The bad news, from the standpoint of management effectiveness, is that the hundreds of millions spent annually by corporations on internal and external audits may require, uh, 'reimagining' if they are to deliver the expected results.
This is not to suggest that all such expenditures, as currently designed, are wasted. The existence of risk management systems, codes of conduct, the whole eternal vigilance infrastructure serves to create the common understanding and bounds through which all civilizations must work. Without them, chaos reigns.
But learning that only 5% of frauds are detected through such frameworks suggests that there is room for improvement. And that an awful lot of unseemly behavior is never discovered - even after the fact. Which sounds like a huge business opportunity. JL
Ajay Shamdasani reports in TrustLaw via Ethikos:
Fraud schemes are usually detected by chance or through tips, while external audits only uncover fraud less than five percent of the time, according to an industry expert. Colum Bancroft, managing director for financial investigations at investigative firm Kroll in Hong Kong, also stressed that global anti-fraud and anti-corruption initiatives would continue to become more widespread in the coming years.
"Most fraud schemes most often detected through tips which come to us accidentally 50 percent of the time. External audits only uncover fraud less than five percent of the time," said Bancroft. He was speaking at the Asia GRC Exchange conference in Hong Kong last week.
Bancroft cited a recent fraud report co-produced by Kroll and The Economist Intelligence Unit, which found that the highest incidence of fraud was seen in procurement, while the highest cost of fraud in dollar terms came from frauds involving senior management. Some 84 percent of respondents to the report had been victims of fraud.
He added that compliance with international anti-bribery initiatives such as the U.S. Foreign Corrupt Practices Act (FCPA) and Office of Foreign Assets Control (OFAC), as well as the 2011 UK Bribery Act (UKBA) need to be taken seriously — owing to their global remit — by banking and financial institutions in Asia. OFAC is the part of the U.S. Treasury Department that administers and enforces sanctions programmes based on American foreign policy and national security goals.
"When it comes to the FCPA and Bribery Act, things are getting tougher and they have extraterritorial reach. The FCPA has been around since 1977, but serious enforcement has been ramped up in the past five years," said Bancroft, citing the $2 billion in fines and legal fees faced by Siemens after it was found to have breached the FCPA. "Locally, even the Securities and Futures Commission is taking a tougher stance on insider trading," he added.
According to Eli Cohen, general counsel at Euroclear Bank's Hong Kong branch, the best approach for banking and financial institutions operating in Asia was to treat all governmental and institutional clients the same for purposes of the FCPA and UKBA. "Our clients are mainly financial institutions, so they understand the need for compliance and the costs associated with reputational damage. If you're weak on compliance, people will stop bringing you business," he said.
Cohen also explained that more recently, regional institutions were more concerned about OFAC, largely related to doing business with Iran. "OFAC applies to U.S. persons, companies and their branches and subsidiaries. It also applies to those in the U.S., so be careful if you visit the U.S.," said Cohen.
Different issues, similar approaches
Bancroft said there were differences between fraud and corruption, but there was a similar approach to setting up programmes dealing with both. "The general feeling, according to compliance officers and in-house counsel, is that people are not doing enough," he pointed out.
The prerequisites for an anti-fraud programme were deterrence and detection of fraud, said Bancroft. "If you look at the fraud triangle, you see opportunity and pressure to commit fraud, as well as rationalisation by those that do so. If you increase internal controls, then you at least lessen the window of opportunity," he warned.
Valid factors for risk profiling were persons' associations, their position in an organisation, and whether they were in a high-, medium- or low-risk country, said Bancroft. "Additional red flags include whether people are living beyond their means or facing financial difficulties. That's something compliance should be aware of," he added.
Additionally, Bancroft stressed a reluctance by staff to take a vacation as a risk factor. "Perhaps they don't want their bad acts to be discovered, so maybe a surprise audit might be advisable for internal audit to do," he suggested, adding "Follow the cash: ask but verify. Never take things [from staff] at face value."
Don't tip off fraudsters
Upon discovering fraud, Bancroft emphasised that it was crucial to inform regulators, and bring in external counsel and consultants right away. "It's also important to secure and preserve evidence right away so that it does not disappear either before or during an investigation," he warned.
Bancroft noted that considerations of office and information security also needed to be factored into an investigation and that firing an employee on the spot may perhaps not be the best way to tackle such an awkward situation.
"Don't tell the whole company a fraud's been discovered because then you could tip them [the fraudsters] off. The key thing is not to alert people that there's something suspicious or else information critical to your investigation may go out the door. It may not be the best approach to do an external investigation right away," Bancroft explained.
Cohen said the best way of promoting an organisation-wide compliance culture was to understand an institution's business and culture, and to fit a programme to it. "For us [Euroclear Bank], we're a European bank, so everything needs to be done by consensus," he said.
0 comments:
Post a Comment