This week, Deloitte published One Step Ahead, its 2017 bribery and corruption report. It provides insights from Deloitte’s survey of Australian and New Zealand risk leaders, asking about their perception and experiences of domestic and foreign bribery and corruption.
International NGOs operate in some of the most high-risk jurisdictions in the world, often in the bottom half of the Transparency International (TI) Corruption Perceptions Index. So what are the implications of the report’s insights for such organisations? This article suggests four key questions for your internationally-operating NGO.
Do you recognise the reputational risk – and how to manage it?
There is a disconnect between the perception of reputational risk and the action taken to manage it.
Deloitte’s report notes rising public scrutiny and political concern in Australia, with a number of recent initiatives including a review of Australia’s legislative and policy framework on corruption, the consideration of Deferred Prosecution Agreements, proposed changes to whistleblower protection and beneficial ownership legislation, and a proposed new corporate offence of failing to prevent foreign bribery. These measures arise as Australia slips down TI’s index, and survey respondents overwhelmingly saw reputational impact as the most serious consequence of incidents.
And yet despite this dizzying acceleration, Deloitte’s survey actually implies a slowdown in the progress of organisations. Detection rates and the perception of the risk were broadly consistent with 2015, and almost half of respondents did not even intend to upgrade their anti-corruption frameworks in the next five years.
International NGOs will recognise the reputational dimension, often perceived to impact upon fundraising. But they may also recognise the slowdown. There’s a paradox here and it begs the question – are you best managing the risk? Considering reputational risk after an incident has occurred is too late – it needs to be a driver for investing in meaningful prevention and detection systems.
What does ‘risk assessment’ mean to you?
One of the report’s most surprising findings was the under-use of risk assessment. This might not surprise NGOs, however; my counter-fraud colleagues and I have found the quality and extent of risk assessment in the sector to be patchy at best.
The problem is often in how it is seen. Is it a dry, bureaucratic, tick-box activity carried out for donor proposals and then forgotten about – or a powerful and creative tool for building resilience, evidencing stewardship, and quality-assuring your NGO’s anti-corruption approach?
The narrative we create around risk assessment, and the space we make for it, is critical. For example, I have delivered fraud and corruption training all over the world and people love risk assessment exercises – being invited to think about how they might defraud their organisation, and what could stop them! We can harness that intelligence. For example, consider proper risk workshops, horizon-scanning, ‘red-cell’ thinking, and reflect on how risk management is framed to your staff.
How effectively are you managing conflicts of interest?
The biggest proportion of incidents reported were conflicts of interest, with personal favours not far behind. This may resonate with NGO managers; anecdotally, conflicts of interest in procurement and recruitment can be a real issue.
There is often scope for improvement in how conflicts of interest are identified and managed. Because the process is often reliant on self-declaration by those who are not necessarily incentivised to declare, compliance is not automatic. Good conflicts of interest frameworks need to be simple, well-communicated, focused on heightening transparency, and subject to ongoing reinforcement.
What do you say, and what do you incentivise?
Respondents most frequently declared organisational culture and tone-at-the-top as the greatest preventative factors. I have written about the link between culture and corruption for NGOs before (here and here), but in my experience most NGO managers believe they do set the right tone and have the right culture. The problem here is that by culture and tone, we don’t just mean what you say and how you say it, we also mean what you incentivise and are perceived to permit. In my book, I describe how tone at the top is about not just words, but actions. For example:
- Did you take the right action over that manager who might have given a contract to his sister’s company?
- Did you ask the right questions about that mysteriously rapid movement of humanitarian equipment into that high-risk jurisdiction when other agencies were held up at customs?
- Do you include anti-corruption objectives into personnel appraisals and job descriptions?
- Are the objectives and timelines for projects and programmes set at such an ambitious level that you inadvertently incentivise corruption?
Your staff, volunteers, institutional donors, private supporters are watching. Crucially, so are your beneficiaries.
