Professional Documents
Culture Documents
Please note that some of the names and events have been changed
in Kroll case studies to prevent identification of subjects and clients.
While every effort has been taken to verify the accuracy of this information,
neither The Economist Intelligence Unit Ltd., Kroll nor their affiliates can accept
any responsibility or liability for reliance by any person on this information.
© 2007 The Economist Intelligence Unit and Kroll. All rights reserved.
CONTENTS
TECHNOLOGY, MEDIA & TELECOMS ............................14 Protecting data sources from internal theft .........................35
Machinations in the Japanese entertainment industry .......14 Making employee hotlines work............................................36
Old-fashioned fraud:
FRAUD RESPONSE ...............................................................37
A case study from China ..........................................................15
Investigative tactics under scrutiny in the United States .....37
NATURAL RESOURCES .......................................................16 Who is taking responsibility for losing sensitive data? ........37
Challenging corruption in the energy sector ........................16 U.S. Government increases controls over contractors ..........38
Profiting from stolen information .........................................39
TRAVEL, LEISURE & TRANSPORTATION .......................18
Unique profile of the airline industry ....................................18 KROLL CONTACTS ...............................................................40
The gambling industry and money laundering ....................19
KROLL SERVICES ..................................................................41
RETAIL, WHOLESALE & DISTRIBUTION ........................20
Commodity trading and shipping fraud................................20
Working out weak points can pay off ...................................21
Introduction
T
he risk of fraud is a part of doing mature economies and markets. While the
business. It can even be considered a belief often exists that fraud and corruption
consequence. No further evidence is are greatest in foreign cultures or emerging
needed than a glance at the business markets, the largest frauds in history have
section of any major newspaper any day of taken place in the developed world, in
the week. The appearance of fraud at a economies with highly evolved legal and
company is not necessarily, or even usually, regulatory systems which exact severe
a sign of negligence or ethical laxity at the penalties against fraudsters. Both
top. It is instead often the result of large, companies and investors logically tend to
complex organizations doing business in be more cautious and vigilant when
many different venues, currencies, legal examining business operations or
frameworks, and cultures, often at the same opportunities in countries which are
time. This context creates severe challenges unfamiliar to them. But sometimes they
for today’s managers, legal counsels, and forget that just like car accidents, most
compliance officers, who must be all-seeing fraud occurs close to home.
and all-knowing, and never sleep.
It may be that fraud is perceived as more
While frauds have existed throughout prevalent in emerging markets. But without
history, one might argue that the risks of doubt the severity of it – the cost, and the
fraud for business are greater today than in reputational impact – is as high, or higher,
the past. Recent events, be they the in developed economies.
bankruptcies of once fabled companies
This first annual Global Fraud Report
such as Enron or Worldcom, the
presents the collective knowledge of some
manipulation of the financial system by
Andrés Antonius is President of Kroll’s Consulting of the world’s most talented and diligent
Group and previously occupied high ranking drug traffickers and terrorists, or the
fraud fighters. Kroll’s team of experts is
positions in the Mexican Government. He holds a emergence of complex derivatives, have
composed of top forensic accountants,
Ph.D in Economics from Harvard University heightened the sensitivities of authorities,
computer forensic and IT specialists,
regulators, and the investing public. Even
former leading prosecutors, regulators, law
the whiff of a fraud may sometimes be
enforcement and intelligence officers, and
sufficient to place a company under severe
some of the most distinguished
scrutiny or in financial distress.
investigative journalists in the market.
However challenging this context may be, They represent decades, if not centuries,
strategies exist to minimize the risks in any of experience in fraud prevention and
given industry or situation. All of them detection. And the diversity of their skill
have a common starting point: the explicit sets and international backgrounds means
and declared intent by management to that they can effectively address any
make fraud detection and prevention a top situation in any locale in the world.
corporate priority. Any strategy which fails
The Global Fraud Report also contains a
to emphasize this point will necessarily be
fascinating survey carried out by The
limited in its success.
Economist Intelligence Unit which provides
Edmund Burke famously said “The only insights into the frauds that have the most
thing necessary for the triumph of evil is impact on companies around the world
for good men to do nothing.” In the fight and the top risks that today’s managers
against fraud, complacency is often the perceive. One survey result that stands out
biggest obstacle. Complacency regarding is that while internal financial fraud was
fraud arises for many reasons, but mostly reported as one of the most pervasive and
because some see the inevitability of fraud frequent types of fraud, it was not considered
occurring as evidence that it cannot be as important a threat as information theft,
prevented. This confusion may itself create money laundering, or the theft of physical
an atmosphere of tacit acceptance, or at assets. Is this not itself evidence of the
least one in which the questioning of complacency we must avoid?
certain decisions or transactions is
frowned upon and seen as an impediment
to doing business, when in fact it is often
the opposite.
Complacency is also sometimes
paradoxically the result of operating in
ANDRÉS ANTONIUS
F
inancial instruments that are overly result of some of the more notorious frauds
critical equipment are being copied.
complex and not understood by many, that were uncovered from 2000 to 2003
These counterfeits can kill and in recent
unregulated players and the such as those at Enron, WorldCom, Ahold,
months China has begun to address the
creditworthiness of counterparties in Parmalat and others. As one can see from
issue slowly.
certain sectors have already been exposed the results of our commissioned survey and
as major vulnerabilities. Numerous frauds recent headlines, institutional exposure to Third, there is a continuing series of IT-
will be uncovered at a time like this and fraud does not seem to be lessening despite based frauds that will multiply and cause
then the finger pointing will begin. As substantial increases in oversight activity more substantial damage. These
usual, the presence of fraud emerged once both internally and by third parties, such exposures range from ID theft,
the water level dropped precipitously. as the audit profession and specialized misappropriation of assets and
Throughout the 35-year history of Kroll Inc., organizations such as Kroll. information, wholesale financial
our mission has been to help our clients embezzlement and the manipulation of
As we look ahead, it is clear that the
achieve greater transparency and a deeper accounts or even trading systems.
