• Save
Fraud risk management
Upcoming SlideShare
Loading in...5

Fraud risk management






Total Views
Views on SlideShare
Embed Views



1 Embed 6

http://www.slideshare.net 6



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Fraud risk management Fraud risk management Presentation Transcript

  • Fraud Risk Management And Its Nexus With Anti-Corruption And FCPA Compliance in Asia Michael Short 5 February 2009
  • Topics for Discussion • The Internal Fraud Risk? • Cornerstone of Effective “Fraud Risk Management” • It’s not just Fraud Prevention – “FCPA Compliance” • Cultural Issues for FRM in Asia
  • The Internal Fraud Risk 1. ‘Shell Company’ Schemes 2. Basic Vendor Related Schemes (i.e. Over Invoicing) 3. ‘Tender Rigging’ or Vendor Collusion Collectively known as “Purchasing Fraud”
  • What is “Purchasing Fraud”? • Schemes attacking the purchasing function • Causing an organization to buy goods or services that are non-existent, overpriced or not needed • By submitting bogus invoices or other supporting documents • Often collusion exists between Victim’s staff and Fraudster
  • ‘Shell Company’ Schemes What is a ‘Shell Company’? • Fictitious entity • Created for purpose of committing fraud • Only exists on paper • Usually consists of bank account and mail drop • Generally registered with a company registry either locally or offshore (as need to open a bank account)
  • ‘Shell Company’ Schemes (Cont.) • Usually invoice for services, not goods. – Services not tangible, harder to verify • How ‘Shell Company’ invoices get paid: Collusion among several employees Fraudster prepares bogus support documents Supervisor “rubber stamps” purchases Fraudster or accomplice has authority to approve payment
  • ‘Shell Company’ Schemes (Cont.) Pass-through Schemes: • Variation of standard ‘Shell Company’ Scheme • Fraudster assigned to purchase goods/services for company • Uses ‘shell company’ to buy the items on credit from provider • Shell company sells items to employer at inflated price • Pays off shell’s credit, excess is profit
  • ‘Shell Company’ Schemes – Countermeasures (Micro Level) • Question invoices that have residential address or mail drops for mailing address. • Look for invoices lacking detail: – Missing phone no., fax no., invoice no. etc. • Sort payments by vendor, look for: – Consecutive invoice numbers – Consistent payment amounts, round numbers • Know your Vendor (i.e. Vendor Screening)
  • ‘Tender Rigging’ or Collusion • Often found in developing nations or in jurisdictions with weak rule of law. • Opaque business environments and ‘business through connections’ foster collusion. • MNC’s or Global Institutions are particularly at risk!
  • Collusion – Scenario #1 • RFP only sent to ‘chosen’ vendors. • Vendors pay Internal accomplice at purchasing authority to make final cut onto tender list. • Vendor who offers most advantage to purchasing authority gets the contract! • As Vendor has to pay to get on the list, this ‘cost’ is added to the price to maintain margin. You’ll You ll pay more!!
  • ‘Tender Rigging’ – Scenario #2 • Purchasing authority has ownership involvement in tendering vendors. • Totally corrupt tender process – short listed vendors are all connected to purchasing authority. • Contract goes to ‘cheapest vendor’, price is not competitively tested and victimized organization gets untested vendor at a higher price. You’ll You ll pay more!!
  • Collusion & ‘Tender Rigging’ (Cont.) • Both TR and Collusion involve a high degree of internal involvement. • Superficially difficult to detect in any organization. • Very Common method to defraud. • Difficult to spot, but quite easy to detect!
  • Cornerstones of an Effective Fraud Risk Management Programme 1. Know your Staff – Institute a rigorous and informed Pre-Employment Screening programme: – All fraud includes an element of internal collusion. – Are your staff who they say they are? – Have your staff previously been fired for unethical or illegal practices at former employers? – Have your staff got criminal records? – Are your staff fraudsters? – Have you asked them? – Have you checked them?
  • Cornerstones of an Effective Fraud Risk Management Programme 2. Know your Business Partner – Does the company exist? – Is it registered? – Do you know who owns it? – Where is the office? – Who are the managers? – How long has it been in business? – Have you asked them?!
  • Cornerstones of an Effective Fraud Risk Management Programme 3. Screen your Business Partner – Is it owned or managed by your staff? – Is it owned or managed by entities also involved in the tender process or who are existing vendors? – Why is it newly incorporated? Has it been established solely for the contract? – Why is it established offshore? Opaqueness?
