GSK and Missed Red Flags in China

One of the questions that GlaxoSmithKline PLC (GSK) will have to face during the next few years of bribery and corruption investigations is how an allegedly massive bribery and corruption scheme occur in its Chinese operations? The numbers thrown around have been upwards of $USD500MM. It is not as if the Chinese medical market is not well known for its propensity towards corruption, as prosecutions of the Foreign Corrupt Practices Act (FCPA) are littered with the names of US companies which came to corruption grief in China. GSK itself seemed to be aware of the corruption risks in China. In a Reuters article, entitled “How GlaxoSmithKline missed red flags in China”, Ben Hirschler reported that the company had “more compliance officers in China than in any country bar the United States”. Further, the company conducted “up to 20 internal audits in China a year, including an extensive 4-month probe earlier in 2013.” GSK even had PricewaterhouseCoopers LLP (PwC) as its outside auditor in China. Nevertheless, he noted that “GSK bosses were blindsided by police allegations of massive corruption involving travel agencies used to funnel bribes to doctors and officials.”

Types of Bribery Schemes

The types of bribery schemes in China are also well known. In a Financial Times (FT) article, entitled “Bribery built into the fabric of Chinese healthcare system”, reporters Jamil Anderlini and Tom Mitchell wrote about the ‘nuts and bolts’ of how bribery occurs in the health care industry in China. They open their article by noting that the practice of bribing “doctors, hospital administrators and health officials is rampant.” They quoted an un-named senior health official in Beijing for the following, “All foreign and domestic pharmaceuticals operating in China are equally corrupt”. The authors also quoted Shaun Rein, a Shanghai-based consultant and author of “The End of Cheap China” for the following, “This is a systemic problem and foreign pharmaceutical companies are in a conundrum. If they want to grow in China they have to give bribes. It’s not a choice because officials in health ministry, hospital administrators and doctors demand it.”

Their article included a diagram which visually represented two methods used to pay bribes in China, which were designated the Direct incentives and Indirect incentives methods. Whichever method is used, the goal is the same – to boost sales.

In the Direct incentives method, a third party representative of a company would provide cash to the department head of a clinic or hospital. The department head would in turn pay it to the physicians to encourage them to prescribe the company’s medical products. But a third party representative could also contact a physician directly and reward them with “gifts such as storecards, vouchers and travel” expenses. Other direct methods might include the opening of bank accounts or charge accounts at luxury goods store and then the company would hand “the debit card or VIP card directly to the recipient.”

The FT noted that the Indirect incentives method tended to be “used by larger pharmaceutical groups with stricter governance procedures.” Under this bribery scheme there were two recognized manners to get benefits into the hands of prescribing physicians. The first is to have cash incentives paid to a third party representative, such as a travel agency, which would then “pass on some of these rewards to the physician directly.” Another method was for the company itself to make a “lump sum sponsorship paid to hospitals”. The hospitals would then distribute perks “to the doctors as a monthly or annual bonus.” Another indirect method noted was that companies might organize overseas conferences and site visits, which might “include free first class travel and five-star accommodation.”

Anderlini and Mitchell reported that “The 2012 annual reports of half a dozen listed Chinese pharmaceutical companies reveal the companies paid out enormous sums in “sales expenses”, including travel costs and fees for sales meetings, marketing “business development” and “other expenses”. Most of the largest expenses were “travel costs or meeting fees and the expenses of the companies’ sales teams were, in every case, several multiples of the net profits each company earned last year.” They cited the example of Guizhou Yibai Pharmaceutical Co Ltd which earned a net profit last year of Rmb333.3m. However its “sales expenses came to a total of Rmb1.25bn, including meetings expenses of more than Rmb295m and wages of just Rmb88m.” Indeed the “largest expense for the company’s sales team of 2,318 people was Rmb404m spent on travel, for an average of more than Rmb174,000 per sales representative for the year. That is roughly what it would cost every single sales representative to fly 10 times a month between Beijing and Guiyang, where the company is based.”

Auditing Responses – Missed Red Flags?

But what should GSK have done if such expenses were kept ‘off the books’? Hirschler, in his Reuters article, quoted one un-named source for the following, ““You’d look at invoices and expenses, and it would all look legitimate,” said a senior executive at one top accountancy firm. The problem with fraud – if it is good fraud – is it is well hidden, and when there is collusion high up then it is very difficult to detect.” However, Jeremy Gordon, director of China Business Services was quoted as saying “There is a disconnect between the global decision makers and the guys running things on the ground. It’s about initially identifying red flags and then searching for specifics.”

