GSK and Missed Red Flags in China

One of the questions that GlaxoSmithKline PLC (GSK) will have to face during the next few years of bribery and corruption investigations is how an allegedly massive bribery and corruption scheme occur in its Chinese operations? The numbers thrown around have been upwards of $USD500MM. It is not as if the Chinese medical market is not well known for its propensity towards corruption, as prosecutions of the Foreign Corrupt Practices Act (FCPA) are littered with the names of US companies which came to corruption grief in China. GSK itself seemed to be aware of the corruption risks in China. In a Reuters article, entitled “How GlaxoSmithKline missed red flags in China”, Ben Hirschler reported that the company had “more compliance officers in China than in any country bar the United States”. Further, the company conducted “up to 20 internal audits in China a year, including an extensive 4-month probe earlier in 2013.” GSK even had PricewaterhouseCoopers LLP (PwC) as its outside auditor in China. Nevertheless, he noted that “GSK bosses were blindsided by police allegations of massive corruption involving travel agencies used to funnel bribes to doctors and officials.”

Types of Bribery Schemes

The types of bribery schemes in China are also well known. In a Financial Times (FT) article, entitled “Bribery built into the fabric of Chinese healthcare system”, reporters Jamil Anderlini and Tom Mitchell wrote about the ‘nuts and bolts’ of how bribery occurs in the health care industry in China. They open their article by noting that the practice of bribing “doctors, hospital administrators and health officials is rampant.” They quoted an un-named senior health official in Beijing for the following, “All foreign and domestic pharmaceuticals operating in China are equally corrupt”. The authors also quoted Shaun Rein, a Shanghai-based consultant and author of “The End of Cheap China” for the following, “This is a systemic problem and foreign pharmaceutical companies are in a conundrum. If they want to grow in China they have to give bribes. It’s not a choice because officials in health ministry, hospital administrators and doctors demand it.”

Their article included a diagram which visually represented two methods used to pay bribes in China, which were designated the Direct incentives and Indirect incentives methods. Whichever method is used, the goal is the same – to boost sales.

In the Direct incentives method, a third party representative of a company would provide cash to the department head of a clinic or hospital. The department head would in turn pay it to the physicians to encourage them to prescribe the company’s medical products. But a third party representative could also contact a physician directly and reward them with “gifts such as storecards, vouchers and travel” expenses. Other direct methods might include the opening of bank accounts or charge accounts at luxury goods store and then the company would hand “the debit card or VIP card directly to the recipient.”

The FT noted that the Indirect incentives method tended to be “used by larger pharmaceutical groups with stricter governance procedures.” Under this bribery scheme there were two recognized manners to get benefits into the hands of prescribing physicians. The first is to have cash incentives paid to a third party representative, such as a travel agency, which would then “pass on some of these rewards to the physician directly.” Another method was for the company itself to make a “lump sum sponsorship paid to hospitals”. The hospitals would then distribute perks “to the doctors as a monthly or annual bonus.” Another indirect method noted was that companies might organize overseas conferences and site visits, which might “include free first class travel and five-star accommodation.”

Anderlini and Mitchell reported that “The 2012 annual reports of half a dozen listed Chinese pharmaceutical companies reveal the companies paid out enormous sums in “sales expenses”, including travel costs and fees for sales meetings, marketing “business development” and “other expenses”. Most of the largest expenses were “travel costs or meeting fees and the expenses of the companies’ sales teams were, in every case, several multiples of the net profits each company earned last year.” They cited the example of Guizhou Yibai Pharmaceutical Co Ltd which earned a net profit last year of Rmb333.3m. However its “sales expenses came to a total of Rmb1.25bn, including meetings expenses of more than Rmb295m and wages of just Rmb88m.” Indeed the “largest expense for the company’s sales team of 2,318 people was Rmb404m spent on travel, for an average of more than Rmb174,000 per sales representative for the year. That is roughly what it would cost every single sales representative to fly 10 times a month between Beijing and Guiyang, where the company is based.”

Auditing Responses – Missed Red Flags?

