Annual Edition 2008/2009Global Fraud Report                           Global and local issues                           di...
CorrectionIn the July 2008 issue of the Global Fraud Report the article “Writtenor oral reports? Don’t waive your rights a...
ContentsGlobal Fraud Report Introduction.....................................................................................
Kroll commissioned The Economist Intelligence Unit to conduct aworldwide survey on fraud and its effect on business during...
IntroductionIntroduction                                                           I                                      ...
EIU OverviewF    raud is a fact of corporate life. But the     Fraud, and vulnerability to it, is             	 lost nearl...
EIU Overview	 the proportion is 90%. There is little room    Europe in particular – have seen less  left for this figure t...
Financial ServicesHazards in                                                                                              ...
Financial ServicesCASE STUDY                                                                                              ...
professional ServicesNew rules                                                                   member states - including...
viewpoint                                                                                               applicable protect...
ManufacturingThe risks keeping                                                                                            ...
Manufacturingconflicts of interest. It is troubling to         Rotating staff on a regular basis obstructsconsider the num...
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Global Fraud Report 2008-2009
Upcoming SlideShare
Loading in …5
×

Global Fraud Report 2008-2009

1,917 views

Published on

Kroll commissioned The Economist Intelligence Unit to conduct a worldwide survey on fraud and its effect on business during 2008.

A total of 890 senior executives took part in this survey. A third of the respondents were based in North and South America, 30% in Asia-Pacific, just over a quarter in Europe and 11% in the Middle East and Africa. Ten industries were covered, with no fewer than 50 respondents drawn from each industry. The highest number of respondents came from the professional services industry (16%) followed by financial services (13%) and technology, media and telecoms (11%). A total of 42% of the companies polled had global annual revenues in excess of US$1 billion.

This report brings together these survey results with the experience and expertise of Kroll and a selection of its affiliates. It includes content written by The Economist Intelligence Unit and other third parties. Kroll would like to thank The Economist Intelligence Unit, Dr. Paul Kielstra and all the authors for their contributions in producing this report.

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,917
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Global Fraud Report 2008-2009

  1. 1. Annual Edition 2008/2009Global Fraud Report Global and local issues discussed. Sector by sector analysis. Economist Intelligence Unit analysis.
  2. 2. CorrectionIn the July 2008 issue of the Global Fraud Report the article “Writtenor oral reports? Don’t waive your rights accidentally” was incorrectlyattributed solely to Asuncion C Hostin. The article was primarily writtenby Gilbert Boyce, litigation partner at Kutak Rock and should have beenattributed to him accordingly. G ilbert Boyce is a partner in the litigation department of the Washington, D.C. office of Kutak Rock. He has been lead trial or appellate counsel for brokerage firms, financial institutions, insurance companies, non-profit organizations, and accounting firms in a wide range of complex litigation in federal and state courts, the U.S. Tax Court and before various arbitration tribunals.
  3. 3. ContentsGlobal Fraud Report Introduction.................................................................................. 5 Retail, Wholesale distribution Ben Allen, President CEO Profile: Leading express and mail provider shows the way....................................................................................... 22 EIU Overview.................................................................................... 6 Reducing retail fraud through background screening.......... 23 The Economist Intelligence Unit overview viewpoint Financial Services How quickly can you detect a data breach? Hazards in hedging contracts............................................................ 8 How will you respond?....................................................................... 24 Benefits of detection............................................................................. 9 Consumer goods Professional services Using the International Trade Commission New rules cause law firm problems. ............................................. 10 in IP investigations. .............................................................................. 26 viewpoint viewpoint Protective steps in internal Word Power: Linguistic analysis assists public company investigations........................................................ 11 fraud investigations............................................................................. 28 Manufacturing Travel, leisure transportation The risks keeping manufacturers awake at night. .................. 12 Common scams in hospitality. ................................................... 28/29 Healthcare, Pharmaceuticals construction Biotechnology Fixed-budget projects: hidden risks............................................... 30 Preventing data breaches in healthcare...................................... 14 Fraud vulnerability Strengthening information security.............................................. 16 Blowing hot and cold: Targeting areas of high risk................ 32 Technology, Media telecoms Kroll Contacts................................................................34 The changing face of online brand abuse.................................. 18 Kroll Services...................................................................35 Natural resources Guidelines for expanding in developing countries................. 19 viewpoint Compliance: It’s just good business sense. .................................. 20 Kroll Global Fraud Report • Annual Edition 2008/2009  | 