increased use of information technology
understanding of the underlying facts in a tools combined with dramatic growth in Technology, as my friend Sir Martin Sorrell
range of situations and to assist with the world economy will lead to more recently said, is our “Frenemy.” It can be the
solutions. challenging times. Nowhere will the effect tool which is used to commit the act or to
When one reviews some of the results from be greater than in the newly developing unearth the crime. I hope we will use our
this latest survey on fraud, it is clear that markets where growth continues to be very resources to train and our technology to
certain types of exposures have increased significant. The culture of these societies, arm against the constant threat of fraud in
and that all of the old ones persist to some best epitomized by the BRIC countries the future.
degree. As our society has become more (Brazil, Russia, India, China) will be
reliant on information technology, challenging, if profitable, for a new
increased globalization and greater generation of entrepreneurs. We should pay
interconnectedness, certain exposures have particular attention to the integrity of the
expanded right along with them. financial information since many
Dramatically new frauds, such as ID theft, companies in these economies have JULES B. KROLL
A
lthough often reluctant to discuss it, Industries also vary in terms of the extent
almost every business will at some to which they are addressing the problem. fraud has held steady recently,
point have been the victim of For example, financial services which, given but new business models driven
corporate fraud. The extent to which the nature of their business, face especially
acute threats from internal financial fraud
by globalization are increasing
industries experience different categories
of corporate fraud varies according to the or money laundering, are obliged from a exposure at most companies:
nature of their business. For example, regulatory perspective to demonstrate that
they have strong controls in place. Less Respondents are divided as to whether
companies that deal with physical assets,
heavily regulated industries may not have corporate fraud is on the increase.
such as consumer goods and retail, are
this impetus, but they nevertheless are Roughly one-third of those surveyed think
more likely to suffer from the theft of
likely to adopt some measures – whether that the prevalence has stayed the same,
physical assets or supplier fraud.
financial controls or information one-third say that it has increased, and
Meanwhile, those that operate in the
technology (IT) security – to prevent or one-third say that it has decreased.
“knowledge economy”, such as professional
detect fraudulent activity.
services or technology, are more likely to be Eighty-one percent of firms report that
concerned about information theft or The objective of this report is to examine their exposure to corporate fraud has
intellectual property issues. the problem of corporate fraud, both for grown.
The most frequent cause of this increased (28%), Western Europe (18%), and North The frequency of the most
exposure is high staff turnover, which is America (14%).
widespread types of corporate
cited by 32% of respondents. Close behind
Regional variations with intellectual fraud, and those giving rise to
are complex IT arrangements (31%), entry
property theft and counterfeiting are
into new markets (28%) and increased
closely linked to countries rather than
the most concern, vary relatively
collaboration between firms (26%) – all of
regions. Among firms operating in the little by region:
which are factors that are closely tied China, 38% have experienced such fraud
with modern business practice. Entry into Theft of physical assets was reported by
in the past three years, compared with
new markets is of particular concern for between 32% and 40% of firms in all
just 14% in rival developing economy
larger firms (38%). India. The latter compares favorably regions.
with the overall figure of 19%, and even Between 24% and 31% of companies had
Companies treat corporate the 9% reported among Canadian and suffered information attack in most
U.S. respondents. That one in eleven areas, except North America (16%) and
fraud as largely a financial
firms in the latter still suffer from this Latin America (18%).
and IT issue, but too many are problem, however, speaks of relative
insufficiently prepared for rather than absolute success in
these and other risks: addressing it.
Identity theft
prevention:
A looming
requirement?
Detect these red flags in connection with
I
dentity theft is a rapidly growing released a proposed new federal rule,
problem for financial institutions and commonly known as the “Red Flags Rule”. the opening of an account or activity in
their customers. More than 600,000 The proposal, if adopted, would require any existing account;
consumers become victims each year in the financial institutions to put in place a
Assess whether these detected red flags
U.S. alone, and four of the top five techniques written identity theft program emphasizing
involve financial services: opening new the detection, prevention, and mitigation of prove a risk of identity theft;
credit card accounts; using existing ones; this crime. The program would have to Mitigate this risk as appropriate for its
opening new deposit accounts; and contain reasonable policies and procedures degree;
obtaining loans. Financial institutions will to address the risk of identity theft in order
Train staff to implement the Red Flag
increasingly absorb much of the economic to protect customers as well as the bank.
Program;
loss from this kind of fraud.
The proposal outlines, in some detail, 31
Oversee service provider arrangements;
In the past, many banks have not involved patterns, practices, and specific types of
themselves, other than to sympathize with activity that should raise a “red flag”, signaling Specifically for credit and debit card
affected customers. Even as the frequency a risk of identity theft in connection with an issuers, develop policies and procedures
of identity theft issues has risen, many existing account or the opening of a new one. to assess the validity of a request for a
banks have thought it sufficient to assist change of address followed closely by a
The proposal would require financial
victimized customers by giving them request for additional or replacement cards.
institutions to:
telephone numbers to call, directing them
to the appropriate credit bureau agencies, Verify the identities of persons opening How do financial institutions feel about this
or providing other advice on what the accounts; proposed rule? Not surprisingly, in the wake
customers could do for themselves. of the U.S. A Patriot Act, further compliance
Identify red flags relevant to possible
In July 2006, however, the United States risks of identity theft which could harm burdens have not been well received,
federal financial institution regulatory customers or the safety and soundness especially when some already form part of
agencies and the Federal Trade Commission of the institution or creditor; Customer Identification Programs. In
addition to the outlined obligations, there
REPORT CARD FINANCIAL SERVICES will undoubtedly be additional information
Financial Loss: Average loss per company over past three years: U.S.$14.6m (218% of average) security burdens as well.