But what should GSK have done if such expenses were kept ‘off the books’? Hirschler, in his Reuters article, quoted one un-named source for the following, ““You’d look at invoices and expenses, and it would all look legitimate,” said a senior executive at one top accountancy firm. The problem with fraud – if it is good fraud – is it is well hidden, and when there is collusion high up then it is very difficult to detect.” However, Jeremy Gordon, director of China Business Services was quoted as saying “There is a disconnect between the global decision makers and the guys running things on the ground. It’s about initially identifying red flags and then searching for specifics.”

There are legitimate reasons to hold Continuing Medical Conferences (CME), such as to make physicians aware of the latest products and advances in medicine. However, this legitimate purpose can easily be corrupted. Hirschler quoted Paul Gillis, author of the China Accounting Blog, for the following “Travel agencies are used like ATMs in China to distribute out illegal payments. Any company that does not have their internal audit department all over travel agency spending is negligent.” Based on this, GSK should have looked more closely on marketing expenses and more particularly, the monies spent on travel agencies. Hirschler wrote, “They [un-named auditing experts] say that one red flag was the number of checks being written to travel agencies for sending doctors to medical conferences, although this may have been blurred by the fact that CME accounts for a huge part of drug industry marketing.”

One other issue might be materiality. If GSK’s internal auditors had not been trained that there is no materiality standard under the FCPA, they may have simply skipped past a large number of payments made that were under a company’s governance procedure for elevated review of expenses. Further, if more than one auditor was involved with more than one travel agency, they may not have been able to connect the dots regarding the totality of payments made to one travel agency.

What about the external auditors, PwC? Francine McKenna, who writes and speaks extensively on all things related to Big 4 auditing, wrote last year, in blog entitled “What The SEC And PCAOB Fail To Acknowledge About Chinese Fraud”, that Pam Chepiga, of Allen & Overy LLP, in 2012, “told the audience that FCPA investigations in China are difficult because, “you can’t take the documents out of the country.”” After her panel, Chepiga, told McKenna “that not only does China restrict the dissemination of documents outside of China, but internal investigations by multinationals must be done by Chinese lawyers with support from the Chinese accounting firms. Given the experience that the SEC is having with Deloitte, it seems, “previous cooperation agreements are not in force”. The SEC would have a hard time going over and investigating a fraud or FCPA violation by the Chinese arm of a US based company”. So things may not have been any easier for PwC. However, the recent agreement between the Securities and Exchange Commission (SEC) and the Chinese Securities Regulatory Commission will allow the SEC some access to audit the work papers of Chinese companies listed in the US may influence this issue.

Ongoing Monitoring

Another response that GSK could have implemented was to engage in greater ongoing monitoring. In the Texas Law, Out of Order column, entitled “5Tips for Avoiding Email Compliance Traps”, Alexandra Wrage, President of TRACE International, reported that “Internal Glaxo documents and emails reviewed by The Wall Street Journal show Glaxo’s China sales staff was apparently instructed by local managers to use their personal email addresses to discuss marketing strategies related to Botox. In the personal emails, sales staff discuss rewarding doctors for prescribing Botox with cash payments, credits that could be used to meet medical education requirements and other rewards.”

Wrage uses the GSK matter as a jumping off point “For companies wanting to get a handle on the compliance risks they face through email (mis)uses and other forms of technology”. She gives five tips to avoid email compliance traps: (1) Encourage communication between compliance and IT departments. (2) Map out your universe of data. (3) Know your obligations, then develop an established set of policies and procedures around them. (4) Train employees to speak up about the new uses in technology. (5) Stress-test your program.

Remember with the technology available to companies today it is possible that companies have the ability to determine if employees are accessing personal email accounts business computers. Also to Wrage’s list, I would add one other point and that is call Eddie Cogan at Catelas Software. Relationship monitoring is what they do and they can help you out immediately.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Socio-Economic and Cultural Risk Factors That Drive Corruption: A Focus on the ‘Supply Side’ of the Equation

Ed. Note-today we conclude a three-part series by our colleague Mary Shaddock Jones on occupational fraud. 

