Reducing exposure to potential fraud within multinational companies
August 2012 | TALKINGPOINT | FRAUD & CORRUPTION
FW moderates an online discussion on reducing exposure to potential fraud within multinational companies between Jerry Oldham, chairman and CEO at 1stWEST Financial Corporation, Sharon van Rooyen, a partner at Ernst & Young, and Chiraag Shah, a partner at Kirkland & Ellis International LLP.
FW: Would you agree that the need for multinational corporations to monitor, prevent and detect suspicious activities within their organisation is perhaps greater now than ever before? Is this especially true for those whose operations extend beyond national borders?
Oldham: I would say that the need to address suspicious activities is, at the very least, as great as it has ever been. Most companies are operating in a tough economy, wherever they may be located. A difficult economy is a fertile ground for corporate fraud. Companies that operate outside their national borders certainly add to the risk in this area. Separation of divisions, departments and functions can certainly add to the risk of fraud and the difficulty of controlling it.
Van Rooyen: Yes, I agree. Multinational corporations operate in different legal jurisdictions, many of which have anti-bribery and corruption legislation, such as the Foreign Corrupt Practices Act and the UK Bribery Act, with extra-territorial reach. A recent fraud survey highlighted that globally 39 percent of respondents feel that fraud, bribery and corrupt practices are still widespread in the countries in which they operate. With the deceleration of growth in mature economies, management and boards are increasingly focusing their attention on opportunities in rapid-growth markets to secure new revenues. Many of these markets have historically been perceived as having high incidents of fraud, bribery and corruption. Furthermore the results of the Transparency International Corruption Perceptions Index show that the ranking of five out of eight emerging market countries has deteriorated between 2010 and 2011. .
Shah: There is an increasing focus worldwide on ethical business operations and many industries – such as the oil & gas and construction sectors – and jurisdictions are under increasing pressure to ‘clean up their act’ and conduct business in an ethical and transparent manner. In addition, there has, in recent years, been a concerted move by various countries to enact legislation to prohibit corruption and bribery and the scope of this legislation is increasingly extra-territorial in nature. The UK Bribery Act which came into force last year is a clear case in point – the Act provides for a strict liability corporate offence of ‘failure to prevent bribery’, which also applies to non-UK companies that carry on business or part of a business in the UK. As such, where a corporation’s activities span numerous jurisdictions, it is no longer a defence to say one was ‘not aware’ of what was going on in a subsidiary in a distant jurisdiction – the legislation’s aim is to make it your business to know.
FW: In your opinion, are senior directors and executives at multinational companies doing enough to understand the threat of fraud facing their organisation?
Shah: Our experience suggests an increased interest and awareness within the corporate marketplace of the threat of fraud and an increasing sensitivity to the need to implement policies and procedures that would combat such threat. However, there is still a lot more that can be done, particularly from an education perspective. It is imperative that the threat of corporate fraud is taken seriously at an organisation, from the chief executives down to the lower levels of management so that they in turn can motivate the workforce to comply with relevant policies and procedures. A recent Ernst & Young study showed that almost 75 percent of middle managers at UK businesses were still not aware of the UK Bribery Act. This is particularly concerning considering that this survey was conducted some nine months after the Act had come into force. The recent banking scandals in the UK also highlight the fact that supervision and monitoring at lower management levels has been far from adequate. Unless a concerted effort is made by senior management to educate its workforce about the threats of corporate fraud and how to prevent it –as well as provision for a secure whistleblower system – corporate fraud will continue to manifest itself with potentially disastrous implications for multinational companies.
Van Rooyen: Though many companies have intensified their efforts to combat fraud, especially given the aggressive enforcement environment, much remains to be done. Whilst at C-suite level the awareness of the risks posed by fraud, bribery and corruption appears to be high, and a substantial majority of companies are doing many of the right things to mitigate the risks, adequate training and education regarding policies is still not sufficient. In addition, the risks of fraud, bribery and corruption are not always adequately considered during acquisitions. In a recent global fraud survey, 52 percent of the senior directors and executives who responded think that the board needs a more detailed understanding of the business if it is to be an effective safeguard against fraudulent or corrupt practices.
Oldham: It is hard to generalise regarding all companies, but it is certainly easy to suggest that more can always be done with regard to assessing, controlling and monitoring fraud. More is not less in this case.
