Sally-Anne Woulidge
Director Internal Audit, Risk and Compliance Services

Understanding risks in overseas markets

Steven Hickman, KPMG Enterprise Partner, and Jo Fairley, Green & Black's co-founder, discuss how to identify and understand risks associated with operating in overseas markets

"Are your financial systems sophisticated enough to cope with the expansion?"

Sally-Anne Woulidge, Director Internal Audit, Risk and Compliance Services, KPMG

The Govern section of KPMG’s Going global report provides a rundown of the key issues and suggests steps you can take to protect your business. It covers everything from bribery and cyber security to VAT and customs duty.

No comprende?

The business opportunity itself is only one of a number of things you need to get right. Are your financial systems sophisticated enough to cope with the expansion? What about HR and payroll? Sally-Anne says “I have clients with four or five different languages in their financial systems, which makes it very hard for the management team in the UK to be sure they are getting a complete picture when performing testing or assurance reviews as some aspects or languages may not adequately align.”

You need to put in place risk management procedures and robust controls. While that seems like a no-brainer, it’s amazing how often this can be downgraded in importance or even overlooked in the scramble to make sales, sort out the supply chain or build a new facility.

The further from home you go, the less control or oversight you may have. Sally-Anne explains “one organisation told me recently that they were worried about their operations in the Far East. When I asked why, they didn’t know. That underlines the importance of understanding risks and defining standards and risk appetites for your subsidiaries to follow. And you need assurance from your local management teams that standards and risks are being met or addressed.”

Culture Shock

Tax and accounting rules differ from territory to territory and you have to stay on top of them. There are also cultural differences to wrestle with – and sometimes, what is and isn’t permissible in a country may not be as clear-cut as it is in the UK. In some countries, for example, you have to engage an agent to support your business delivery and in some instances transport goods through customs. Here in the UK, that would be seen as unethical, inappropriate and potentially an illegal backhander.  

It’s worth noting that many legislative requirements such as the Modern Slavery Act 2015 extends to the activities of suppliers too, so it’s not just your actions that will be under scrutiny. And in any case, when wrongdoing rears its ugly head, customers don’t tend to make a big distinction between a company and its close partners.

A trap some businesses fall into is having wonderful policies and an admirable code of conduct – which their partners don’t know about. Or policies are known, but ignored by the subsidiary because they are perceived to be ‘not what we do around here’. You need to communicate clearly what you will accept as good behaviour across the globe.

It’s also sensible to implement a whistle-blowing procedure. Whistle-blowers not only need guaranteed anonymity, but also reassurance they will not be hurt by coming forward.

"You are only as strong as the weakest link in the chain"

Sally-Anne Woulidge, Director Internal Audit, Risk and Compliance Services, KPMG

Cloudy thinking about data

Cyber security is another major issue to address. At the centre of an expanding business, with many networks and devices, it’s very hard to understand where your data actually sits. This is further complicated when sharing data with partners or making use of cloud-based services. Remember, you are only as strong as the weakest link in the chain. And even if you are certified to ISO 27001 – the international standard for information security – that is not the same as covering all the bases when it comes to the protection and rights of individuals.

There is also the biggest change to data protection for 20 years to contend with. From May 2018, failure to comply with the EU’s new General Data Protection Regulation (GDPR) will result in stiff financial penalties: up to €20 million, or 4% of global turnover (whichever’s higher). Visit our GDPR page which outlines five key steps to help you turn compliance to your advantage.

Key takeaways

  • Understand local regulations and legislation
  • Don’t underestimate the power of governance and assurance. Perform internal audits and risk reviews
  • Get to grips with the risks of the overseas business within its operating geography

If you want to know more about how to govern your overseas operations with confidence, download the KPMG Enterprise report Going global or get in touch.

Download our Going global report


By submitting your name and contact details, you consent to KPMG in the UK processing your data for the purpose of providing you access to this content.

We may use this information to identify if our products and services are relevant for you and potentially contact you unless you tell us not to here.

To learn more about how we respect and protect your personal data please see our online Privacy Notice.



Going global? Whatever you do, don’t wing it

Expanding overseas? The key to accessing new markets is to answer these simple questions; why, where and how?

Read more

Going global: Beware, it’s a taxation jungle out there

Private businesses with aspirations to expand into different territories must think carefully about how they structure their operations.

Read more

Going global: Fix, sell or close?

Here is what you need to know if one of your overseas subsidiaries is underperforming.

Read more