This is the last installment of my three party series regarding Occupational Fraud.  One can never lose focus on what I consider the key question as they enter or play within the international arena:  What are the socio-economic and cultural risk factors that make companies and individuals conducting business in a particular location more vulnerable to possible corruption schemes?   We cannot adequately address corruption unless we address both the “supply side” and the “demand side”. Yesterday we considered the “Demand Side” of the equation.  Today we will focus on the “Supply Side”.  If your company has a clear policy against corruption- why would your employees risk losing their jobs or worse, going to jail by violating these laws?

A side benefit to being married to a CPA and a Certified Fraud Examiner is the ability to read not only legal and compliance magazines on a monthly basis- but also the Journal of Accountancy and the publications from the ACFE society.  I loved the August 2012 cover of the Journal of Accountancy- “Think Like a Thief”! There were three very pointed articles contained in this publication:  (1) Fraudsters Reveal Weaknesses They Exploited; (2) Detecting a Criminal Mind Before It Strikes; and (3) Antifraud Controls Can Benefit Small Businesses.   In addition to this publication, I will be examining some of the conclusions recently published in the “Report to the Nations on Occupational Fraud and Abuse- 2012 Global Fraud Study” which is recognized as the authoritative annual national report on fraud

Considering the “Supply Side” of the Equation:

The fraud triangle is a model for explaining the factors that cause someone to commit occupational fraud. It consists of three components which, together, lead to fraudulent behavior:  (1) Pressure; (2) Opportunity and (3) Rationalization.

Pressure- According to the ACFE, the first leg of the fraud triangle represents “pressure”. This is what motivates the crime in the first place.  The individual has some financial problem that he/she is unable to solve through legitimate means, so he or she begins to consider committing an illegal act, such as stealing cash or falsifying a financial problem, or entering into an improper payment (perhaps thinking of the bonus he or she will get if they land a lucrative contract for their employer) as a way to solve their problem.   The 2012 ACFE report concluded that “Most fraudsters exhibit behavioral traits that can serve as warning signs of their actions. These red flags — such as living beyond one’s means or exhibiting excessive control issues — generally will not be identified by traditional internal controls. Managers, employees and auditors should be educated on these common behavioral patterns and encouraged to consider them — particularly when noted in tandem with other anomalies — to help identify patterns that might indicate fraudulent activity.”  The report found that “More than three-quarters of the frauds in our study were committed by individuals in six departments: accounting, operations, sales, executive/upper management, customer service and purchasing.

Opportunity- The second leg in the fraud triangle is perceived as “opportunity”, which defines the method by which the crime can be committed.  The person must see some way the he or she can use (or abuse) their position of trust to solve their financial problem with a low perceived risk of getting caught.

Rationalization- The third leg of the fraud triangle is “rationalization”. According to the ACFE, the vast majority of fraudsters are first time offenders with no criminal past; they do not view themselves as criminals. They see themselves as ordinary honest people who are caught in a bad set of circumstances. Consequently, the fraudster must justify the crime to himself in a way that makes in an acceptable of justifiable act”.  Again, according to the ACFE, the most common rationalizations fraudsters use include a) I was only borrowing the money; b) I was entitled to the money; c) I had to steal to provide for my family; d) I was underpaid; my employer cheated me and e)  My employer is dishonest to others and deserved to be fleeced.

As discussed in the first part of this series, Occupational Fraud is broader than just anti-corruption as it relates to the Foreign Corrupt Practices Act or the U.K. Bribery Act.  However, the motivating factors and conclusions reached in the 2012 Global Fraud studies should be examined by companies when examining its overall anti-corruption risk profile.

I will end this series by listed two of the conclusions and recommendations contained within the 2012 Global Fraud Report which I believe are excellent advice:

“Targeted fraud awareness training for employees and managers is a critical component of a well-rounded program for preventing and detecting fraud. Not only are employee tips the most common way occupational fraud is detected, but our research shows organizations that have anti-fraud training programs for employees, managers and executives experience lower losses and shorter frauds than organizations without such programs in place. At a minimum, staff members should be educated regarding what actions constitute fraud, how fraud harms everyone in the organization and how to report questionable activity.”

