Patisserie Valerie and fraud prevention
April 2019 | EXPERT BRIEFING | FRAUD & CORRUPTION
With the collapse into administration of Patisserie Valerie still fresh in everyone’s mind, this is a useful moment to reflect on fraud prevention measures and how the company’s collapse could have been avoided or the effects of the fraud mitigated.
In October 2018, Patisserie Valerie announced to the markets that instead of having £28m in the bank, as shown in its accounts, it actually was in debt to the tune of £9.8m. This is a dramatic swing, and it ultimately caused the demise of the company, although it has now been ‘rescued’ from administration following its purchase by an Irish private equity firm.
The circumstances surrounding the company’s collapse are quite surprising. Its majority shareholder had to inject £20m of his own funds, before raising £15m from the company’s institutional shareholders, £10m of which repaid some of the funds injected by the majority shareholder. The finance director resigned and was later arrested by the Serious Fraud Office (SFO) before being released without charge. Recent newspaper reports indicate that several others individuals linked to the company are also under investigation by the SFO and could also face arrest. This is, therefore, a stark example of the hugely damaging effect fraud can have on a business if it is not prevented or detected early enough to reduce the effect on the business. Patisserie Valerie should be seen as a cautionary tale.
It is not helpful to speculate as to how this situation came about, nor is it clear from press reports exactly what happened, and it probably will not be clear until the internal investigation is complete, however there does appear to have been a catastrophic failure of whatever preventative measures were in place. Some details have also emerged in the press. The fraud is said to have been perpetrated by double-counting voucher sales to inflate revenues, and failing to pay debts, in particular business rates and VAT. Between £10m and £12m was owed to HMRC. The fraud had apparently been going on for some time – potential purchasers were told that the accounts were unreliable back to 2014. The report that thousands of false entries had been discovered in the accounts also suggests a long-running fraud. This highlights the fact that controls were not effective, and had not been for some time.
It is often the case that companies do not consider fraud prevention measures until they have been the victim of fraud. At this point, it is obviously too late. It is interesting to see the difference in approach to anti-bribery procedures, where criminal liability is attached to a failure to prevent. Many more companies address this as a requirement, though surveys show that not enough companies have adequate procedures in place. Bribery is, of course, a form of fraud, but the cost of considering anti-fraud procedures is seen as not providing a benefit, until, of course, a company becomes a victim. It may be the case that Patisserie Valerie simply did not have procedures in place.
So what should effective fraud prevention procedures look like? First, fraud prevention and a zero tolerance approach to fraud have to be adopted by senior management and trickled down the company through effective messaging and training. Second, fraud risks should be identified, and policies and procedures put in place to mitigate them. For example, in the case of Patisserie Valerie, it seemed to come as a surprise to the management that the company had borrowings of £9.8m. An obvious fraud risk is the company being permitted to borrow without oversight from the board. Controls around authorisation of borrowings might have prevented this. The fact that there were thousands of false accounting entries is a risk which could also have been reduced.
Of course, prevention methods are all but redundant if they are not followed, and this is not detected. Detection is the next crucial pillar in fraud prevention. It may well be the case that policies and procedures were in place, but not complied with. This is not uncommon, but is always dangerous. There have to be mechanisms to detect this. One which could have been useful in this case was a firmer oversight, including spot checks, of the finance function. Another is the creation of a whistleblowing hotline to encourage members of staff to report. There must have been employees who were aware of the fraudulent practices taking place and not agreed with them. These employees should have been encouraged to come forward in Patisserie Valerie’s case. An internal audit function could have been created and empowered to identify and investigate the red flags which should be looked for and recognised. For Patisserie Valerie, where a systemic and damaging fraud appears to have been going on for some time, there must have been some red flags which were not identified.
Finally, once detected, there must be an effective response to fraud. Without this, a company may as well not have prevention policies and procedures in place. One of the most important documents a company should take the time to prepare is a fraud response plan. This should detail how fraud is reported and to whom. There should also be a financial level for escalating an internal investigation and for instructing external lawyers. The plan should identify lawyers, who should be fraud specialists, and external IT forensic experts who can secure evidence. The individuals responsible for leading an internal investigation should also be identified, as should the individual in charge of the company’s public relations response. Depending on the frequency with which the fraud is discovered, the company should consider creating an internal investigation function. It is often the case that putting in place effective fraud prevention and detection procedures leads to more fraud being discovered, which helps to justify such a function. The head of internal investigations should report to the board.
Considering how to respond to fraud will likely educate a company’s directors and employees on the powerful remedies available in the civil courts, such as disclosure orders, which can assist in locating misappropriated assets, and freezing injunctions. Other responses available are disciplinary procedures or a private prosecution. With the government currently consulting on whether to introduce a corporate criminal offence of failing to prevent fraud, similar to the failure to prevent bribery offence in the UK Bribery Act, it may also become important to effectively mitigate the risk of corporate criminal liability. It is very important, in the immediate aftermath of discovering a fraud, to ensure that the response does not prejudice any of these options, as it is often unclear initially what the most effective response will be. Specialist fraud lawyers will be able to advise on how to achieve this, and, importantly, will be able to advise on how best to create and maintain legal professional privilege in an investigation.
Finally, an effective response should include a review of how prevention procedures failed, leading to the fraud. New risks could be identified, which will require new or amended procedures to address them.
Even the most robust policies and procedures will not prevent all fraud. However, early detection and an effective response will alleviate many of the most damaging consequences of fraud. This would certainly have been the case with Patisserie Valerie, where a long running and systemic fraud eventually caused the collapse of the company, with the loss of reputation of the directors, significant investment by shareholders and the jobs of many of its employees.
William Christopher is a partner at Kingsley Napley LLP. He can be contacted on +44 (0)20 7566 2967 or by email: firstname.lastname@example.org.
© Financier Worldwide
Kingsley Napley LLP