A large number of global information, communication and technology (ICT) companies are based in Ireland. This sets the scene for an exciting and passionate conversation: ethics and compliance risks in the tech industry beyond data privacy and protection.
Irish Tech Hub: opportunities and risks
Ireland's inward promotion agency, IDA Ireland, states: ‘Ireland has become the global technology hub of choice when it comes to attracting the strategic business activities of ICT companies. This has earned Ireland the reputation for being the heart of ICT in Europe.’ Therefore, ‘Nine out of the top 10 global technology firms have strategic operations in Ireland, including Microsoft, Google, Apple and Facebook.’
This impressive ecosystem generates 35 billion euros annually in exports. Today, ‘there are currently about 80,000 people working in tech nationwide and a further 8,000 IT jobs in Ireland are forecast to open each year. Things happen here and they happen fast, thanks to a thriving startup scene and some of Europe’s most prominent research centres to boot.’
Technology is identified by stakeholders as source of wealth, solutions, and even a tool to fight corruption and terrorism. But discussions about technology as a source of compliance and ethics troubles are scarce. Risk assessment topics in the field usually revolve around core issues such as cybersecurity, data privacy and data protection.
However, compliance professionals cannot underestimate other compliance risks raised by ICT companies, their operations and their products. For example, governance and compliance risks, bribery, third party risks, conflict minerals, modern slavery and the abuse of information technology to perpetrate crimes. The United Nations Convention Against Corruption states, in Article 48, that State Parties should ‘cooperate within their means to respond to offences covered by this Convention committed through the use of modern technology.’
Ireland’s tech scene is vibrant but the country faces challenges in terms of the implementation of its compliance framework. Ireland has enhanced its compliance tools to fight bribery and corruption by passing the Protected Disclosures Act 2014.
This law provides a comprehensive framework for whistleblowing. However, the Emerald Isle faces challenges in areas such as the harmonisation of anti-bribery regulations, corporate liability and enforcement. In fact, according to the OECD 2015 Data on Enforcement of the Anti-Bribery Convention report, no enforcement action has been reported against individuals or corporations for anti-bribery violations since 1999.
A clear, consistent and comprehensive compliance and ethics framework is necessary to promote investments and to help to mitigate the wide range of risks posed by the operation of massive and wealthy ICT companies.
Governance and Compliance Risks
The 2016 BDO Technology Risk Factor Report ‘examines the risk factors listed in the most recent annual shareholder reports of the 100 largest publicly traded U.S. technology companies by revenue’, many of them headquartered in Ireland for the EMEA region.
Among the top 25 risks identified in the report, regulatory risks posed by ‘federal, state or local regulations’ rank No. 1 jointly with the risks of “breaches of technology security, privacy or theft”. The risk posed by accounting, internal controls and compliance standards ranks No. 14. In fact, the report states that ‘83 percent of technology companies cite accounting, internal controls and compliance risks in their filings. The [US] Public Company Accounting Oversight Board (PCAOB) has stepped up its scrutiny on internal control procedures and testing, following a significant rise in tax and financial reporting control deficiencies over the last few years. In addition, the Financial Accounting Standards Board has announced a number of Accounting Standard Updates that technology companies are in the early stages of implementing. Although the new revenue recognition standard was announced in 2014, 31 percent of tech CFOs are still trying to understand the changes…’
There is an increasing concern about governance and compliance standards in this industry. This is significant and proves that tech compliance professionals should discuss other issues beyond data privacy, including other regulatory compliance risks, integrity issues and culture.
Corruption, bribery and third parties
Tech companies are not isolated. They are also exposed to real-life, offline corruption risks. For example, in February 2016 the U.S Securities and Exchange Commission (SEC) announced ‘that a Massachusetts-based technology company and its Chinese subsidiaries agreed to pay more than $28 million to settle parallel civil and criminal actions involving violations of the Foreign Corrupt Practices Act (FCPA).’ The SEC investigation ‘found that two Chinese subsidiaries of PTC Inc. provided non-business related travel and other improper payments to various Chinese government officials in an effort to win business. PTC agreed to pay $11.858 million in disgorgement and $1.764 million in prejudgment interest to settle the SEC’s charges and its two China subsidiaries agreed to pay a $14.54 million fine in a non-prosecution agreement announced today by the U.S. Department of Justice.’
The tech sector is highly exposed to third party compliance risks. According to the paper “Understanding the Technology Distribution Business”, ‘for most major technology vendors, distribution is their principal route to market, typically representing as much as 80 percent of their revenues. In addition to selling products, distributors frequently provide ancillary services such as delivery logistics, technical support services, installation, marketing, and credit-financing services.’
We know that third parties magnify bribery and facilitation payments risks, especially in emerging markets like China and India, where tech companies invest heavily. So the tech corporate leadership should bear in mind that international operations, including those involving third parties and agents, potentially fall within the aggressive enforcement scope of the US FCPA and the UK Bribery Act.
Finally, tech companies should fully understand the use of IT in corruption to address their own risks as providers and manufacturers. The white paper Abuse of Information Technology for Corruption identifies cases of abuse of IT covering a wide array of corruption offences, including bribery, abuse of office, trading in influence, conflicts of interest, procurement violations and embezzlement.
Conflict Minerals and Modern Slavery
The use of conflict minerals in the tech industry is a real threat. This serious issue has been addressed by guidelines and regulations such as the OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas and the US Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.
Tech companies involved in manufacturing must implement conflict minerals management systems to address the risk that the tantalum, tin, tungsten and gold (3TG) contained in their final products originated within a conflict-affected area. Under Dodd-Frank, tech listed companies in the US must disclose metals in supply chain connected to war-torn regions, but this task has proved difficult:
‘In all, companies shelled out roughly $709 million and six million staff hours last year to comply with rules to disclose “conflict minerals” in their supply chains, according to recent research by Tulane University and Assent Compliance, a New York consulting firm…’ ‘… Yet 90% of the 1,262 companies that filed conflict-mineral reports with U.S. securities regulators last year said they couldn’t determine whether their products are conflict-free, according to Tulane University’s research…’ reported the Wall Street Journal.
Modern Slavery is also a significant risk in tech supply chains. A recent report found that ‘the Information and Communications Technology (ICT) industry is an at-risk sector. Workers manufacturing components in technology companies’ supply chains are often migrant workers, particularly vulnerable to exploitation during the recruitment process and in their workplaces. As a Verité study found in 2014, nearly a third of migrant workers in Malaysia’s electronics sector are in situations of forced labor — building and assembling products for some of the world’s major technology firms. These workers can find themselves trapped by burdensome debt owed to recruitment agents, deprived of access to their passports, and working excessive hours for minimal pay.’
Start the conversation
This article does not aim to list all potential ethics and compliance risks. It is intended to open a conversation about integrity challenges in the ICT industry, beyond the hot topic of data. This conversation should create opportunities to align rules, values and business objectives within ICT companies. This alignment, if effective, will lead to business integrity.
Find out more about ICA qualifications available in Ireland >
By following us on LinkedIn, Facebook and Twitter you’ll stay up to date with the latest developments in governance, risk, anti-money laundering and financial crime prevention, and the professional qualifications we offer.