Fraud risk management


Published on

Published in: Business, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Fraud risk management

  1. 1. Fraud Risk Management And Its Nexus With Anti-Corruption And FCPA Compliance in Asia Michael Short 5 February 2009
  2. 2. Topics for Discussion • The Internal Fraud Risk? • Cornerstone of Effective “Fraud Risk Management” • It’s not just Fraud Prevention – “FCPA Compliance” • Cultural Issues for FRM in Asia
  3. 3. The Internal Fraud Risk 1. ‘Shell Company’ Schemes 2. Basic Vendor Related Schemes (i.e. Over Invoicing) 3. ‘Tender Rigging’ or Vendor Collusion Collectively known as “Purchasing Fraud”
  4. 4. What is “Purchasing Fraud”? • Schemes attacking the purchasing function • Causing an organization to buy goods or services that are non-existent, overpriced or not needed • By submitting bogus invoices or other supporting documents • Often collusion exists between Victim’s staff and Fraudster
  5. 5. ‘Shell Company’ Schemes What is a ‘Shell Company’? • Fictitious entity • Created for purpose of committing fraud • Only exists on paper • Usually consists of bank account and mail drop • Generally registered with a company registry either locally or offshore (as need to open a bank account)
  6. 6. ‘Shell Company’ Schemes (Cont.) • Usually invoice for services, not goods. – Services not tangible, harder to verify • How ‘Shell Company’ invoices get paid: Collusion among several employees Fraudster prepares bogus support documents Supervisor “rubber stamps” purchases Fraudster or accomplice has authority to approve payment
  7. 7. ‘Shell Company’ Schemes (Cont.) Pass-through Schemes: • Variation of standard ‘Shell Company’ Scheme • Fraudster assigned to purchase goods/services for company • Uses ‘shell company’ to buy the items on credit from provider • Shell company sells items to employer at inflated price • Pays off shell’s credit, excess is profit
  8. 8. ‘Shell Company’ Schemes – Countermeasures (Micro Level) • Question invoices that have residential address or mail drops for mailing address. • Look for invoices lacking detail: – Missing phone no., fax no., invoice no. etc. • Sort payments by vendor, look for: – Consecutive invoice numbers – Consistent payment amounts, round numbers • Know your Vendor (i.e. Vendor Screening)
  9. 9. ‘Tender Rigging’ or Collusion • Often found in developing nations or in jurisdictions with weak rule of law. • Opaque business environments and ‘business through connections’ foster collusion. • MNC’s or Global Institutions are particularly at risk!
  10. 10. Collusion – Scenario #1 • RFP only sent to ‘chosen’ vendors. • Vendors pay Internal accomplice at purchasing authority to make final cut onto tender list. • Vendor who offers most advantage to purchasing authority gets the contract! • As Vendor has to pay to get on the list, this ‘cost’ is added to the price to maintain margin. You’ll You ll pay more!!
  11. 11. ‘Tender Rigging’ – Scenario #2 • Purchasing authority has ownership involvement in tendering vendors. • Totally corrupt tender process – short listed vendors are all connected to purchasing authority. • Contract goes to ‘cheapest vendor’, price is not competitively tested and victimized organization gets untested vendor at a higher price. You’ll You ll pay more!!
  12. 12. Collusion & ‘Tender Rigging’ (Cont.) • Both TR and Collusion involve a high degree of internal involvement. • Superficially difficult to detect in any organization. • Very Common method to defraud. • Difficult to spot, but quite easy to detect!
  13. 13. Cornerstones of an Effective Fraud Risk Management Programme 1. Know your Staff – Institute a rigorous and informed Pre-Employment Screening programme: – All fraud includes an element of internal collusion. – Are your staff who they say they are? – Have your staff previously been fired for unethical or illegal practices at former employers? – Have your staff got criminal records? – Are your staff fraudsters? – Have you asked them? – Have you checked them?
  14. 14. Cornerstones of an Effective Fraud Risk Management Programme 2. Know your Business Partner – Does the company exist? – Is it registered? – Do you know who owns it? – Where is the office? – Who are the managers? – How long has it been in business? – Have you asked them?!
  15. 15. Cornerstones of an Effective Fraud Risk Management Programme 3. Screen your Business Partner – Is it owned or managed by your staff? – Is it owned or managed by entities also involved in the tender process or who are existing vendors? – Why is it newly incorporated? Has it been established solely for the contract? – Why is it established offshore? Opaqueness?