FW: In recent years, what regulatory developments have you seen aimed at combating corporate fraud? Are companies prepared to maintain compliance with flagship laws such as the US Foreign Corrupt Practices Act and the UK Bribery Act?
In recent years we have seen additional legislation in this area, such as the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 being introduced by the US. This Act imposes new disclosure requirements on US-listed companies, as well as creating financial incentives for whistleblowers and establishing a whistleblower bounty program for providing original information leading to a successful enforcement action. In South Africa, the Companies Act of 2008, as amended, sets out specific requirements for the protection of whistleblowers in order to report corporate fraud and other irregularities. Further legislation such as the introduction of the UK Bribery Act of 2010 and an amendment to the Chinese Criminal Law, aim to tackle the bribery issue and strengthen corporate fraud enforcement activities. Although many companies endeavour to maintain compliance with flagship laws such as the FCPA and UK Bribery Act from current research it would appear that mixed messages are being given by management, for example not consistently penalising people for breach of relevant policies.
Oldham: The two flagship laws mentioned are the best examples I know of that address this subject and provide accountability. Whether companies are prepared to comply is difficult to generalise about, but the fact is: they should be.
Shah: There has been an increased focus by the UK Serious Fraud Office (SFO) on bribery and corruption over the last four years. This has been given added impetus by the enacting and coming into force of the Bribery Act. In addition, we have seen the increasing prevalence of joint investigations with authorities in different jurisdictions working together through the framework of mutual legal assistance to investigate and prosecute instances of fraud and corruption. One notable development in the UK has been the recent consultation on Deferred Prosecution Agreements, which have been used for some time in the US, whereby companies could avoid prosecution by agreeing to pay penalties and take remedial actions as an alternative to contested criminal proceedings. In the US, the recently enacted Dodd-Frank Act represents the most comprehensive financial regulatory measures taken since the great depression. The Act provides, inter alia, for increased oversight and supervision of financial institutions as well as more stringent regulatory and corporate governance requirements. Insofar as compliance is concerned, companies are increasingly displaying a desire to be FCPA and Bribery Act compliant. This is now considered a priority – indeed we have seen instances where uncertainty on such issues was considered to be a deal breaker on corporate transactions.
FW: For multinational companies rolling out an anti-fraud program, or updating an existing one, what considerations do they need to make in areas such as internal checks and controls, monitoring processes and internal investigations, employee training and education, and so on?
Oldham: Employee training and education is a huge factor in addressing this issue. A majority of all frauds are discovered by an internal tip compared to any other source. That said, there should be fraud detection internal controls established at every company level, including the executive level. A corporate conscience should be established that pronounces at all levels that fraud and corruption will simply not be tolerated and will be punished if proven.
Van Rooyen: Companies must ensure that all elements of their anti-fraud program are fully and consistently embedded within the overall culture of the organisation. It is vital that appropriate policies are in place, with clear roles and responsibilities. When assessing or designing internal checks and monitoring processes, the company should consider physical, procedural and system risks. A threat may be posed by something as simple as the theft of assets or a more complex fraud perpetrated through a lack of defined authority levels in a database. A company should consider performing a walkthrough and gap analysis to identify risks and develop appropriate remedial actions. Internal investigations can potentially do more harm than good if the persons assigned to investigate the allegation do not have the appropriate mandate, skills or tools. Computer forensics and data analytics also form an integral part of this program in securing evidence and performing proactive trend analysis. Management and staff training and awareness empower employees to recognise a fraud if they were to come across it and be educated on the most appropriate course of action to report a suspicion.
Shah: It is essential for a corporation to have robust compliance procedures that are dynamic and tailored to the risks that it is likely to face. A company should take a holistic approach to compliance so as to create an ethical culture as opposed to an overly legalistic approach that is aimed at simply achieving the ‘minimum standard’ of compliance. Similarly, the anti-fraud program should not end up becoming a box-ticking exercise, but rather, should be something that is practical and accessible and which ensures that all processes are clearly documented and recorded. The program should have the endorsement of senior management who can be seen to lead by example and pass on a clear message that any form of unethical or fraudulent behaviour will not be tolerated. At the same time, employees at all steps of the ladder should be periodically trained on business ethics and general fraud awareness. It is equally important that a company has a dedicated compliance department/officer to which queries can be addressed or concerns raised and for an anonymous reporting system to be in place. Insofar as anti-bribery compliance is concerned the ‘adequate procedures’ provided for in the Bribery Act and the guidance published by the Ministry of Justice and Transparency International are a very good starting point.
