A recent reality check on global corruption compliance at middle-market companies suggests they have a lot of work to do to protect themselves against acts of bribery or corruption.

According to a recent survey of 100 C-suite leaders at middle market companies, 42 percent of companies with less than $500 million in revenue have no global compliance plan in place. Companies in that revenue range most frequently reported that their level of effort around corruption risk was “minimal,” and 22 percent of those companies described their effort as non-existent.

“Middle market companies have more work to do as it relates to effectively complying with global corruption risk laws,” says Joe Decilveo, a partner with McGladrey's litigation consulting practice. “We've seen a fair amount of improvement in the last three years or so, but there is still a ways to go.” McGladrey conducted the survey with the assistance of the Institute of Internal Auditors to gauge compliance in the firm's own target market area. 

Middle-market companies are most challenged in some general areas of compliance with laws like the Foreign Corrupt Practices Act an the U.K. Bribery Act. They struggle with transactional diligence, such as through mergers and acquisitions, and they struggle with how much diligence to conduct when dealing with consultants and other third-party agents in countries outside the United States, says Decilveo. “That is consistent with what we hear from larger companies, but the difference may lie in the degree of progress,” he says.

McGladrey says the survey results generally suggest that middle market companies are aware that they have risks in the area of corruption compliance and nearly three-fourth of respondents said they have stand-alone compliance policies in place. However, one-fourth of those respondents said their policies lacked clear principles, internal controls, and supporting procedures, and one-fourth said their plans are never tested. Nearly 35 percent said their companies offer no compliance training of any kind.

The results suggest there are improvements in the level of understanding within middle-market companies of the risks and the requirements around anti-corruption law, says Decilveo. However, some companies seem to hold to a notion that they have little or no risk if they don't have operations in countries outside the United States. That suggests some companies may not fully understand the risk associated with doing business with consultants or third parties in those countries who might be acting as agents on behalf of the company. 

The classic challenge for middle market companies is to achieve compliance when they might be more resource-constrained than larger organizations, says McGladrey's Mark McNamee, a partner in risk advisory services. He advises such companies to think in terms of proportionality. “That means allocating appropriate resources based on the size of the organization, the resources it has, and the risks it faces,” he says. “Use a risk-based approach to allocate limited resources to manage the highest risks.”

As a starting point for companies that have some catching up to do, McGladrey suggests middle market companies revisit guidance issued by the Securities and Exchange Commission and the Department of Justice for how to achieve compliance and reduce risk.