There are legitimate reasons to hold Continuing Medical Conferences (CME), such as to make physicians aware of the latest products and advances in medicine. However, this legitimate purpose can easily be corrupted. Hirschler quoted Paul Gillis, author of the China Accounting Blog, for the following “Travel agencies are used like ATMs in China to distribute out illegal payments. Any company that does not have their internal audit department all over travel agency spending is negligent.” Based on this, GSK should have looked more closely on marketing expenses and more particularly, the monies spent on travel agencies. Hirschler wrote, “They [un-named auditing experts] say that one red flag was the number of checks being written to travel agencies for sending doctors to medical conferences, although this may have been blurred by the fact that CME accounts for a huge part of drug industry marketing.”

One other issue might be materiality. If GSK’s internal auditors had not been trained that there is no materiality standard under the FCPA, they may have simply skipped past a large number of payments made that were under a company’s governance procedure for elevated review of expenses. Further, if more than one auditor was involved with more than one travel agency, they may not have been able to connect the dots regarding the totality of payments made to one travel agency.

What about the external auditors, PwC? Francine McKenna, who writes and speaks extensively on all things related to Big 4 auditing, wrote last year, in blog entitled “What The SEC And PCAOB Fail To Acknowledge About Chinese Fraud”, that Pam Chepiga, of Allen & Overy LLP, in 2012, “told the audience that FCPA investigations in China are difficult because, “you can’t take the documents out of the country.”” After her panel, Chepiga, told McKenna “that not only does China restrict the dissemination of documents outside of China, but internal investigations by multinationals must be done by Chinese lawyers with support from the Chinese accounting firms. Given the experience that the SEC is having with Deloitte, it seems, “previous cooperation agreements are not in force”. The SEC would have a hard time going over and investigating a fraud or FCPA violation by the Chinese arm of a US based company”. So things may not have been any easier for PwC. However, the recent agreement between the Securities and Exchange Commission (SEC) and the Chinese Securities Regulatory Commission will allow the SEC some access to audit the work papers of Chinese companies listed in the US may influence this issue.

Ongoing Monitoring

Another response that GSK could have implemented was to engage in greater ongoing monitoring. In the Texas Law, Out of Order column, entitled “5Tips for Avoiding Email Compliance Traps”, Alexandra Wrage, President of TRACE International, reported that “Internal Glaxo documents and emails reviewed by The Wall Street Journal show Glaxo’s China sales staff was apparently instructed by local managers to use their personal email addresses to discuss marketing strategies related to Botox. In the personal emails, sales staff discuss rewarding doctors for prescribing Botox with cash payments, credits that could be used to meet medical education requirements and other rewards.”

Wrage uses the GSK matter as a jumping off point “For companies wanting to get a handle on the compliance risks they face through email (mis)uses and other forms of technology”. She gives five tips to avoid email compliance traps: (1) Encourage communication between compliance and IT departments. (2) Map out your universe of data. (3) Know your obligations, then develop an established set of policies and procedures around them. (4) Train employees to speak up about the new uses in technology. (5) Stress-test your program.

Remember with the technology available to companies today it is possible that companies have the ability to determine if employees are accessing personal email accounts business computers. Also to Wrage’s list, I would add one other point and that is call Eddie Cogan at Catelas Software. Relationship monitoring is what they do and they can help you out immediately.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Socio-Economic and Cultural Risk Factors That Drive Corruption: A Focus on the ‘Supply Side’ of the Equation

Ed. Note-today we conclude a three-part series by our colleague Mary Shaddock Jones on occupational fraud. 

This is the last installment of my three party series regarding Occupational Fraud.  One can never lose focus on what I consider the key question as they enter or play within the international arena:  What are the socio-economic and cultural risk factors that make companies and individuals conducting business in a particular location more vulnerable to possible corruption schemes?   We cannot adequately address corruption unless we address both the “supply side” and the “demand side”. Yesterday we considered the “Demand Side” of the equation.  Today we will focus on the “Supply Side”.  If your company has a clear policy against corruption- why would your employees risk losing their jobs or worse, going to jail by violating these laws?

A side benefit to being married to a CPA and a Certified Fraud Examiner is the ability to read not only legal and compliance magazines on a monthly basis- but also the Journal of Accountancy and the publications from the ACFE society.  I loved the August 2012 cover of the Journal of Accountancy- “Think Like a Thief”! There were three very pointed articles contained in this publication:  (1) Fraudsters Reveal Weaknesses They Exploited; (2) Detecting a Criminal Mind Before It Strikes; and (3) Antifraud Controls Can Benefit Small Businesses.   In addition to this publication, I will be examining some of the conclusions recently published in the “Report to the Nations on Occupational Fraud and Abuse- 2012 Global Fraud Study” which is recognized as the authoritative annual national report on fraud

Considering the “Supply Side” of the Equation:

The fraud triangle is a model for explaining the factors that cause someone to commit occupational fraud. It consists of three components which, together, lead to fraudulent behavior:  (1) Pressure; (2) Opportunity and (3) Rationalization.