  4. 4. Kroll commissioned The Economist Intelligence Unit to conduct aworldwide survey on fraud and its effect on business during 2008.A total of 890 senior executives took part in this survey. A third of therespondents were based in North and South America, 30% in Asia-Pacific,just over a quarter in Europe and 11% in the Middle East and Africa.Ten industries were covered, with no fewer than 50 respondents drawnfrom each industry. The highest number of respondents came from theprofessional services industry (16%) followed by financial services (13%)and technology, media and telecoms (11%). A total of 42% of thecompanies polled had global annual revenues in excess of $1billion.This report brings together these survey results with the experience andexpertise of Kroll and a selection of its affiliates. It includes contentwritten by The Economist Intelligence Unit and other third parties.Kroll would like to thank The Economist Intelligence Unit, Dr. Paul Kielstraand all the authors for their contributions in producing this report.The information contained herein is based on sources and analysis we believereliable and should be understood to be general management information only.The information is not intended to be taken as advice with respect to any individualsituation and cannot be relied upon as such. Statements concerning financial,regulatory or legal matters should be understood to be general observations basedsolely on our experience as risk consultants and may not be relied upon as financial,regulatory or legal advice, which we are not authorized to provide. All such mattersshould be reviewed with appropriately qualified advisors in these areas.This document is owned by Kroll and The Economist Intelligence Unit Ltd., and itscontents, or any portion thereof, may not be copied or reproduced in any form withoutthe permission of Kroll. Clients may distribute for their own internal purposes only.Kroll is a subsidiary of Marsh McLennan Companies, Inc (NYSE:MMC), the globalprofessional services firm.  |  Kroll Global Fraud Report • Annual Edition 2008/2009
  5. 5. IntroductionIntroduction I am delighted to welcome you to the and Investigations as they increasingly second annual Kroll Global Fraud Report. sought the most up-to-date technology to As CEO of Kroll, the publication of this find electronic evidence that could make report each year is an opportunity to look the difference between success and failure beyond our day-to-day concerns, back over in a complex case. In the last few years, the work we have done, but also forward to both our groups have worked with our the challenges that lie in the future. colleagues in Background Screening to produce solutions for ID theft, from breach When people think of fraud, I think many protection, risk assessment, and planning of us imagine the classic scenario of the to post-event response, customer staff member that disappears with the notification, investigation, and resolution. petty cash, or rogue traders on Wall Street, or pump-and-dump stock schemes. These Increasingly, the work we do moves certainly form a large part of the work we between accounting, investigations and do at Kroll. Financial fraud – embracing all technology. Few fraud cases involve only these and more – is a critical problem for one element, and more and more of our many companies. work is genuinely global, involving cases in more than one jurisdiction. Products But as this annual issue of the Kroll Global stolen in one country may be offered in a Fraud Report shows, there is more to fraud second for sale; the proceeds may go to than this. Information theft and threats a third country, and be banked in a fourth. to intellectual property are rising fast up The criminals may live in a different the list of concerns. And the work we doBen Allen is president and chief executive officer of jurisdiction altogether – perhaps even onKroll, based in New York. Prior to this appointment, increasingly focuses on these types of fraud. a different continent.Ben served as president of Kroll Technology Services,which includes Kroll Ontrack, Kroll’s legal technologies Why should this be so? Partly, it reflects the Some of the challenges we face in every data recovery subsidiary, background screening and ease with which criminals can make use ofrelated services. Early in his career, Ben worked for fraud case are technical: how to use our new techniques, gaps in infrastructure andCeridian Corporation and 3M in sales, marketing, and technology to search Japanese characters,management positions. He earned his B.A. in business the difficulties in resolving security issues or the right ways to liaise with lawfrom Washington State University. with new software. enforcement, or where to find company But it also reflects a change in the nature registration details. But some of them are of business. It is a mistake to look at fraud cultural: putting together multinational, only from the point of view of the threat. multi-capability teams is complex and we The biggest issue is the assets at risk, and learn more every year about how to do that. the assets that companies guard most We pride ourselves on having the right closely are increasingly held electronically: people to address the most complex issues, client data, details of how a product is and that means staying one step ahead of manufactured, information on staff, new the fraudsters – but also keeping in touch software, entertainment products… the list with the way our clients do business. is endless. New technologies make these I hope this report provides some useful easier to produce and store; but sometimes food for thought. easier to steal, and easier to resell. My background is in our technology business. Kroll Ontrack has grown exponentially through data recovery, computer forensics and electronic discovery. At every stage we have worked with our colleagues in Business Intelligence ben Allen Kroll Global Fraud Report • Annual Edition 2008/2009  | 
  6. 6. EIU OverviewF raud is a fact of corporate life. But the Fraud, and vulnerability to it, is lost nearly three times as much as the threat, and the way companies tackle average, some $23.3 million. Smaller already widespread and increasing it, changes over time. Kroll accordingly firms suffered much less in absolute according to a variety of metrics: terms. Nevertheless, their loss percommissioned its second annual surveyfrom the Economist Intelligence Unit of K Average Loss: The average company in company, $5.5 million, represents a 70%nearly 900 senior executives worldwide, our survey lost $8.2 million to fraud increase from last year’s average.46% of whom are C-level executives such as over the past three years. This is up 22% K Overall Incidence: 85% of companiesCEOs, CFOs and CIOs, to obtain an accurate from last year’s survey when the figure were affected by at least one fraud in theimpression of the challenge fraud is stood at $6.7 million. Larger companies – past three years, up from 80% in ourpresenting today. The key findings include: those with annual sales over $5 billion – previous survey. For larger companies,  |  Kroll Global Fraud Report • Annual Edition 2008/2009
