2. AGENDA
• Introduction
• Bribery and Corruption – an overview
• Charity Fraud – an overview
• Investigations:
– Hot Topic
– Recent BDO investigations
• Controls and defences
• What to do upon discovering a fraud
4. • A financial or other advantage – not just cash:
– gifts and corporate hospitality
– promotional expenses, travel expenses and accommodation costs
– employing individuals or their relatives
– vouchers or other cash equivalent
– provision of services such as use of a car
– awarding a contract to a particular company or individual
– making political or charitable donations
– sponsorships
• Purpose of the bribe?
– secure a new contract
– keep an existing contract
– gain any advantage over a competitor
– “turn a blind eye”
OVERVIEW – THE BRIBERY ACT 2010
WHAT IS A BRIBE?
5. General bribery offences (individual or corporate body)
Section 1 – Giving or offering a bribe
Section 2 – Receiving or requesting a bribe
Key:
• Intention, knowledge or belief
• Connection between the bribe and “wrongfulness element”
• “Improper performance” based on a reasonable person’s view of “improper”
• Corporate offence - senior person in the organisation, e.g. the CEO or Managing
Director committed the offence and attributed to the organisation (the
"directing mind" test). More likely under section 7
• Facilitation payments are considered bribes and will be prosecuted (no
exemptions)
Bribing a public official (individual or corporate body)
Section 6 – Bribery of a foreign public official
OVERVIEW – THE BRIBERY ACT 2010
PROVISIONS OF THE ACT
6. Corporate offence
Section 7 – Corporate offence of failing to prevent bribery
Prosecution when:
• A person associated with the organisation bribes another person (section 1
and 6); and
• The bribe was made with the intention of obtaining or retaining business or
an advantage in the conduct of business for the organisation
• Covers UK and abroad
• Knowledge is not a requirement
• Complete defence IF can show “adequate procedures” designed to prevent
bribery
• Adequate procedures are not defined in the legislation but in guidance
OVERVIEW – THE BRIBERY ACT 2010
PROVISIONS OF THE ACT
7. • No retrospective element (i.e. prior to 1 July 2011)
• Substantive offences (sections 1,2 and 6):
• Up to 10 years imprisonment
• Unlimited fine
• Or both (corporate fine only)
• Corporate Offence (section 7):
• Crown Court
• Strict liability (i.e. a company can be convicted even where it had
no motive to commit a bribe)
• Unlimited fine
• Debarment from public contracts (EU Public Sector Procurement
Directive 2004)
OVERVIEW – THE BRIBERY ACT 2010
PENALTIES
8. OVERVIEW – THE BRIBERY ACT 2010
DEFENCES – ADEQUATE PROCEDURES
• The only defence to section 7 is “adequate procedures” to prevent
bribery. They are considered adequate when they are proportionate to
the risk
• Six broad principles:
1. Proportionate procedures
2. Top level commitment
3. Risk assessment
4. Due diligence
5. Communication and training
6. Monitoring and review
9. OVERVIEW – THE BRIBERY ACT 2010
DEFENCES
Key:
• Zero tolerance approach communicated widely
• Action must be continually reviewed
• Audit trail to show action taken
• Core policies in place:
– Anti bribery and corruption
– Anti Fraud and Fraud Response Plan
– Conflicts of Interest
– Gifts and Hospitality
– Whistleblowing
– Code of conduct
10. OVERVIEW – THE BRIBERY ACT 2010
KEY CONCERN FROM EMPLOYEES?
• Hospitality unlikely to breach Act if:
• Reasonable or proportionate
• Has bona fide business purposes
• Is not intended to influence performance of function
• Unduly lavish hospitality could infer impropriety
• Consider internal Codes of Conduct
11. ACTION TO DATE?
• First conviction: November 2011
Munir Patel was sentenced to 3 years
imprisonment
• Handful of low level cases
• First SFO prosecution: convictions in
December 2014 (£23 million case)
12. • A body or partnership incorporated or formed which carries out
business, or part of its business in the UK
• If an organisation is incorporated (by whatever means) or is a
partnership, it does not matter whether it pursues primarily
charitable, educational or public functions
• If it engages in commercial activities it is covered by the legislation
• Corporate offence if:
• A senior person’s activities (bribery) could be attributed to the
charity; or
• A person associated with the charity (i.e. an employee, or someone
acting on behalf of the charity) bribes another person (section 1 or
6)
OVERVIEW – THE BRIBERY ACT 2010
ARE CHARITIES/NFPS CAPTURED BY THE CORPORATE OFFENCE?