Pressure- According to the ACFE, the first leg of the fraud triangle represents “pressure”. This is what motivates the crime in the first place.  The individual has some financial problem that he/she is unable to solve through legitimate means, so he or she begins to consider committing an illegal act, such as stealing cash or falsifying a financial problem, or entering into an improper payment (perhaps thinking of the bonus he or she will get if they land a lucrative contract for their employer) as a way to solve their problem.   The 2012 ACFE report concluded that “Most fraudsters exhibit behavioral traits that can serve as warning signs of their actions. These red flags — such as living beyond one’s means or exhibiting excessive control issues — generally will not be identified by traditional internal controls. Managers, employees and auditors should be educated on these common behavioral patterns and encouraged to consider them — particularly when noted in tandem with other anomalies — to help identify patterns that might indicate fraudulent activity.”  The report found that “More than three-quarters of the frauds in our study were committed by individuals in six departments: accounting, operations, sales, executive/upper management, customer service and purchasing.

Opportunity- The second leg in the fraud triangle is perceived as “opportunity”, which defines the method by which the crime can be committed.  The person must see some way the he or she can use (or abuse) their position of trust to solve their financial problem with a low perceived risk of getting caught.

Rationalization- The third leg of the fraud triangle is “rationalization”. According to the ACFE, the vast majority of fraudsters are first time offenders with no criminal past; they do not view themselves as criminals. They see themselves as ordinary honest people who are caught in a bad set of circumstances. Consequently, the fraudster must justify the crime to himself in a way that makes in an acceptable of justifiable act”.  Again, according to the ACFE, the most common rationalizations fraudsters use include a) I was only borrowing the money; b) I was entitled to the money; c) I had to steal to provide for my family; d) I was underpaid; my employer cheated me and e)  My employer is dishonest to others and deserved to be fleeced.

As discussed in the first part of this series, Occupational Fraud is broader than just anti-corruption as it relates to the Foreign Corrupt Practices Act or the U.K. Bribery Act.  However, the motivating factors and conclusions reached in the 2012 Global Fraud studies should be examined by companies when examining its overall anti-corruption risk profile.

I will end this series by listed two of the conclusions and recommendations contained within the 2012 Global Fraud Report which I believe are excellent advice:

“Targeted fraud awareness training for employees and managers is a critical component of a well-rounded program for preventing and detecting fraud. Not only are employee tips the most common way occupational fraud is detected, but our research shows organizations that have anti-fraud training programs for employees, managers and executives experience lower losses and shorter frauds than organizations without such programs in place. At a minimum, staff members should be educated regarding what actions constitute fraud, how fraud harms everyone in the organization and how to report questionable activity.”

“Our research continues to show that small businesses are particularly vulnerable to fraud. These organizations typically have fewer resources than their larger counterparts, which often translates to fewer and less-effective anti-fraud controls. In addition, because they have fewer resources, the losses experienced by small businesses tend to have a greater impact than they would in larger organizations. Managers and owners of small businesses should focus their anti-fraud efforts on the most cost-effective control mechanisms, such as hotlines, employee education and setting a proper ethical tone within the organization. Additionally, assessing the specific fraud schemes that pose the greatest threat to the business can help identify those areas that merit additional investment in targeted anti-fraud controls.”

What is your company’s risk for corruption?  When is the last time that you conducted a risk assessment for corruption? As yourself these questions:

1. Do you have a Code of Conduct?
2. Do you have a policy which clearly addresses the company’s position on anti-corruption? If so, is the policy easily accessible to your employees in their native language?
3. Do you have an anonymous reporting system or other method in which employees can elevate concerns relating to occupational fraud to the appropriate person within the company?
4. Do you provide any type of meaningful training on fraud and corruption to your employees?
5. Do you have internal controls to prevent and detect fraud or corruption within your organization?

________

Mary Shaddock Jones has practiced law for 25 years in Texas and Louisiana primarily in the international marine and oil service industries. She was the first woman to earn TRACE Anti-bribery Specialist Accreditation. Mrs. Jones has extensive experience in creating and designing compliance programs to reduce the risks of such violations, including policies and procedures, educational and training materials and programs, contract provisions and due diligence protocols. She implements and works with in-house counsel and compliance vendors to execute compliance policies and training programs tailored to the client’s business structure and the market conditions in the client’s target countries.  She can be reached at 337-513-0897 or via e-mail at msjones@msjllc.com. Her associate, Miller M. Flynt, assisted in the preparation of this series.  He can be reached at mmflynt@msjllc.com.

Socio-Economic and Cultural Risk Factors That Drive Corruption”: A Focus on the ‘Demand Side’ of the Equation

Ed. Note- today we continue with Part II of our three part series by out colleague, Mary Shaddock Jones. 

Yesterday we discussed Occupational Fraud and how, according to the ACFE, survey participants estimated that the typical organization loses 5% of its revenues to fraud each year. Applied to the 2011 Gloss World Product, the ACFE estimates that this translates into a potential projected annual fraud loss of more than $3.5 trillion dollars.