“Our research continues to show that small businesses are particularly vulnerable to fraud. These organizations typically have fewer resources than their larger counterparts, which often translates to fewer and less-effective anti-fraud controls. In addition, because they have fewer resources, the losses experienced by small businesses tend to have a greater impact than they would in larger organizations. Managers and owners of small businesses should focus their anti-fraud efforts on the most cost-effective control mechanisms, such as hotlines, employee education and setting a proper ethical tone within the organization. Additionally, assessing the specific fraud schemes that pose the greatest threat to the business can help identify those areas that merit additional investment in targeted anti-fraud controls.”

What is your company’s risk for corruption?  When is the last time that you conducted a risk assessment for corruption? As yourself these questions:

1. Do you have a Code of Conduct?
2. Do you have a policy which clearly addresses the company’s position on anti-corruption? If so, is the policy easily accessible to your employees in their native language?
3. Do you have an anonymous reporting system or other method in which employees can elevate concerns relating to occupational fraud to the appropriate person within the company?
4. Do you provide any type of meaningful training on fraud and corruption to your employees?
5. Do you have internal controls to prevent and detect fraud or corruption within your organization?

________

Mary Shaddock Jones has practiced law for 25 years in Texas and Louisiana primarily in the international marine and oil service industries. She was the first woman to earn TRACE Anti-bribery Specialist Accreditation. Mrs. Jones has extensive experience in creating and designing compliance programs to reduce the risks of such violations, including policies and procedures, educational and training materials and programs, contract provisions and due diligence protocols. She implements and works with in-house counsel and compliance vendors to execute compliance policies and training programs tailored to the client’s business structure and the market conditions in the client’s target countries.  She can be reached at 337-513-0897 or via e-mail at msjones@msjllc.com. Her associate, Miller M. Flynt, assisted in the preparation of this series.  He can be reached at mmflynt@msjllc.com.

Socio-Economic and Cultural Risk Factors That Drive Corruption”: A Focus on the ‘Demand Side’ of the Equation

Ed. Note- today we continue with Part II of our three part series by out colleague, Mary Shaddock Jones. 

Yesterday we discussed Occupational Fraud and how, according to the ACFE, survey participants estimated that the typical organization loses 5% of its revenues to fraud each year. Applied to the 2011 Gloss World Product, the ACFE estimates that this translates into a potential projected annual fraud loss of more than $3.5 trillion dollars.

One can never lose focus on what I consider the key question as they enter or play within the international arena:  What are the socio-economic and cultural risk factors that make companies and individuals conducting business in a particular location more vulnerable to possible corruption schemes?   We cannot adequately address corruption unless we address both the “supply side” and the “demand side”.

Considering the “Demand Side” of the Equation:

I recently ran across an article that was published in the 2010 World Policy Journal[i] entitled “THE BIG QUESTION: How Can Nations Break the Cycle of Crime and Corruption”? The World Policy Journal asked a panel of experts to weigh in on the challenges of crime and corruption.  Two of the quotes contained in the article are as follows:

“Corruption thrives where civil liberties, free press, transparency, and contestable politics are absent. A functioning rule of law matters for controlling both crime and corruption, but again differences emerge: an independent judiciary is crucial for combating political corruption; an effective police is important for fighting petty corruption as well as common crime. There are also differences between the determinants of common crime and organized crime, since the latter does relate to corruption.”  Daniel Kaufmann (at the time of the article was a senior fellow in the Global Economy and Development Program at the Brookings Institute)

“Corruption should not be approached as a moral problem, as too often happens, but as a symptom of serious political and economic problems that need correcting. Petty corruption, such as low-ranking civil servants demanding payment for services they should provide for free, is a problem that requires restructuring the civil service, reducing the number of public employees within a government, and providing those who remain with decent wages. Attempts to curb petty corruption are unlikely to have an impact when extracting payments from the public is the only way a government employee can feed his family. Grand corruption, such as large payments to high-ranking officials to secure lucrative public contracts, requires political solutions. If there is no renewal of the government and the political class, grand corruption inevitably becomes a problem. Frequent turnover of government officials make it more difficult for corrupt networks to consolidate power. Democracy is the best anti-corruption measure…Donor countries worried about corruption should focus on two tasks: putting in place good control mechanisms over the funds they provide; and promoting fundamental political, economic, and administrative reform.” Marina Ottaway (at the time of the article was director of the Middle East Program at the Carnegie Endowment for International Peace)