To read more about how to deter, prevent, detect and respond to fraud and corruption in humanitarian and global development work, make sure you pick up a copy of my book, Fighting Fraud and Corruption in the Humanitarian and Global Development Sector (Routledge, 2016). It’s out now and packed with relevant material!
If a humanitarian or global development organisation gets serious about tackling fraud and corruption, then it will detect cases – possibly in significant numbers. As my organisation invested in counter-fraud efforts, for example, we saw recorded suspicions in its global operations 
The job does not finish with the dismissal or conviction of the suspect(s). These incidents have long tails – there is work still to be done to rehabilitate the project or business unit in which the incident took place. An incident represents a severe breach of trust; workers may feel abused and betrayed. The ripples can spread wide.
Hopefully, the organisational response included a lessons-learned exercise, generating changes to implement. This should look beyond the internal controls, also into enabling factors such as culture, communication and awareness.
Now is also a good time to do some contingency planning. Is the incident serious enough that it could result in regulatory interest, onerous remedial controls applied by institutional donors, or put future funding at risk, for example? We can prepare for these.
Team members will respond to the matter differently. While some may be relatively unaffected, others may not. It is important to note that where staff have made a commitment to an organisation on the basis of their values – perhaps more common for charities, nonprofits and NGOs than for private sector organisations – a breach of trust could be more impactive. Perhaps there could even be a grief reaction for some team members.
Look out for, and respond to, the traditional symptoms of stress, low morale and anxiety. These might include absenteeism, disciplinary issues, a rise in complaints, and disillusionment. An incident can impact upon personal and professional confidence, and colleagues may feel fear, shame or embarrassment. Will the incident create a funding crisis, putting their jobs at risk? Will staff have to justify themselves to an angry public? Consider access to staff support systems, and formal interventions such as counselling and facilitated debriefing.
Be a compassionate and responsive manager. Avoid assuming you understand how people feel or why they behave the way they do. Instead, in your one-to-one meetings with team members, explore how they are experiencing the crisis and responding to it. Remember, of course, to make it clear that this is pastoral and not investigative. Similarly, it is important to restore individuals’ sense of control. In a way, employees in whose midst an act of fraud or corruption occurred are victims of abuse. Solicit and listen to their concerns and visibly respond to them.
Clear communication. Rebuilding trust requires the open communication of reliable content. Low information creates anxiety, more information helps manage our ‘fight or flight’ crisis response. Concealing the matter from the team is, therefore, more likely to sow suspicion and fear than peace and confidence. Be as open as you can about what has happened, and what will now happen, within the boundaries of policy, employment law and data protection legislation. As you describe the future, avoid over-promising – employees need clear and consistent messaging from management. If you cannot make promises, don’t; recognise uncertainty and explain what is being done to reduce it.
Foster trusting relationships. Ensure that teams meet as regularly as possible, in person or via teleconferencing. Consider holding team-building events, reflective away days and/or ‘how are we doing’ agenda items in meetings. These measures can improve understanding, interaction and trust between team members.
Lead by example. We know that employees look to the behaviour of their managers to determine their own. So be present; you cannot role-model behaviours and attitudes if you cannot be seen by anyone. Be positive and show how you treat what has happened constructively, managing risk, avoiding blame, taking care of your colleagues (and yourself), and using the incident to make the business unit stronger in the future. As one casualty of a fraud or corruption incident is honesty, ensure that you are (and are seen to be) authentic. So, for example, if you feel hurt, vulnerable or confused, consider sharing those feelings with the team. This helps to normalise these emotions.
Reaching project milestones or completing tasks puts clear blue water between the incident and the present, assisting both staff and stakeholders to move on. It also, of course, ensures the progress of the project or business unit. Embed, as rapidly and effectively as possible, any changes to processes to reduce the risk of a recurrence.