Prevalence: Percentage of companies suffering corporate fraud loss over past three years: 83%
Increase in Exposure: Percentage of companies where exposure to fraud has increased: 83% Happy or not, although the rule has not
Areas of High Vulnerability: Information theft, loss or attack (26% of sector firms indicate been finalized, financial institutions are on
that they are highly vulnerable) • Management conflict of interest (18%) notice of what some agencies contend
Areas of Frequent Loss: Regulatory or compliance breach (29% have experienced in past three years)
Internal financial fraud or theft (28%) • Information theft, loss or attack (27%) • Theft of physical assets
should be minimum standards. Institutions
or stock (26%) • Financial mismanagement (23%) • Management conflict of interest (23%) should be taking steps now to prepare
% 0 10 20 30 40 50 60 70 80 90 100 programs that will prevent the theft of
Corruption and bribery customers’ identities. It is ultimately a
Theft of physical assets or stock small price to pay for maintaining their
Money laundering own safety and soundness while building
Financial mismanagement loyal customer relationships and
Regulatory or compliance breach implementing strong prevention programs.
Internal financial fraud or theft
Information theft, loss or attack
Liz Marchese is a director in Miami. She has over 20
Vendor, supplier or procurement fraud years of banking operations, security and compliance
IP theft, piracy or counterfeiting experience, most recently at Union Planters Bank.
Management conflict of interest She has served three times as president of the
Financial Institutions Security Association (FISA) and
Highly vulnerable Moderately vulnerable Minimally vulnerable Don’t know/Not applicable is a qualified expert witness.
CASE STUDY
EIU SURVEY
OPERATION MALAYA: Corporate fraud at financial services companies
S
ince the beginning of the 1990s, Spain’s
The loss per firm is $14.6m, well over twice
“economic miracle” has brought an
the average for all industries and the
exponential increase in investment highest in our survey.
in coastal areas. Marbella, the world Increasingly complex information
famous tourist resort of the international technology has left 43% of respondents
jet set, has seen money, mostly foreign, more exposed to risk. Consequently 27%
pour into real estate. Sumptuous villas have suffered from information theft in
have appeared, accompanied by the rapid, the past three years, and 28% consider
disorderly spread of houses, apartments themselves highly vulnerable to this most
widespread worry for the sector.
and commercial centers.
In practice, regulatory and compliance
The frantic activity of real estate breaches make up the most common
promoters, backed by flexible and problem, having affected 29% of
executives and owners of some of the companies. This risk represents an area of
inventive banks, has driven growth by
companies with which our client had high vulnerability for 17% of respondents.
allowing Spaniards to think that they
wanted to work. Following our report, our Money laundering is understandably a
were making safe investments. particular problem in financial services,
Speculators, however, helped by client was able to find other partners and
although less common than the others
inadequate regulation, brought with them his only loss was a few months’ time.
discussed. More than one in ten firms
money laundering, corruption, coastal Without the due diligence study, he consider themselves highly vulnerable to it
and environmental devastation and would probably now be trying to explain and a similar number have actually
exploitation of limited natural resources to a judge and to the press his presence suffered from it in the past three years.
as a shareholder of some of the indicted Given the attention that governments,
such as water to build golf resorts.
businesses. regulators and security agencies pay to
The Importance of Due Diligence illicit cash flows in the post 9/11 world,
In this context, an important foreign The Mechanism: Land Rezoning these figures are far too high. Failure here
Operation Malaya exposed the fraud risks will attract little sympathy or leniency.
institutional investor asked Kroll to assist
that can be involved in the real estate Internal financial fraud is significantly
him in a due diligence study of certain
sector when certain conditions are more common, hitting more than one-
major construction companies in the quarter of firms, but theft of physical
region with which he hoped to form an present. A generally positive perception of
property is rarely a problem. The asset
ongoing relationship. We found, mainly real estate development – along with a
worth stealing in this industry is money
through documentary analysis, that some lack of clear rules and scrutiny – allowed rather than stationery.
of these firms did not have a clear politicians and developers to illicitly split
The sector is working harder than most to
background – incomplete accounts, overly the gains from real estate sales in combat corporate fraud, but could do more.
rapid growth, lack of long-term personnel exchange for construction licenses and The use of most anti-fraud strategies is far
– and that some were too close to local rezonings of protected land. Construction more widespread within financial services
politicians. We concluded that there was firms paid huge amounts to politicians, than among other businesses. For
knowing that an extraordinarily receptive example, 85% use financial controls to
a serious risk that these companies might
market would pay any price for houses, combat such problems (compared with an
be involved in improper business practices, average of 79%); 80% use IT security
and advised our client accordingly. commercial centers and resorts. To make
measures (compared with 70%); and 69%
things run smoothly, all such
use staff background screening (compared
The biggest difficulty was explaining to arrangements were handled through one with 57%).
our client why our findings were of the Town Hall’s advisors, who was in Formal risk management systems are more
sufficient to cause him concerns complete control of real estate operations than one-and-a-half times more common
regarding his investment. He wanted hard in Marbella. Although citizens suspected in this sector than overall.
evidence, while we had strong indicators. corruption existed, the magnitude of the Financial services companies are much
Our professionals met with the client and scheme once fully exposed left more likely to plan to invest in financial
eventually he understood our position. indignation and bewilderment. controls, IT security and management
controls to combat fraud than their
In March 2006, less than one month after Due diligence, even if it does not produce counterparts in other sectors.