In March of 2012, Compliance Week 2012 had an online program entitled “Targeting the Demand for Facilitating Payment- Compliance Week (Online).  The Article discussed the efforts undertaken by a consortium of compliance executives primarily from the energy industry is taking aim at one of the most vexing headaches businesses face today: facilitation payments.  While “facilitating payments” are permitted under the U.S. Foreign Corrupt Practices Act, they are not allowed under the U.K. Bribery Act or the local laws of most foreign countries.  In addition, the line between a true “facilitating payment” and a “bribe” is indeed a fine one.  With this in mind, the group formed the new Committee to Address Facilitating Payments (“CAFP”).  According to the article, the committee’s strategy is to convince governments to crack down on requests for facilitation payments by their officials, thus reducing the demand. It wants governments to review the documentation that certain transactions require, how the required fees are paid (cash or wire transfer, for example), and whether the processes can be automated to reduce risk. CAFP is also working on a country-by-country basis to convince governments to provide more training to officials that facilitation payments are improper and to make sure that those officials are fairly compensated.

Multiple Kudos need to go out to this group of executives.   The fight against corruption must target both the “demand side” as well as the ‘supply side”.   Tomorrow we will discuss the “Supply Side”.

________

Mary Shaddock Jones has practiced law for 25 years in Texas and Louisiana primarily in the international marine and oil service industries. She was the first woman to earn TRACE Anti-bribery Specialist Accreditation. Mrs. Jones has extensive experience in creating and designing compliance programs to reduce the risks of such violations, including policies and procedures, educational and training materials and programs, contract provisions and due diligence protocols. She implements and works with in-house counsel and compliance vendors to execute compliance policies and training programs tailored to the client’s business structure and the market conditions in the client’s target countries.  She can be reached at 337-513-0897 or via e-mail at msjones@msjllc.com. Her associate, Miller M. Flynt, assisted in the preparation of this series.  He can be reached at mmflynt@msjllc.com.

[i] The World Policy Journal is the property of MIT Press.  See www.worldpolicy.org

Occupational fraud involves a personal breach of trust

Ed. Note-today we are pleased to begin a three part guest series from our colleague Mary Shaddock Jones. 

My husband, Brian R. Jones, is a CPA, a Certified Fraud Examiner and a member of the Association of Certified Fraud Examiners. He recently received the annual publication entitled “Report to the Nations on Occupational Fraud and Abuse- 2012 Global Fraud Study” which is recognized as the authoritative annual national report on fraud.  One of the introductory statements contained in the report was as follows: “For businesses to operate and commerce to flow, companies must entrust their employees with resources and responsibilities, so when an employee defrauds his or her employer, the fallout is often especially harsh.” This statement rings true- whether the employer is a public or a private entity. Occupational fraud involves a personal breach of trust. The unfortunate fact is however, that organizations of all sizes invariably are losing some percentage of their annual revenues to occupational fraud conducted by employees.  So what can be done to minimize the risk of fraud occurring in the first place, then  detect the fraud once it has been perpetrated?

In order to answer this question, it is important for us first to discuss how occupational fraud is committed.  According to the ACFE, occupational fraud schemes fall into three primary categories:

• Asset Misappropriation – schemes in which an employee steals or misuses the organization’s resources, such as cash, inventory or other assets.

• Corruption- schemes in which an employee misuses his or her influence in a business transaction in a way that violates his or her duty to the employer in order to gain a direct or indirect benefit, such as through conflicts of interest, kickbacks, bribery, illegal gratuities or economic extortion.

• Financial Statement Fraud- schemes in which an employee intentionally causes a misstatement or omission of material information in the organization’s financial reports, such as through asset/revenue overstatements via recording fictitious revenues or asset/revenue understatements  by understating reported expenses.

Once a company understands the typical method of committing occupational fraud, it can then devise internal controls to minimize the risk of loss in the first place, and/or to detect the fraud early enough to minimize the loss.