  7. 7. EIU Overview the proportion is 90%. There is little room Europe in particular – have seen less left for this figure to grow. widespread fraud activity, while theK Specific Fraud: Only two of the ten economically less developed ones – notably categories of fraud tracked in the survey – those in the Middle East and Africa – have money laundering and procurement experienced much more. In eight out of ten fraud – declined in incidence for surveyed fraud categories, the latter region had the firms between last year’s survey and this highest or second highest incidence of one, in each case by just 1%. Much more activity, and in the same number of cases common were small but noticeable North America had the lowest. The only increases. For example, theft of physical marked exception was intellectual property theft, in which less developed regions had assets, the most widespread fraud in the least, and North America actually had both surveys, affected 37% of companies the most occurrences. in recent years, up from 34%; information theft went from 22% to 27%; and regulatory and compliance breaches from 19% to 25%. 1 Estimate based on weighted averagesK Perceived vulnerability: Again, with few exceptions, the number of companies considering themselves at least moderately vulnerable to each category Percentage of companies suffering of fraud rose, usually by about 5%. from fraud in past three years Seven in ten now believe themselves Overall High Staff Weaker exposed in this way to information loss Turnover Controls or attack, and just over one half think the same for regulatory and compliance Corruption/Bribery 20% 23% 37% breaches (54%), management conflict of interest (53%), financial mismanagement Theft of Physical Assets 37% 49% 50% (52%), procurement fraud (51%), and physical theft (50%). Money Laundering 4% 6% 6% Financial Mismanagement 22% 26% 40%Weakening internal controlsand high staff turnover both Regulatory/Compliance Breach 25% 31% 36%induce much higher levels of Internal Financial Fraud/Theft 19% 24% 34%fraud than other risks. Information Theft/Loss/Attack 27% 36% 36%Other risk factors have less of an impact.Poorer controls and frequent employee Vendor/Procurement Fraud 18% 23% 31%changes both significantly increased thefrequency with which companies suffered IP Theft/Piracy 16% 18% 16%from a range of frauds. [see chart] Management Conflict of Interest 26% 33% 41%Weaker controls – to which one-quarterof companies admitted – had a particularlystriking effect, in almost every caseincreasing the proportion of companies Overall Middle East North hit by at least one-and-a-half times. Average Africa AmericaOther factors which raised exposure,including entry into riskier markets, Corruption/Bribery 20% 34% 6%participation in joint ventures, and complex Theft of Physical Assets 37% 46% 28%information technology (IT) arrangements,had much smaller overall effects, although Money Laundering 4% 8% 3%these could noticeably increase thelikelihood of certain types of fraud. IT Financial Mismanagement 22% 38% 16%infrastructure complexity, for example,correlates with a higher rate of information Regulatory/Compliance Breach 25% 23% 19%theft (32%) and intellectual property (IP) Internal Financial Fraud/Theft 19% 27% 10%theft (21%), as does participation in jointventures (32% and 24% respectively). Money Information Theft/Loss/Attack 27% 29% 18%saved on poor controls and low wagesmight well be lost to fraud. Vendor/Procurement Fraud 18% 24% 13%Fraud is most prevalent in less developed IP Theft/Piracy 16% 15% 18%economies. Overall, the more developedeconomies – North America and Western Management Conflict of Interest 26% 43% 18% Kroll Global Fraud Report • Annual Edition 2008/2009  | 
  8. 8. Financial ServicesHazards in own wish to speculate rather than by the client’s best interests. Front-running occurs when a trader withhedging contracts a substantial order to sell, for example, sells a number of contracts to himself before executing the larger order. The latter action may push the market price down, enabling him to buy back his own contracts at a profit. A company executive doing this would need a personal account separate from the one used for the corporate orders. In our experience, such individuals, in order to avoid detection from internal banking control systems, sometimes create accounts with completely different banks or brokers. Front-running is forbidden in the United States and United Kingdom, and any trader or broker found doing it would be banned. It is, however, not always easy to spot, particularly if the irregular trading is done through an account with a different broker. In protected trading, a trader uses a bona fide hedge order to protect himself from losses on a personal speculative trade byM ost trading on metals markets is frauds are cross-trading, front-running, placing the former at a price slightly above well regulated, and most market protected trading, and the use of dual the current market level. For example, he participants are honest and law- accounts. might enter an order to sell ten lots atabiding. But the sector has thrown up several $5,000 when the market is trading at $4,990, Cross-trading involves a trader or brokerscandals over the past few years, with and then sell on his own account at the both buying and selling contracts on theindividuals and brokerage houses defrauding lower price. If the market goes down, he same commodity at the same price – inemployers and clients. Furthermore, metal can take a profit on the sale, but if it goes effect selling to himself. Legitimate reasonstrading remains one of the few sectors up he knows that he can limit his losses by can exist to do this, for example, when awith broker-dealers – companies that act as buying the contracts back at $5,000 by broker has simultaneous buy and sellboth proprietary traders and brokers. This “crossing” – buying and selling the same orders at a single price from differentcreates a vulnerability in the system, which contracts with the hedge sale. clients. Often, though, a cross-tradingfraudsters can use to their advantage. broker is taking