To what extent does fraud increase during a downward economy? Have you seen evidence of this during the current economic cycle?
Handzlik: An economic downturn leads directly to an increase in business-related crime. The current economic cycle has been no exception. In fact, due to the extraordinary rise in the market value of many companies, the recent downturn led to practices designed to keep stock prices artificially high. As some companies struggled to meet the expectations of ‘the street’, they manipulated earnings to falsely portray their revenues to analysts. Of course, these practices enabled some corporate officials to profit from stock options granted when share prices were low. In many cases, the investing public was misled by these practices.
Oldham: I believe that fraud is more prevalent in a downturn economy and our work in the field of background investigations over the last two years compared to the previous 20 supports this notion. From fraudulent misrepresentations of professional backgrounds to the multiple garden variety of non-disclosures such as previous and pending judgments, bankruptcies and litigation, we see that executives of private and public companies tend to stretch the truth and misrepresent their backgrounds during recessionary times. As one might expect, with the desire to become employed during difficult economic times, resume fraud and misrepresentations about an individual’s educational background is more commonplace.
Utley: There are basically three factors, called the fraud triangle, that are accepted as necessary for fraud to occur: pressure; opportunity; and the ability to rationalise illegal or unethical behaviour. As economic conditions soften, fraud risks will increase. In respect of businesses, during a recession there will be increased pressure to meet short term financial targets and secure sufficient share in an environment of reduced deal activity. In respect of individuals such factors include: fear of redundancy; a decline in the value of investments and retirement funds; and a decrease in the value of most people’s biggest asset, their house. These are all pressure inducing factors. During tough times the deep-seated human instinct to survive kicks in and a person’s appetite for risk goes up and their threshold to rationalise behaviour that would ordinarily be considered as unethical goes down.
Frohner: Any financial crisis leads to a poor working environment. This in turn obviously provides a rationale and motive to commit fraud. Recent studies have proven that corporate fraud in Austria has increased during the recession. Austrian companies have reported a record high corporate fraud rate of 20 percent during the last two years. Additionally, competition in public tenders becomes tougher. Companies, under certain economic pressures, may use illegal means to win tenders. The chances of this increase dramatically, often driven by the moral excuse that ‘the economic turndown for which the individual is not responsible forces the use of uncommon means to survive’.
Gannaway: In a prolonged downturn, the pattern of fraud is different and more mundane, but no less costly. Ponzi schemes and other investment-related frauds diminish – though they never disappear entirely. This reduction serves to expose an ongoing level of classic or perennial fraud: misappropriations such as embezzlement, in which employees who are under personal financial pressure take cash or other assets. There is also an uptick in other forms of theft – of the employer’s intellectual property and of confidential financial information that will be used for the employee’s personal gain. The explanation is simple. Employees are under financial pressure. They have lost hours or benefits and their spouses have lost jobs. They have a strong incentive to try to make up their losses by taking readily available cash and other assets.
Lawson: As someone who has worked on various types of fraud investigations for years, I can’t say that I’ve noticed an increase in fraud during a down economy. In fact I think the Association for Certified Fraud Examiners conducted a survey in 2009 that confirms the same. What we can say, however, is that when times are bad we discover fraud more readily. As the saying goes, when the water runs out of the pool, you see who’s swimming without trunks. Demands for cash go up when economies turn south, so people ‘follow the money’ far more attentively, and thus discover when something is amiss.
Harvey: While logic might dictate that fraud rises when individuals feel squeezed by deteriorating economic circumstance or try to maintain a high-octane lifestyle developed on the back of substantial bonuses in the good times, that is not necessarily demonstrated by the available evidence. For example, it was widely reported just this week by the UK Cards Association, a banking industry organisation, that losses from card fraud for the first six months of this year are at their lowest level for 10 years. Not what you might expect in these straightened times. Perhaps the majority of those inclined to be fraudsters don’t have much regard for the prevailing economic conditions. There are always cases of previously honest individuals, or small groups of employees, turning to fraud to get themselves out of a difficult position, but those cases can frequently be attributed to causes – such as a gambling or drinking problem, a demanding family with high expectations – that don’t relate to the prevailing economic circumstances.
How do the patterns of fraud seen during a healthy economy differ from those during a downturn?
Gannaway: Fraud has always been part of the business landscape, and probably always will be. The pattern of fraud in a downturn is different from the pattern of fraud at the height of a bubble. In a bubble, dramatic Ponzi schemes are widespread as exuberant investors try to better their already improbably high returns. Money is freely flowing and senior management has pressure to produce greater financial results than their competitors which leads to financial statement fraud through fictitious accounting practices.
Lawson: It appears that the primary motive for fraud shifts as times transition from good to bad or vice versa. During good times, when money is flowing and readily available, excessive greed can be a prime motivator. Remember that Madoff ran his Ponzi scheme during the longest bull-market in history. When times are bad, it seems that desperation and grievance tend to be motivating factors. I’m confident we’ll see this in spades with the recent oil disaster in the Gulf of Mexico.