  16. 16. Cornerstones of an Effective Fraud Risk Management Programme 4. Ethics and Whistle Blowing – Do you tell your Vendors that corruption is unacceptable? – Code of Ethics (frequently updated). – Ethics Awareness Training. – Establish Whistle Blowing mechanisms. – Train vendors in ethical practice and gain their ‘buy in’.
  17. 17. Code of Ethics • Use a COE that includes strong anti-bribery language as part of your company culture. COE must be provided in all relevant languages. • Make all players in your business understand and sign the COE- staff, vendors, distributors, partners. • Bind COE into all contracts – with staff, vendors, distributors, partners. • COE must emphatically ban giving, soliciting or taking all kinds of kickbacks, bribes, gifts, etc.
  18. 18. Code of Ethics (Cont.) • Violators of COE must be punished by disciplinary action, dismissals, vendor contract termination. • All should sign COE again at regular intervals. Update COE to reflect new developments and governance needs (e.g. new laws). • Reinforce with annual ethics & compliance training. • Management must set the Tone!!
  19. 19. It’s not just Fraud Risk Management… It’s FCPA Compliance too!!
  20. 20. Foreign Corrupt Practices Act (FCPA) • Enacted in 1977 • FCPA imposes severe civil and criminal penalties on US companies and individuals who “bribe” or “offer to bribe” foreign government officials to obtain business. FCPA Prosecutions 2003 - 2007 18 20 7 78 5 2 23 0 Source: 2007 Year-End FCPA Update – Gibson, Dunn & Crutcher LLP (4 January 2008)
  21. 21. FCPA - The Risks • Individuals may face fines of up to USD 250,000 and 5 years imprisonment. • Companies may be fined up to USD 2 million for each violation. • Disqualification from US government contracting and export licenses. • Shareholder law suits. • Failing the WSJ test.
  22. 22. FCPA - Violations In 2005, Titan Computer Co., Ltd settled a fine of USD 28.5 million for bribing a government official in Benin (West Africa) to secure a telecommunications contract. In 2004, ABB Ltd fined for USD 10.5 million for bribing African government officials with illicit payments worth USD 1.1 million to influence decisions related to M&A and retention of business. In 2006, Tyco Int’l Ltd fined USD 50 million for engagement in improper financial practices overstating its reports by USD 1 billion. The money was used to entertain Brazilian and South Korean government officials to sustain contracts and obtain new businesses for its subsidiaries.
  23. 23. It’s not just Fraud Prevention… If you screen your Vendors and Business Partners you will: Know if a “Foreign Official” or an “Associate/ Affiliate” owns or manages or benefits from your business partner President of Belarus Alexander Lukashenko President of Sudan President of Zimbabwe Omar al-Bashir Robert Mugabe
  24. 24. It’s a Cultural Thing… or is it ? “It is not culturally acceptable to screen our vendors”. NONSENSE! “We have to trust our business partners, vendors, clients etc.” NONSENSE! “No information exists with which to screen our vendors”. NONSENSE!
  25. 25. FCPA Compliance Program What does it include? • A clear defined corporate policy regarding gifts, payments and violations of FCPA • An effective communication to members of all levels of such a policy • An effective reporting system (e.g. “whistle blowing”) • An appropriate disciplinary procedure to address matters involving violation of FCPA • Extensive due diligence requirements pertaining to the company’s agents and business partners (e.g. “vendor screening”)
  26. 26. FCPA Compliance Program Continue…. • Clear corporate procedures designed to ensure the company exercises due care • A system to review and to record actions related to contracts and payments • Include in all agreements and contract renewals with all agents and business partners of provisions • A transparent financial and accounting procedure • Periodic independent audits of company’s compliance code
  27. 27. Sound Familiar? “An investment in an effective, highly structured and regularly audited FRM programme will also ensure compliance with the FCPA and will be invaluable in the event of a DOJ investigation”
  28. 28. Effective Fraud Risk Management • All fraud involves ‘Staff Collusion’ – so know their background. • Know your ‘Business Partners’ – check they are not owned or managed by your staff or your staff’s mother-in-law! • Communicate your corporate values on corruption to both ‘Staff’ and ‘Outside Partners’- Make them sign up to it! • Make ‘Fraud Risk Management’ part of your FCPA Compliance Programme – Your budget will be larger! • Good governance is not a “Cultural Thing”. It is good business!
  29. 29. Questions