To read more about how to deter, prevent, detect and respond to fraud and corruption in humanitarian and global development work, make sure you pick up a copy of my book, 
Fraud and corruption has, historically, not been well understood in this sector. Your Board may have a low or rudimentary understanding of the risk and how to respond to it. This means starting at a basic level, making no assumptions, taking the time to address myths and misconceptions and playing a longer game. ‘Educate as you go,’ Willie Oelofse from Deloitte Kenya told NGOs at 
Civil society is under attack the world over, and the issue of their fraud and corruption exposure can be something that sends Board members running for their shields and helmets – especially if it is perceived to come from an 
Fraud and corruption, especially at a strategic level, can be abstract concepts. Help the Board to connect by painting a picture of the risk with case studies. If you don’t have any in your own organisation, then perhaps partners, donors or other organisations have some they will let you use? If not, then find cases in the public space affecting comparable organisations. If you’re really struggling, consider using fictional examples – but remember to state that they’re fictional!
NGO Boards are often allergic to anything with a whiff of extra expense, especially if it is 
NGO Boards manage a lot of risks, only some of which materialize. Using evidence helps them to appreciate how fraud and corruption sits, whether that evidence is perception-based, representative sampled, or from other diverse sources. Cast the evidence net wide – consider staff surveys (especially anonymous surveys), risk assessments, project and programme evaluations, audit reports, security reports, academic research and open source. This may mean that you need to start by 
Just as is the case with private and public sector organisations, the counter-fraud agenda needs to directly support the organisation’s mission. This needs to be clearly elucidated so that Boards can see that counter-fraud is a mainstream activity, rather than a distraction.
In March’s 
Anonymous donors are a normal feature of fundraising. We’ve all popped a few coins into a collection bucket. But where NGOs receive unusual or significant funds, with no information on their provenance, a red light should flicker into life. Anonymous giving could be the starting point for a number of laundering methodologies, perhaps even involving insiders. NGOs need to take reasonable steps to identify the sources of such contributions.
An example might arise from the UK. In 2013, the Charity Commission 
Let’s say you are running a social development enterprise. A company approaches you to purchase a quantity of your beautiful wooden products. You’re delighted – but then the company asks if a second company can settle the invoice on its behalf. They’ll settle up between themselves, later, it says. The red light should come on.
Let’s say that our rich, local businessman approaches you with a proposition. He wishes to store some money in a savings account, but he doesn’t like banks. Maybe he says they’re greedy and corrupt, and he wants to help those who live out his own commitment to social justice. He suggests giving you his US$100,000 – which he will retrieve in six months, while you get to keep the interest. Red light.
A range of complex issues face NGOs that move funds into and around locations of elevated risk, such as conflict zones, fragile states and areas of significant terrorist activity. One of these is that we don’t know who else’s money an MTO is moving in or out of these places. If our NGO engages an unscrupulous, unregulated or badly-run MTO, there are real risks of breaching the principle of ‘do no harm’ and of reputational impact.
This presents a very challenging issue for NGOs that work in high-risk areas, and one with significant tensions at its heart. These include the tension between minimising the risk of diversion versus disrupting the delivery of aid, competing obligations on the ground, and the wider balancing act between regulation and enforcement versus guidance and capacity building.
Audit is a helpful process that 
In 
In 2015, the UK government issued guidance describing the risk of a prosecution for a terrorism offence as a result of involvement in humanitarian efforts or conflict resolution as ‘
Implied assurance of non-prosecution is always caveated, is not always made by those with the correct authority, and might not relate to that which is perceived. The British guidance note, for example, does not indicate whether it is referring to placing resources in the hands of terrorists (potentially s15-18 Terrorism Act offences), failing to have sufficient systems to prevent sanctions breaches (potentially a s34 Terrorist Asset Freezing Act offence of neglect), failing to report a suspected funding offence (s19 Terrorism Act), or some of those, or none – and so on. In any event, any decisions would be made on the basis of the prevailing circumstances of the case and it is worth noting that Save the Children International were investigated by the Metropolitan Police for 
But there is a tension. Case studies such the UN’s experience in Somalia support a perception amongst many in the sector that, generally speaking, working with local partners represents an elevated fraud and corruption risk. A range of reasons are commonly cited for this, but the most common perhaps is where partners carry lower capacity and capability in finance and wider management by comparison to that of the international agencies, or donor expectations.