One can never lose focus on what I consider the key question as they enter or play within the international arena:  What are the socio-economic and cultural risk factors that make companies and individuals conducting business in a particular location more vulnerable to possible corruption schemes?   We cannot adequately address corruption unless we address both the “supply side” and the “demand side”.

Considering the “Demand Side” of the Equation:

I recently ran across an article that was published in the 2010 World Policy Journal[i] entitled “THE BIG QUESTION: How Can Nations Break the Cycle of Crime and Corruption”? The World Policy Journal asked a panel of experts to weigh in on the challenges of crime and corruption.  Two of the quotes contained in the article are as follows:

“Corruption thrives where civil liberties, free press, transparency, and contestable politics are absent. A functioning rule of law matters for controlling both crime and corruption, but again differences emerge: an independent judiciary is crucial for combating political corruption; an effective police is important for fighting petty corruption as well as common crime. There are also differences between the determinants of common crime and organized crime, since the latter does relate to corruption.”  Daniel Kaufmann (at the time of the article was a senior fellow in the Global Economy and Development Program at the Brookings Institute)

“Corruption should not be approached as a moral problem, as too often happens, but as a symptom of serious political and economic problems that need correcting. Petty corruption, such as low-ranking civil servants demanding payment for services they should provide for free, is a problem that requires restructuring the civil service, reducing the number of public employees within a government, and providing those who remain with decent wages. Attempts to curb petty corruption are unlikely to have an impact when extracting payments from the public is the only way a government employee can feed his family. Grand corruption, such as large payments to high-ranking officials to secure lucrative public contracts, requires political solutions. If there is no renewal of the government and the political class, grand corruption inevitably becomes a problem. Frequent turnover of government officials make it more difficult for corrupt networks to consolidate power. Democracy is the best anti-corruption measure…Donor countries worried about corruption should focus on two tasks: putting in place good control mechanisms over the funds they provide; and promoting fundamental political, economic, and administrative reform.” Marina Ottaway (at the time of the article was director of the Middle East Program at the Carnegie Endowment for International Peace)

In March of 2012, Compliance Week 2012 had an online program entitled “Targeting the Demand for Facilitating Payment- Compliance Week (Online).  The Article discussed the efforts undertaken by a consortium of compliance executives primarily from the energy industry is taking aim at one of the most vexing headaches businesses face today: facilitation payments.  While “facilitating payments” are permitted under the U.S. Foreign Corrupt Practices Act, they are not allowed under the U.K. Bribery Act or the local laws of most foreign countries.  In addition, the line between a true “facilitating payment” and a “bribe” is indeed a fine one.  With this in mind, the group formed the new Committee to Address Facilitating Payments (“CAFP”).  According to the article, the committee’s strategy is to convince governments to crack down on requests for facilitation payments by their officials, thus reducing the demand. It wants governments to review the documentation that certain transactions require, how the required fees are paid (cash or wire transfer, for example), and whether the processes can be automated to reduce risk. CAFP is also working on a country-by-country basis to convince governments to provide more training to officials that facilitation payments are improper and to make sure that those officials are fairly compensated.

Multiple Kudos need to go out to this group of executives.   The fight against corruption must target both the “demand side” as well as the ‘supply side”.   Tomorrow we will discuss the “Supply Side”.

________

Mary Shaddock Jones has practiced law for 25 years in Texas and Louisiana primarily in the international marine and oil service industries. She was the first woman to earn TRACE Anti-bribery Specialist Accreditation. Mrs. Jones has extensive experience in creating and designing compliance programs to reduce the risks of such violations, including policies and procedures, educational and training materials and programs, contract provisions and due diligence protocols. She implements and works with in-house counsel and compliance vendors to execute compliance policies and training programs tailored to the client’s business structure and the market conditions in the client’s target countries.  She can be reached at 337-513-0897 or via e-mail at msjones@msjllc.com. Her associate, Miller M. Flynt, assisted in the preparation of this series.  He can be reached at mmflynt@msjllc.com.

[i] The World Policy Journal is the property of MIT Press.  See www.worldpolicy.org

Occupational fraud involves a personal breach of trust

Ed. Note-today we are pleased to begin a three part guest series from our colleague Mary Shaddock Jones. 

My husband, Brian R. Jones, is a CPA, a Certified Fraud Examiner and a member of the Association of Certified Fraud Examiners. He recently received the annual publication entitled “Report to the Nations on Occupational Fraud and Abuse- 2012 Global Fraud Study” which is recognized as the authoritative annual national report on fraud.  One of the introductory statements contained in the report was as follows: “For businesses to operate and commerce to flow, companies must entrust their employees with resources and responsibilities, so when an employee defrauds his or her employer, the fallout is often especially harsh.” This statement rings true- whether the employer is a public or a private entity. Occupational fraud involves a personal breach of trust. The unfortunate fact is however, that organizations of all sizes invariably are losing some percentage of their annual revenues to occupational fraud conducted by employees.  So what can be done to minimize the risk of fraud occurring in the first place, then  detect the fraud once it has been perpetrated?

