COMPLIANCE
• Top-level commitment requires boards and senior management to visibly reject fraud-assisted profit, adequately resource prevention efforts, and foster a speak-up culture where employees feel safe raising concerns. Here, the journey from legal compliance to compliance culture begins.
• Risk assessment is foundational. Organisations should map fraud risks across sales, procurement, tax, finance, logistics and other functions. In Turkey – UK contexts, particular attention should be paid to cross-border payment risks, customs processes, agency commission structures, and the tension between local " facilitation " norms and UK legal expectations. The assessment should be documented and updated regularly.
• Proportionate risk-based procedures should be tailored to identified risks rather than adopted as boilerplate. They should be integrated into existing processes, and where a decision is taken not to implement a specific measure, that decision should be documented along with the identity of the authorising person.
10
• Due diligence on third parties is critical. Organisations should screen distributors, agents and service providers, embedding anti-fraud clauses and audit rights into contracts – and exercising those rights rather than merely holding them on paper. Real-world implementation, such as declining questionable deals and conducting spot audits, carries greater weight than polished policies.
• Communication and training must reach beyond the compliance team. Middle management – those making commercial decisions under pressure – require practical guidance and the authority to escalate concerns. Understanding should be evidenced through spot checks and assessments.
• Monitoring and review closes the loop. Detection mechanisms, internal investigations, and continuous improvement informed by whistleblowing trends and management information flagged to the board all serve to demonstrate a living programme rather than a mere paper exercise.
From Legal Compliance to Compliance Culture Reasonable procedures are necessary but may prove insufficient on their own. Anti-fraud culture is defined by behaviour under commercial pressure, beginning – as noted above – with top-level commitment. The critical questions
Leadership role-modelling carries greater weight than aspirational messaging.
are whether the star salesperson receives a pass for cutting corners, whether managers retaliate against whistleblowers, and whether the board demands meaningful data – such as culture surveys, HR signals and speak-up metrics – or simply relies on compliance tick-boxes.
Leadership role-modelling carries greater weight than aspirational messaging. Beyond the " tone from the top," the " tone from the middle " matters significantly: operational managers must be empowered to own fraud risk rather than defer to compliance. Distributed ownership, psychological safety, and consistent enforcement – with no exceptions for high performers or senior executives – distinguish genuine culture from window-dressing.
Boardroom Accountability Boards should focus on strategy and oversight rather than micromanagement, asking for evidence of implementation: deals declined on ethics grounds, audit findings acted upon, and training completion measured by understanding rather than mere attendance. They should foster an open speak-