13. • Jurisdiction - certain activities and jurisdictions are more risky than others
– Cultural issues
– Reliance on local staff
– Lack of control/oversight
– Consider risks associated with overseas jurisdictions (Organisations provide
guidance: eg Transparency International, Amnesty International)
• Sector issues (eg construction, healthcare, infrastructure)
• Dependency on Partner Organisations
• Transactions (eg large transaction, payments to Governments)
• Urgency – impact on policies and procedures
• Critical skills of an employee
• Procurement and tendering
OVERVIEW – THE BRIBERY ACT 2010
KEY RISK AREAS
14. • Procurement is high risk area for bribery and corruption
• Reliance on private sector organisation to procure billions of goods and services
from the private sector
– Long standing companies
– Companies formed for the opportunity (including recruitment of former
staff)
• Procurement process:
1. Assessment of service required
2. Bid design
3. Award of contract
4. Assessment of contract implementation
• Internal vs. External threats
– Collusion between suppliers
– Collusion between employees and suppliers
OVERVIEW – THE BRIBERY ACT 2010
KEY RISK AREA: PROCUREMENT
15. • Outsourced maintenance contracts previously managed in-house
• Procurement director had sole responsibility for control of suppliers and the bid
process
• Whistle-blower alleged that the procurement director was ‘meddling’ in the bid
process
• Further allegations included similarities between the director’s car and a key
supplier
• Background research was done without alerting the individual – there were
many links between the director and key suppliers - including matching
addresses and shareholder with the same name as the director’s wife
• Procurement director had not declared any interests
• Eventually suspended and ultimately removed from post admitting links to
companies and conflicts of interest
• Core member of the team suspended after admitting suspicions
BDO CASE STUDY
PROJECT ALPHA
16. • Anti-bribery stance – tone from the top
• Transparency in activities and operations
• Anti-bribery policy and training - offering guidance to employees
• Gifts and hospitality policy and register - training and guidance to employees
• Due diligence on employees, volunteers, partners, suppliers and contractors
• Appointment of a bribery lead and regular risk assessments - take into
account:
• New activities and ventures
• Jurisdictions and risks associated
• The requirement for constant monitoring
• Investigate reports of bribery and self report where necessary
• Incorporate bribery reporting into whistleblowing policy
OVERVIEW – THE BRIBERY ACT 2010
WHAT CAN YOU DO?
18. INTRODUCTION
FRAUD MYTHS AND MISCONCEPTIONS
• Fraud only happens in large organisations
• Fraud is a victimless crime
• It’s all about the money
• Fraud is highly complex and elaborate
• Fraudsters are easy to spot
• If the team have suspicions they WILL report it
• “It will never happen to us”
• No-one in a position of trust or authority would do that!
• Fraudsters keep their money in Swiss bank accounts and tax havens
• It’s all about cyber crime
19. • Difficult to quantify accurately
• Many organisations deal with fraud in-house
• Many fraud statistics based on reported fraud, for example:
• UK Cards Association - £388m
• Association of British Insurers - £1bn detected and suspect £2bn undetected
• Department for Work & Pensions -£3.4bn (2% of total expenditure due to
fraud/error)
• FraudTrack (BDO research) - £2bn
• Attempts to assess unreported fraud:
• National Fraud Authority’s Annual Fraud Indicator (2013):
• Total - £52bn
• Charity fraud - £147m
INTRODUCTION
HOW BIG IS THE PROBLEM?
20. INTRODUCTION
HOW DOES FRAUD OCCUR – FRAUDSTER PERSPECTIVE
• Financial pressure /
debt
• “Need or Greed”
• Living beyond means
• Loss of earnings by a
family member
• Failed investments
• Personal
circumstances /
issues
• Additional
relationships
• Blackmail (rare)
• Poor governance and risk
management procedures
• Weak internal systems and
controls
• Lack of segregation of duties
• No fraud prevention or
detection polices
• Cultural issues
• Easy access to funds / assets
• Lack of due diligence on
employees, suppliers and
customers
• Ability to override controls
• Confidence in not getting
caught
• Other people are doing it
• No pay rises and poorly paid
• Badly treated / overlooked for promotion
• Organisation can take the loss
• Organisation is poorly managed anyway
21. INTRODUCTION
HOW DOES FRAUD OCCUR – COMPANY PERSPECTIVE
• Poor systems and controls
• Lack of due diligence on suppliers, customers, third parties employees
• Ignoring the red flags
• Cultural issues
• Lack of policies and procedures
• Lack of whistleblowing program
• Too much trust
22. Behaviours
• Dominant management
style/personalities
• High staff turnover
• Lifestyle of employees vs.