Harvey: There can be a difference in terms of the types of frauds that individuals might be exposed to between when the economy is good or during a downturn. Investment related frauds, including boiler room scams and illicit collective investment schemes, including Ponzi schemes, are more likely to proliferate in a healthy economy with a booming stock and property market, than in a downturn – though that does not mean that they disappear completely in a downturn. Those patterns are less defined in terms of corporate fraud, where fraudsters expose weaknesses in controls and systems, including taking advantage of new developments in technology.
Oldham: In the background investigations business, the difference in a downturn is the frequency of the fraudulent events and the degree to which multiple misrepresentations are made in the same transaction. As has been often said, ‘Desperate people do desperate things’, and I would add that, in a difficult economy ‘...in more frequent and multiple ways’. People that have been successful at committing fraud in normal economic times are not bashful about increasing the ante during difficult times. A fraudster not yet caught is still a fraudster.
Handzlik: Regulators will tell you that the same fraudulent practices have existed for decades; it’s the volume and execution that differ from cycle to cycle. The same patterns of fraud exist in good economic cycles and bad; there is simply more of it when times are lean. Add to this a decrease in regulatory oversight, an increase in exotic and highly-profitable financial instruments, a decrease in sales and the ability to trade instantaneously on a worldwide basis. Under these circumstances, the incentive to misstate earnings, rig bids or bribe potential customers increases. In bad times, the added element of desperation to keep sales up or meet earnings expectations may also exist. This may lead to more frequent instances of financial statement fraud as well as official and commercial bribery. Price-fixing and bid-rigging also increase in difficult economic times, if only to stabilise markets, maintain existing market share or to minimise losses.
Frohner: I have noticed a sharp increase in middle management fraud offenders. This can be traced back to an increased pressure to achieve economic and efficient results. Further, crisis leads to fewer and more competitive public tenders and thus provides incentive for corruption. A third area where one can recognise a connection between the overall economic situation and corporate fraud is accounting fraud, which typically increases during recession periods.
Utley: Fraudulent activity tends to surface publicly six months to two years after a market crash or financial crisis. If you map the performance of the Nasdaq from 2000 to 2003 against the spike of major corporate fraud scandals such as Enron, WorldCom, Kmart, Peregrine, Adelphia and so forth, you will see a ‘fraud tsunami’ hitting the coast a year to two after the event. The same pattern was seen in Hong Kong back in 1997 following the Asian financial crisis. From 1999 to 2000, the Hong Kong Independent Commission Against Corruption (ICAC) experienced a near 25 percent increase in reported cases compared to the previous 10 years. The other point to make is that after a crisis there is a focus on restructuring strategies and an increase in self examination, and such activities tend to increase the chances that fraud, if it has occurred, will be detected and reported.
What legal and regulatory developments on corporate fraud have you seen over the past year or so?
Lawson: While the United States has had the Foreign Corrupt Practices Act (FCPA) in place since 1977, with additional anti-bribery provisions added in 1988, aggressive enforcement has only just begun. The number of cases pursued by the US Department of Justice since 2005 is more than the number of cases brought between 1977 and 2005. As we see this continued increase in US enforcement I expect to see the same uptick given the UK Bribery Act which was given Royal Assent earlier this year. Developments stemming from increased global enforcement include: increased voluntary disclosure and remediation; expanded M&A related due diligence with an increase in depth and scope; renewed attention and investment in corporate defence programs such as intelligence gathering, forensic accounting, and expert testimony.
Utley: Enforcement of the Foreign Corrupt Practices Act (FCPA) will undoubtedly increase, especially in rapidly developing locations such as China where corrupt practices have traditionally been the norm. The Department of Justice and the Securities & Exchange Commission, both of which enforce the FCPA, have focused on industries such as pharmaceuticals and medical devices, oil and gas, construction and freight forwarding where bribery has been rife. Recent announcements suggest that regulators will also be focusing on technology companies. In addition, whistleblowing protection statutes and incentives to ethically report malfeasance and wrongdoing are on the increase. In respect of China, both President Hu Jintao and Premier Wen Jiabao publicly pledged that the Government will give the highest priority to the fight against fraud and corruption and this has been seen in the ever increasing number of prosecutions against both government officials and industry tycoons who have profiteered illegally in China’s rapidly growing economy.
Handzlik: Significant legal and regulatory developments have taken place as a direct result of the recent economic collapse. In addition, cooperation between and among regulators and prosecutors in different countries is at an all-time high. The enforcement of many regulations and statutes already on the books has increased dramatically, and the US in particular is aggressively asserting extra-territorial criminal jurisdiction. This is exemplified by the extraordinary rise in the number of investigations and prosecutions under the US Foreign Corrupt Practices Act (FCPA). The US Department of Justice (DOJ) is now targeting individuals as well as companies in connection with FCPA violations. DOJ’s Antitrust Division has significantly increased regulatory oversight and criminal enforcement. At the same time, the US Securities and Exchange Commission (SEC) has ramped-up its enforcement activities and criminal referrals under a new chief, himself a former federal prosecutor. In the UK, money laundering and anti-corruption laws have been significantly strengthened, as has the ability of authorities to freeze and forfeit assets possibly derived from criminal activity. Anti-bribery laws have also been enhanced in the UK and EU, and commercial bribery is the focus of new criminal laws, including in the PRC.
