A dangerous assumption: “Country risk can be solely assessed by global indices.”

June 3, 2014

The CPI ranks countries and territories based on how corrupt their public sector is perceived to be. It is a composite index; a combination of polls drawing on corruption-related data collected by various institutions. The 2011 CPI draws on 17 data sources from 13 institutions. These institutions are typically organisations like the Asian Development Bank, African Development Bank, the IMD World Competitiveness Yearbooks, the World Bank, and the World Economic Forum executive opinions, among others.


While the CPI is a useful guide to try and determine whether or not certain countries are deemed as corrupt, a global corporation cannot rely solely on this list when assessing corruption risks for the countries in which they operate.


Develop your country risk, not someone else’s

It is important that organisations look at country risk from their own perspective, rather than the perspective of Transparency International or the organisations that contribute towards the CPI.

To determine the importance from a risk perspective it is more relevant for an organisation to assess its own history of compliance-related incidents in a country than the histories of various NGOs who have had experience in those countries. Likewise, it is more important for a company to consider the skill sets that it has for compliance and risk management in those countries than relying on an external source.

Many companies have a risk-management department that has the skills to assess the level of competency of the organisation in certain countries. That competency may come down to:

  • the size of the operation in the country
  • the depth of its market share
  • the size of its management team
  • the seniority of the leadership in the country with regards to an understanding of compliance and integrity risks.

Organisations are often able to determine which country they are operating in around the world is the most difficult for them from this perspective.

There are also many other factors that should be considered when determining the country risk, including:

  • your product set in that country, and the extent to which your products engage with government or are sold to government
  • the size of your business in that country and whether or not the business is increasing or decreasing and therefore being “hot”
  • the type of sales model in the country – whether it is channel or direct
  • whether or not there are sub-distributors, integrators or other third parties involved in many transactions in the country
  • whether the country includes suppliers, and whether procurement is advanced, closed or subject to government controls
  • the seniority and competency of the management team to manage risk
  • the history of concerns or allegations raised in that country regarding compliance or integrity
  • the number of hotline issues or anonymous reports which have been made in relation to that country
  • the environment in the country by government regulators on enforcing laws in the country itself regarding compliance, corruption or integrity
  • the plans for the country regarding significant development or investment.



Taking into account those factors listed above which are directly relevant to your company is far more useful when determining the compliance risk for a specific country in which you operate. Relying on a list like the CPI as your sole factor in determining risk is flawed in most large international organisations that operate in emerging markets.

Previous Article
Integrating export control and trade sanctions into anti-corruption compliance programmes
Integrating export control and trade sanctions into anti-corruption compliance programmes

The residual financial, reputational and operational trauma resulting from an export control prosecution ca...

Next Article
Benchmarking Study: Corporate gifts and entertainment policies
Benchmarking Study: Corporate gifts and entertainment policies

Nearly every anti-corruption compliance programme needs to include the implementation of policies and proce...


Subscribe to The Red Flag Group Insights

First Name
Last Name
Job Title
Thanks for subscribing
Error - something went wrong!