remuneration
• Low staff morale
• Not taking holidays/long hours
• Unusual/uncharacteristic behaviour
• New staff resigning quickly
• Resistance to help/change
• Refusing promotion
• Whistleblowers
Other
• Variances between
forecasts/budgets
• Problems with reconciliations
• Changes in financial reporting
• Unrestricted funds spent without
prior authorisation
• Duplicate payments/cheques
• Missing/incomplete documents,
i.e. major income/expenditure
streams including grant funding
• Consistent alterations/deletions
• Journal adjustments
INTRODUCTION
FRAUD INDICATORS – RED FLAGS
23. • Loss of funds / assets
• Cost of investigation, legal advice and
recovery
• Management/Trustee time and commitment
• Reputation
• Public trust and confidence
• Employee/volunteer morale
• Security and existence
• Increased insurance costs
• Funding (funding bodies, community etc)
• Less funds for beneficiaries
• Relationships with external parties
• Other linked criminal activities i.e. money
laundering/terrorist financing
• It’s not just about the money
INTRODUCTION
FRAUD CONSEQUENCES
25. WHO WILL DEFRAUD YOU?
• Professional fraudster?
• Opportunist fraudster?
• Trustees?
• Employees?
• Volunteers?
• Beneficiaries?
• Partner organisations?
• Suppliers?
• Collusion – combination of the
above?
• Others?
26. PROFILE OF A FRAUDSTER
• Research suggests….
• Male
• 36 – 45 years old
• Works in the finance function or in a
finance related role
• Holds a senior management position
• Employed by the company for more
than 10 years
• Commits fraud against his own
employer
• Works in collusion with another
perpetrator
BUT….. relevance?
30. ARE CHARITIES VULNERABLE?
• Charity ethos: altruism / honesty / trust / pursuit of common and shared goals
• High levels of public trust and confidence
• Rely on goodwill and support of employees and volunteers
• Smaller charities may lack scrutiny / division of duties
• Reliance on cash based fund raising – attractive to opportunist and organised
fraudster
• Administrative and control functions may be weak / carried out by volunteers
• International work increases risk of fraud, bribery and corruption
• International work may increase lack of management oversight and may weaken
controls
• Technological advances make donations easier but also increase risk
• Fraudsters are targeting NFP organisations
…. You have assets (Registered charities - net assets worth approx. £125 billion)!
31. Internal vs. external (+ collusion):
• Income generation, i.e. grants,
donations, fundraising
• Internal management of funds, i.e.
internal financial systems and controls
• Recruitment and screening of
employees, volunteers, beneficiaries,
suppliers etc
• Management of expenditure, i.e. large
complex projects and contracts, budget
vs. actual spending, beneficiaries,
supplier payments and expense claims
• External threats, i.e. credit card fraud,
change of supplier details, IT/cyber
crime
ARE CHARITIES VULNERABLE?
