aconselhamento contínuo; 6. Incentivos e medidas disciplinares; 7. Investigações (due diligence) de terceiros e de pagamentos; 8. Sistema interno de denúncias (possibilitando denúncias confidenciais) e sistema de investigações internas; 9. Melhoria contínua: testes e revisões periódicas do programa de compliance; 10. Fusões e Aquisições: Investigações (due diligence) pré-fusões e aquisições e integrações pós-aquisições e fusões.

With regard to Brazil, and despite the enactment of Law No. 12,846/13, whose purpose is the adoption of legal measures and internal procedures to be followed by organizations through the adoption of a code of conduct to combat corruption, entry into the OECD has not yet been made official by this body, in view of the constant cases of corruption, fraud and money laundering that arise here (DURÃES and RIBEIRO, 2020).

2.3 THE FRAUDULENT PRACTICES AND LOSSES CAUSED BY THIRD PARTIES TO ORGANIZATIONS

When people linked to a given organization adopt behaviors that hurt the company’s image, their mistaken actions cause negative repercussions on it, as well as towards the whole society. There are many cases of reprehensible conduct that shake not only the image, but also bring losses, fines and sometimes bankruptcy.

With regard to the different types of fraud within government organizations and institutions, such as the leakage of confidential information, passive/active corruption, money laundering, among others, Gonsales (2016) states that all studies related to such fraud argue that in every company they happen. So the more your leader believes that nothing wrong is happening, the more vulnerable your organization becomes.

In Brazil, there are fraudulent practices known throughout society, such as “falsifying a student’s license or stealing cable television lines”, referred to by Condé et al. (2015, p. 95); they are acts that consist of demonstrating the bad faith of some and their clear intention to deceive others. Unfortunately, they are actions practiced by many people, but that over time have become so common that they end up being accepted in Brazilian culture. They are acts that demonstrate an unethical and illegal mentality and behavior; however, they are considered not harmful to society, which is untruth.

Compared to the above actions, Condé et al. (2015, p. 95) suggests that if unethical, fraudulent and corrupt practices were carried out by high-ranking executives of an organization, they would be considered harmful and unacceptable by society.

In this regard, Cossenzo (2015, p. 35) reports Oliveira (2012, p. 115) to define that “a financial fraud is carried out from voluntary acts of his agent, with the clear intention of financially harming others”. This author goes on to explain that fraud can be (i) internal – if committed by employees against the organization; (ii) external – if committed by third parties not members of the company; (iii) mixed: whether fraudulent actions are carried out by internal and external agents.

According to this explanation, it is worth highlighting a concept related to financial fraud, considered as “something inherent to the business” of this type of institution, classifying itself as operational risks related to both this segment and “to people, processes and technology” (COSSENZO, 2015, p. 35).

It should be made clear that Compliance covers all types of fraud that may occur in different business segments, that is, Compliance seeks to mitigate the risks that may be caused by personal or organizational conduct (regardless of whether they are in the financial segment or not), if they do not act in accordance with ethical conduct and in accordance with the company’s policy.

2.4 OCCURRENCES DETRIMENTAL TO THE REPUTATION OF U.S. COMPANIES

According to Haussen (2021, p. 9), “an organization’s reputation can be strongly shaken by disconnected behavior stemming from the lack of implementation of a Compliance Program,”as demonstrated by the cases of corruption that have occurred in the United States, which have stumened in the media over the years, including the Watergate Case – which led to the enactment of the FCPA Act, in addition to others mentioned throughout this article.

Among the numerous cases of actions harmful to the image of large U.S. companies, compromising their credibility, will be highlighted here some that drew a lot of attention in the media, as demonstrated by some reports located in electronic media. These are stories that report how the lack of implementation of a Compliance program to guide processes and people within an organization ends up allowing some employees to tarnish the image and reputation of globally known companies, with reprehensible actions.

Vaz’s first report (2012) published by Exame Magazine brings a case that occurred in the giant Apple, whose full text is presented here.