we delivered the report to our client, a smoking gun, can make clear which However, although 85% of firms use
Operation Malaya made national and companies to avoid and why. financial controls against fraud, this means
international headlines. After a year-long that nearly one in six financial services
investigation, police arrested most of firms do not. In this industry, such
Alessandro Nurnberg is a senior arrangements should be second nature,
Marbella’s city government on charges of director in Madrid specializing in and would help with some of the biggest
corruption, money laundering, and investigations into offshore vulnerabilities.
several other offenses. The operation structures. He previously worked as
a tax and legal advisor for TS Group The financial services industry is working
continued in other Spanish regions,
in Lugano, Switzerland and later much harder than most but, given the
including most of the South, Madrid and financial and legal costs of failure, it needs
advised clients on M&A, public sale
the Basque Country. As a result, 86 people offers and fiscal offshore structures at Ernst & Young. to do even more.
are undergoing trial, among them the Written by The Economist Intelligence Unit
Growth of USD100
Assets ($mil)
Aug-05
Aug-06
May-04
May-05
May-06
Nov-03
Nov-04
Nov-05
Nov-06
Feb-04
Feb-05
Feb-06
for hedge funds have bested nearly every
other investment opportunity. The news
from emerging markets is even better: * Performance of the Credit Suisse/Tremont Hedge Fund Index (Emerging Markets sector) if one had invested
$100 at inception of the graph
Returns in Q2 2007 averaged around 9.7%
according to Morningstar, Inc., and in
recent years such investments have seen past year the University of Texas, Harvard Composite Stock Price Index. While its
20% growth. Consequently, hedge funds University, and other schools have managers were highly regarded, investors
focused on emerging markets have announced plans to increase their questioned the soundness of the fund’s
exploded from $2.6 billion in assets under allocations in emerging market funds. internal risk controls. Last year, Charles
management in 2003 to nearly $32 billion Schmitt, the Hong Kong-based head of the
by late 2006, according to a recent Credit The performance has also, however, CSA Absolute Return Fund, was sentenced
Suisse report (Chart 1). compounded risk: An increasingly large to four and half years in prison for
number of funds flush with capital are channeling over $190 million from investors
Such performance has attracted a broad
competing over a limited number of into shell companies administered on his
array of investors including endowments
investments. A larger number are very behalf, some of which were used to pay his
and state pension funds. Endowments and
young and headed by managers with little personal expenses, which included a
state pension funds continue to expand
to no track record. Low barriers to entry Hawaiian home.
their holdings into hedge funds and
alternative investments in emerging and low thresholds of regulatory oversight Funds investing in emerging markets
markets. By March 2006, the California continue to allow new funds to proliferate. require extra due diligence. Investors,
Public Employee Retirement System had Many are small – over half have fewer than particularly institutional ones, must
invested more than $300 million in a 10 employees – and depend heavily on only undertake responsible efforts to understand
variety of Asian hedge funds, and in the a few people for their performance, driving with whom they are doing business and
up operational risks. the types of investments being made. With
the amount of capital such institutional
A few simple questions may help More problematic still, although China, India, investors bring to the table, they are in a
protect the investor from fraud: and Brazil still draw interest, the race to keep unique position to pressure fund managers
Was the investor introduced to the returns high has pushed some funds into for additional transparency and
manager/investment opportunity riskier investments in “new emerging information about the fund’s operations,
through trusted sources? markets” such as Colombia, Angola, Vietnam, performance, and risk controls.
and Mongolia. Investors in these markets
Does it all sound too good to be true? Adequate due diligence is a cost of doing
have to be prepared to guard against
business in any market, especially an
What impressions did the investor corruption and unpredictable political and
emerging one, and should be viewed as part
get when meeting with the hedge economic climates. Those buying into the of the investment, not a sunk cost. It is
fund management team? funds, however, may have little knowledge certainly cheaper than undertaking
of where their money is going. litigation, chasing assets, and repairing
Were they candid and helpful?
While the news is dominated with stories reputations after a failed investment.
Who are the third party service of the collapse of large scale funds, a host 1
Hedge Fund Research Inc.
providers for the fund – lawyers, of lesser known ones are closing in emerging
accountants, back office administrators? markets. Some have made bad investments. Peter Turecek is a managing director in New York.
Are they reputable? Can they provide Others have fallen victim to outright fraud. He specializes in hedge fund related intelligence,
independent confirmation? In 2005, the Aman Capital Global Fund, corporate contests and securities fraud.
Who is the fund manager? once the flagship of Singapore’s hedge fund
industry, collapsed after only one and half Julian Grijns is an associate managing director in
What are his or her credentials? New York. He previously worked at Towers Perrin in
years when it lost an estimated 18% of its their competitive intelligence program.
assets on derivative trading on the Korea
SECURITIES:
and the principals had no real
United States, according to Business Week. experience in the industry;
This market, however, has attracted its
The business operated in an essentially
share of fraudsters, and regulators have
T
he collapse of the sub-prime mortgage The investment involved a needlessly
market has rekindled a debate about From the mid 1990s until 2004, Mutual
complicated corporate structure and the
the economic impact of fraud in the Benefit Corp., a Florida-based life
principals controlled multiple shell or
insatiable markets for high yield alternative settlement company, bilked 30,000
investors out of $830 million. In 2004, the related party companies;
investments. Did the fraudulent practices of
a few originators and issuers of these Securities and Exchange Commission The principals were reluctant to share
mortgages spark the downfall of the market, sued to shut it down. In 2007, its executives information about their current or past
or was it due to cyclical economic forces? were convicted of federal crimes and the business partners;
Watchdog organizations often spend years company, now in receivership, pleaded The principals, their previous partners,
after the fact trying to find the answer. guilty to racketeering and investment or their companies had been subjects of
Investors should ask a more important fraud charges.
significant civil and criminal litigation,
question: could the potential fraud have been and had numerous liens or judgments.
identified in advance and therefore avoided?