a speculative position by The practice of dual accounts involvesSuch activities occur most often in futures trading against another order. This can controlling two, or possibly more, accountsmarket trading, not in large-scale options even mean that a hedger places an order with the same bank or broker. At the end ofmarket deals. The main vehicles for these for a company at a price determined by his trading, when all the day’s orders are allocated between the accounts, the trader Report Card Financial services can put the best trades in his personal Financial Loss: Average loss per company over past three years $12.9 million (157% of average) account and assign the others to a Prevalence: Companies suffering fraud loss over past three years 79% company one. Increase in Exposure: Companies where exposure to fraud has increased 83% Above all, successful hedging fraud requires High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to this type of problem Information theft, loss or attack (20%) • Regulatory or compliance breach (19%) collusion between the trader and the Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in past three years broker, who both have to work hard to Regulatory or compliance breach (35%) • Financial mismanagement (29%) • Theft of physical assets or stock avoid not only internal control systems in (27%) • Management conflict of interest (25%) • Information theft, loss or attack (24%) Internal financial fraud or theft (24%) their respective organizations but also the Investment Focus: Percentage of firms investing in these types of prevention in the past three years scrutiny of the regulators. This is not easy, Information: IT security (60%) • Financial controls (60%) • Risk officer and risk management system (46%) but once a fraud is established it can be Management controls (46%) extremely difficult to detect and verify. % 0 10 20 30 40 50 60 70 80 90 100 These considerations mean that metal Corruption and bribery trading companies need to take regular and Theft of physical assets or stock proactive steps to counter such frauds. Money laundering Letting these practices go unchecked can Financial mismanagement have devastating effects. Regulatory or compliance breach Internal financial fraud or theft Charles Carr is a managing director Information theft, loss or attack and head of Fraud for Europe, Middle East and Africa. He was previously Vendor, supplier or procurement fraud head of the Milan office and country IP theft, piracy or counterfeiting manager for Mexico and specializes Management conflict of interest in fraud prevention programs and training. He previously spent time as Highly vulnerable Moderately vulnerable an oil futures broker for Kidder Peabody.  |  Kroll Global Fraud Report • Annual Edition 2008/2009
  9. 9. Financial ServicesCASE STUDY EIU surveyBenefits of detection Fraud remains a very expensive problem for financial services firms, but this sector, unlike most others, held its own against the problem over the last year. Given that the focus of the industry is the use and management of money itself, it comes as no surprise that this, rather than other goods and services, is the main focus of fraudsters. K The average loss per company of $12.9 million is down over 10% in absolute terms, and well down in relative terms from last year’s survey. The number of companies suffering fraud over the past three years has also dipped very slightly, to 80% from 83%. K Firms in this industry are more likely than the average for all companies to be hit by financial mismanagement (29% to 22%) but much less likely to suffer from theft of physical assets (37% to 27%). K Money-laundering remains an important issue: one in eight companies suffered from it in the past three years, a worrying figure given tighter enforcement in this field.A fraud investigation is about more than finding the Regulatory compliance is a growing problemperpetrator and recovering the funds. The knowledge that and receives too little attention. Compliancethe investigation yields has real long-term value, and can breaches continue to plague this highly regulated industry, with 35% of firms – overbe used to prevent further wrongdoing. Two cases from one-third – affected by at least one withinHong Kong help illustrate this. the past three years. Not only is this figure far higher than the survey average (25%), it is also well up from last year’s number (29%),Altered Payee As a result the Hong Kong-listed company suffered a substantial financial loss and so that this is now the most common type of fraud at financial services firms. Concern,Scheme sought compensation from the insurer. however, does not seem to be keeping pace: Kroll’s report was able to assist the insurer 19% of companies in the sector now considerHong Kong listed companies often in determining policy liability allocation. themselves highly vulnerable to this sort ofappoint third party firms as registrars to fraud, up from 17% last year.maintain shareholder registers andhandle share-related services, including Mortgage Fraud Overall, spending is not keeping up with the growing severity of the problem.the distribution of dividends. In one case, In another case, an impostor falsified titlea fraudster intercepted a dividend K Although losses from fraud have improved deeds and other supporting documents to in relative terms, they remain remarkablypayment issued by such a registrar of obtain a mortgage from a local bank. high. Investment in most anti-fraudaround HK$46 million (US$5.9 million) Kroll undertook an independent review of measures covered in the survey is slightlyand changed the payee’s name to his these papers and found a number of more widespread in this sector than inown. He deposited the cheque into a discrepancies in the documentation others, but expected new investment isbank account and quickly transferred which had gone undetected by the bank’s slightly less. Moreover, fewer financialthe funds elsewhere. The fraud went staff. The bank suffered a substantial loss services companies are looking to investundetected for at least three months which led to a reassessment of the bank’s in such tools this year than were last year:until the original shareholder became for example, only 48% intend to put new Know Your Customer policy.aware of it. money into staff training against 53% As both of these incidents demonstrate, last year.Kroll’s independent investigation found an important element of any K Perhaps more worrying, the heighteneda number of weaknesses which required investigation is its application