The Association of Certified Fraud Examiners has broken down corruption into four schemes, namely: conflict of interest, bribery, illegal gratuities, and economic extortion.  Attorney’s and compliance professionals continue to write articles and blogs on a daily basis.  The reason for this is simple- according to the ACFE, survey participants estimated that the typical organization loses 5% of its revenues to fraud each year. Applied to the 2011 Gloss World Product, the ACFE estimates that this translates into a potential projected annual fraud loss of more than $3.5 trillion dollars.  Unfortunately, it does not appear that Occupational Fraud and Corruption are going away anytime soon.

One can never lose focus on what I consider the key question as they enter or play within the international arena:  What are the socio-economic and cultural risk factors that make companies and individuals conducting business in a particular location more vulnerable to possible corruption schemes? Tomorrow I will discuss how a company can examine the “big picture” to try and predict and minimize these risk factors.

============================================================================================

Mary Shaddock Jones has practiced law for 25 years in Texas and Louisiana primarily in the international marine and oil service industries. She was the first woman to earn TRACE Anti-bribery Specialist Accreditation. Mrs. Jones has extensive experience in creating and designing compliance programs to reduce the risks of such violations, including policies and procedures, educational and training materials and programs, contract provisions and due diligence protocols. She implements and works with in-house counsel and compliance vendors to execute compliance policies and training programs tailored to the client’s business structure and the market conditions in the client’s target countries.  She can be reached at 337-513-0897 or via e-mail at msjones@msjllc.com. Her associate, Miller M. Flynt, assisted in the preparation of this series.  He can be reached at mmflynt@msjllc.com.

How Charles Ponzi Can Inform Your Compliance Program

Yesterday, I used some of the wisdom from current CIA Director General David Petraeus to suggest how senior management might move forward with a compliance program. Today I will use a very different individual to help inform your third party due diligence, Charles Ponzi.

My colleague Tracy Coenen writes an invaluable blog entitled The Fraud Files Blog. She consistently writes about detecting fraud in all its forms. In a recent post,entitled “Ponzi Scheme and Investment Fraud Red Flags”, Tracy identified many Red Flags which might come up if you performed some due diligence on a Ponzi scheme or persons promoting it. In her blog post, she listed “some red flags about the “investment” you’re considering that might indicate it is a Ponzi scheme” and they are as follows:

• Promoters are not registered to sell investments (Consider doing a background check through Financial Industry Regulatory Authority (FINRA) if the promoter is U.S. based.);
• Promoters have a history of being investigated and/or disciplined for actions related to investments (Google is your best friend for this one.);
• Promoters and/or founders of the business/investment have criminal, bankruptcy, or civil court histories that are troubling (Use PACER to search all federal court records for a nominal fee. State courts generally have their own online systems, and access to them is growing daily.);
• Difficulty in verifying whether there is a legitimate business behind the investment (Again, Google is your friend!);
• Groundbreaking “new technology” or other special (but super-secret) methods or assets, which are going to take the world by storm and be the greatest thing since sliced bread;
• Complicated alleged business model that prevents an experienced investor from understanding how money is really made;
• The alleged performance of the company is suspiciously higher than competitors or companies in related industries;
• No objective third-party information can be found about the company;
• Elaborate explanations for why the business cannot be verified;
• Unusually high rates of return offered on the investments (Note that this one is the most common across all Ponzi schemes.);
• Returns on investment are guaranteed (Not to be confused with an annuity from a reputable company with a guarantee in the contract.);
• Promoter downplays the amount of risk investors will be exposed to, often  using phrases such as “a sure thing”;
• Reluctance to provide documentation supporting claims being made about the investment and the business behind it;
• Address of the “business” is a mail drop location, virtual office, or small private office that couldn’t possibly hold a business the size that is being claimed (Google Maps is very helpful for this one.);
• Few (if any) employees in the operation other than the founder and/or promoter;
• Background of the principals of the business is mismatched with what the business does (Use Google to find out what kinds of jobs they held previously, and compare it to what they’re supposedly doing now.); and
• Company’s alleged success is related to a recent announcement of some sort, rather than historical financial results (This one is even worse if the information in the announcement can’t be verified, and it appears to just be a PR stunt for the benefit of potential investors.).