The first is the very reason international agencies often work with them in the first place – they understand their local environment. They know where the risks are, and are in a strong position to evaluate how to reduce them. This can mean more informed planning (how long does it take to get that permit without paying a bribe?) and risk management, if the space is given to it.
Whether in remote programme management or not, local partners are often physically closer to project delivery or able to more efficiently move around and interact. This is a substantial advantage for monitoring, and the detection of red flags.
The global coverage of telecommunications is expanding as fast as its costs are declining, meaning that much humanitarian and development work is happens underneath its umbrella. This means that innovative software and hardware solutions to manage and monitor programming are increasingly available and affordable.
There are corrupt local organisations out there, of course, who have the sole or corollary aim of gaining access for their principals to international agencies’ funds. But the vast majority of local organisations whom I have encountered have been full of passionate people doing amazing work in difficult circumstances. Robust selection processes are needed to ensure that these are the partners who are taken on.
Another way to think of this concealed drainage is like corrosion under your car – unless you go looking for it, you won’t ever realise its presence, scale and danger… until your car falls apart in the middle of the motorway. You may fear the consequences (e.g. costs involved) of detecting the corrosion and needing to deal with it, but these costs in the long run are less than those that the motorway incident might involve.
As public scrutiny of the sector rises, together with increased recognition of the scale of fraud and corruption risk facing such organisations, we need to move to a virtuous circle, fuelled by a desire to secure donor, public and staff trust by evidencing accountability and transparency. A virtuous circle might look like this:
In 2010, there were a 
Research suggests that we feel losses more intensely than gains – so if you lost a £100,000 sports car, you’d feel that much more powerfully than you would if you won a £100,000 sports car in one of those airport car lotteries. This emphasis leads to an 
Celebrated psychologist Dan Ariely conducted an interesting experiment in which he placed dollar bills and cans of Coca-Cola around the campus of an American university. When he went back, the dollar bills were all still there – but the Coke cans had gone. (You can read about this, and other experiments, in his fantastic book 
When you’re driving, have you ever noticed that if someone else makes a mistake, then they’re an idiotic and dangerous driver – but if you make a mistake it’s because you were interrupted by a passenger, the car needs servicing, or you were responding to something another car was doing? This effect is known as the 
A few years ago, in a Middle Eastern country, I was delivering a workshop for managers on reducing fraud and corruption. A lady interrupted me to say, ‘but this is just the way things are here!’
Firstly, fraud and corruption are designed to hide and masquerade, like chameleons, stonefish or those 
Don’t just seek two employment references – after all, what self-respecting fraudster volunteers damaging referees? Consider:
Having a culture of trust does not mean having no, or inadequate, controls. Neither, of course, does it mean an onerous filing cabinet’s worth of policies, procedures and systems (in fact evidence suggests that too many, or too demanding, controls reduces compliance). It means having just enough to manage the risks – an ongoing cycle of design, implementation and review of proportionate internal controls. It also, of course, means having an effective organisational counter-fraud and corruption framework.
Instead, to feel safe, secure and successful, we all need to know where the boundaries are, and we all need feedback on our performance. After all, if we are mission-oriented, then ‘oversight’ is about colleagues working together to maximise our effectiveness and efficiency in delivering that mission, right?
One of the things we can do to reduce the perception that having and following rules represents a failure to trust, is to re-frame activities like due diligence and monitoring. We need to be clear with managers and staff about our expectations, and explain that following policies, procedures and systems is about:
management framework – would not have significantly reduced the chances of it happening. An example might be World Vision’s 
Ironically, of course, a driver behind the flawed narrative is a desire to see good stewardship in NGOs. But in the same way that it would not represent good stewardship for a fire department to send firefighters into burning houses without protective clothing, it does not represent good stewardship for charities to move resources around without sufficient protective systems clothing those resources. Although there is, of course, a balance to strike – enormous overhead, administrative and support costs are a red flag – under-investment in prevention, and the infrastructure that makes prevention happen, is a key enabler of fraud and corruption for NGOs.
Second Marshmallow 