In order to answer this question, it is important for us first to discuss how occupational fraud is committed.  According to the ACFE, occupational fraud schemes fall into three primary categories:

• Asset Misappropriation – schemes in which an employee steals or misuses the organization’s resources, such as cash, inventory or other assets.

• Corruption- schemes in which an employee misuses his or her influence in a business transaction in a way that violates his or her duty to the employer in order to gain a direct or indirect benefit, such as through conflicts of interest, kickbacks, bribery, illegal gratuities or economic extortion.

• Financial Statement Fraud- schemes in which an employee intentionally causes a misstatement or omission of material information in the organization’s financial reports, such as through asset/revenue overstatements via recording fictitious revenues or asset/revenue understatements  by understating reported expenses.

Once a company understands the typical method of committing occupational fraud, it can then devise internal controls to minimize the risk of loss in the first place, and/or to detect the fraud early enough to minimize the loss.

The Association of Certified Fraud Examiners has broken down corruption into four schemes, namely: conflict of interest, bribery, illegal gratuities, and economic extortion.  Attorney’s and compliance professionals continue to write articles and blogs on a daily basis.  The reason for this is simple- according to the ACFE, survey participants estimated that the typical organization loses 5% of its revenues to fraud each year. Applied to the 2011 Gloss World Product, the ACFE estimates that this translates into a potential projected annual fraud loss of more than $3.5 trillion dollars.  Unfortunately, it does not appear that Occupational Fraud and Corruption are going away anytime soon.

One can never lose focus on what I consider the key question as they enter or play within the international arena:  What are the socio-economic and cultural risk factors that make companies and individuals conducting business in a particular location more vulnerable to possible corruption schemes? Tomorrow I will discuss how a company can examine the “big picture” to try and predict and minimize these risk factors.

============================================================================================

Mary Shaddock Jones has practiced law for 25 years in Texas and Louisiana primarily in the international marine and oil service industries. She was the first woman to earn TRACE Anti-bribery Specialist Accreditation. Mrs. Jones has extensive experience in creating and designing compliance programs to reduce the risks of such violations, including policies and procedures, educational and training materials and programs, contract provisions and due diligence protocols. She implements and works with in-house counsel and compliance vendors to execute compliance policies and training programs tailored to the client’s business structure and the market conditions in the client’s target countries.  She can be reached at 337-513-0897 or via e-mail at msjones@msjllc.com. Her associate, Miller M. Flynt, assisted in the preparation of this series.  He can be reached at mmflynt@msjllc.com.

Send Lawyers, Guns and Money – Some Steps Law Firms Should Consider

One of my favorite lawyer songs is the Warren Zevon classic “Lawyers, Guns and Money”. I was reminded of that song when I sat on a panel on Wednesday with Dan Chapman and Mike Volkov, where we discussed recent enforcement actions and due diligence under the Foreign Corrupt Practices Act (FCPA). Dan is the Chief Compliance Officer (CCO) at Parker Drilling here in Houston and one of the points he raised was the company’s need to put their outside counsel through FCPA due diligence similar to other vendors. He said that law firms would yell, scream, kick and whine vociferously that their collective honor was being questioned but Dan made clear that foreign (and sometimes US) outside counsel often deal with foreign governmental officials.

It’s been since the last millennium since I practiced law in a law firm, other than in my current incarnation as a solo practitioner. So to say things have changed for law firms in the 12+ years since I practiced with other lawyers might be saying that ‘water is wet’. I thought about how much things have changed as I was perusing this week’s edition of the Texas Lawyer and saw an article, entitled “Simple Steps to Prevent Fraud at a Firm”, by Jacob Harris, Assistant District Attorney for the Dallas County District Attorney’s Office, Specialized Crimes Division. Harris believes that when lawyers focus on the practicing of law and relegate everyday business responsibilities to non-lawyers, they expose the firm to theft and fraud. He writes that the best way for lawyers to reduce their law firm’s fraud risk “begins with the attorneys in charge getting more involved with their firm’s everyday business affairs.” To this end Harris proposes five “simple, routine tasks that significantly lower a firm’s fraud risk.”