FW: What are the benefits of conducting background checks on key personnel before they join? Are more companies utilising this process as a preventative measure to reduce potential fraud?
Oldham: We advocate background checks at every level of hiring. Background investigations are a pre-emptive fraud control mechanism. There should be no excuse for hiring into a company someone with a history of theft, fraud or misrepresentation. Furthermore, if a company makes an acquisition, the upper and middle management team of the acquired company should be thoroughly background investigated – no exceptions. There also should be no excuses for acquiring a corrupt management team member.
Shah: The advantages would be the same as when one carries out due diligence on third parties that one is contemplating entering into a commercial relationship with, such as agents or distributors. In particular, it would provide an opportunity to identify any red flags related to potential key employees that may make them a higher risk hire, including past misdemeanours that could be potentially embarrassing for the company or which display a propensity for unethical behaviour. Any checks would, of course, need to be proportionate depending on the particular individual’s risk profile. In our experience, this practice is fairly common for senior executives before hiring although less prevalent for more junior roles. Most companies focus on third party due diligence although we have encountered isolated incidences of detailed background checks on potential employees.
Van Rooyen: Pre-employment background checks on employees are a key area of any organisation’s selection strategy. In some instances, organisations conduct standardised background checks on all employees, irrespective of their level. Information obtained via background checks can assist the organisation in assessing the candidate’s level of integrity and ethical values. This sort of information can be obtained by conducting lifestyle assessments as well as, where available, making use of legitimate industry administered databases to assess past activities. Many organisations make use of the services of external verification agencies to verify candidates’ educational qualifications and skills, as well as checking their credit and criminal records – with permission. In many instances, only pre-screening may be done and no other screening is carried out after a person is in the company’s employ. A company needs to bear in mind that an employee’s life does not remain static once the employee has entered the organisation and thus post employment screening at appropriate intervals should be considered.
FW: Are there positive steps companies can take to control the costs associated with maintaining anti-fraud compliance?
Van Rooyen: There are a number of steps that companies can take. The most important step would be to develop and implement a holistic anti-fraud framework, with prevention, detection and investigation methodologies and tools that support one another. Proactive trend analysis will assist the company in identifying potential vulnerable areas and prioritising and focusing its resources, both financial and physical. Adherence to the anti-fraud framework, at an operational level, and legislative compliance must be monitored on an ongoing basis to ensure that any departures from what is required is identified and dealt with in a timely manner. Fraud and corruption related information should be more tailored and focus on key areas of risk. Monitoring and re-assessing the anti-fraud framework would allow companies to consider emerging trends and ensure that its anti-fraud measures keep abreast of the changes. Attempting to correct the problem after the horse has bolted may result in fines and additional costs to implement a compliance system after the fact.
Shah: Whilst implementing anti-fraud compliance procedures may potentially involve a fairly significant budget outlay at the outset, one has to bear in mind that prevention is better than cure. One has to only look at the level of fines that have been imposed in recent times to appreciate the severe effects that the failure to have an appropriate and working program in place could have. If one is able to work a program into the organisation’s normal day to practices, such that anti-fraud compliance becomes a normal business process as opposed to an add-on, then it should be relatively easy to maintain and manage. Once the policies have been adopted by senior management and instilled into the workforce, it becomes much easier to monitor and update.
Oldham: Establish a written policy and follow it at every level within the organisation. The key here is being consistent, which always creates economies of scale. Encourage and follow a culture of honesty and integrity.
FW: In today’s low-tolerance environment, how should a company respond when it uncovers potential or actual fraud within its organisation?
Shah: Our recommendation is to address the issue head on. Senior management and the company’s board of directors should be immediately made aware of the issue and the board should then direct a proper investigation into the issue either by an appropriate internal audit team or more preferably, by independent external counsel. There is now an increasing trend in self reporting – as the recent Oxford University Press matter demonstrates – and a company can then demonstrate that it has taken concerted efforts to deal with the issue in a timely and proper manner rather than trying to conceal the incident. This can be advantageous in the long run in terms of potential leniency or reduced fines in the long term. This is of particular relevance where the possibility of a deferred prosecution agreement may exist. Depending on the nature of the incident, or incidents, and the industry involved there may also be mandatory obligations to report the incident to enforcement and regulatory bodies such as the Serious Organised Crime Agency.