Gannaway: Within the past week, the US House of Representatives passed the Medicare and Medicaid Fraud Enforcement and Prevention Act. The proposed legislation seeks to double penalties for Medicare fraud, make it illegal to distribute Medicare beneficiary identification or billing privileges and enact new law enforcement tools to prevent fraud. It also proposes increased screening for companies who want to set up healthcare companies or bill Medicare and increases jail sentences for individuals who provide Medicare information, even if they are not directly involved in fraud. The Wall Street Reform Bill was signed into law in July 2010. President Obama stated, “In the end, our financial system only works – our market is only free – when there are clear rules and basic safeguards that prevent abuse, that check excess, that ensure that it is more profitable to play by the rules than to game the system. That’s how we will ensure that our economy works for consumers, that it works for investors, that it works for financial institutions, that it works for all of us.” The Wall Street Journal reported that the process now hands off to 10 regulatory agencies the discretion to write hundreds of new rules governing finance.
Frohner: The most remarkable development on the European scene was certainly the enactment of the UK Bribery Act 2010 which is further evidence that lawmakers obviously consider the corruption field as an increasingly serious one. In Austria there was also a particular focus on corruption laws, but with intermingled success. First, the rules were tightened in 2009 when the so-called ‘feeding’ of government officials became unlawful – but less than a year later they were softened again following lobbying by various industry groups. What is even more remarkable is the clear trend to actually enforce the various anti-corruption laws. This started at the end of the 1990s in the United States and has since spread to Europe.
Harvey: The biggest development this year has been the passage of the Bribery Act 2010 by Parliament, with the new Act due to come into force in April 2011. It creates a new, strict liability, offence which will be committed by companies and partnerships if persons providing services on their behalf pay bribes, intending to obtain a business advantage for the organisation. The key defence for the organisation will be to prove that it had ‘adequate procedures’ designed to prevent the bribery. The Ministry of Justice has just published its consultation on the procedures which commercial organisations can put in place to prevent bribes being paid on their behalf. There has been much discussion, post the election of the new government on the break up of the Financial Services Authority and the creation of a new Economic Crime Agency. The implementation of these proposals show that there is a continuing political focus on fraud, and corporate fraud in particular, and the increasing levels of activity we have seen from the FSA and the Serious Fraud Office, in whatever new form they may be, is not going to abate.
Oldham: In our field of performing background investigations, we have seen no specific regulations that impact the lending and private equity areas of our work, but the clients for whom we perform this due diligence certainly seem to be more ingenious to performing background investigations on more subjects per case matter, essentially going further down the organisational structure, whether they are providing debt or equity capital. The ‘headline risk’ that comes from a fraud committed at a middle management level job can be just as severe a blow to the company as one committed by upper management.
When suspicions of fraud are reported within a company, what steps should the company take to evaluate and resolve the potential problem?
Harvey: The directors should act quickly. There is no time to be lost, and above all secrecy needs to be maintained to ensure that any potential fraudsters are not alerted to the fact that ‘the game is up’ and do not have the opportunity to seek to cover their tracks – whether by causing damage to IT systems, or the old-fashioned way of starting a fire – or to take steps to ensure that their ill-gotten gains are out of reach. Where suspicions are raised by a whistleblower, then that whistleblower needs to be carefully interviewed, preferably off-site, in order to evaluate the extent of the potential fraud both in terms of the financial value and the seniority and number of the individuals implicated. If the suspicions implicate someone at board level, then the board needs to meet as soon as possible, excluding any implicated individual to form a sub-committee to investigate the issue.
Lawson: One thing not to do is to ignore the allegation. While this sounds obvious, very often business leaders assume that the allegation is not that important, not true, that some embittered employee is merely throwing a brick through the window. And often, they’re right in that assumption. The problem is, when they’re wrong, and the problem turns out to be real, these business leaders pay the price for their lack of diligence. The bill will be delivered by a regulator, a court, or the market. In the most extreme cases all three will come calling. Call your outside counsel and get them to appoint a team of investigators – don’t let the lawyers do the investigation.
Frohner: I believe it is necessary for a company to start thinking about this before the first instance of fraud arises. In this context, the first priority is to have the right procedures in place to efficiently investigate the matter and prevent further harm to the company. There should be a clear scope and procedure on who is responsible for doing what. Further, management should have a clear picture of what the actual consequences for corporate fraud should be. Quite often, I see a situation where a company is putting all its strength towards properly investigating a corporate fraud case and then, when the findings are on the table, is reluctant to apply the appropriate consequences. Particularly in light of the recent recession, it might seem attractive to reduce personnel resources for combating corporate fraud. However, entrepreneurs should always keep in mind that corporate fraud always ultimately results in a massive loss of positive image. At the end of the day, this damage to the company might exceed any direct financial damage resulting from fraud.