1. The lawyer in charge should receive and open mail. By personally receiving mail, an attorney can insure that no person in the firm has manipulated any items such as bank/credit card statements, vendor invoices or other types of mail which might involve or include accounts requiring payment. A common method used by fraudsters is “white out fraudulent transactions, making a copy of the statement and then replacing the statement into the envelope.” By reading all mail personally, a lawyer can assure this does not occur.
2. That lawyer should also review statements and invoices. Embezzlers can often set up personal bank accounts with the same name as the firm accounts. Lawyers need to check for multiple payments on the same accounts, multiple payroll checks to the same person for the same payroll period and for checks to unknown persons and vendors. Invoices and payments should be matched up contracts for services or the purchase of goods.
3. The attorney in charge should check online financial sources to review statements regularly and make sure that no one has changed passwords. With the increasing paperless world, banking is transacted online. More than one person at a law firm should know online and software passwords. This enables more and better monitoring.
4. Owners and partners should understand who works for the firm and what everyone’s duties are at the firm. Just as with non-law firm businesses, there should be a segregation of duties as it reduces the chance of fraud and is a basic internal control technique of fraud prevention. Further knowing who works for a firm can prevent the “ghost-employee scam.”
5. Lawyers should not assume others will detect fraud for them. Harris points out that “banks and certified public accountants normally do not catch thieves.” Simply because a check is made out to one party, does not mean that the same check cannot be deposited into a fraudster’s account. Further a fraudster may be operating with someone at a bank so lawyers need to verify that money sent to be deposited has actually been posted to the law firm’s back account.

Harris ends by noting that “by understanding how a [law] firm is vulnerable to fraud and making the proper adjustments to business practices, a firm can minimize its everyday fraud risk.” I found it useful to review some of these basic controls that my colleague Henry Mixon continually preaches on, many law firms neglect these basic controls. Dan Chapman’s comments on law firms as third party service providers who represent companies in front of government officials should also let lawyers know that companies may well begin anti-bribery due diligence on them. US law firms with international clients should also remember that if they represent a UK company in the US, it is the US law firm which is the international entity and that a UK company may be required under the UK Bribery Act to perform due diligence and require Bribery Act compliant anti-bribery terms and conditions included in the engagement letter.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Five Myths About Fraud

Ed. Note-today we host a Guest Post from our Fraud Examiner Expert colleague – Tracy Coenen

We’ve all heard so much in the news about fraud over the last several years. Not a day goes by that we don’t hear about an executive caught with his hand in the cookie jar, a company that failed to follow proper accounting rules, or a compensation structure that led someone to cheat with the numbers.

In some ways, I think people are becoming immune to fraud. The cases don’t seem as significant as they would have been five years ago. They’re not as shocking as they used to be. It is sad that fraud is becoming more commonplace. And the more we hear about fraud, the more I think companies run the risk of not taking it seriously.

Most importantly, I think people are running around with some big misconceptions about employee fraud. If they mistakenly believe their company is not at risk, they are probably not actively preventing fraud. Companies must know the truth about fraud and its perpetrators in order to actively protect themselves.

The following are five of the fraud myths that I regularly run into in my fraud investigation practice. Whether owners and executives actually utter these out loud or not, merely buying into these myths mentally can be a recipe for disaster.

1. Our company does not have an internal fraud problem.

While companies would like to believe they have good employees and adequate controls to prevent fraud, the fact of the matter is that 45 percent of companies will be significantly affected by fraud, according to one international study. A separate study estimates that the average internal fraud will cost $159,000, and that almost one-fourth of fraud cases will cost companies over $1 million each.

Companies cannot afford to ignore the risk of fraud and the likelihood that fraud is occurring internally. It is too expensive, particularly when one considers the fact that there are many indirect costs of fraud, including investigation and legal costs, employee attrition, and decreased employee morale.

Actively fighting fraud means implementing policies and procedures that prevent and detect fraud. Anti-fraud professionals who are experienced with the common methods of fraud can be invaluable to this process. Whether a company gets there with employees or outside consultants, it is important to secure company information and assets to prevent internal fraud.

2. Most people are honest and won’t commit fraud.

This is a dangerous approach to take to the business of fraud. It is true that most people are generally honest. But to rely on this instead of putting controls in place to prevent fraud is a big mistake.

While it’s wise to hire those with a track record of honesty, past behavior doesn’t necessarily predict future behavior. Almost 88 percent of employees and executives who commit fraud against their employer have never before been charged or convicted of a fraud-related offense. This means it’s nearly impossible for companies to predict who is going to commit fraud and when they are going to do it.

It is a fact that honest people can and do commit fraud. Outside pressures can cause people to behave in ways they normally would not. Things that could push someone toward fraud include addictions, divorce, overwhelming debt, and gambling problems. When pressures like this are present, it’s difficult to predict who will commit fraud.

In the end, those who commit fraud come from all walks and ways of life. From clerks to executives, no one is immune. Thieves come from all social classes and all economic backgrounds. If given a strong motivation and ample opportunity, anyone can commit fraud against her or his employer.

3. If our company follows government regulations, we will be protected against fraud.

Unfortunately, the current accounting rules and regulations do not really provide protection against fraud. Sarbanes-Oxley is probably the most widely-recognized regulation dealing with fraud. It has had some positive effects because it has forced companies to review and document their policies and procedures.