  • Cornerstones of an Effective Fraud Risk Management Programme 4. Ethics and Whistle Blowing – Do you tell your Vendors that corruption is unacceptable? – Code of Ethics (frequently updated). – Ethics Awareness Training. – Establish Whistle Blowing mechanisms. – Train vendors in ethical practice and gain their ‘buy in’.
  • Code of Ethics • Use a COE that includes strong anti-bribery language as part of your company culture. COE must be provided in all relevant languages. • Make all players in your business understand and sign the COE- staff, vendors, distributors, partners. • Bind COE into all contracts – with staff, vendors, distributors, partners. • COE must emphatically ban giving, soliciting or taking all kinds of kickbacks, bribes, gifts, etc.
  • Code of Ethics (Cont.) • Violators of COE must be punished by disciplinary action, dismissals, vendor contract termination. • All should sign COE again at regular intervals. Update COE to reflect new developments and governance needs (e.g. new laws). • Reinforce with annual ethics & compliance training. • Management must set the Tone!!
  • It’s not just Fraud Risk Management… It’s FCPA Compliance too!!
  • Foreign Corrupt Practices Act (FCPA) • Enacted in 1977 • FCPA imposes severe civil and criminal penalties on US companies and individuals who “bribe” or “offer to bribe” foreign government officials to obtain business. FCPA Prosecutions 2003 - 2007 18 20 7 78 5 2 23 0 Source: 2007 Year-End FCPA Update – Gibson, Dunn & Crutcher LLP (4 January 2008)
  • FCPA - The Risks • Individuals may face fines of up to USD 250,000 and 5 years imprisonment. • Companies may be fined up to USD 2 million for each violation. • Disqualification from US government contracting and export licenses. • Shareholder law suits. • Failing the WSJ test.
  • FCPA - Violations In 2005, Titan Computer Co., Ltd settled a fine of USD 28.5 million for bribing a government official in Benin (West Africa) to secure a telecommunications contract. In 2004, ABB Ltd fined for USD 10.5 million for bribing African government officials with illicit payments worth USD 1.1 million to influence decisions related to M&A and retention of business. In 2006, Tyco Int’l Ltd fined USD 50 million for engagement in improper financial practices overstating its reports by USD 1 billion. The money was used to entertain Brazilian and South Korean government officials to sustain contracts and obtain new businesses for its subsidiaries.
  • It’s not just Fraud Prevention… If you screen your Vendors and Business Partners you will: Know if a “Foreign Official” or an “Associate/ Affiliate” owns or manages or benefits from your business partner President of Belarus Alexander Lukashenko President of Sudan President of Zimbabwe Omar al-Bashir Robert Mugabe
  • It’s a Cultural Thing… or is it ? “It is not culturally acceptable to screen our vendors”. NONSENSE! “We have to trust our business partners, vendors, clients etc.” NONSENSE! “No information exists with which to screen our vendors”. NONSENSE!
  • FCPA Compliance Program What does it include? • A clear defined corporate policy regarding gifts, payments and violations of FCPA • An effective communication to members of all levels of such a policy • An effective reporting system (e.g. “whistle blowing”) • An appropriate disciplinary procedure to address matters involving violation of FCPA • Extensive due diligence requirements pertaining to the company’s agents and business partners (e.g. “vendor screening”)
  • FCPA Compliance Program Continue…. • Clear corporate procedures designed to ensure the company exercises due care • A system to review and to record actions related to contracts and payments • Include in all agreements and contract renewals with all agents and business partners of provisions • A transparent financial and accounting procedure • Periodic independent audits of company’s compliance code
  • Sound Familiar? “An investment in an effective, highly structured and regularly audited FRM programme will also ensure compliance with the FCPA and will be invaluable in the event of a DOJ investigation”
  • Effective Fraud Risk Management • All fraud involves ‘Staff Collusion’ – so know their background. • Know your ‘Business Partners’ – check they are not owned or managed by your staff or your staff’s mother-in-law! • Communicate your corporate values on corruption to both ‘Staff’ and ‘Outside Partners’- Make them sign up to it! • Make ‘Fraud Risk Management’ part of your FCPA Compliance Programme – Your budget will be larger! • Good governance is not a “Cultural Thing”. It is good business!
  • Questions