in incidence of regulatory breaches is notattention: preventing future frauds. translating into new spending: only 40%K Inadequate fraud prevention measures of businesses have compliance controls and controls; and training, and just 34% expect to Susan Lau is a senior director in spend new money in this area.K Lack of a clear allocation of the Hong Kong office and has over responsibilities and duties among the 12 years of banking and accounting Overall, financial services firms are making relevant staff; experience. She specializes in some progress against fraud, but companies forensic accounting and fraud need to redouble their efforts, especiallyK Insufficient written guidelines and investigations involving large, against regulatory and compliance breaches. procedures; complex, white-collar business The losses involved are much too large to crime. Her language skills allow her to focus onK Lack of general awareness of possible the Greater China region. justify complacency. fraud by staff. Written by The Economist Intelligence Unit Kroll Global Fraud Report • Annual Edition 2008/2009  | 
  10. 10. professional ServicesNew rules member states - including France and Germany - are being threatened with legal action by EIU survey Brussels because of their failure to implementcause law firm anti-money laundering rules designed to clamp down on terrorist financing.” The sector, including as it does accountants, lawyers, and consultants, should be wellproblems informed about the necessity of, and best To make matters more complicated, law firms practice in, implementing anti-fraud in the US face a different set of regulations. strategies: over two-thirds of firms manageG In the EU, there is an obligation on law firms fraud prevention, detection, and response overnments and regulators in most to report suspected money-laundering activity internally – about one and a half times countries recognize that money to government authorities. Not so in the US. the average. This expertise yields results: laundering is a significant challenge for According to the American Bar Association, the sector already suffers relatively littleprofessional service and law firms. However “The Association opposes… requiring lawyers from these sorts of crimes, and the situationthe regulatory results are different in different is improving. to file suspicious-transaction reports on theirjurisdictions and the result can be confusion clients’ activities to the extent such a K The average cost of fraud per firm is theand complication. lowest in the survey, just $1.4 million, requirement could have an unprecedented or 17% of the overall figure, downLaw firms in the United Kingdom have been impact on client confidentiality, the attorney- significantly from $2.3 million and 34%accommodating themselves to new anti-money client relationship, the independence of the respectively.laundering legislation that came into force in bar, and the compliance-counseling role of K The number of companies reporting aDecember 2007, implementing the European lawyers in our society.” fraud in the past three years is also downUnion’s Third Money Laundering Directive. noticeably, to 74% from 83%. This poses some challenges, according to theThe regulations introduced a risk-based K Even those who consider their exposure Law Society:approach, with practitioners expected to assess to be growing have decreased – from 89%the level of risk presented by prospective K eing consistent across multiple B to 83%.clients and assignments. This permits international offices As might be expected in this industry,simplified procedures for low risk activities, K Representing international clients information theft remains the biggestbut enhanced customer due diligence and on- K epresenting clients with diverse ownership R concern, and the focus of attention.going monitoring in higher risk areas. structures. K One-quarter of companies consider themselves highly vulnerable to such aMost law firms in England and Wales have now These issues reflect different legal systems, threat, and 29% have experiencedimplemented their procedures, according to a the roles of law firms and politics. But they information theft, loss, or attack in theLaw Society survey. But it noted that more than also provide potential money launderers past three years. Both figures are nearlyhalf “had difficulty with conducting enhanced identical to those of the previous survey. with opportunities to exploit differences indue diligence when instructed by clients they K IT security remains the biggest focus of procedures between jurisdictions.had not met. This difficulty was attributed to new anti-fraud investment in the sector.cultural difficulties with overseas clients, the K On the other hand, the number ofvariability of results from some electronic Andrew Marshall is a managing businesses suffering from IP theft, theverification providers and a reluctance of other director in Business Intelligence other big concern for data and knowledgeprofessionals to be relied upon to certify Investigations based in London, having intensive sectors, has seen improvement. previously held the roles of chief risk Only 13% report recently being theidentity documents.” officer and head of strategy Europe victim of such a fraud, down from 21%The EU’s rules have been incorporated into Middle East and Africa. He spent 15 years as a journalist, including serving the year before.national law at an uncertain pace across the as foreign editor and Washington bureau chief for the Complacency is, however, a danger. TheUnion. The Financial Times reported in July Independent newspaper. sector is doing well relatively, but that stillthat “More than half of the European Union’s means that three-quarters of companies have been hit by fraud in recent years. K The use of most anti-fraud strategies Report Card Professional services covered in our survey is frequently less widespread than average, and fewer Financial Loss: Average loss per company over past three years $1.4 million (17% of average) companies are investing in them than even Prevalence: Companies suffering fraud loss over past three years 74% last year. Financial controls, for example, Increase in Exposure: Companies where exposure to fraud has increased 83% are present at only 67% of professional High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to this type of problem services firms, against 80% among all Information theft, loss or attack (25%) • IP theft, piracy or counterfeiting (18%) other companies, and only 47% of the Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in