Gannaway: The discovery of a suspected fraud is the time to turn to the outside for help. Actually, there is a case to be made for calling on outside assistance even earlier. Control procedures should be developed or at minimum tested by fraud experts – attorneys, investigators and forensic accountants. Once a fraud is detected, the assistance of an experienced fraud investigator is essential. He or she can conduct the investigation in concert with the general counsel or outside attorneys, and work with regulators and the executive team to see the investigation through to its conclusions. Fraud prevention begins with the executive team – as it should, recognising the enormous impact of fraud on revenue. Management should evaluate risk areas across the entire organisation and obtain input from process owners in order to assess opportunities for fraud and weaknesses in internal controls. Prevention can be enhanced through stricter due diligence or control procedures. It is also a matter for ‘tone at the top’. Creating a code of conduct that defines acceptable business practices, then conducting annual (or more frequent) staff training sessions can go a long way toward creating a low-tolerance atmosphere, and keeping borderline fraudsters from acting on their impulses.
Utley: Ideally, a company should already have in place a well thought out and developed fraud response, crisis management and business continuity plan aimed to protect their organisation from economic, reputational and legal risk. Such a plan allows a company to put in place all the right people and resources at the right time and to dictate the company responses in any events from, for example, the receipt of whistleblowing letters to a dawn raid by the police or authorities. A person of appropriate seniority and experience should be assigned as a leader of any potential fraud investigation. Relevant internal resources from internal audit, HR, audit committee, general counsel, legal & compliance, etc., should be identified and trained up in what to do, when and how. External experts such as forensic accounts, lawyers, computer forensic specialists, etc., should be identified and engaged as soon as possible because time is always of the essence. Experience has shown that such a plan allows a company to remain calm, do the right thing, and importantly keep the business going with as little disruption as possible.
Oldham: The answer here varies based upon the type of fraud perceived to be the issue and the level within the management structure of the organisation the suspected perpetrator resides. We recently worked on a matter for a lender and discovered that the CEO of a US public company, who was a Canadian citizen, was under investigation by the securities regulators of his home province in Canada for securities fraud, an act allegedly undertaken during his tenure as CEO of a Canadian public company. Apparently, he was not properly or thoroughly vetted when he was hired on by the US company or, at the time of his hiring, the US company decided to ‘turn the other cheek’. Whichever the case, hiring a high level individual who had possibly committed securities fraud could have been avoided. Continuing, this person lost his US CEO position and was convicted of securities fraud in Canada.
Handzlik: Companies should have effective and credible law compliance programs in place before an allegation arises. The increased scrutiny by regulators and prosecutors means that companies must be prepared to respond to any allegation of impropriety swiftly and thoroughly. Of course, the manner in which a company responds should be proportionate to the suspected wrongdoing and the size of the company. An allegation or indication of fraud by a director or senior company officer, no matter how minor, must be thoroughly investigated and credibly resolved. This is due to the scope of their responsibilities and positions of trust. The company’s response to alleged improprieties not involving senior officers will be determined by a number of factors, including the seriousness and length of the alleged fraud, the level of the company involved and whether the matter is material to the financial health of the company. In all cases, however, it is imperative that responsible company officials, including members of the board’s audit or special committees, the general counsel, the chief compliance officer, and the company’s internal audit function proceed in an expeditious, thorough and credible fashion. In most cases, this means enlisting the assistance of truly independent, outside lawyers and forensic accountants to investigate and report on the matter. In some cases, a rapid and voluntary disclosure to regulators may have to take place.
To what extent have regulators around the world enhanced their monitoring and enforcement activities? How are companies responding?
Oldham: My opinion is that regulators have a heightened sense of duty and awareness since the uncovering of so many Ponzi scheme scandals in the US regarding the securities industry, investment and brokerage businesses. But in other industries, ‘self-policing’ by company management and boards of directors is still the standard business practice, and there is still much to be accomplished in this area by companies’ management and boards of directors by establishing consistent and thorough fraud detection policies and procedures.
Handzlik: Monitoring and enforcement activities have gone global. There has been a dramatic rise in the level of cooperation and information-sharing between and among regulators and prosecutors in different parts of the world. MLATs and MOUs between countries are much more common, and regulators are now able to monitor many transactions electronically no matter where they take place. Criminal statutes asserting extra-territorial jurisdiction over activities once thought untouchable are proliferating. Of necessity, companies have responded by installing strong internal accounting controls, enhancing internal monitoring and creating effective law compliance programs. Of course, these measures demonstrate good internal corporate governance as well as a serious and responsible approach to these issues. While costly and sometimes burdensome, the creation of effective law compliance systems, strong internal accounting controls and meaningful codes of conduct enhances the prevention and swift detection of wrongdoing. And they pay dividends, should the company become the focus of an investigation.
Gannaway: The US Department of Justice has increased the number of investigations of publically traded companies doing business overseas by being more vigilant of matters involving Bribery of Foreign Officials under the Foreign Corrupt Practices Act (FCPA). Also, the Internal Revenue Service Criminal Investigation Division has cracked the Swiss Bank Secrecy Haven through the prosecution of UBS for facilitating US tax evasion and individuals for not reporting the existence of the foreign secret accounts and the income earned there from.
