2022 Corporate Fraud & Corruption In Depth Feature

Cases of corporate fraud and corruption have risen in recent years. While malicious actors have become more technologically advanced and bolder in their actions, the events of the last two years have greatly increased their opportunities. The coronavirus (COVID-19) pandemic has created new vulnerabilities for organizations of all sizes and industries. The rapid, chaotic scramble to open up remote, digital channels, coupled with reduced managerial oversight and governance, have exposed companies to fresh threats. Download the latest Corporate Fraud & Corruption 2022 In-Depth Report by Financier Worldwide Magazine where Guidehouse experts Ellen Zimiles and Salvatore LaScala share their insights and corporate fraud and corruption in the United States. 

To what extent are boards and senior executives in your country of focus taking proactive steps to reduce incidences of fraud and corruption from surfacing within their company?

Corporate fraud and corruption are issues that have affected financial sectors tremendously, increasing in prominence in recent years. Financial institutions (FIs) tend to be particularly concerned with fraud, as it has a direct negative impact on revenue and can erode the confidence of customers. FIs work to have robust anti-fraud and anti-corruption programs that utilize enterprise wide fraud risk assessments of existing products, businesses and channels, as well as new product offerings. While there are a variety of controls, most are focused on prevention and detection of fraud perpetrated by employees, customers and outside actors posing as customers.

With increasing activity occurring online, FIs are always looking to enhance and leverage technology to match the technology used by individuals and organized fraud corruption rings. Account takeover as a typology is a primary example of this – FIs use several methods to prevent and detect fraud, such as requiring additional authentication for logins and reviewing IP address logins for unusual activity and alerting customers of instances where their accounts may have been compromised.

Have there been any significant legal and regulatory developments relevant to corporate fraud and corruption in your country of focus over the past 12-18 months?

In December 2021, the White House issued the ‘United States Strategy on Countering Corruption’, pursuant to the National Security Study Memorandum-1, in which president Biden described corruption as a core national security interest. The strategy set forth five key pillars in combating corruption to identify and seek to rectify persistent gaps in the fight against corruption. First, modernizing, coordinating and resourcing US government efforts to fight corruption. Second, curbing illicit finance. Third, holding corrupt actors accountable. Fourth, preserving and strengthening multilateral anti-corruption architecture. Finally, improving diplomatic engagement and leveraging foreign assistance resources to advance anti-corruption policy goals. More generally, 2020 and 2021 saw a dramatic increase in fraud and, as a result, it has gotten heightened attention in enforcement. Some of these fraud trends were specific to the Coronavirus Aid, Relief and Economic Security Act and COVID-19, with fraudsters taking advantage of everything from government programs to peoples’ desire to protect their loved ones with unapproved or phony at-home tests and vaccines. Much of this activity has the potential to persist long after COVID-19 is gone. The Federal Trade Commission (FTC) released a report on fraud trends, stating, “Prizes, sweepstakes, and lotteries; internet services; and business and job opportunities rounded out the top-five fraud categories”. The report notes that the agency received 2.8 million complaints, with losses totaling $5.8bn in 2021.

Fraud and corruption seem to be a main focus across many industries. Just do an internet search of “fraud trends” and you will see there is no shortage of results for articles discussing the uptick in frauds perpetrated in 2020-2021. Guidance for combatting it is likewise coming from unexpected places. For instance, the New York State Office of Mental Health's Bureau of Audit  published a list of recommended internal controls for companies to detect and prevent these issues, several of which have already been implemented by financial services companies. For instance, one of the recommendations is to provide the board of directors with oversight of all company operations and management by monitoring the company's financial activity on a regular basis, comparing actual vs. expected revenues and expenses, and requiring independent auditors to present and explain the annual financial statements to the board.

When suspicions of fraud or corruption arise within a firm, what steps should be taken to evaluate and resolve the potential problem?

First and foremost, suspicions of fraud need to be taken seriously and addressed with the appropriate sensitivity. When subjects of accusations are prestigious or senior individuals in an organization, allegations merit an even more formal approach, and it might make sense to have an outside firm handle the investigation. Perhaps Elizabeth Holmes, founder of Theranos, might have been brought to justice sooner had the firm’s board of directors been better trained and had access to an independent review early on. A culture where individuals are discouraged from asking basic due diligence questions should be a red flag. Additionally, firms should initiate investigations promptly. If the allegations of wrongdoing prove to be true, there could be both financial and reputational implications in sitting on the information for too long.

