While London Worried About Privacy, the Field Was Fighting Fraud
Global Non-Profit
At a Glance
At the London headquarters, the compliance team was convinced that GDPR and data privacy represented the organization's most significant risk. They had built their annual plan around it, allocated budget accordingly, and were preparing to roll out a global privacy training initiative.
Meanwhile, field directors in Africa and Latin America were dealing with a completely different reality. Vendor fraud was rampant. Subcontractors were submitting inflated invoices, kickback schemes were emerging in procurement, and the controls that worked in Europe were non-existent in regions where the organization's programs operated on the ground.
The organization deployed Ethico's Risk Assessment survey to field directors across all 20 countries of operation. The survey was designed to capture ground-level risk perception: what did the people closest to operations actually worry about? Where did they see the greatest vulnerability? What controls were missing?
The results were aggregated alongside HQ's own risk priorities, creating a side-by-side comparison that made the disconnect impossible to ignore. The data showed that while privacy ranked in the top three concerns at headquarters, it did not appear in the top ten for any field office. Vendor fraud and procurement integrity, barely on HQ's radar, ranked as the number one risk across Africa and Latin America.
Leadership pivoted immediately. Twenty percent of the compliance budget was reallocated from privacy initiatives to fraud prevention and procurement controls in high-risk regions. New vendor vetting protocols were established in the three countries with the highest fraud indicators, and field directors were given direct input into the annual compliance planning process for the first time.
The privacy initiative was not abandoned but right-sized to match the actual risk level. Resources were distributed based on where the evidence pointed rather than where the loudest voices in the room happened to sit.
Read the full case study
See exactly how this organization solved the challenge — enter your work email for instant access.
No spam. No sales calls. Just the case study.