Utley: The OECD continues with various initiatives to combat fraud, corruption and money laundering worldwide. For instance, 28 countries from Asia Pacific have recently endorsed an Anti Corruption Action Plan. In respect of China, the anti graft body, the Central Discipline and Inspection Commission (CDIC), disciplines about 180,000 officials every year, of which about 15-20 percent are for corrupt activities. To put that into perspective, there are 180,000 employees in the whole of the US Department of Homeland Security. According to a recent press release by the Supreme People’s Procuratorate, during the period January 2005 to May 2010, 146,570 cases of corruption were handled, involving 178,393 individuals with an ‘avoided economic loss’ of RMB 31.3bn (US$4.6bn). But these cases are just the tip of the iceberg as fraud and corruption remains rampant.
Frohner: There has been a worldwide intensification of anticorruption laws and their respective enforcement, which spread from the US to Europe. This development probably peaked with the Siemens settlement. It is clear that enforcement agencies, especially in the United States and the UK, are willing to go a long way to reach out for potential perpetrators of the various corruption and other relevant laws. Also, Austria reacted on this trend by establishing a special anti-bribery public prosecution authority. As a response to this trend, companies in Austria are starting to implement compliance organisations and procedures. This is certainly the right move. However, I still have the impression that companies do not take the matter of corruption and fraud seriously enough. Indeed, quite frequently, corporate compliance organisations behave far too passively. They should be playing a far more proactive role.
Harvey: The FSA and the SFO have now been around for quite a long time, more than 20 years. However, the UK is still seen as having some way to go to catch up with the levels of prosecutions that are seen by their equivalents in the US – the Department of Justice, assisted by the FBI, and the Securities and Exchange Commission. The US authorities have always taken an expansive view when it comes to assuming jurisdiction over corporate wrongdoing, as part of their assumed role in ensuring that US companies face a level playing field on the international stage. With globalisation and new legislative initiatives like the Bribery Act 2010, regulators worldwide – not just from the US and UK, but across Europe and in Latin America – are increasingly looking to cooperate and share information in relation to their investigations and enforcement activities. Increasingly regulators from national agencies speak to and visit each other to share information and intelligence. Companies are responding by taking proactive steps to adopt best practice and to be able to demonstrate that they have compliance systems and processes in place (which, understandably, must vary in reach and complexity depending on the size of the company) that allow them to prevent and detect fraud and other forms of corporate wrongdoing.
Lawson: This trend will only increase as different regulators compete with one another to show who is the more diligent and effective, in the wake of the massive collective regulatory failure that some point to as a primary cause of the financial crisis. Companies are responding by adopting new approaches to risk governance, and by making risk management the responsibility of the board and C-suite, rather than being relegated to the CG’s office or to compliance staff.
What is your advice to companies on dealing with governmental investigations and dawn raids? What are the most important decisions to make in these circumstances?
Frohner: There are two basic guidelines which I would give as advice. First, cooperation with the authorities brings the most positive results. One should not forget that official proceedings and investigations typically consume a massive amount of time and are particularly burdensome for internal procedures. Therefore, a smooth investigation is clearly to the benefit of the company. Furthermore, cooperation is typically rewarded when it comes to determining the amount of the fine, if actual wrongdoing was identified. Second, seek advice of outside counsel since usually a company’s legal department or internal audit is not prepared for the tasks and challenges of an official investigation. Finally, in connection with dawn raids, there should be some sort of ‘fire alarm plan’ in every company. This is a naturally stressful situation and to leave it till that time to determine procedures would be far too late and likely lead to inappropriate behaviour.
Lawson: Don’t just talk about data preservation and related legal obligations, have an incident response plan and be prepared to enact it. Note that a government investigation is not a court case, and the two investigations have an entirely different set of obligations and risks. Your incident response plan should account for either or both. The most important decision is who you choose to advise the board and executives. Their lawyers and investigators need to have had direct experience running a government investigation.
Gannaway: Enforcement Actions (Search Warrants) are designed to upset you and obtain evidence that law enforcement may not otherwise be able to obtain by subpoena. Authorities calculate that dawn raids increase the chances of obtaining documentary evidence or an after-hours visit is likely to get you to talk. There are a number of steps to take. Don’t volunteer any information to authorities before you’ve engaged legal counsel. Simply say that you would like to ‘speak with counsel’ and that you have ‘no comment’ at this time. Contact an attorney – one that’s well-versed in white collar fraud and enforcement. Enforcements are complex, often involving multiple agencies (such as the FBI, IRS Criminal Investigation Division, the US Attorney and state or local police) and sometimes a mix of civil and criminal penalties. Legal counsel should hire a forensic accountant under a Kovel agreement to ensure the attorney client privilege. The best accountant for the job is a specialist – preferably one with law enforcement experience. From the beginning, tell the truth to your legal counsel and forensic accountant so they can provide you with the best advice possible.
Utley: An effective fraud response plan is essential. When dealing with the government or authorities it is important to be cooperative, stay calm, but remain silent until you have legal representation.