Companies have spent enormous amounts of money on implementing Sarbanes-Oxley, and it’s probably discouraging to admit that even such an extensive project isn’t really preventing fraud. The regulation forces management and the board of directors to accept responsibility for issuing accurate financial statements, however, it doesn’t really ensure that companies have fraud prevention procedures in place.

In order to effectively prevent fraud, companies must create and implement policies and procedures specifically designed to deter and detect fraud. Again, this should be accomplished with the help of an anti-fraud professional who is experienced in the methods used by corporate fraudsters. A good fraud prevention program will actively prevent and detect fraud while still complying with the applicable regulations.

4. Small frauds aren’t important enough for management to worry about.

Virtually every big fraud started out as a small fraud at one point. Whether it is a minor theft of cash or a financial statement manipulation intended to cover up a substandard quarter, what starts out as a small fraud can quickly grow into a major fraud scheme. A theft of $500 may not seem significant enough for management to devote time and effort to the problem. But what if an employee was stealing $500 a week for three years? Suddenly, there is a theft of over $75,000, which could be very material to the company.

It’s important for companies to take small frauds and ethical lapses seriously. Not only does management want to cut off frauds while they are in their early stages, they also should be sending a message to employees that dishonesty is not tolerated. A zero tolerance policy is a necessary part of any good fraud prevention program.

It may be expensive to monitor and investigate smaller thefts from the company. However, in the long run, the cost will be worthwhile because the company will have stopped frauds from growing into the hundreds of thousands and millions of dollars. Therefore, an effective fraud prevention program will contain components that help the company discover fraud early.

5. Fraud will be detected by our auditors.

History has shown us that a company’s independent auditors cannot be relied upon to find fraud. This is true primarily because audits are not designed to detect fraud. They are designed to give “reasonable assurance” that the numbers shown on the financial statements are materially accurate.

Because fraud involves the active concealment of the truth, it makes it difficult for auditors to discover. Further, auditors have a tendency to become complacent with their clients. They see the same things year after year in the audit, and they may stop paying close attention. Employees who are concealing a fraud may also be comfortable with the auditors and know what procedures are coming. If that’s the case, count on the employees to be very careful with the fraud as it relates to those expected procedures.

Auditing rules have attempted to address how auditors approach the potential for fraud within companies. While the current rules are somewhat better than those of several years ago, a traditional independent audit still cannot be relied upon to detect fraud. Executives who believe differently are setting their companies up for disaster.

The Solution
Preventing fraud in companies all comes back to active prevention techniques and educating employees about fraud. First, owners and executives must be aware that they are very much at risk of experiencing internal fraud, and that the statistics show that the losses can be expensive. Then they need to take decisive action in formulating a fraud prevention program.

Education of everyone is still a very important part of fraud prevention. No company is immune to the problem, and no employee is completely free from the possibility of committing a fraud one day. After owners and executives appreciate the true magnitude of the problem, it will be through action that fraud will be prevented at their companies.

Tracy L. Coenen, CPA, CFF is a forensic accountant and fraud investigator with Sequence Inc. in Milwaukee and Chicago. She has conducted hundreds of high-stakes investigations involving financial statement fraud, securities fraud, investment fraud, bankruptcy and receivership, and criminal defense. Tracy is the author of Expert Fraud Investigation: A Step-by-Step Guide and Essentials of Corporate Fraud, and has been qualified as an expert witness in both state and federal courts. She can be reached at tracy@sequenceinc.com or 312.498.3661.

Ed.Note-this article initially appeared in the Fraud Files Blog.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

FCPA Compliance and Ethics Blog on the Road

Next week, together with Stephen Martin, General Counsel of Corpedia, we will be having an FCPA ‘road trip’ next week in Miami on Tuesday, Atlanta on Wednesday and Cleveland in Thursday.  We will present the most current best practices for an FCPA and Bribery Act compliance program. If you reside in or near one of the venues, I hope you can join us. I would love to meet you.

All events are complimentary and both CLE and breakfast are provided. Our presentation is hosted by World Check.

Tuesday, March 1 in Miami-http://members.ethisphere.com/events/event_details.asp?id=143046

Tuesday, March 2 inAtlanta-http://members.ethisphere.com/events/event_details.asp?id=143049

Wednesday, March 3 inCleveland-http://members.ethisphere.com/events/event_details.asp?id=143052

Fraud Investigation and the UK Bribery Act

We were recently introduced to Fraud Examiner Expert Tracy Coenen, in her book “Expert Fraud Investigation: A Step-By-Step Guide” she details the steps a company should go through in performing a fraud investigation. Coenen provides the ‘nuts and bolts’ on how conducting an investigation can be a powerful tool to help corporations ferret out fraudulent practices within their organization. Her book gives the examiner the specific steps to take when fraud is suspected and how to proceed forward throughout the investigation to conclusion. In addition to the book as a useful tool for the fraud examiner, Coenen also provides the lay person with a general discussion of the types of corruption schemes a company may face and how best to prevent them. Coenen lists bribery; kickbacks; extortion; conflict of interests; and related party transactions as examples of corruption which can involve a payment to obtain an advantage, receive preferential treatment, or force certain preferential actions.