A Empresa Apple foi acusada pelo Senado nos Estados Unidos de usar filiais no exterior para evitar o pagamento de bilhões de dólares em impostos. “A Apple não apenas transferiu seus lucros para um paraíso fiscal estrangeiro, mas criou um ‘Santo Graal’ de evasão fiscal ao montar entidades no exterior para driblar o fisco”, disse o senador democrata Carl Levin.

Uma reportagem do new York Times revelou como a Apple tem feito para driblar bilhões de dólares em impostos nas suas operações nos Estados e em outros países. Segundo Martin A. Sullivan, um ex-economista do Tesouro americano, sem as táticas utilizadas para a gestão dos impostos, a empresa liderada por Tim Cook teria deixado pelo menos mais 2,4 bilhões de dólares em taxas federais nos EUA no ano passado.  A empresa declarou ter pagado 3,3 bilhões de dólares em impostos ao redor do mundo em 2011 sobre os lucros de 34,2 bilhões de dólares, uma taxa de 9,8%. A companhia declara que 30% dos lucros vem dos Estados, caso o percentual pulasse para 50%, os pagamentos saltariam em 2,4 bilhões de dólares. “É razoável esperar que 70% dos lucros viriam dos Estados Unidos”, calcula.

Figure 1 – Apple Symbol

With regard to possible causes that may compromise the credibility of organizations, Souza; Maciel-Lima and Lupi (2018, p. 13) refer to Gonsales (2016), to explain that:

o valor de uma empresa está ligado à sua reputação e no caso de uma empresa ser citada em jornais e meios de comunicação, ainda que seja um ato ilícito isolado, acometido por um funcionário, a empresa sofrerá abalo a reputação e passa a ser conhecida no mercado como uma empresa corrupta.

The second report refers to two different situations, which occurred in two different units in North American restaurants of the Taco Bell Network, fast food inspired by Mexican cuisine, which follows the McDonald’s model.

The first is in Melo’s report (2014) published by Exame Magazine, whose text follows below.

Publicar uma foto de si mesmo fazendo xixi em um prato do Taco Bell, nos Estados Unidos, não custou ao atendente Cameron Jankowski apenas o emprego. Indignados, hackers divulgaram os dados pessoais do “brincalhão” na internet, segundo o Huffington Post. Em 2012, Jankowski postou imagem no Twitter, mas disse que não chegou a servir a comida no restaurante. Ele chegou a deletar sua conta, mas acabou sem seu emprego na rede.

Figure 2 – Taco Bell Electronic Panel

In 2013, the same network would have gone through another moment that caused damage to its credibility. The report is from Veja On Line Magazine (2014), whose text follows in full.

Uma imagem de um funcionário da rede de comida mexicana Taco Bell lambendo uma pilha de tortilhas foi postada na página da empresa no Facebook. A foto, de autoria do usuário Jj O’Brien Nolan, é seguida da legenda “isto com certeza diz muito sobre seus empregados, o tratamento da comida e o que eles postam na internet.

Apesar de inicialmente acreditar que a foto fosse uma brincadeira, a empresa demitiu o empregado. Além disso, em resposta, a Taco Bell divulgou um comunicado oficial, além de comentar a postagem de Nolan no Facebook. A empresa se defendeu afirmando que todas as unidades têm rígidos procedimentos de manuseamento e tolerância zero para violação dos alimentos.

Figure 3 – Taco Bell employee licking a pile of tortillas

A third case to mention was published in a report by Melo (2014, published by Exame Magazine, which occurred in one of the restaurants of the KFC Network, North American, whose original text is reproduced here.

This was the case where a former employee of KFC’s restaurant chain in the United States posted a photo on Facebook when she was literally licking the mashed potatoes. She and her photographer friend were fired. The network had to justify itself by saying that the food was not served.

Figure 4 – KFC employee licking mashed potatoes

The cases of unethical conduct presented reflect the importance in the adoption of Compliance and Risk Management practices. From the perspective of Coelho and Santos Júnior (2021, p. 26), “It is not enough for the company to have the financial condition to invest in advertising and marketing to lead the market”.