A few other important items to consider: 

• Decide whether to escalate to outside counsel
• Keep the investigation contained to individuals who need to be involved
• Collect and keep a chain of custody of all evidence and investigative artifacts early on, and certainly before it can be removed from offices or wiped from hard drives
• Investigations should be thorough and well-documented
• Recognize when you are in over your head - If your institution does not have the appropriate mechanisms in place, or the parties named in the allegations are too close to the investigation, you may consider bringing in outside experts to assist  
  
  
  

Do you believe companies are paying enough attention to employee awareness, such as training staff to identify and report potential fraud and misconduct?

Most FIs are proactively raising employee awareness in identifying, reporting, and reducing potential fraud. However, FIs’ understanding of the fraud typologies can lag behind their invention. While employees may be trained in spotting fraud, the problem most institutions face is being able to proactively identify fraud so they are not reliant on employee interdiction.

In collaboration with the American Banker, Guidehouse recently conducted and released the findings of a fraud survey titled, “Optimizing Your Anti-Fraud Technology,” which aims to uncover how FIs are building an integrated fraud program. In response to the survey, approximately 37% of FIs indicated they are somewhat/not effective at addressing new and more complex threats. This might be the result of not having a continuous risk assessment process to evaluate risks from new/unforeseen threats. A similar percentage of respondents indicated that they do not have sufficient investment, adequate tools, or technologies to prevent and detect fraud. More than 90% of FIs rely on third-party vendors such as Guidehouse for supporting ongoing maintenance, operation, and governance of their anti-fraud programs and technologies.

Just as important as educating employees, many financial institutions are working to educate their customers to help them identify potential scams before falling victim (or sometimes, falling victim a second time). Scams are on the rise and pose significant cost risks to financial institutions. One method of prevention is teaching their customers to be savvy enough to avoid the scams in the first place.

How has the renewed focus on encouraging and protecting whistleblowers changed the way companies manage and respond to reports of potential wrongdoing?

Companies should be mindful about protecting, and not retaliating against, individuals coming forth with reports of potential wrongdoing. The renewed focus may have the effect of additional whistleblowers coming forward. Companies that are prepared with a governance structure in place to investigate allegations in such a way that the individual raising the concern feels protected from retaliation are less likely to be surprised by allegations in a more public forum. Companies that are growing quickly may be particularly susceptible, as they might not have the compliance infrastructure growing at the same rate as the rest of the company. Whistleblowers may also perceive their cause receives more attention in a public forum and, in the event someone raises allegations outside the organization first, companies need to be able to respond quickly using existing protocols for internal investigations.

Could you outline the main fraud and corruption risks that can emerge from third-party relationships? In your opinion, do firms pay sufficient attention to due diligence at the outset of a new business relationship?

Larger, more established global institutions tend to have IT and physical access controls and change management controls embedded in their infrastructure to guard against third-party frauds, and are, in fact, required to do so and required to evaluate the fraud and Foreign Corrupt Practices Act risk of third parties. Emerging firms likely do not have this part of third-party fraud prevention fully developed and are vulnerable to third parties that require electronic access and physical access to perform their duties.

Whether or not the firm pays sufficient attention to due diligence at the outset really depends on the culture of the firm and the maturity of their anti-corruption program.

What advice can you offer to companies on implementing and maintaining a robust fraud and corruption risk management process, with appropriate internal controls?

There are few main staples of Anti-Fraud and Anti-Corruption Risk Management Programs that institutions should have as part of their framework.  The organization should conduct a fraud risk assessment to understand its susceptibility to fraud and corruption risk and use that understanding to gauge the strength of or guide the development of mitigating controls. Institutions should re-assess such risks and the effectiveness of the controls annually. Controls include: 

1. Development, implementation, and training on policies and procedures
2. Use of fraud prevention and detection technology solutions
3. Required due diligence and risk assessments for third parties
4. Standard protocol to guide internal investigations/retaining outside counsel
5. Having appropriate escalation and reporting for incidents

As mentioned above, depending on the size and complexity of the institution, and the data available to them, institutions should consider intelligent process automation and advanced analytics to sift through large volumes of data to identify fraud, which might otherwise go undetected.

This article is co-authored by Kristen Wenske and Oscar Sanchez.