Handzlik: From the company’s standpoint, the first order of business is to quickly gain an understanding of the nature and scope of the investigation. The company must immediately open effective lines of communication with the regulators and prosecutors. This will usually be done through credible and independent outside counsel, preferably a firm that does not work with the company on a regular basis. Upon learning of a government investigation, the company must immediately launch an internal investigation and ensure that records relating to the matter are maintained. Only when the company is able to asses the magnitude of the problem, who was involved in it and the possible consequences to the company and its shareholders will it be able to mount an appropriate response or defence. If the authorities conduct a dawn raid, company personnel must be informed that they need not speak with investigators before consulting with legal counsel and without having a lawyer present. Again, it is worthwhile to anticipate possible government investigations by having a plan in place beforehand. Clearly, when confronted with an investigation into material matters, it is essential that the company develop a relationship of trust and confidence with the regulators and prosecutors involved.
Oldham: Dawn raids are legally authorised in most countries, made with a belief that the proper legal authorities have a sufficient cause to investigate. My advice is that proper, legal and ethical accounting and business practices will obviate the need for concern about such a circumstance. If a company is being raided without cause, they have little to be concerned about and have a justified legal rebuttal. If they are being raided with cause, then there is likely little they can do but immediately contact legal counsel for instructions on an immediate and go forward opinion.
Harvey: Regulators and investigators increasingly expect, and get, full cooperation from companies that are the target of investigations. Active cooperation in resolving an investigation can be an important factor when it comes to assessing any sanction for wrongdoing. The most important early decision that needs to be made when a company learns that it is the target of an investigation, whether by notification or because it is the subject of a dawn raid, is whether to cooperate in the investigation and, if so, to what extent it should cooperate. Indeed, where a company discovers wrongdoing itself, the most important decision it will have to make is whether to self-report to the appropriate regulators.
What are the key ingredients of an anti-fraud program that every corporation should consider?
Utley: Essentially a corporation needs a three-pronged approach to an anti-fraud program: fraud deterrent measures to reduce the likelihood of fraud; fraud protection activities to detect fraud; and a fraud response plan to initiate a focused investigation that aligns resources and investigation methodology. Such a program should be guided by the root causes of fraud and unethical behaviour and aim to create a top down driven environment of ethical and responsible business practices. Key ingredients will include ethical reporting hotlines; codes of conduct; ethics policies; fraud risk assessments and health-checks, employment screening, effective due diligence on business partners and investment targets (not just financial and legal, but also reputation and integrity); implementation of appropriate internal controls and effective monitoring and assessment of such controls; buy in and understanding of every single person in the organisation through training and mentoring; and monitoring and oversight by management and audit committee or board of directors.
Harvey: There are a number of key ingredients to an anti-fraud program. Ensure that the company has visible accounting procedures and controls which are enforced. Adopt a corporate code of conduct which emphasises the ethical obligations – including the duty of directors and employees to avoid conflicts of interest – of the business. Establish a strong and independent compliance function (that is, independent of those responsible for operational performance and financial reporting) reporting directly to the audit committee of the board. Establish a system within the company for reporting complaints about conduct which does not accord with the company’s accounting policies and procedures: a ‘hotline’ to the compliance or internal audit function.
Oldham: Companies should create a stated policy at every level for multiple checks and balances to quickly thwart the perpetrator, whether at the executive, accounting or operating department level. Hiring an accounting fraud expert and professional background investigation firm to assist with this planning activity is highly recommended. We once found that a deceased head of human resources worldwide had been stealing from the public company for which he worked for many years by setting up fraudulent vendor accounts into which he paid recruitment fees for management level employees that didn’t exist. It turns out that this individual was a prior convicted felon years ago for stealing from a high school club account that he supervised, while at the same time serving as the high school principal, a job for which he lied about his degrees in order to be hired. This individual could have been discovered as a threat before and after he got the HR job, by performing a background investigation before his hiring or by putting in place a proper check and balance system to audit invoices that he was approving for payment to himself.
Gannaway: A fraud risk assessment is critical. While conducting investigations is a job for experienced outside professionals, fraud prevention begins with the executive team – as it should, recognising the enormous impact of fraud on revenue. Management should evaluate risk areas across the entire organisation and obtain input from process owners in order to assess opportunities for fraud and weaknesses in internal controls. The vulnerabilities to fraud. ‘Design’ involves removing temptation by taking a risk-based approach to minimising the opportunity for fraud to occur. ‘Detect’ involves identifying possible fraud when it happens. ‘Evaluate’ involves revisiting the changes made to reassess effectiveness. Finally, ‘respond’ means taking corrective action to strengthen internal controls to reduce the opportunity.
Lawson: Finding the right mix of technology, education, process, and enforcement can be tricky. Internal and external communications on the topic need to be right, setting the necessary ‘tone from the top’. Anonymous reporting mechanisms must be in place. Relevant skills should be brought in house and given real authority and autonomy within the organisation. Continually strive to improve the program based on consistent monitoring of the processes and people in place to guard against fraud. Make sure your incentive systems encourage honesty and accountability. And finally, keep abreast of technologies that help to prevent or identify fraudulent activities and transactions.