What is verified, in practice, is that organizations must keep up to date permanently, attentive to new marketing practices, in addition to adopting strategies that allow them to be competitive in their segment of activity, offering better services, competitive prices and giving choice options to their target consumers.

In this sense, Coelho and Santos Júnior (2021, p. 27) argue that “among the factors that influence the level of business competitiveness are: innovation capacity, quality products and services, commercial differentials, production and delivery capacity, geographic reach, marketing actions; among others.”

3. COMPLIANCE RISKS

By failing to adopt fraud prevention and mitigation programs in their organizational processes, companies are subject to the event of different illicit events, since “fraud occurs in all companies”. In addition, they are vulnerable to two types of very harmful risks: the shake-up of their reputation and the punishments provided for in the new anti-corruption law (GONSALES, 2016).

The term “Compliance Risk” refers to the risks to which companies are subjected by regulatory penalties, financial losses and/or losses caused to their image, risks arising from non-compliance with regulations, codes of conduct and good behavior (COELHO and SANTOS JR, 2021, p. 8).

According to Gonsales (2016) 43% of Brazilian companies have not yet adopted Compliance programs and policies for their processes and protection, but that soon all will be compelled to do so, aiming at protecting their reputation, since the value of a company is related to its reputation.

It is a reality that has transformed the national commercial and industrial environment, arising from the investigations of Mensalão and Operação Lava Jato and subsequent, since the dismantling of financial fraud and proven corruption and money laundering demonstrate the need for a new business environment, which requires transparency and integrity in the conduct of business. The punishments and arrests of high-level executives and high-ranking government officials occurred in light of the new anti-corruption law instituted in the country (GONSALES, 2016).

Data researched by PwC Brasil (2020, p. 4) demonstrate that the Compliance Risk regarding fraud and economic crimes most commonly occur with organizations both nationally and internationally. According to this research, it was found that in Brazil they are among the three most common types of fraud: (1) bribery and corruption, (2) accounting fraud and (3) fraud committed by the consumer. Since the survey was conducted in 2020, it was shown that in the last two years (between 2018 and 2019), the most common frauds that appeared in the top positions were: (a) asset thefts, (b) fraud in purchases and (c) bribery and corruption.

In turn, according to PwC (2020, p. 4) comparative data of the ranking of frauds that appear in the top positions around the world were: (1) fraud committed by consumers, (2) cybercrimes and (3) asset theft. Since the survey was conducted in 2020, it was demonstrated that in the last two years (between 2018 and 2019), the most common frauds that appeared in the first positions were: (a) fraud committed by the consumer, (b) accounting fraud (c) unfair competition, (d) human resource fraud and (e) bribery and corruption.

Figure 5 shows the data in the internal and external perspectives.

Figure 5 – The most common types of crime

They are economic crimes that, in addition to damaging the assets of organizations, compromise their reputation and image, being possible until they reach bankruptcy. It is in this perspective that compliance programs allow risks, illicit and unethical conduct to be avoided, from the implementation of a specific program that clearly contains the Code of Ethics and Internal Policy of the organization to be followed, conferring “growth, investment, credibility, security and protection” (PwC, 2020).

In this sense, Oliveira (2012 apud COSSENZO, 2015, p. 35) states that prevention care should be basically composed of the commitment that companies must establish internally, related to ethical conduct for decisions and behaviors, permeating their business and operational processes, and may even adopt preventive practices, related to the history of employees, suppliers and customers to, strengthen an internal and external anti-fraud culture.

Among the risks of Compliance,it is worth mentioning the Fraud Triangle Theory, which highlights three aspects that enhance the chances of illegal acts against organizations: pressure, opportunity and rationalization, as explained by Condé, Almeida and Quintal (2015). This triangle can be viewed by Figure 6.