Alternative Energy Investments
With oil prices close to all-time highs, the
Just like any stock-picker or analyst,
traditional and alternative energy markets
fraudsters follow the market, recognizing a markets for greenhouse gases, suggesting
are booming, and so are investment scams.
hot market as a ripe one. Fast-paced capital some organizations are paying for
Investors looking for a quick return are
markets are always creating new emissions reductions that do not take
losing millions of dollars in sham oil and
investments, providing fertile ground for place.” Among other things, it found
gas investments. In January 2007, the North
modern-day Charles Ponzis to develop organizations buying “worthless” credits,
American Securities Administrators
schemes that are more complicated and industrial companies profiting from doing
Association reported that, over the
take longer to unravel. At first glance, the “very little” and brokers providing
preceding two years, state and provincial
neo-fraudster might seem to be using new “questionable” services.
regulators had opened more than 260 cases
and exotic investment vehicles and
involving oil and gas-related schemes and
methods in order to bilk investors, but a History: An Investor’s Guide
issued 122 cease and desist orders against
closer look usually reveals a simple daisy
promoters. In particular, a flood of Market history and lessons learned from
chain or Ponzi scheme.
investments into companies with “new” due diligence can reveal potential fraud in
Two trendy investments are life settlement- technologies that have no industry advance and may help predict the strength
backed securities and alternative energy. expertise harks back to the dot.com boom of a particular security or market. Just as an
There are regular media reports about fraud and bust of the 1990s. actuarial or bond rating house uses empirical
in these markets, although the underlying data to predict the quality of an investment,
economics are sound. Appropriate diligence
can separate the scams from the true
Appropriate diligence can a due diligence investigation of the persons
involved and their record allows investors
opportunities. separate the scams from to understand the potential risks.
the true opportunities.
Death Bonds
Michael Fellner is a senior managing director and
A recent Business Week cover story reported The alternative energy market has even head of the Chicago office. He specializes in
that in May more than 600 Wall Street seen a scam involving an entirely phony corporate contests, embezzlement and political
corruption and bankruptcy fraud cases. Previously
bankers “gathered at a conference in New exchange. In May 2007, a federal judge
he worked as a journalist and ran his own
York to talk about the next exotic investment entered a default judgment against investigations agency.
coming down the pike: death bonds,” now American Energy Exchange and York
called life settlement-backed securities. Commodities after the U.S. Commodity Lisa Silverman is a managing director based in
Futures Trading Commission charged them Chicago. She specializes in investigative cases for
Is this a resurgence of the discredited viatical corporate contests, theft of trade secrets, patent
with fraudulently soliciting customers to
market, which emerged in the 1990s in the infringement and product tampering.
trade non-existent energy futures on a non-
wake of the AIDS epidemic? Sellers, typically
existent exchange through a fraudulent
the elderly or terminally ill, sold the right Mark Skertic is a director based in Chicago.
broker. Prior to that he worked for over 20 years as an
to their eventual life insurance policy death
award winning investigative journalist at the
benefits for an up front payment. Bundled Fraud also appears on legitimate
Cincinnati Enquirer, Chicago Sun-Times and the
viatical policies were marketed as securities exchanges. In April 2007, the Financial Times Chicago Tribune.
to individual investors. reported on “widespread failings in the new
F
rom one side of Kroll’s London offices,
The loss per firm for the past three years is one has a splendid view of
$2.3m. This is equivalent to around one- St Paul’s Cathedral. From another,
third of the survey average and is one of there is a vista of Fleet Street, long the
the lower figures. home of the British press; and from a third,
Respondents believe that the prevalence of the harsh lines of the Old Bailey, London’s
fraud has stayed the same over that period. Central Criminal Court.
Fewer professional services firms have
If management ever needs a reminder of centralize or co-ordinate risk management.
experienced each category of corporate
the risks faced by the modern professional The only answer is to treat individuals as
fraud than the average, except for
services firm, a swift walk around the individuals, and get buy in – while also
information and IP theft. In particular, only
building should suffice. Reputational, leading from the top, to ensure that
20% suffered from theft of physical assets.
ethical and legal issues abound. The central everyone knows that rules are rules.
Although this arises partly from the sector
issue, for professional services firms, is
being knowledge-intensive without a
about governance: getting everyone to These are people businesses, so
physical product, the figure is still the
address the issues systematically and management of human capital is critical.
lowest for any industry.
globally, to link together diverse functions Professional qualifications and licensing are
This sector includes professions that actively (financial, legal, HR), and above all to get important, which means ensuring that
combat fraud, or for which suspicion of fraud billable professionals to devote scarce and background screening is carried out and
presents an increased danger because valuable time to risk prevention. that staff references are taken up. Conflict
reputation is so important in maintaining checking systems are essential – but so is
clients. This has several effects on the nature Like many professional services firms, Kroll the training and education that enables
of, and response to, corporate fraud. has offices around the world with diverse people to understand how to operate them,
These companies are more likely to deal cultural backgrounds, histories and legal and how to make sensitive judgments
with the issue directly and combat the frameworks, and getting a common about what constitutes a conflict and how
problem themselves. Sixty-one percent say approach is a challenge. The solutions tend to handle it.
that they manage it in house compared to lie in pragmatic answers: working with
the grain of the business and getting each A critical issue for professional services
with 45% of all companies.
office and region involved. Legal, risk and firms is the vetting of projects before they
Accordingly, professional services firms are are taken on. Kroll, like many such firms,
compliance functions need to co-operate.
half as likely to turn to the big four has regional risk committees that review
Standard operating procedures need to be
accountancy firms (16% compared with projects assessing whether legal,
clear, but also simple enough to adapt to a
33% for the average). reputational and financial issues are in line
wide variety of operating environments.