Frohner: The three pillars on which every corporate compliance program should stand are organisation/procedures, training/information, and controls. There is a clear trend that internal audit is detecting less fraud. Thus, the way forward is, in my opinion, an efficient mix of various measures such as fraud risk management controls, compliance guidelines, monitoring of compliance rules, trainings for employees and last, but not least, internal audit. There is a clear tendency that companies with higher frequency of fraud risk assessment detect more frauds. In light of this, companies in Austria have an increased tendendency to implement clearly defined roles for internal audit, legal and risk units and clear processes for determining consistent disciplinary outcomes. However, these merits are weighed down by the lack of clear processes for reporting incidents (such as whistleblower hotlines) and documented response plans (such as compliance help desks).
Handzlik: The success of a corporate compliance program depends on the tone at the top. If management fails to demonstrate a sincere interest in establishing a culture of compliance and fostering ethical behaviour, no compliance program will succeed. It should be remembered that Enron Corporation had an outstanding corporate compliance program, one with all the bells and whistles, and a stringent code of ethics. Without the will to conduct and enforce a comprehensive compliance program in an effective and even-handed way, it’s just a piece of paper. On the other hand, a company that appropriately incentivises its officers and employees, demonstrating that the success and well-being of the company is dependent on their shared commitment to law compliance and ethical behaviour, can succeed. Instead of an adversary relationship, a commitment to effective compliance at the top of the company can foster a sense of shared responsibility throughout the company.
What should management and boards do when it comes to checking the backgrounds of board members and senior level corporate officers when they are hired? Should similar steps be taken when hiring independent contractors to perform significant work?
Harvey: It almost goes without saying that the more senior the appointee and the more control and responsibility they are to be given, the greater emphasis that it is worth placing on background checks: no matter how long the appointment is expected to last. However, such checks are secondary to the internal controls and procedures within the business and the need for the company’s systems to report variances from the norm which are independently investigated by someone other than the person responsible for financial reporting. It is equally important that too much responsibility is not concentrated in the hands of one or two individuals. All too frequently frauds are discovered when a long-serving and trusted employee, who might rarely or never take holiday, is unexpectedly ill, and their replacement finds something ‘odd’. This type of fraud arises because the company’s internal controls were inadequate.
Gannaway: Due diligence is the key. Perform a background check by actually calling references and independently verifying the information provided and conducting research through databases containing public information. Independent contractors may have performed services for the government. Requesting a waiver from the contractor or submitting a Freedom of Information Request (FOIA) to the government agency may be revealing.
Lawson: Board members and corporate officers should be vetted carefully, and they usually are. Today, however, we also realise that these people need to be looked at more closely than ever before, and we need to ask what experience they have with regard to managing risk. This needs to be a key skill, and board members and company officers need to be able to demonstrate – to investors and regulators – that they view operational risk management as one of their key responsibilities. Regarding independent contractors, the level of diligence should match the level of risk. How vulnerable is the company or its management’s reputation to some form of malfeasance on the part of an independent contractor?
Oldham: Boards should do everything from a due diligence perspective and take nothing at face value, no matter the referral source. Best business practices include having and following a stated background investigations policy and then making no exceptions to it, no matter the known public background of the employee, officer or director. The policy should include a check of civil and criminal litigation histories, if any, a verification of all previous business affiliations and employment, a verification of all degrees and certifications and a check of all relevant regulatory bodies for any violations of securities laws and regulatory policies and procedures. These same steps should definitely be taken as well when hiring independent contractors to perform routine tasks or special projects, as a fraud committed by them in the past or while on assignment could be judged just as compromising to the company as one committed by a full-time officer or employee.
Handzlik: Companies must do appropriate due diligence when filling a position with significant responsibilities or retaining a new member of the board. Appropriate due diligence means not only examining such things such as past job performance, credit-worthiness and litigation history; in this climate, it also means carefully evaluating whether the individual has the appropriate background and skills for the position. Members of corporate boards and senior officers, such as CFOs, internal auditors and compliance officers, are under increasing scrutiny by regulators as well as by shareholders to make sure they are capable of providing competent and relevant oversight and guidance to company officials. If a government investigation is initiated, the background and qualifications of persons in key positions, both as to the underlying facts and compliance issues, will be examined in detail. This in turn may lead investigators to conclude that the company took its responsibilities seriously when filling the position in question, or not, as the case may be. In addition, attention given by the company to the qualifications of independent contractors is an important factor in evaluating the possible culpability of the company for acts of it agents. Companies should take, and document, every step it has taken to verify the history, abilities and reputation of foreign individuals and entities with whom it enters into agreements.
Frohner: A clear international trend, unfortunately also an area where Austria is falling behind, is the increasing number of due diligence compliance mechanisms in particular in M&A transactions. Corporate fraud is not just an in-house problem but can also be imported from outside sources. As a result thereof I am convinced that it will become a recognised standard to apply a certain level of scrutiny when it comes to implementing new individuals into an existing organisation – for example, by acquiring a new business, retention of new distribution partners, or simply by hiring new officers at a certain senior level. This scrutiny starts at basic levels like verification of educational qualifications, memberships of professional bodies, employment history, financial statements, ultimate ownership, directorships held and any disqualifications. This should also include modern research means, such as the internet and media tools.