Figure 6 – Fraud Triangle

Still Condé et al. (2015) define each of the elements that make up the fraud triangle:

a “pressão” geralmente está ligada ao motivo que leva ao crime, uma necessidade econômica “estressante” da empresa ou do funcionário. A “oportunidade” de cometer o ato ilícito, com baixo risco de ser descoberto ou nenhum. A “Racionalização” de uma autojustificação pelo cometimento do ilícito que para o fraudador seria “aceitável”.

In view of this scenario, we note the need for a mapping of organizational risks, through the prevention and identification of risks, including non-compliance with legislation and the organizational code of conduct, operational risk, image risk due to carelessness or lack of appropriate conduct, or even external risks such as the political demand of the country, technological disruptions, health and economic instability, aspects that can also affect organizations.

In this sense, Cossenzo (2015) explains that to manage fraud, strategies are needed that identify them at the present time, in addition to others, that allow their prevention. When the risks of fraud are identified, it is also necessary to identify how they happen and the individuals who practice them, and for this, it is essential that companies share information with each other.

This same author highlights the existence of the Commissions to Combat Fraud of the Brazilian Federation of Banks (FEBRABAN), the Base Commission for the Inconsistency of the National Association of Credit, Financing and Investment Institutions (ACREFI), and the cooperation agreement signed in 2009 between the Federal Police and Febraban, with regard to electronic controls with information on the cases that occurred (COSSENZO, 2015, p. 35).

With regard to external fraud, Oliveira (2012, p. 73-4) referred to by Cossenzo (2015, p. 36) teaches that there are three preventive phases: “prevention, detection and reaction”, all of them in a comprehensive phase, called “continuous”. Such phases can be observed in Chart 1.

Table 1 – Phases and categories of External Fraud Prevention

Phase	Related categories
Continuous	Responsibility
	Synergy
	Improvement
Prevention	Institution
	Identification
Detection	Maintenance
	Research
Reaction	Sanctions

Source: Prepared by the author (2021)

To prevent such occurrences, actions should be adopted to raise awareness of those involved, and controls should be defined and implemented, inhibiting new occurrences; for their detection, methods of investigation and confirmation of suspicions about the occurrence or not of fraud should be adopted; and to react, that actions are established by the company, when fraud is found.

3.1 ENTERPRISE GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE (EGRC) SOLUTIONS

Among the benefits that the implementation of a Compliance and risk management program promotes within organizations are protection against fraud and illicit, promoting the mitigation of such risks.

For security measures to be effectively effective, through an increasingly technological reality, it is necessary that tools and solutions be developed and implemented to combat fraud, allowing greater compliance with the practices necessary for the success of organizations, as explained by Grand View Research (2014). They are measures inherent to Information Technology Governance, as well as to the Internet of things (IoT), or internet of things, which in turn are inherent to Corporate Governance (CHAVES, 2014).

Corporate Governance consists of a “system of relationship between shareholders, independent auditors, company executives and directors led by the board of directors” (LODI, 2000, referred to by CHAVES, 2014, p. 21). In turn, IT Governance, through “big data and analytics, IoT, machine learning and AI and social media, involve the sharing of personal information, making users and companies more susceptible to hackers” (GRAND VIEW RESEARCH, 2014).

The resources brought by IoT and digitization of business processes grew rapidly, allowing data interactions and providing greater control of information by the management of companies. In practice, the aim is to rely on Artificial Intelligence (AI) to manage external obligations and reports, which allow greater corporate governance, risk and compliance management – EGRC (GRANDVIEW RESEARCH, 2014).

According to Chaves (2014, p.22), “for the Brazilian Institute of Corporate Governance (IBGC, 2006), IT Governance is an arm of Corporate Governance”, which allows the elaboration and implementation of “high-impact regulations in the IT area of companies, requiring greater commitment and effectiveness in planning, controls, monitoring and security processes related to business strategies”. Still Chaves (2014, p. 22) reports a definition given by the Information Technology Governance Institute (ITGI, 2012), with regard to the objectives of IT Governance:

compreender os assuntos e a importância estratégica de TI, assegurar que a empresa possa sustentar suas operações e implementar as estratégias requeridas para expandir as suas atividades no futuro. As práticas de Governança de TI possibilitam que: sejam atendidas as expectativas dos clientes de TI, que a performance de TI seja medida, os seus recursos possam ser gerenciáveis e os riscos do negócio mitigados.       