One of the things that struck me in reading Tracy’s list of Ponzi scheme Red Flags is how closely they mirror those which may appear in a Foreign Corrupt Practices Act (FCPA) or UK Bribery Act due diligence investigation. Additionally the Red Flags would seem to organize themselves into four general areas:

1. Something seems out of the ordinary.
2. Reluctance of party to supply information/difficulty of verifying information.
3. The scheme is not verifiable by data, only anecdotally.
4. Mismatch in business experience with the product or services offered.

In due diligence training, I always tell people to listen to their guts, or if the hair on the back of their neck stands up, pay attention. Not listening to your internal warning system can lead your company down a path that it may well not desire to travel. Red Flags are so called for a reason and if they are raised they must be sufficiently clear. Tracy Coenen’s list of Red Flags for Ponzi schemes is one which any corporate compliance officer should take to heart.

Tracy Coenen, CPA, CFF  has also written a useful book for helping companies and individuals detect fraud and Ponzi schemes and investment frauds entitled, “Expert Fraud Investigation: A Step-by-Step Guide.” She can be reached via email at tracy@sequenceinc.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Five Myths About Fraud

Ed. Note-today we host a Guest Post from our Fraud Examiner Expert colleague – Tracy Coenen

We’ve all heard so much in the news about fraud over the last several years. Not a day goes by that we don’t hear about an executive caught with his hand in the cookie jar, a company that failed to follow proper accounting rules, or a compensation structure that led someone to cheat with the numbers.

In some ways, I think people are becoming immune to fraud. The cases don’t seem as significant as they would have been five years ago. They’re not as shocking as they used to be. It is sad that fraud is becoming more commonplace. And the more we hear about fraud, the more I think companies run the risk of not taking it seriously.

Most importantly, I think people are running around with some big misconceptions about employee fraud. If they mistakenly believe their company is not at risk, they are probably not actively preventing fraud. Companies must know the truth about fraud and its perpetrators in order to actively protect themselves.

The following are five of the fraud myths that I regularly run into in my fraud investigation practice. Whether owners and executives actually utter these out loud or not, merely buying into these myths mentally can be a recipe for disaster.

1. Our company does not have an internal fraud problem.

While companies would like to believe they have good employees and adequate controls to prevent fraud, the fact of the matter is that 45 percent of companies will be significantly affected by fraud, according to one international study. A separate study estimates that the average internal fraud will cost $159,000, and that almost one-fourth of fraud cases will cost companies over $1 million each.

Companies cannot afford to ignore the risk of fraud and the likelihood that fraud is occurring internally. It is too expensive, particularly when one considers the fact that there are many indirect costs of fraud, including investigation and legal costs, employee attrition, and decreased employee morale.

Actively fighting fraud means implementing policies and procedures that prevent and detect fraud. Anti-fraud professionals who are experienced with the common methods of fraud can be invaluable to this process. Whether a company gets there with employees or outside consultants, it is important to secure company information and assets to prevent internal fraud.

2. Most people are honest and won’t commit fraud.

This is a dangerous approach to take to the business of fraud. It is true that most people are generally honest. But to rely on this instead of putting controls in place to prevent fraud is a big mistake.

While it’s wise to hire those with a track record of honesty, past behavior doesn’t necessarily predict future behavior. Almost 88 percent of employees and executives who commit fraud against their employer have never before been charged or convicted of a fraud-related offense. This means it’s nearly impossible for companies to predict who is going to commit fraud and when they are going to do it.

It is a fact that honest people can and do commit fraud. Outside pressures can cause people to behave in ways they normally would not. Things that could push someone toward fraud include addictions, divorce, overwhelming debt, and gambling problems. When pressures like this are present, it’s difficult to predict who will commit fraud.

In the end, those who commit fraud come from all walks and ways of life. From clerks to executives, no one is immune. Thieves come from all social classes and all economic backgrounds. If given a strong motivation and ample opportunity, anyone can commit fraud against her or his employer.

3. If our company follows government regulations, we will be protected against fraud.

Unfortunately, the current accounting rules and regulations do not really provide protection against fraud. Sarbanes-Oxley is probably the most widely-recognized regulation dealing with fraud. It has had some positive effects because it has forced companies to review and document their policies and procedures.

Companies have spent enormous amounts of money on implementing Sarbanes-Oxley, and it’s probably discouraging to admit that even such an extensive project isn’t really preventing fraud. The regulation forces management and the board of directors to accept responsibility for issuing accurate financial statements, however, it doesn’t really ensure that companies have fraud prevention procedures in place.