Many compliance and ethics practitioners have long understood that these types of schemes are illegal under the Foreign Corrupt Practices Act (FCPA) in connection with foreign governments and foreign governmental officials, but many FCPA compliance practitioners in the US may not have focused on these types of schemes when they involve private, non-governmental actors, outside the US. However, with the upcoming April 1, 2011 effective date of the UK Bribery Act, such practitioners may well be served to revise their company policies to take into account that the UK Bribery Act prohibitions apply to private actors equally as well as governmental officials. Based upon this difference in the pubic actor v. private actor distinction between the FCPA and UK Bribery Act, this post will review the different types of corruption schemes that Coenen outlines in her book.

Bribery

While most FCPA practitioners understand that a payment to confer a benefit may be enough to be classified as a bribe, such practitioners may not focus on other, more subtle, forms of bribery than simply bags of cash. These can include bid-rigging where inside information is passed to a vendor to allow said vendor to unfairly win an allegedly open bid, or where the bid winner has been secretly pre-determined in what is advertised as an open and fair bidding process. Bid-rigging can extend to the collusion between certain employees of a purchaser-company and vendor, where such employees purchase more goods or services than the company would need. Bid-rigging can also be found where alleged non-winners, in an apparently open bidding process, later appear as subcontractors on a project.

Kickbacks

Kickbacks occur when a company overpays for goods or services and then remits all or part of the overpaid amount back to the perpetrator. This can be affected by the person in charge of the overall bidding process. However it can extend down into any other employees involved in the approval process such as employees in production, engineering or quality control. So, similar to bribery, there can be more subtle forms of kickbacks and such forms can include the substitution of inferior components into an overall product while charging the higher price to the end-user purchaser. Kickbacks can also include irregularities in pricing and quality throughout a project. Even if inferior quality goods are not substituted, an irregular price can inflate the cost of goods paid for by a company.

Extortion

Extortion is in many ways the mirror image of bribery. Whereas with a bribe, something of value is given to obtain a benefit, with extortion, a payment is demanded. While such demand can be made to obtain a benefit, such as to allow a company to go forward in a bidding process; extortion can also be made to prevent injuries to persons and damage to physical facilities. While not nearly as common as bribes, there are cases where extortions have been made and money paid based upon the threats.

Conflict of Interest

Many people do not think of conflicts-of-interest when considering a corruption scheme. Nevertheless if an employee, executive, or owner of a company has an undisclosed interest in an entity with which his company is doing business, the situation can present a conflict of interest. In the conflict of interest scheme, the employee, executive, or owner may be able to influence the company decision making process to send business to the other entity. This conflict of interest may be broader than simply directly involving an employee, executive or owner. It can extend to wives, children or other family members who stand to benefit from any such undisclosed interest.

Related Party Transactions

Coenen points out that many people do not consider transactions with third parties as part of an overall fraud scheme. However if the third party transactions are not conducted in an arms-length manner, this may well be indicia of an overall fraud scheme. Problems can arise when the related parties have a special advantage in doing business with a company and when that special advantage harms the company through increased costs, decreased revenue or other concessions. In addition to the types of schemes listed in the categories above, Coenen lists several different types of such transactions. They include:

• Extending credit to a company which would not otherwise be so entitled;
• Writing off accounts receivables with no legitimate business reason;
• Doing business with a small or one-man shop with no physical assets or simply a post office box for an office;
• Engaging in consulting agreements where no substantive work is done for payments received;
• A consultant who engages in extensive ‘market research’ in foreign countries with little to no tangible work product; and
• Concealing the existence of direct or indirect ownership in entities with which a company is doing business.

Although the focus of Coenen’s book is the investigation of fraud, in all of its forms and permutations, she does give several pointers to assist in the prevention of fraud. These will be familiar to the FCPA practitioner and include ongoing monitoring program of both accounts and transactions, through robust internal controls. Coenen recommends an anonymous reporting hotline through which employees can alert management of such activities without fear of supervisor retaliation. But Coenen ends by noting the most important form is that management set the correct ‘Tone at the Top” that such fraudulent activity within the company will not be tolerated.

Any US company operating internationally will be subject to the UK Bribery Act. Therefore the time has come to consider the changes required to its overall compliance program to meet the UK Bribery’s Act proscription against bribery and corruption of private actors. Tracy Coenen’s book is an excellent starting point for the FCPA practitioner to begin to enlarge a FCPA compliance based program to meet this challenge. We commend it to you for your consideration.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010