past three years former are spending in this area, against Information theft, loss or attack (29%) • Management conflict of interest (28%) 54% of all other businesses. Theft of physical assets or stock (23%) Investment Focus: Percentage of firms investing in these types of prevention in the past three years K One-quarter of companies have seen Information: IT security (58%) • Financial controls (47%) internal controls weaken, which is in line % 0 10 20 30 40 50 60 70 80 90 100 with the average, but this sector should know better. Corruption and bribery K Although most types of fraud are Theft of physical assets or stock decreasing, the incidence of management Money laundering conflict-of-interest rose from 21% to 28%. Financial mismanagement There is no guarantee that other types of Regulatory or compliance breach fraud will never do the same. Professional services employees have no special Internal financial fraud or theft exemption from the sort of temptation Information theft, loss or attack which good controls protect against. Vendor, supplier or procurement fraud Overall, this sector has been very successful in IP theft, piracy or counterfeiting dealing with fraud, but it must not get Management conflict of interest complacent if it wishes to preserve its record. Highly vulnerable Moderately vulnerable Written by The Economist Intelligence Unit10  |  Kroll Global Fraud Report • Annual Edition 2008/2009
  11. 11. viewpoint applicable protections are preserved during an investigation is to bring counsel (in- Protective steps in house or outside) into the mix to help assess whether an investigation is required and, if so, the potential scope and internal public company consequences of such an investigation. Also, counsel can assist the client in deciding when and if it will make assertions investigations of the privilege or work product doctrine. For example, it is important to note that in external investigations, regulators do not take kindly to sweeping assertions of privilege even where applicable, and it is wise to use the privilege judiciously to enhance credibility and to foster a spirit of cooperation. When a public company decides to conduct an investigation, the first order of business is to coordinate the parties involved internally through counsel, and assess the potential for disclosure, external litigation, and/or litigation. If a company decides to hire an outside investigator, it should consider doing so through counsel to preserve any applicable legal protections. During the course of an investigation, attorneys and investigators must take great care to ensure that both oral and written communications include only parties to the protected relationship. In practice, whether the privilege applies is determined on substance over form, and labeling all communications between attorney and Nancy Goldstein looks client as privileged will not automatically provide protection; however, it is good at confidentiality practice to label communications which truly are privileged both to earmark such and privilege concerns. communications for withholding when responding to subpoenas or other requests for information, and to bolster the claim ofA n employee lodges a sexual notably, regulators, shareholders, analysts, privilege if called into question. harassment complaint with human and law enforcement. In turn, this interest In addition, attorneys and investigators resources. An internal auditor may result in lawsuits, enforcement should segregate their documented analysesuncovers “red flags” of money laundering actions, and analyst and media coverage. and thought processes, so that if investigativewhen reviewing account statements. If a legal protection does not attach to findings are disclosed to some degree, anyCompliance receives an anonymous letter information acquired during an internal impressions based on such findings can stillalleging improper payments to foreign investigation, corporations can be be preserved as work product. Also, attorneyspublic officials. These are different compelled to produce such information to and investigators should heed the mantrascenarios with different actors, but all opposing parties in litigation, regulators, “less is more” by only obtaining informationelicit the same responsibility and concerns law enforcement, and other third parties. and creating documentation that is crucialfor a public company. There are two paramount legal protections to the fact-finding mission to maintainIn this post-Sarbanes era of greater for information obtained during an control and limit the universe of informationtransparency and accountability, investigation: the attorney-client privilege that might be accessible. By taking thesecorporations have a heightened duty to and the work product doctrine. These basic and other such precautions, all partiesconduct internal investigations of potential protections can apply to all types of involved in the investigation will bemisconduct. When such allegations arise, information, and the client can assert them sensitive to these confidentiality issues andcompanies feel compelled to act with in any context from private litigation to less likely to inadvertently waive anyurgency to defuse an often tense situation; government investigation. However, there applicable protections. are specific circumstances in which eachhowever, this is the moment when such protection attaches, and both requirecompanies must take the time to assess the involvement of counsel. Nancy Goldstein is an associate managing directorthe potential consequences of conducting of Business Intelligence Investigations foran investigation. Corporations must Situations such as those set forth above Latin America and the Caribbean. She specializesconsider that the findings unearthed in which might require an internal in securities accounting fraud, FCPA and AMLinvestigations may trigger certain investigation do not always come straight compliance. She spent 17 years as an enforcement attorney for the US Securities Exchangedisclosure requirements, and arouse the to the attention of counsel. Accordingly, the Commission, NYSE and NASD.interests of various third parties, most first step toward ensuring that any Kroll Global Fraud Report • Annual Edition 2008/2009  |  11