In turn. Siqueira (2019) refers to the Cybersecurity and Data Risk Survey, prepared by Marsh and McLennan in 2018, demonstrating that only 18% of small businesses would have developed some kind of cyber incident response plan.

In this perspective, the creation and implementation of EGRC solutions offer the possibility of overcoming existing challenges – such as electronic fraud and cloning, for example, in a “hyperconnected” business universe, which can be obtained through specific software. It also represents a tool that collaborates substantially in data protection and intellectual property (IP), in addition to improving the management of remote work, a hybrid model so common throughout the pandemic by Covid 19 (GRAND VIEW RESEARCH, 2014).

4. BENEFITS OF A COMPLIANCE AND RISK MANAGEMENT PROGRAM

According to the portal 3Mind Legal (2021), among the main concepts of Compliance and risk management, is the generation of business value, which aims to allow the survival and longevity of organizations. Among the dangers and financial impacts that the absence of a program that promotes good governance are: “absence of normative guidelines; lack of adequate prevention tools; misalignments with applicable laws; information system without structured operations; management of failed processes.”

Since public and private institutions should guide their management in Corporate Governance programs, Klen (2009, apud SENNO et al., 2019, p. 225) defines that “corporate governance is the system by which business corporations are run and controlled.”

In this sense, Senno et al. (2019) explain that corporate governance practices must converge to ensure mechanisms that allow the financial return of investments made, through the adoption of legal rules and accountability to all stakeholders.

In turn, Azevedo et al. (2017, p. 181) explain that governance refers to government, while corporate governance refers to the system by which organs and powers are organized within a company”, which must be supported by four principles: transparency, integrity or equity, accountability and respect for laws.

These explanations aim to collaborate to better understand good governance practices, which, according to KPMG (2021), require some specific elements to make up an efficient Regulatory Compliance program, which are:

1. Compliance policy and program;
2. Message of leadership and culture of compliance;
3. Structuring of compliance officer;
4. Communication and training of the compliance policy and program;
5. Monitoring, auditing and evaluation of the effectiveness of the ethics and compliance policy and program;
6. Incentives for performance and disciplinary actions;
7. Research and prevention.

In this perspective, it is reported that a compliance program implies anti-corruption, anti-bribery and public compliance standards. For more detail, the benefits provided by Compliance are listed, according to the portal 3Mind Legal (2021):

1. Attract investors and investments;
2. Increase governance in the company;
3. Consolidate organizational culture;
4. Effectively correct non-conformities;
5. Gain credibility;
6. Gain competitive advantage over the competition;
7. Identify risks and prevent problems;
8. Improve the efficiency and quality of the products and services offered;
9. Sustainability.

In turn, Caovilla (2017) describes some benefits related to the adoption of Compliance by organizations (our griffins):

1. New business opportunity and competitive advantage: companies that operate in accordance with laws and good practices seek to relate to equal pairs, in addition to increasing their opportunities in relation to those not users of compliance programs;
2. New investments: organizations with low rates of involvement with illicit and social scandals, demonstrating solidity are more attractive to internal and external investors;
3. Risk mitigation: companies that adopt compliance program, in addition to identifying possible risks to their business, are able to develop and implement actions to mitigate possible failures and risks;
4. Correction of non-conformities: in addition to preventive actions to avoid possible non-conformities, are the actions to correct the non-conformities identified in the internal processes of an organization. Such actions necessary to preserve the image and reputation of a company can be: correction of the action plan in progress; training for employees; review of policies, procedures, conduct, employees and suppliers and service providers;
5. Compliance as people awareness: a practice that allows fraud mitigation, since if employees and other actors are trained in Compliance, they are able to see non-conformities inside and outside the company, that is, in competition, in suppliers, service providers;
6. Compliance as a limitation of liability: knowledge acquired in training and ethical practices related to Compliance allows the selection of better business partners, in addition to protecting a company’s reputation. Since good practice permeates an organization’s business routines, any non-conformities may lead to the reduction of penalties that may be applied to it;
7. Compliance as business sustainability: the adoption and maintenance of ethical and transparent practices allow organizations to remain long-term.