KEY RISK AREAS
32. ARE CHARITIES VULNERABLE?
TYPES OF FRAUD
• Misappropriation of funds vs. Fraudulent financial reporting
• Income-related fraud
• Diverting donations, grant funding, sales proceeds
• Impersonating charities
• Expenditure fraud
• Fraudulent invoices / misuse of bank, credit and debit cards
• Overpaying for goods/services
• Misuse of funds/assets/charity identity
• Payroll fraud
• Fraudulent grant applications
• Fictitious charities
• False applications received by charity / made by the charity
• Procurement fraud
• External/third party fraud – phishing/change supplier details
• Financial manipulation fraud
• Under reporting costs/inflating assets
• Misclassifying restricted donations, fundraising or administrative expenses
34. HOT TOPIC
THIRD PARTY FRAUD - SWITCHING
1) Common approach
• Letter to change supplier details
• Large port hit for bulk purchase of oil (average purchase £1 million per week)
• 3 weeks of supplier not receiving payments = £3 million loss
2) Low value – additional issues
• Phone call to change supplier bank details
• Housing Association’s insurance premium targeted – non-payment led to losses and
no insurance cover
3) Head office vs. internal division
• Instructions to change bank details sent to internal division of UK plc instead of
Head Office
• Internal transfer of change request led to ‘assumption’ that due diligence checks
had already been carried out by division
• Payments to fraudster until supplier alert of non-payment = £1 million loss
35. HOT TOPIC
THIRD PARTY FRAUD
4) The Bank as the ‘third party’
• Caller purports to be the Bank returning a failed payment
• Limited information provided by the caller
• Fake caller ID gives comfort over legitimacy
• Provide new account details and convinced to provide account details
• Convince employee to provide bank account details (username and passcode
generated by PIN code device)
• Fake refund initiated by fraudster whilst logged on using details provided
5) The lawyer as the ‘third party’
• Caller purports to be solicitor instructed by CEO
• They have been chosen as the trusted employee
• Call is “secret” and not to be discussed with anyone
• Bank account has been compromised – required to transfer funds to new account to
prevent further losses
37. CASE STUDY
PROJECT ACTIVE – LIVE INVESTIGATION
Background
• Two separate frauds by CEO and FD
• CEO fraud - awarding pay increases and bonuses, expenses fraud and other low-level frauds
• FD fraud - larger (circa £10million) – cheques, BACS and CHAPS payments to own bank
accounts
• Some payments identified by staff but FD had convincing story (“confidential projects”)
• Accounts team were complicit in covering up unusual payments
• Key member of staff raised issues with HR but these were not progressed – counter grievance
led to the staff member being pushed out of the organisation
Factors
• Culture was a key issue – accounts team desensitised to “unusual” payment activity and
accounting
• Dominant CEO seen as a bully
• FD used the CEO to cover for his actions
• Personal relationships instilled loyalty
38. CASE STUDY
PROJECT FLORENCE
Background
• Foreign based whistleblower alleged for-profit subsidiary of a UK charity procured a lucrative
foreign Government contract through bribery
• High profile/senior foreign Government official awarded contract on proviso an element was
subcontracted to his wife
• Key issues:
• Management of the key parties (Government department and Regulator)
• Management of reputation
• Servicing the contract pending investigation outcomes
• Case presented to foreign regulator and client treated as a ‘witness’ in ongoing foreign
criminal proceedings
Factors
• Lucrative contract (too good to be true) but no-one questioned the good news
• Contract bypassed usual legal route
• No segregation of duties from winning, renewing and managing the contract
• Invoices via contracts manager and not accounts team
• Preferential supplier payment terms of 4 days (usually paid within 2-3 days)
39. CASE STUDY
PROJECT JOHNSTON
Background
• Whistleblower letter alleged that funding had been diverted from intended purpose to an
unrelated social enterprise venture
• Other allegations of financial mismanagement including misuse of company credit cards,
inappropriate purchasing activity and abuse of Trust funds for personal use
• The organisation was on the verge of insolvency
• Traced the life of the funding from application to current status including funds flow and
instruction of third party contractors – identified incoming funds into ‘one pot’ and not
allocated to projects
• Identified a variety of management failures and misappropriation of funds
Factors
• No reconciliation of funding income and project expenditure
• Management overriding controls in finance, recruitment, tendering and procurement
• The Board not ‘robust’ in their governance approach
• Earlier whistleblower allegations not followed up or investigated
• Grievances/exit interviews not followed up
40. CASE STUDY
PROJECT STABLE
Background
• New IT infrastructure/modernisation project for a NFP organisation
• First stage of process to identify requirements – external project management consultancy
brought in with no formal tender process
• Process identified need to recruit specialist into IT team – recruited and brought in own team
and pushed out previous team based on “poor performance” and “resistance to change”
• Second stage to tender for services – formal tender process managed by new team
• New IT system problematic and support weak – led to investigation
• Investigation hindered as external suppliers controlled networks and shut down access
• Identified IT equipment not owned by organisation – non-commercial arrangement in place
