Over the past few years, fines doled out to companies by regulators have rocketed. Banks, energy companies and others have received record-breaking fines for not following rules. Last year for instance, the US Department of Justice fined BP over $20bn for operational shortcomings relating to the 2010 Deepwater Horizon oil spill. About $5.5bn of that was for breaching the Clean Water Act, which regulates water pollution.

The ten largest banking scandals have cost the sector about £53bn in fines.

Earlier this year, the Financial Times calculated that the ten largest banking scandals had cost the sector about £53bn in fines. And there is no doubt that such penalties have driven companies to pay more attention to internal risk controls and compliance. So, compliance with rules that attract fines are of paramount importance to strongly regulated businesses.  

Or are they?

Almost two in three respondents to a recent survey by Thomson Reuters said that their organisations were prepared to flaunt rules in order to win new business. As well as a willingness to cut corners in terms of compliance with regulation, the survey also uncovered a reluctance to report breaches among supplier businesses when they were discovered. One in three respondents said they wouldn’t bother reporting it internally – with only a small minority saying they might report it externally.

As well as making risk managers’ hair stand on end, these findings point to something germane to many business cultures – make money first, follow the rules only when you have to.

Over half those asked said that they thought they would be unlikely to face prosecution if they did breach regulations.

So is there an answer? Do regulators need to continue to hike fines up until the pips squeak? When asked why managers were likely to put profits first, well over half said that they thought they would be unlikely to face prosecution if they did breach regulations. Many respondents from the US and the UK agreed with this – at 61% and 56% respectively –despite the supposed ferocity of regulators in those jurisdictions.

If regulators – and governments – hope that deterrence is going to work if it is backed up with big fines they are going to have to try harder. Only a much tougher stance to bringing prosecutions is likely to work.

Subscribe to the Enterprise Risk newsletter here.