5. CONCLUSION

Throughout the analysis of the theoretical references selected for the development of this article, it was possible to observe that a Compliance and Risk Management program has high importance for the proper management of processes, practices and routines within organizations, involving all their sectors and staff.

Returning to the point of reins; how do the benefits offered by the Compliance and Risk Management program collaborate to reduce the risks of fraud, illicit crime and corruption within government organizations and institutions? We conclude that, since the literature demonstrates that there are frauds in all organizations, without distinction for the segment of activity or its size, the benefit that Compliance confers on companies is precisely in the protection it offers, by mitigating the different types of risks and illicit, including avoiding legal penalties.

Based on the laws instituted, from the Pioneer Law to Combat Corruption FCPA (Foreign Corrupt Practices Act), the signatory countries of the OECD, listed in this article, have adopted similar initiatives to promote the mitigation of fraud, corruption and unethical actions in their governments and organizations, strongly supported by the restrictions and punishments brought by the laws.

In addition, the development of new technological instruments, supported by Information Technology Governance, emerged to support Corporate Governance, promoting changes in the management of organizations and their administrative processes.

Such management is something that should be based on modern tools, not being restricted to the processes themselves, but that should allow an organization to anticipate future events, avoiding misunderstandings.

In this context, EGRC solutions – which allow the best practices for IT Governance and Corporate Governance – collaborate for the prevention and mitigation of fraud and unwarned actions, protecting the growth of organizations and their market image.

REFERENCES

AZEVEDO, Mateus Miranda de; CARDOSO, Antonio Almeida; DUARTE, Jairo Gonçalves; FEDERICO, Bianca Ellen; LIMA, Marco Antonio Ferreira. O Compliance e a gestão de riscos nos processos organizacionais. Revista de Pós-Graduação Multidisciplinar, São Paulo, v. 1, n. 1, p. 179-196, mar./jun. 2017.

ISSN 2594-4800 | e-ISSN 2594-4797 | doi: 10.22287/rpgm.v1i1.507; acesso em 08 dez 2021.

CAOVILLA, Renato Vieira. Benefícios práticos do compliance. 10 jul 2017. Disponível em: [https://www.migalhas.com.br/depeso/261662/beneficios-praticos-do-compliance]; 08 dez 2017.

CHAVES, Elisabete Cecília Januário. Resultados e tendências de Requisitos e Práticas de  Governança de TI nos bancos de Varejo no Brasil. Dissertação [Mestrado em Gestão e Tecnologia em Sistemas Produtivos] apresentada ao Centro Estadual de Educação Tecnológica Paula Souza,  no Programa de Mestrado Profissional em  Gestão e Tecnologia em Sistemas Produtivos. São Paulo, novembro de 2014. Dsponível em: [http://www.pos.cps.sp.gov.br/files/dissertacoes/file/143/7fc218f434af24b99f50af42e8442903.pdf]; acesso em 12 out 2021.

COELHO, Cláudio Carneiro Bezerra Pinto; SANTOS JÚNIOR, Milton de Castro. Compliance, FGV/IDE, 2021.

CONDÉ, Robson Augusto Dainez; ALMEIDA, Carlos Otávio Ferreira de; QUINTAL, Renato Santiago. Fraude Contábil: análise empírica à luz dos pressupostos teóricos do triângulo da fraude e dos escândalos corporativos. Gestão & Regionalidade – Vol. 31 – Nº 93 – set-dez/2015. doi: 10.13037/gr. vol31n93.2929; acesso em 28 out 2021

COSSENZO, Fábio. FRAUDE BANCÁRIA: A mitigação dos Riscos e Perdas Financeiras no Segmento de Crédito Consignado. Monografia de Pós-Graduação Lato Sensu – MBA Gestão empresarial, apresentada à Fundação Instituto de Administração – FIA.  São Paulo, 2015.