  12. 12. ManufacturingThe risks keeping schedules, seasonal availability, crop quality and competitor demand. Segregation of the decision-making processmanufacturers in relation to the raw material purchase price and sale price for waste product, is one way to mitigate the risk of price manipulation. The purchase price range, and the sale priceawake at night for waste, should be decided in consultation between several different departments such as sales marketing, procurement, finance accounting (including cost accountants),M and should require ultimate approval by anufacturers are faced with a variety Kickbacks. Kickbacks are common in Asia, the general manager. The decision-making of challenges in today’s market, where for centuries it has been the norm process should be properly recorded by the including rising energy prices, that everyone benefits from a business finance department. Any deviation fromexpensive raw materials, and increasing transaction. An example of a kickback is when the agreed purchase price should be properlylabor costs. These cost pressures are the procurement officer receives payment recorded and receive authorization from theproblematic for even the most savvy and from a vendor in return for the benefit of general manager, chief financial officer orskilled managers, but when the bottom line remaining as a supplier to the manufacturer.is affected by unscrupulous procurement staff, other appropriate person. Vendors fund kickbacks through pricethey keep those in charge of manufacturing manipulation. The effect is that thefacilities awake at night. There are manyways that fraud can occur in materials manufacturer spends more on raw materials ‘Conflicts of interest lead so the vendor is able to fund the kickback.purchasing, and it can be guaranteed that to procurement fraud...any losses by vendors will not be worn by Manufacturers who use perishable rawthem – they will be passed on in the form of materials are particularly susceptible to usually committed byhigher prices to the manufacturer. kickbacks by procurement personnel. In the senior managers’Asia is the manufacturing hub of the world case where a manufacturer is required toand procurement fraud is unfortunately a purchase a crop yield, the purchase price should not solely be decided by the Conflict of interest. Conflicts of interest leadcommon problem for Kroll’s clients. However procurement department. A similar principle to another common procurement fraudsteps can be taken to reduce the risk of faced by manufacturers. A conflict of interestprocurement fraud. can be applied to manufacturers who sell in the procurement context arises when a their by-products or valuable waste materialIn Asia, procurement personnel are, generally member of staff has a personal interest in a such as gold, silver or copper.speaking, not very well paid, yet they operate vendor/supplier company. These types ofindependently, are responsible for spending Mitigating the risk of price manipulation to fraud are common in Asia where businesslarge amounts of money, and are usually fund kickbacks. Having a price control or a transactions are traditionally arrangedresponsible for inventory safekeeping. threshold set on the purchase price of through family or close friends. Conflict ofThere is an enormous amount of trust perishable raw materials can reduce the interest frauds are usually committed byplaced upon them. The opportunity to make opportunity for vendors to offset kickbacks. senior managers who have the wherewithalsome extra money by illegal means is often and opportunity. These managers usuallytoo much of a temptation for some who lack The challenge for manufacturers is defining have the authority to sign vendor contractsintegrity. Misconduct commonly committed a formula for the purchase price of perishable and have the power to direct staff. In Asia itby procurement staff includes kickbacks, crops, as the price may be affected by factors is not common for staff to question theexploiting conflicts of interest, and theft. such as sales demand, manufacturing decision of a superior, and it is often the case that staff are aware of the conflict but Report Card Manufacturing are not willing to challenge or report it. Financial Loss: Average loss per company over past three years $8.5 million (104% of average) Mitigating the risk of conflicts of interest. Prevalence: Companies suffering fraud loss over past three years 88% It is important that staff are aware of Increase in Exposure: Companies where exposure to fraud has increased 83% company policy regarding personal interests. High Vulnerability Areas: Percentage of firms calling themselves highly vulnerable to this type of problem All employees should receive training and IP theft, piracy or counterfeiting (19%) Information theft, loss or attack (15%) written policy and explanatory material, Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud in past three years and should sign a declaration that they have Theft of physical assets or stock (53%) • Regulatory or compliance breach (27%) • Vendor, supplier or been advised of their obligation to disclose procurement fraud (25%) • Corruption and bribery (24%) • Information theft, loss or attack (22%) potential conflicts of interest. If the company Investment Focus: Percentage of firms investing in these types of prevention in the past three years Information: IT security (46%) Physical asset security (44%) policy is strict and absolute in regard to the declaration of self-interests, it is % 0 10 20 30 40 50 60 70 80 90 100 recommended that an appropriate clause be Corruption and bribery included in employee contracts. Theft of physical assets or stock Money laundering Vendor screening also reduces the risk of conflicts of interest among procurement or Financial mismanagement managerial staff. It makes good business Regulatory or compliance breach sense to know exactly who the vendors are. Internal financial fraud or theft This due diligence screening can be Information theft, loss or attack undertaken at little or no cost to the Vendor, supplier or procurement fraud manufacturer by making it a contractual IP theft, piracy or counterfeiting obligation of the vendor and making the Management conflict of interest vendor bear the cost. Highly vulnerable Moderately vulnerable Regular review of vendor contracts is another way to lower the likelihood of12  |  Kroll Global Fraud Report • Annual Edition 2008/2009
