Managing corporate fraud and corruption
April 2014 | COVER STORY | FRAUD & CORRUPTION
Financier Worldwide Magazine
Corrupt and fraudulent behaviour remains a significant issue for businesses worldwide. Advances in technology and globalisation mean that those committing fraud now have access to a much larger pool of potential victims, and more complex business processes make crimes easier to conceal. Businesses must do everything in their power to manage internal controls and avoid non-compliance with regulations – especially since global authorities have ramped up their investigation activities. Sound controls and a culture of compliance are key to minimising fraud. When a firm suspects that fraud may be occurring, decisive action must be taken.
Despite the almost unending stream of regulation and legislation designed to crack down on economic crime and corporate malfeasance, such efforts seem like a drop in the ocean considering the true scale of corrupt and fraudulent activity. According to PwC’s ‘Global Economic Crime Survey 2014’, 37 percent of global firms have experienced some form of fraud in the past two years, with 54 percent of US firms reporting fraud in excess of $100,000 and 8 percent reporting frauds over $5m. While corporate fraud and corruption encompasses a variety of different criminal and civil violations, a further PwC report, ‘Economic Crime: A Threat to Business Processes’, highlights two types of particularly prevalent economic crimes: accounting fraud, which has risen from 16 percent in 2011 to 23 percent in 2014; and bribery and corruption, up from 7 percent in 2011 to 14 percent in 2014. An equally pressing trend has been the continued rise of cyber-crime – a threat that will only increase with businesses’ growing reliance on technology. With the tide seemingly against them, governments and regulators continue to wage war on corrupt practices, with the aim of at least limiting the impact of such crimes on the global economy.
Cases involving the manipulation of financial data continue to surface. This includes the use of fictitious performance indicators, overstatement of company earnings and hiding debt from shareholders. In the past 18 months, financial institutions have come under the spotlight as a result of the LIBOR scandal of mid-2012. The renewed regulatory focus has uncovered numerous allegations of market abuse and insider trading such as the Forex allegations. Furthermore, as a result of the implementation of the UK Bribery Act, companies have been forced to ensure they have ‘adequate procedures’ in place to prevent bribery. Many companies have used this exercise to ensure they also have proper controls in place to prevent fraud.
In the last 12-18 months, the US Justice Department (DOJ) and the Securities & Exchange Commission (SEC) have continued to aggressively enforce the Foreign Corrupt Practices Act (FCPA), with major firms and high profile individuals brought to account for a variety of transgressions. “In just the past year, we saw three of the 10 largest FCPA settlements in history, with Total, Alcoa and Weatherford paying $398m, $384m and $152m in penalties, respectively,” says Edward T. Kang, a partner at Alston & Bird. “Holding individuals accountable for violations of the FCPA has also been a continued enforcement priority – since 2013, 16 of the 24 FCPA actions brought by the DOJ have been against individual executives. These statistics all point to the need for multinational corporations, and their senior executives, to continue to ensure they have a robust anti-corruption compliance program in place.”
In the UK the Serious Fraud Office (SFO) recently charged four individuals with a number of offences relating to the promotion of biofuel investment products to UK investors. All four were charged with conspiracy to commit fraud by false representation and conspiracy to furnish false information, though three of the accused have also been charged with offences of making and accepting a financial advantage contrary to section 1 (1) and 2 (1) of the Bribery Act 2010. “The Bribery Act charges are the first to be brought by the SFO despite the Act being in force since July 2011,” explains Paul Feldberg of Willkie Farr & Gallagher. “It is interesting that the charges relate to the acts of individuals and not to the entity itself, meaning there is no Bribery Act, Section 7 corporate offence of failing to prevent bribery. This is despite the fact that there was an entity involved as the SFO had previously obtained a freezing order against the company. When this comes to trial, it will hopefully become clear why the entity was not charged, which may well be of interest to those looking for guidance on who is sufficiently ‘associated’ with a company to trigger a corporate offence. These charges also perhaps indicate a more aggressive and creative approach by the SFO to tackling corporate crime.” A first hearing took place on 7 October 2013 and the next hearing will be a case management hearing on 28 April 2014.
The fraud and corruption landscape has witnessed a number of legal and regulatory developments in the past 18 months. April 2013 saw the SEC enter into its first ever non-prosecution agreement in an FCPA matter. The settlement with Ralph Lauren Corp. resolved allegations that employees at the company’s wholly-owned Argentinian subsidiary had bribed Argentinian officials to the tune of $600,000 in an attempt to gain greater market access for the company’s products. “The Ralph Lauren settlement demonstrates the United States government’s commitment to hold a parent corporation both civilly and criminally liable under the anti-bribery provisions of the FCPA, even in the absence of any evidence that the parent authorised, directed or controlled the actions of the subsidiary,” says Daniel Collins, a partner at Drinker, Biddle & Reath. “While the United States has claimed in the past that the FCPA is not a ‘strict liability’ statute, the filings related to the settlement alleged nothing more than that the subsidiary employee was an ‘agent’ of the parent. This approach ignores the corporate form and principles necessary to ‘pierce the corporate veil’. Ralph Lauren Corp. ultimately paid $1.6m in penalties to resolve matters with both the DOJ and the SEC. However, a number of government-cited factors spared the firm the full weight of the law. The case is an important benchmark, demonstrating the US government’s commitment to rewarding companies that take seriously the issues of compliance, cooperation and remediation. It also highlights the commitment of regulators to pursuing parent firms for the transgressions of their subsidiaries.” In the last few years, the SEC has been more aggressive in pursuing this theory to impose civil liability on a parent, although, as Mr Collins points out, the Ralph Lauren global settlement demonstrates that the DOJ has now adopted this theory for the purpose of imposing criminal liability.