DURÃES, Cintya Nishimura; RIBEIRO, Maria de Fátima. O Compliance no Brasil e a Responsabilidade Empresarial no combate à corrupção. Revista Direito em Debate: Revista do Departamento de Ciências Jurídicas e Sociais da Unijuí Editora Unijuí – Ano XXIX – n. 53 – jan./jun. 2020. Disponível em: [http://dx.doi.org/10.21527/2176-6622.2020.53.69-78]; acesso em 01 dez 2021.

ENTERPRISE GOVERNANCE, RISK & COMPLIANCE MARKET SIZE. Share & Trends Analysis Report By Component, By Software, By Services, By Enterprise Type, By Vertical, And Segment Forecasts, 2021 – 2028

FGV – FUNDAÇÃO GETÚLIO VARGAS. Surgimento do Compliance. 2021.

GONSALES, Alessandra. O que é compliance? Publicação da Legal, Ethics and Compliance (LEC). Vídeo publicado em 29 fev 2016. Disponível em: [https://www.youtube.com/watch?v=2BDpJ6UMXb4]; acesso em 01 dez 2021.

GRAND VIEW RESEARCH. Relatório de governança corporativa, risco e conformidade do mercado, análise de compartilhamento e tendências por componente, por software, por serviços, por tipo de empresa, por vertical e por segmento. Previsões, 2021-2028. Artigo publicado em abril de 2021. Disponível em: [https://www.grandviewresearch.com/industry-analysis/enterprise-governance-risk-compliance-egrc-market]; acesso em 20 nov 2021.

HAUSSEN, Leonard.  Compliance. Reunião On-Line (ROL), Aula Organizada pela Fundação Getúlio Vargas, Escola de Administração de Empresas de São Paulo, São Paulo, Brasil. Agosto de 2021.

JORGE, Glaucio Fiorenzano; TOMAZ, Roberto Epifânio. Compliance rins – como implantar e quais os benefícios do programa de compliance? IV Congresso Catarinense de Direito processual Civil & Mais. 7 a 9 de novembro de 2018. Univali Eventos – Universidade Vale do Itajaí. Disponível em: [https://core.ac.uk/download/pdf/276005736.pdf]; acesso em 20 out 2021.

KPMG – Compliance analytics. 2018. Disponível em: [https://assets.kpmg/content/dam/kpmg/br/pdf/2018/08/br-compliance-analytics.pdf]; acesso em 08 dez 2021.

KPMG – Compliance regulatório. 2021. Disponível em: [https://home.kpmg/br/pt/home/servicos/consultoria/risk-consulting/internal-audit-risk/compliance-regulatory.html]; acesso em 08 dez 2021.

MELO, Luísa. 8 crises empresariais causadas por funcionários brincalhões. Matéria publicada em 14 mar 2014. Disponível em: [https://exame.com/negocios/8-crises-empresariais-causadas-por-funcionarios-brincalhoes/]; acesso em 20 out 2021.

MICHELOTTI, Andriws Loreto. O crime de lavagem de capitais e os desafios empresariais diante da implementação dos programas de criminal Compliance.  Trabalho de Conclusão de Curso [Bacharelado em Direito] apresentado à Faculdade Antonio Meneghetti (AMF). Restinga Seca (RS), 2020. Disponível em: [http://repositorio.faculdadeam.edu.br/xmlui/bitstream/handle/123456789/673/TCC_DIR_ANDRIWS_MICHELOTTI_AMF_2020.pdf?sequence=1&isAllowed=y]; acesso em 07 dez 2021.

NASCIMENTO, Juliana Oliveira. A Função Sociald da Empresa e a Efetividade Prática da Conduta de Integridade: o Compliance Vivo. Dissertação [mestrado em Direitos Fundamentais e Democracia] apresentada ao Centro Universitário Autônomo do Brasil. Curitiba, 2018. Disponível em: [https://www.unibrasil.com.br/wp-content/uploads/2019/07/Dissertação-JULIANA-OLIVEIRA-NASCIMENTO.pdf]; acesso em 29 ago 2021.