  13. 13. Manufacturingconflicts of interest. It is troubling to Rotating staff on a regular basis obstructsconsider the number of manufacturing those who seek to manipulate raw material EIU surveycompanies in Asia that do not have up to measuring systems such as the weighingdate contracts or whose contracts are not station and quality assurance procedures. For the second year in a row, at an aggregatesigned by a proper authorized signatory, or Rotation also reduces opportunities for staffwhose contracts are unfavorable. to become too close to the raw material level, fraud in the manufacturing sector suppliers. very closely mirrored that of the surveyThose above-mentioned risk mitigation group as a whole. This is no cause forstrategies are particularly important for Background screening of all staff is essential. complacency: despite slight reductions incompanies that have recently acquired The employer-employee relationship is one some areas, the incidence of certainan established manufacturing facility, of trust and therefore it is important that employment history and credentials are categories of fraud remains worryinglywhere conflicts of interest could otherwiseemerge quickly. checked prior to employment. high, and the growth in the total money lost should also cause concern. A systems and process audit, or healthcheck, is a good way for managers to understand K The average loss per manufacturer in ‘Manufacturers have how each process works, and it has the dual this year’s survey was 104% of the figure a wealth of material advantage of identifying system weaknesses for all firms in the survey, up from 101% and identifying cost saving measures. last year. which has become Internal reviews are generally undertaken K The absolute figures are not comforting: valuable for thieves’ by Internal Audit but they are at times the loss per company was $8.5 million, under-resourced and do not include full up 25% from last year, and nearly nine system and process audits. The system andTheft. Stealing is an age-old problem. process reviews can be done in-house by out of ten companies suffered from aThe variety of methods employed by thieves section heads reviewing and reporting on fraud in the past three years.to perpetrate the crime presents new the work processes and weaknesses in K Physical theft is the largest problem,challenges. Manufacturers have a wealth of another area, broadening the knowledge and a growing one, having affectedmaterial which has become valuable for base of section heads. Often the most over one-half of companies in the pastthieves, including raw material, intellectual effective way to identify systems and three years, with compliance breaches,property (IP) on new and existing products, process weaknesses is by a combination of procurement fraud, and corruptionIP on manufacturing technology, customer internal and external review. hurting one-quarter of manufacturers.records, office equipment, cash, and the Physical security is an essential componentfinished products. Although the actual level of fraud has of theft prevention. Often companies do notTheft of raw material can occur through have the expertise in-house to conduct a remained fairly constant in the sector,simply stealing the goods, but suppliers also security review and Kroll is able to assist with concern about it seems to be easing.manipulate systems and receive payment these assessments. An independent review K In every category of fraud considered infor goods which have not been delivered. of the physical premises and vulnerabilities the survey, the proportion of executivesSimilarly, corruption can lead to inferior in the logistics chain are recommended to who consider their companies highlymaterials. Take the example of a perishable reduce losses due to theft. The review may include examination of staff and visitor vulnerable has gone down, except forgoods supplier who is paid according to the access, alarm systems, camera placement, IP theft and financial mismanagement,weight of his crop: he might be able tomanipulate the weight by adding foreign secure areas, warehouse security, security which have seen very slight increases.objects such as dirt and rocks to his delivery. guard integrity and a computer system For the two most widespread – physicalNot only is the manufacturer paying more vulnerability check. theft and regulatory breaches – thisfor the crop, foreign objects may damage figure has in both cases gone from 12%production equipment and even pose a risk to 8%, even though the incidence of Sharon McCarthy is an associateto the consumer. managing director in Hong Kong. both was increasing so that theyMitigating the risk against theft. There are She focuses on complex problems such affected 53% and 27% of firms as large scale fraud, compliance issues respectively in the past three years.many ways to reduce the chances of theft, and financial loss. Before joining Kroll,including staff rotations, screening all staff, Sharon was a police officer in the K The number of respondents puttingconducting a systems and processes review, Australian Federal Police (AFP). new investment into most types ofand conducting security reviews. anti-fraud measures has also dropped. For IT security, this has gone from 60% to 46% and for physical asset security Kroll in action from 49% to 44%. Kroll was engaged by an electronics manufacturer in China who had an expatriate Risk perception has as much to do with manager in charge of procurement. A whistleblower letter had indicated that the manager people becoming used to a threat present was taking kickbacks from vendors in order for the vendors to remain as favored in the environment as with the actual suppliers. A vendor was identified who was fed up with paying kickbacks to the manager, damage that an event might cause. The who had apparently been demanding increasing amounts of cash. Kroll became involved manufacturing sector is in danger of and engaged the local police in a sting operation in which the manager was growing complacent about its fraud caught red-handed receiving a cash kickback from the vendor. problem. Fraud, however, is never In addition to liaising with local Chinese officials and law predictable. Between the last survey and enforcement, Kroll was able to gather electronic evidence, and provide this one, the average loss per company in the client with a contingency plan for action after the operation. the manufacturing sector soared The contingency plan included notification of the dismissal of the twentyfold. It is far more prudent to manager to vendors, contacting the wife and embassy of the manager, bolster the defenses against it than to providing access to counseling and help services for the manager, accept it as a part of doing business. and assisting the human resources department with follow-up actions. Written by The Economist Intelligence Unit Kroll Global Fraud Report • Annual Edition 2008/2009  |  13

×