• Identified relationship between the IT specialist, the consultancy and the successful supplier
Factors
• No formal due diligence on external consultants in stage one or two
• Weak HR procedures when IT specialist recruited
• No exit interviews on out-going staff
41. CASE STUDY
PROJECT AFRICA
Background
• International charity identified significant losses relating to a project based abroad
• Bank statements altered and financial statements manipulated to conceal extraction of
funds from the project leaving a large ‘black hole’
• Property and documents were destroyed in an attempt to conceal evidence
• The books and records were reconstructed to identify the full extent of the loss
• The fraudster was identified and removed from the organisation and steps taken to recover
losses
• Checks identified discrepancies on CV provided – ‘compromised’ out of previous organisation
Controls
• Employee due diligence checks should confirm previous employment, referees and
qualifications
• Complete personnel records should be held on file
• Restrict access to ‘super user’ logons which make it difficult to identify who has made
certain transactions on accounting system
• Ensure overseas bank accounts are monitored independently and using original
documentation (not documentation provided)
42. CASE STUDY
PROJECT IPCRESS
Background
• Outsourcing arrangement following formal tender process
• Some elements formally carried out in-house
• Blurry boundaries between supplier/customer – referred to as “partners” but not a partnering
agreement
• Whistle-blower – identified as the fifth whistle-blower
• Right of audit clause within the contract utilised for investigation
• Supplier attempted to conceal evidence in skips - reconstruction of files took over 2 months
• Identified systematic overcharging - cost plus management fee - often over 1000%
• Changes to initial scope and “can do” attitude used as justification for excessive costs
Factors
• Teams were too close and did not scrutinise individual work quotes
• Information provided to client was overcomplicated and difficult to understand
• Contract was not reviewed on an annual basis, rolled over
• Key dual-purchases (machinery) not covered by contract
44. FRAUD RISK PROFILING
PREVENTION IS BETTER THAN CURE
• Fraud awareness is key
• Remain vigilant
• Every charity will be different depending
on:
• Fundraising activities
• How you provide services
• Nature of structure/locations
• Assess risk and put appropriate controls in
place in high risk areas
• Direct resources appropriately
• Reassess risks regularly to account for any
changes in structure to ensure fit for
purpose
• Ensure key strategies in place to deal with
fraud, fraud response, whistleblowing,
money laundering, bribery and corruption
45. • Recruitment, recruitment, recruitment
• Key policies in place (fraud, anti-money laundering, bribery etc)
• Act on information – take whistle-blowers seriously
• Risk profiling key business areas
• Restrict/control access (systems, buildings etc)
• Implement robust financial controls and governance measures
• Segregation of duties
• Training and awareness (employees, volunteers and trustees)
• Systems and controls checks – high level reviews/tripwires/spot checks
• Review of authorisation/mandate levels
• Review key monthly management reports
• Bank/asset reconciliations
• Review exception reports
• Robust IT controls – controls over permissions and access rights
• Whistleblowing culture
FRAUD RISK PROFILING
SOME FRAUD DEFENCES
46. The control environment:
Organisation of people
• Delegation
• Reporting
Segregation of duties
• The work of one person is independent of another
• No one person can authorise, execute, and record
Personnel controls
• Recruitment
• Training
• Capabilities matched with functions
Supervision
• Control over day to day running
• Management able to sort out problems
Management
• Acting on information
• Being proactive and reactive
• Internal audit
The control procedures :
Physical
• Security over assets
• Controls over access to assets
• Regular stock checks
• Maintaining a register
Authorisation
• Who can do what
• Hierarchical structure of signatories
Checking procedures
• Arithmetical
• Check totals
• Control accounts
• Reconciliations
• Trial balances
FRAUD RISK PROFILING
INTERNAL CONTROLS
48. DO NOT:
• Ignore whistleblowers
• Respond emotionally or take any hasty
actions
• Immediately confront the subjects
• Damage or mark any evidence or
potential evidence
• Turn on computers, laptops, mobile
phones or other electronic devices
• Limit the scope of your concerns to a
specific issue
• Divert attention from the day to day
running of the business
• Dismiss the employee – consider
suspension instead
• Ignore the possibility that losses may still
be continuing
• Ignore the regulator
DO:
• Activate your fraud response plan and implement
a communication strategy
• Contact relevant parties:
• Internal: Trustees/Board
• External: Bank, Police, Insurers, Regulator,
Specialist service providers
• Engage professional assistance where required
• Carefully preserve evidence (electronic and paper
documents, laptops and mobile phones)
• Take steps to stop further losses
• Be objective in your assessment
• Limit the number of people involved in
investigation
• Assess the impact and act on lessons learned
• Consider next steps – criminal vs. civil
WHAT TO DO UPON DISCOVERING A FRAUD
49. POST FRAUD: NEXT STEPS
• Assess the effectiveness of your fraud response plan
• Assess the effectiveness of other relevant policies
• Assess the impact and act on lessons learned
• Review reasons for fraud/loss and implement controls
• Consider recovery of losses
• Manage reputation – press strategy
• Manage internal morale
• Ensure remaining team are ‘clean’ and consider restructure