The company says that a dramatic rise in geopolitical instability and persistent cyber-attacks are pushing organisations to be more vigilant about planning to guard against, and respond to, internal and external threat actors.  

New guidance for prosecutors from the United States Department of Justice (DoJ) in the form of the Yates Memorandum, as well as the ongoing protection provided to whistleblowers, suggest that law enforcement and regulators will play a bigger role as an integrity gatekeeper. Meanwhile, renewed interest in data privacy in Europe is forcing organisations to revisit their strategies for information governance.    

Brian Loughman, EY Americas FIDS Leader, commented, "The geopolitical risk facing companies is manifesting itself with increased exposure to bribery, fraud, cyber breaches, and terrorist financing. Companies are being confronted with risks on all fronts at the same time that their ability to invest in the compliance function is under pressure. Companies will need to stay vigilant, work harder at providing the right training to their employees, and focus more on monitoring risks proactively."  

EY FIDS identified these top trends that companies should address in their 2016 planning:  

Preparing for the inevitable cyber breach.  

Cyber breaches will continue and recent destructive attack techniques will be adopted by hacktivists to drive their agenda. With more than one-third of global organisations still lacking confidence in their ability to detect sophisticated cyber-attacks, according to EY's Global Information Security Survey, companies are looking to technology to reduce cybersecurity risks associated with both insider and external threats. 'Cyber savvy' companies and their boards are demanding more information about the specific threats they face, evaluating their resources, bolstering protection for critical assets, and preparing for incursions by advanced threat actors.  

Focussing on the individual 

As the United States Securities and Exchange Commission (SEC) and DoJ have continued to invest in specialised resources to combat fraud, bribery, and corruption, there is increased focus on the individual. While statutory safeguards exist to protect and motivate whistleblowers, the DoJ Yates Memorandum advances expectations for companies to fully identify all individuals who took part in corporate wrong doing if they are to secure credit for cooperation with the authorities. 

Data privacy and information sharing 

The European Court of Justice recently invalidated the Safe Harbour Data Privacy regulation between the US and the European Union that enabled the movement of personal information across the Atlantic. In addition, the Cybersecurity Information Sharing Act passed the Senate and is close to being signed into law. If passed, corporations will be sharing information to help reduce cyber breaches and attacks, but will need to protect the data privacy of individuals using their systems. The ongoing focus on how personal information is handled internationally and how commercial information is shared between companies and the government during a cyber-breach investigation will drive companies to revisit their information governance strategies.   

Sanctions and their commercial implications 

As governments continue to enforce trade sanctions against individuals, companies and other governments, companies are left navigating a difficult regulatory compliance environment. They need to be vigilant about understanding risks posed by third parties and individuals that are often masked by corporate structures, often involving illicit drug trade or terrorist financing. Companies will need to build more robust local compliance teams and increase oversight and training.  

Although this article focusses on the USA and addresses large, multinational organisations, the principles apply worldwide and to companies of all sizes. Compliance has become a major issue, especially in the international corporate moving sector, and will continue to be so for the foreseeable future.  

Click here to see the next Editor's Pick