In the past three years, a slightly lower with the law, standard operating
percentage of companies than average has Many such companies are made up of procedures, and our business model.
suffered from bribery and corruption (15% individuals who either are, or operate as,
compared with 19%), regulatory breaches partners: they own the business, and that
(15% compared with 19%) and money can be a great strength, conferring a sense Andrew Marshall is a managing director based in
laundering (2% compared with 5%) of responsibility and focus. But at the same London and Washington, having previously held the
roles of chief risk officer and head of strategy EMEA.
The sector faces the usual problems of a time, it can make the business harder to He spent 15 years as a journalist including serving
knowledge industry, but may not be navigate: people are jealous of client as Foreign Editor and Washington Bureau Chief for
addressing them aggressively enough. relationships, reluctant to discuss “their” The Independent newspaper.
business, and ill-disposed to efforts to
The most frequently reported types of
fraud are information theft (29%) and IP
theft (21%). These are also two of the REPORT CARD PROFESSIONAL SERVICES
three areas where the greatest number of Financial Loss: Average loss per company over past three years: U.S.$2.3m (34% of average)
respondents feels highly vulnerable (26% Prevalence: Percentage of companies suffering corporate fraud loss over past three years: 83%
and 19% respectively). Increase in Exposure: Percentage of companies where exposure to fraud has increased: 89%
Complex IT structures have increased Areas of High Vulnerability: Information theft, loss or attack (26% of sector firms indicate
exposure to fraud at one-third of companies. that they are highly vulnerable to this threat) • Management conflict of interest (21%)
However, the proportion of companies Areas of Frequent Loss: Information theft, loss or attack (29% have experienced in past three years)
IP theft, piracy or counterfeiting (21%) • Management conflict of interest (21%)
using IT security and countermeasures to Theft of physical assets or stock (20%)
combat fraud is only 69% and just 57% say
% 0 10 20 30 40 50 60 70 80 90 100
that they intend to increase investment in
Corruption and bribery
that area. Both of these figures are slightly
lower than the average. Meanwhile, only Theft of physical assets or stock
one-third of professional services firms say Money laundering
that they engage in IP monitoring – this is Financial mismanagement
lower than the average – and just 37% are Regulatory or compliance breach
looking to invest in this area. Internal financial fraud or theft
The professional services sector should pay Information theft, loss or attack
particular attention to IT security and IP Vendor, supplier or procurement fraud
monitoring, especially as legal and IP theft, piracy or counterfeiting
accounting firms should already be strong in
Management conflict of interest
other aspects of fraud control.
Highly vulnerable Moderately vulnerable Minimally vulnerable Don’t know/Not applicable
Written by The Economist Intelligence Unit
I
nternal audit managers can increasingly being processed. This additional step serves
rely on the data in procurement systems a dual purpose: as well as identifying fraud, The figures for perceived
to analyze the behavior of staff. it can act as a deterrent by showing that a vulnerability to corporate fraud
E-procurement tools let organizations see buyer’s activities are being monitored. within this sector are generally
not just how much a department is
spending with a supplier, but what is being Our extensive experience in fraud about the same as the overall
bought by individual staff members. Most investigations suggests that the following is average, although in some instances
procurement departments use this data to a reliable guide to setting up a transaction they are slightly lower. Only in one
analyze contract compliance and the profiling service: area, procurement fraud, is
opportunity for greater savings, but it can
Do: vulnerability perceived to be higher
also be used to detect fraudulent
transactions before they occur. Test the profile and monitor the volume than average.
of flagged transactions;
Some advisors still suggest that companies Spending on the leading anti-fraud
Provide clear communication to buyers
can detect fraud if they monitor their staff strategies is also less widespread in
about why a transaction has been flagged;
for signs of sudden affluence. While this may this field than among the overall
Handle investigations or re-approvals
be a sound signifier for fraudulent activity, it survey respondents, especially for IT
quickly and efficiently;
is hardly a reliable method of detection. measures (used at 59% of
Monitoring spend activity is the best Update profiles if buyer circumstances
opportunity that organizations have of and departmental needs change; manufacturers against 70% overall),
identifying staff who process fraudulent Review profiles annually in order to management controls (54% to 64%)
transactions. In most cases, this activity is ensure they are effective; and staff screening (48% to 57%).
predictable and, if managers establish a View profiling activity as a long-term Future investment in these fields
service to monitor buyers, much of it can be commitment. also looks set to lag behind that by
identified before any payment is made. In
large international organizations, where Don’t: other sectors.
thousands of orders can be raised per day, it Infer that buyers are acting fraudulently
In practice, however, little reason
is not feasible to monitor every transaction, before investigating the transaction;
but they can be profiled in order to flag those Assume that a profiling service will
exists for complacency.
that carry the highest risk of fraud. capture all fraudulent transactions; Manufacturers have experienced
Profiling can help identify the types of Transgress any equal opportunities higher than average incidences of
buyer most likely to commit fraud and legislation when profiling buyers; several types of fraud, including:
combine this with the transactions most Allow buyers to be aware that they are or theft of physical assets (47%
likely to attract it. For example, a temporary are not being monitored: they should compared with 34% for the overall
staff member raising a high value order assume that they always are.
sample), corruption and bribery
should be seen as high risk. Similarly, the
purchase of desirable consumer goods, (28% compared with 19%), financial
provides consulting and research services
such as audio-visual equipment or alcohol, for public and private sector organizations. It mismanagement (26% compared
should be flagged as high risk. Individual specializes in services for organizations who want with 20%) and intellectual property
buyers can be put “on probation”, their to improve their procurement and supply chain theft or counterfeiting (23%
activity monitored and transactions flagged management through the use of e-procurement. compared with 13%).
according to different levels of security risk.