Utley: Experience suggests that many companies perform screening on junior staff but rarely perform adequate vetting and screening on their senior management because often the need for talent is given higher priority than the need for integrity. In China it remains quite difficult to find suitably experienced and talented people at middle to senior manager level and so necessity prevails. Whilst employee fraud is often focused towards asset misappropriation, senior management fraud, albeit less frequent, tends towards accounts misstatement and corrupt activity, both of which can arguably be more harmful to a company. It is also prudent to conduct regular checks on existing senior management, contractors, third parties, intermediaries and other business relationships to ensure that circumstances have not changed and that ‘old ways’ have not surfaced again. The reach and liabilities under the UK Bribery Act and the FCPA can extend to less visible business relationships and third parties. Essentially it boils down to proper due diligence and proper employment screening.
What types of fraud do you expect to remain prevalent within companies over the year ahead?
Handzlik: So long as the economy remains weak and corporate profits stagnant, intense pressure on companies and their officers to show results will continue. The investment and banking sectors have, of course, been the subject of intense scrutiny by regulators and prosecutors the world over. The inclination of some individuals in these fields to use deceptive practices will not abate, especially in a down economy. For this reason, it is imperative that companies, including investment banks and other financial institutions, incentivise their officers in appropriate ways. Enforcement of the Foreign Corrupt Practices Act and other anti-bribery and anti-corruption laws, as well as laws concerning price-fixing, bid-rigging and other anti-competitive activities will continue to grow. Individuals as well as companies will find themselves targeted on an increasingly frequent basis. Finally, offences related to money laundering will continue to be a major focus of the authorities. The increasing ability of regulators to freeze, confiscate or otherwise forfeit the proceeds or instrumentalities of crime has led to heightened scrutiny of banking and financial transactions. Prosecutors have found that, in many cases, it is easier to prove monetary offences than to conclusively establish that the underlying activity was fraudulent.
Utley: The Hong Kong and Chinese media remains full of stories of corporate scandals. Today the former Chairman of a Hong Kong public company was jailed for the maximum seven years for ‘conspiracy to defraud’ using a scheme in which he cheated his company out of HK$180m using fake and overpriced purchase orders and channelled the proceeds to related party accounts. The Association of Certified Fraud Examiners’ 2009 study ‘Occupational Fraud: A study of the impact of the economic recession survey’ asked respondents what they expected to see in the coming year. 70 percent believed the instance of employee theft would rise, 56 percent said fraud by unrelated third parties, 41 percent said fraud by vendors, 35 percent said financial statement fraud, and 25 percent said corruption. I don’t expect to see a sudden outbreak of honesty anywhere in the world, but I do expect we will see the effects of the financial crisis fraud tsunami hitting our shores.
Lawson: All types of fraud will remain prevalent, along with some new ones that we can’t yet begin to guess at. I’d be on the watch for fraudsters aiming to make illicit gains by abusing the many government programs that have been initiated to combat the downturn and to stimulate the economy, as well as fraud schemes perpetrated by the unscrupulous against the needy and despairing.
Frohner: There has been a sharp increase in fraud cases in the financial services sector over the last two years. Additionally, according to recent surveys, companies expect the types and levels of fraud to at least stay the same. For example, six out of 10 Austrian CEOs believe that corporate fraud is going to increase over the next few years. Thus I do not assume that there will be a dramatic change in the type of corporate fraud which will be committed but nevertheless IT fraud appears to be an increasing field of criminal activity.
Harvey: Unfortunately, it is not possible to list the types of fraud that will continue to arise in the present environment. There may be a greater motivation for individuals to seek out the opportunity to steal to make up for the absence of a pay rise or bonus, but fraud is an ever present threat. It will arise wherever the opportunity presents itself, through the absence of sufficiently robust systems and controls.
Gannaway: At a time when businesses are trying to cut costs in every way possible – cutting employees, cutting hours, cutting benefits – undetected fraud represents massive additional costs. Assets disappear readily. In over 25 percent of 2008 cases, as reported by the Association of Certified Fraud Examiners, the cost of each fraud was over $1m. In another 28 percent of cases, it ranged from $100,000 to $500,000. Many of these losses – especially in the $100,000 to $500,000 tier – were for very basic crimes: billing fraud (creating false vendors, submitting personal invoices for payment) accounted for nearly a quarter of cases. Close behind were cheque tampering (taking blank cheque, or diverting cheque to a personal account) and skimming (accepting payments from a customer and not reporting them), as well as noncash theft (of inventory).
Oldham: A better economy could be a good thing, but history still tends to repeat itself. The fraudsters that are created during tough economic times don’t seem to often be converted to better habits regardless of the future economic times, and who would want to take a chance on employing a past criminal that they might be the successful criminal converter? Management matters too much to make the bet that a fraudster’s past will not repeat itself. In good times and bad, thorough background investigations and fraud awareness policies and procedures are an essential aspect of a company’s overall management and fraud detection and due diligence plan.