NASCIMENTO, Débora Minuncio. Evolução histórica e legislações acerca do Compliance.  Artigo publicado em 07 nov 2021. Disponível em: [https://advocaciadeboramn.jusbrasil.com.br/artigos/700763578/evolucao-historica-e-legislacoes-acerca-do-compliance]; acesso em 20 out 2021.

OECE – ORGANIZAÇÃO PARA A COOPERAÇÃO E DESENVOLVIMENTO ECONÔMICO INTERNACIONAL. Disponível em: [https://www.dgae.gov.pt/servicos/comercio-internacional-e-relacoes-internacionais/multilaterais/organizacao-para-a-cooperacao-e-desenvolvimento-economico-ocde-.aspx]; acesso em 08 dez 2021.

PwC. Combate a fraudes e crimes econômicos: uma batalha sem fim Pesquisa Global sobre Fraudes e Crimes Econômicos 2020. Disponível em: [https://www.pwc.com.br/pt/publicacoes/servicos/assets/consultoria-negocios/2020/pesquisa_sobre-fraudes-e-crimes-economicos-2020-pwc-brasil.pdf]; acesso em 20 out 2021.

SENNO, Elisângela Pereira; PRATES, Glaucia Aparecida; LUCENTE, Adriano dos Reis; GALLI, Lesley Carina do Lago Attadia; GALLI, Rafael Altafin. Benefícios da implantação do programa de Compliance em uma organização do setor de energia: um estudo de caso. II SITEFA – Simpósio de Tecnologia Fatec Sert5aozinho. Disponível em: [https://sitefa.fatecsertaozinho.edu.br/index.php/sitefa/article/view/90/51]; acesso em 08 dez 2021.

SIQUEIRA, Marina Paiva de. Cyber Risks: Fatores decisórios para a transferência mediante a contratação do seguro. Monografia [Bacharelado em Administração] apresentada ao Departamento de Administração da Universidade Federal Fluminense. Niterói, RJ. 2019.

SOBREIRA FILHO, Enoque Feitosa; LEITE, Flavia Piva Almeida; MARTINS, José Alberto Monteiro. Ética empresarial como base de sustentação do programa de Compliance: uma breve análise sobre a ética, a integridade e o Compliance.  Revista Relações Internacionais no Mundo Atual. Vol. 2,n. 23, 2019. Disponível em: [http://revista.unicuritiba.edu.br/index.php/RIMA/article/view/3891/371373033]; acesso em 29 ago 2021.

SOUZA, Silvia Regina; MACIEL-LIMA, Sandra; LUPI, André Lipp Pinto Basto. Aplicabilidade do Compliance na Administração Pública em face ao momento político atual brasileiro. Percurso – Anais do I Congresso Ibro-Americano de Direito Empresarial e Cidadania (CONIBADEC), vol. 01, n. 24, Curitiba, p.1-22, 2018. Disponível em: [http://revista.unicuritiba.edu.br/index.php/percurso/article/view/3274/371371782]; acesso em 01 dez 2021.

3MIND JURÍDICO. Compliance: o que é e o benefício para empresas. Abril de 2021. Disponível em: [https://www.3mind.com.br/blog/compliance-empresas/]; acesso em 08 dez 2021.

VAZ, Tatiana.  5 empresas envolvidas em escândalos recentes. Artigo publicado em 30 abr 2012. Disponível em: [https://exame.com/negocios/5-empresas-envolvidas-em-escandalos-recentes/]; acesso em 28 out 2021.

VEJA ON LINE. Funcionário de restaurante publica foto lambendo comida de clientes. Junho de 2013. Disponível em: [https://veja.abril.com.br/economia/funcionario-de-restaurante-publica-foto-lambendo-comida-de-clientes/]; acesso em 14 out 2021.

^[1] Postgraduate in Business Management, economist and accounting technique.

Submitted: November, 2021.

Approved: December, 2021.