The loss per firm for this sector is
slightly above average, as is the
REPORT CARD MANUFACTURING
proportion of firms suffering from
Financial Loss: Average loss per company over past three years: U.S.$6.8m (101% of average)
at least one form of fraud in the
Prevalence: Percentage of companies suffering corporate fraud loss over past three years: 88%
past three years.
Increase in Exposure: Percentage of companies where exposure to fraud has increased: 88%
Areas of High Vulnerability: Information theft, loss or attack (18% of sector firms indicate The growth in exposure to fraud
that they are highly vulnerable) • Corruption and bribery (15%) is hitting more companies in
Areas of Frequent Loss: Theft of physical assets or stock (47% have experienced in past three years)
Corruption and bribery (28%) • Financial mismanagement (26%) • Vendor, supplier or procurement this industry than on average
fraud (25%) • Information theft, loss or attack (23%) • IP theft, piracy or counterfeiting (23%) (88% compared with 81%).
% 0 10 20 30 40 50 60 70 80 90 100 The necessities of globalized
Corruption and bribery competition mean that entry into
Theft of physical assets or stock new markets, IT complexity and
Money laundering increasing collaboration between
Financial mismanagement businesses are all increasing the risk
Regulatory or compliance breach of fraud at a faster rate than
Internal financial fraud or theft elsewhere.
Information theft, loss or attack
Manufacturing companies need to
Vendor, supplier or procurement fraud
understand better the degree of risk
IP theft, piracy or counterfeiting
they face, and to invest accordingly.
Management conflict of interest
I
n June 2007, MarkMonitor undertook an
in-depth study of the online hijacking of
popular pharmaceutical drug brands,
including millions of emails and billions of
Web pages. It focused on six popular
prescription drugs – three of the most
popular drug brands, according to industry
O
ff-the-book money remains as were limited for some time, but suddenly
have had on Japan Video’s reputation as a
important as ever in Japan’s picked up five years ago, following the
listed company.
entertainment industry, and appointment of Akira Z as CEO. Z embarked
methods for facilitating such payments on a series of new projects outside the Other examples of kickbacks and shell
have become an established part of company’s main field of videos and companies to hide illegal payments later
business models for many companies. adopted a strategy to raise Alpha’s brand came to light, although these were for the
Cash and personal relationships are all- profile. In cooperation with external personal benefit of the management rather
important in this world, where under-the- funders, he embarked on capital than for that of the business. An
table payments are not always regarded as reinforcement and strengthening investigation by Kroll showed that both the
a vice. The result is that many companies management. legal and financial departments had issued
have extremely lax internal controls, with
Z’s initiatives led to cost overruns, repeated warnings. A senior legal officer
practices such as payment in cash to avoid
unaccounted payments, and the who had discovered what was going on
income tax or executives having several
reassignment of accounts, which led Beta made a direct appeal to a higher authority
companies with opaque activities.1
to intervene vigorously. Since the CEO was and – in a quintessentially Japanese
The case of Alpha Video helps to highly regarded by his staff and the market, outcome – was himself forced to resign.
demonstrate the extent of such activity and these attempts to improve controls did not These efforts bore no fruit in a company
the difficulties in stopping it. The company go smoothly. However, Beta discovered a that kept no proper records, even of Board
was launched in Japan some fifteen years case of account-rigging carried out two decisions. Only the arrival of Beta led to a
ago and subsequently purchased by the years before Beta had purchased Alpha, and review of corporate governance and the
European firm Beta. Alpha’s operations the company was shocked into action. hiring of Kroll.
It need not be this way. Data from the
REPORT CARD TECHNOLOGY, MEDIA AND TELECOMS United States suggests that the
Financial Loss: Average loss per company over past three years: U.S.$4.9m (63% of average) entertainment industry does not have a
Prevalence: Percentage of companies suffering corporate fraud loss over past three years: 77% particularly high rate of improper activity
Increase in Exposure: Percentage of companies where exposure to fraud has increased: 88% in comparison with others. In Japan,
Areas of High Vulnerability: IP theft, piracy or counterfeiting (22% of sector firms indicate however, the tactics used are overt and
that they are highly vulnerable to this threat) • Information theft, loss or attack (21%)
Areas of Frequent Loss: Theft of physical assets or stock (28% have experienced in past three years) senior executives need to increase their
Information theft, loss or attack (27%) • Vendor, supplier or procurement fraud (24%) awareness of the magnitude of the effects
Corruption and bribery (21%) that fraudulent activities may be having on
% 0 10 20 30 40 50 60 70 80 90 100 corporate governance.
Corruption and bribery
1
All the names and significant details have been
Theft of physical assets or stock
altered in this account, to prevent identification of the
Money laundering case.
Financial mismanagement
Regulatory or compliance breach
Tsuyoki Sato is a managing director
Internal financial fraud or theft and director of operations in Tokyo
Information theft, loss or attack where he has carried out fraud
investigations in industries including
Vendor, supplier or procurement fraud
entertainment, IT and manufacturing.
IP theft, piracy or counterfeiting He is a member of the Association of
Management conflict of interest Certified Fraud Examiners (ACFE) and
the American Society of Industrial Security (ASIS). He
Highly vulnerable Moderately vulnerable Minimally vulnerable Don’t know/Not applicable previously worked as an investigative reporter.