In the UK, the passing into law of Deferred Prosecutions Agreements (DPAs) and the publication of draft sentencing guidelines by the Sentencing Council are perhaps the most significant recent developments in this area of law, according to Mr Feldberg. DPAs involve firms reaching an agreement with prosecutors where the company is charged with a criminal offence but proceedings are automatically suspended. The company agrees to a number of conditions, which may include payment of a financial penalty, payment of compensation and cooperation with future prosecutions of individuals. If the conditions are not honoured, the prosecution may resume. DPAs are a transparent and public event, and are particularly appropriate when the public interest is best served by not mounting a prosecution. “It remains to be seen how many corporates will think it beneficial to enter into a DPA with either the SFO or CPS,” says Mr Feldberg. “The proposed sentencing guidelines provide a greater degree of certainty on the type of fines corporates should expect to receive in the event of a DPA but also send a warning signal to corporates that UK fines may now increase to a level closer to that of fines imposed in the US. Both DPAs and the sentencing guidelines put significant stock in the benefits of corporates self-reporting.”
Prevention and detection
The developments of the past few years have taught us that no matter the weight of regulation placed on firms or the provisions they take to guard against fraud and corruption, no company is, or can ever be, immune from foul play. Therefore, the identification and prevention of fraud should be among the main concerns of any commercial organisation.
Identifying the internal and external areas most likely to pose the highest risk should be a priority. Once these areas have been pinned down, controls can be put in place. Not only will this better prepare a firm for potential fraud, but regulators are also eager to see that companies have genuinely considered their major risk points and acted accordingly. Equally important is the training of staff. This should be done regularly and in person, and with a view to learning from the feedback of staff members and feeding this knowledge back into the anti-fraud program. Boards learn much from their employees, who encounter fraud and corruption risks regularly on the frontline. Using such input to create a correct ‘tone from the top’ is crucially important. Company culture is often considered early on when regulators and prosecutors investigate fraud and corruption issues within a company.
When a company is suspicious that a fraud may be occurring, either on its behalf or where the firm itself is being defrauded, it is vitally important that the suspicion is taken seriously. Though this may not mean stopping all relevant operations and suspending staff, it does mean creating a clear, evidence-based response that demonstrates concerns are being quickly and properly investigated. This may involve setting up an independent investigation committee, securing relevant data and liaising with human resources to ensure that the relevant individuals can be spoken to.
Providing employees with a channel to elevate concerns regarding potential fraud and corruption is therefore an essential factor of any compliance program, explains Mr Kang. “One method that many companies use effectively to encourage this type of ‘internal whistleblowing’ is to provide employees access to a 24-hour hotline to report misconduct on an anonymous basis. The company, of course, must then make sure that complaints received are appropriately investigated, at the direction of in-house counsel, outside counsel or a combination of the two. The investigative steps – including interviews, requests for documents and decisions related to the investigation’s scope – must be appropriately memorialised and all relevant documents preserved.” Companies should be creative in the way they keep internal reporting procedures in the minds of employees. The use of visual media and IT is important in this area. Ease of access to reporting methods is also crucial, as is protecting reporting employees from any retaliation.
Given the enhanced regulatory focus on encouraging and protecting whistleblowers, protecting employees who have evidence of fraud and corruption is all the more important. “The SEC recently made clear that it is looking for the right opportunity to pursue a whistleblower retaliation claim under Dodd-Frank,” says Mr Collins. “Specifically, the SEC stated in its 2013 Annual Report to Congress on the Dodd-Frank Whistleblower Program that it is coordinating with enforcement attorneys to identify instances in which companies have used confidentiality, severance or other agreements in an effort to prohibit employees from voicing their concerns.
Companies need to pay as much attention to treating the whistleblower fairly and reasonably as they do to investigating the claim itself. They need to provide the right incentives to potential whistleblowers to encourage internal reporting. Companies should view whistleblowers as another way to detect fraud, not as thorns in their sides.” This may be more challenging in multinational firms, however, where cultural norms may prevent employees from speaking out. Companies must educate and reassure employees to overcome such barriers to participation.
If we have learned anything from the past decade it is that the fraud and corruption environment continues to grow and evolve. In the years to come, firms will have to adapt to new risks and potentially greater regulatory pressure. As technology improves, it is inevitable that computer software will play a greater part in the fraud and compliance function, particularly as a means of tackling cyber-crime. Already, firms are leaning more heavily on automated processes in the fight against fraud. “I have seen companies rely increasingly on technology to help guide their assessment of risk and determine which segments of their business need greater attention from a compliance standpoint,” says Mr Kang. “Although technology can never be a perfect substitute for human judgment, when used correctly, it can streamline and expedite the processing of large volumes of data. That information can help focus a company on the right ‘touch points’ within their organisation that are susceptible to fraud and corruption.”
For now, however, the main concern is acclimatising to the current climate. Most firms have recognised the new threats, and overhauled their policies and controls accordingly. “There appears to have been a change in the approach many corporations are taking towards the role of compliance within their organisations,” agrees Mr Feldberg. “Companies are providing proper funding, hiring professional compliance personnel and empowering the compliance function to have a greater say in some of the business processes. We believe part of the reason for the change is increased enforcement of the current regulations, rather than any recent legislative changes.”
© Financier Worldwide