Oldham: Companies should respond swiftly. An internal investigation with strategic outside support should be initiated immediately. Involve the best outside legal counsel as early as possible, as well as investigative staff at any and all relevant levels where the fraud is suspected.
Van Rooyen: Every organisation should have a fraud response plan in place setting out a formal process to ensure that each report of potential or actual fraud is dealt with in the same manner. A preliminary process should be established whereby the appointed persons can perform certain limited procedures to determine if there is merit to the allegation and whether sufficient evidence may exist. It is important that the ultimate course of action, be it disciplinary, civil or criminal action be determined as soon as possible as this may impact the investigation approach. Some legislation makes it an obligation for a person in a position of authority to report the suspected fraud to law enforcement. Details of this responsibility should be included in the fraud response plan. The company must also review their insurance policy as this may carry limitations. The role of management, the investigation team, employee relations and legal advisers must be defined in the response plan. In order to protect the investigation team they should be given a clear mandate and conduct their investigation within this scope of work.
FW: What key trends do you expect to see in corporate fraud over the months ahead? Are companies equipped to tackle these challenges, or do they need to do more?
Van Rooyen: There is little question that the current economic situation has exerted negative pressure on employees. One of the most troubling trends is the increase in the acceptance of unethical business practices. We expect the levels of corporate fraud and fraud in general to rise, especially due to difficult market conditions. The following areas might see an increase in the levels of fraud: cyber fraud; procurement fraud; recruitment; and stock and asset frauds. Many companies are not equipped to deal with the changing environment and escalation in corporate fraud due to companies’ internal knowledge and capacity restraints. Companies will have to do more to ensure that they keep abreast with corporate fraud.
Shah: We anticipate seeing more prosecutions of high-level, sophisticated corporate fraud. Both the US Department of Justice and the UK’s Serious Fraud Office have indicated a desire to stamp down heavily on instances of fraud especially in the financial sector as well as to continue with the ongoing fight against corruption. We are also likely to see more cross-border cooperation between prosecuting authorities. At the same time, we are likely to see more high profile prosecutions under the Bribery Act which will generate interesting precedent as to minimum standards of compliance and interpretation of what will and will not hold water in terms of defences or adequate procedures. Following the ongoing government consultation on deferred prosecution agreements, it is likely that we may also soon see these being introduced in the UK. We have seen an upward trend in the levels of awareness that senior management now have in relation to corporate fraud. What is essential, however, is that this level of awareness is passed down to lower management and the general workforce. Whilst most companies have some level of anti-fraud compliance, it is essential to review these policies regularly to ensure that they are up to date with any developments in the law.
Oldham: I expect to see more cases of fraud if the economy continues to worsen in many parts of the world. As is often said, desperate people do desperate things and some for the first time. Others are fairly practiced at it, having succeeded at it often and not yet been caught.
Jerry Oldham is co-founder, chairman and CEO of 1stWEST Financial Corporation. Mr Oldham has an extensive investigations and corporate due diligence background, and a broad senior management resume in commercial banking and corporate and real estate finance. He frequently serves as a consultant or expert witness in litigation and settlement negotiations involving complex corporate finance, real estate, banking, and lending practice issues, having assisted in the settlement of hundreds of lawsuits. He can be contacted on +1 (303) 670 3443 or by email: j.oldham@1stWEST.com.
Sharon van Rooyen is a Partner within Ernst & Young in the Fraud Investigations & Dispute Services practice, focusing on fraud & corruption investigations, fraud risk management and anti-corruption compliance. She is an experienced investigator in the forensic field and has been involved in a number of investigations, both locally and internationally. In the past 17 years she has led a number of assignments in the area of forensic investigations and fraud risk management and anti-corruption compliance. She can be contacted on +27 (0) 11 772 3150 or by email: firstname.lastname@example.org.
Chiraag Shah is a partner in Kirkland & Ellis International LLP’s arbitration and litigation group in London. He has represented clients in both institutional and ad hoc arbitrations around the world and regularly advises clients on corporate fraud matters. Mr Shah is dual qualified (Kenya and England & Wales) and maintains strong links with both law firms and institutional organizations in Kenya. He can be contacted on +44(0)207 469 2323 or by email: email@example.com.
© Financier Worldwide
1stWEST Financial Corporation
Sharon van Rooyen
Ernst & Young
Kirkland & Ellis International LLP