In order to effectively prevent fraud, companies must create and implement policies and procedures specifically designed to deter and detect fraud. Again, this should be accomplished with the help of an anti-fraud professional who is experienced in the methods used by corporate fraudsters. A good fraud prevention program will actively prevent and detect fraud while still complying with the applicable regulations.

4. Small frauds aren’t important enough for management to worry about.

Virtually every big fraud started out as a small fraud at one point. Whether it is a minor theft of cash or a financial statement manipulation intended to cover up a substandard quarter, what starts out as a small fraud can quickly grow into a major fraud scheme. A theft of $500 may not seem significant enough for management to devote time and effort to the problem. But what if an employee was stealing $500 a week for three years? Suddenly, there is a theft of over $75,000, which could be very material to the company.

It’s important for companies to take small frauds and ethical lapses seriously. Not only does management want to cut off frauds while they are in their early stages, they also should be sending a message to employees that dishonesty is not tolerated. A zero tolerance policy is a necessary part of any good fraud prevention program.

It may be expensive to monitor and investigate smaller thefts from the company. However, in the long run, the cost will be worthwhile because the company will have stopped frauds from growing into the hundreds of thousands and millions of dollars. Therefore, an effective fraud prevention program will contain components that help the company discover fraud early.

5. Fraud will be detected by our auditors.

History has shown us that a company’s independent auditors cannot be relied upon to find fraud. This is true primarily because audits are not designed to detect fraud. They are designed to give “reasonable assurance” that the numbers shown on the financial statements are materially accurate.

Because fraud involves the active concealment of the truth, it makes it difficult for auditors to discover. Further, auditors have a tendency to become complacent with their clients. They see the same things year after year in the audit, and they may stop paying close attention. Employees who are concealing a fraud may also be comfortable with the auditors and know what procedures are coming. If that’s the case, count on the employees to be very careful with the fraud as it relates to those expected procedures.

Auditing rules have attempted to address how auditors approach the potential for fraud within companies. While the current rules are somewhat better than those of several years ago, a traditional independent audit still cannot be relied upon to detect fraud. Executives who believe differently are setting their companies up for disaster.

The Solution
Preventing fraud in companies all comes back to active prevention techniques and educating employees about fraud. First, owners and executives must be aware that they are very much at risk of experiencing internal fraud, and that the statistics show that the losses can be expensive. Then they need to take decisive action in formulating a fraud prevention program.

Education of everyone is still a very important part of fraud prevention. No company is immune to the problem, and no employee is completely free from the possibility of committing a fraud one day. After owners and executives appreciate the true magnitude of the problem, it will be through action that fraud will be prevented at their companies.

Tracy L. Coenen, CPA, CFF is a forensic accountant and fraud investigator with Sequence Inc. in Milwaukee and Chicago. She has conducted hundreds of high-stakes investigations involving financial statement fraud, securities fraud, investment fraud, bankruptcy and receivership, and criminal defense. Tracy is the author of Expert Fraud Investigation: A Step-by-Step Guide and Essentials of Corporate Fraud, and has been qualified as an expert witness in both state and federal courts. She can be reached at tracy@sequenceinc.com or 312.498.3661.

Ed.Note-this article initially appeared in the Fraud Files Blog.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

FCPA Compliance and Ethics Blog on the Road

Next week, together with Stephen Martin, General Counsel of Corpedia, we will be having an FCPA ‘road trip’ next week in Miami on Tuesday, Atlanta on Wednesday and Cleveland in Thursday.  We will present the most current best practices for an FCPA and Bribery Act compliance program. If you reside in or near one of the venues, I hope you can join us. I would love to meet you.

All events are complimentary and both CLE and breakfast are provided. Our presentation is hosted by World Check.

Tuesday, March 1 in Miami-http://members.ethisphere.com/events/event_details.asp?id=143046

Tuesday, March 2 inAtlanta-http://members.ethisphere.com/events/event_details.asp?id=143049

Wednesday, March 3 inCleveland-http://members.ethisphere.com/events/event_details.asp?id=143052