CASE STUDY
EIU SURVEY
Old-fashioned fraud: As a knowledge industry, this sector is
Challenging
corruption in the
energy sector
F
or energy companies, especially those
and contractors, details of bid documents
in the upstream oil and gas sector,
are an especially valuable commodity.
combating fraud of all types is an
everyday challenge embedded in their In addition to obtaining details about
operating environment. The sheer scale bids, suppliers and contractors try to out-
and complexity of the industry and the do their competition in the intelligence-
vast revenues projects can generate even gathering business, which in some cases
when energy prices are relatively low, further leads them to illicit tactics
explain the challenge. including bribery. A cottage industry of
“agents” has arisen to “service” the
Knowledge is power and much of the fraud
industry, and their audacity is legendary:
found in the industry revolves around
“We’re pretty clean otherwise,” said one
information-seeking. The capital intensive
industry executive, “but when it comes to
projects of energy companies cost billions
tenders and information on things like
of dollars and take years to plan and
production-sharing contracts or details of
complete. With so much at stake and fierce
a deal that another company has cut,
competition among potential suppliers
well, that can be a different story.”
EIU SURVEY
Overall, the travel and leisure industry
suffers comparatively few problems
from corporate fraud.
The loss per firm during the past
three years was $1.1m, or one-sixth
of the average, although this is partly
industry an increase.
Accordingly, companies show only
moderate concern about the issue.
G
aming and gambling are important administration, or electronic gambling
in such strategies is also very close to
global industries, and the majority of games – or firms with partners located on
the mean.
firms are run legally and soundly. U.S. territory, find themselves indirectly
But the gambling industry attracts money bound to comply with the legislation, even Worrying data, however, suggest that
launderers, offering a variety of ways for when the country in which they are more attention is needed.
illegal funds to be apparently bet but in fact conducting business has little or no Although the costs are still small, the
laundered. One example is the purchase of regulation in this regard.
a large number of casino chips, which are prevalence of certain types of risk are
then cashed in as if they were winnings Although money laundering cannot be alarmingly high in the travel industry:
from a “lucky run”. Online betting is also completely avoided, it is timely for 42% have suffered from theft of
useful for hiding the illegal origin of money. gambling companies to develop policies physical assets (the overall average is
Many casinos are open twenty-four hours a and procedures that improve and extend 34%); 30% from management
day and anyone can play. Moreover, Internet existing controls against this practice, as conflict of interest (compared with
bets can be made by credit card, increasing well as against more general fraud and 21%); 27% from internal financial
the risk of fraud. Many jurisdictions terrorist funding. Those working on such fraud or theft (compared with 19%);
therefore tightly regulate this industry, policies must consider areas including: and 24% from corruption and bribery
whether the bets are physical or virtual. identifying, and finding out details of, (compared with 19%). All these tend
betters, winners, and employees; and to balloon if left unchecked, so their
The 9/11 terrorist attack brought in its wake
defining operational procedures and wide prevalence, even at low
American legislation to impede money
different gambling methods according to
laundering and terrorist funding, which has volumes, is a concern.
the risks they represent.
deeply affected the gambling industry. The
Although the problem of corporate
U.S.A. Patriot Act, for example, included
important and far-reaching “extraterritorial” Karla Sotomayor is an associate fraud is not currently as serious as that
provisions that changed the outlook for managing director in Mexico. faced by other sectors, the travel
She has spent over 10 years industry must take greater care to
companies bound by U.S. law. Companies working in anti-money laundering
linked to service providers – in this context and compliance and previously ensure that it does not become more
examples include those providing slot worked as anti-money laundering prevalent.
machines, gaming software, mutual betting director at Banamex/Citigroup.
She is a member of the Mexican Bar Association. Written by The Economist Intelligence Unit
system administration, instant lottery
Brand integrity:
Anti-counterfeiting,
piracy and tainted goods
A
ntifreeze-tainted toothpaste, lead- seized $500 million worth of pirated article, however, pinpointed the underlying
painted toys, tread-splitting tires, software; Congress held hearings on food problem: “As a developing country, China’s
contaminated pet food, dangerous safety; and the Food and Drug food and drug supervision work began late
pharmaceuticals, pirated software – for the Administration signed an agreement with and its foundations are weak.”1
past several months, one counterfeit product the European Food Safety Authority to
For far different reasons, the United States
or tainted ingredient entering the Western improve the assessment of food safety
also finds itself in a dismal situation, with
marketplace after another has been in the risks.
regulatory agencies ill-equipped to deal
news. Almost without exception, these
with counterfeiting or to assure the safety
products originate partly or solely in China.
Global consumer of imports. In Western countries, the issue
This coverage has captured the attention of product manufacturers is not lack of a foundation for supervision,
consumers, regulators, and corporations but the reality of globalization and the vast
alike. Beyond returning their suspect toys must serve as their own growth in the number of products that
and checking their toothpaste, individual regulators and enforcers. arrive from abroad. To compound the
consumers cannot do much. No matter problem, counterfeiters are growing ever
how vigilant they may be, it is virtually more sophisticated, often becoming
In China, the execution of Zheng Xiaoyu, a
impossible for an individual to be involved in organized criminal networks
corrupt State Food and Drug Administration
completely sure that a particular product is and leveraging technology and the Internet
official, clearly indicated that the
safe for their family. To minimize their to avoid detection.
government recognizes the seriousness of
exposure, most rely on trusted brands
the situation. Beijing officials have This combination of globalization,
made by trusted manufacturers. Implicitly,
announced wide-ranging measures to curb advanced technology and an under-
consumers also put faith in the global
counterfeiting, including the hiring of an resourced regulatory and enforcement
regulatory agencies that monitor product
American crisis manager to improve a environment creates a world of opportunity
manufacturing and distribution.
tarnished image and secure the future of for counterfeiters. Unfortunately, the
Regulatory and enforcement agencies are lucrative trade relationships with Western increasing number of news reports referred
doing what they can: recently in the United countries. A quote from a Chinese to earlier heralds a problem that is
States, the Federal Bureau of Investigations government official in a recent CNN.com increasing in scale.
C
onstruction fraud can happen on any Justice or a state, city, or county agency Have a fraud expert oversee aspects of
kind of project: large or small, public announces arrests, indictments, or procurement. Independent oversight of the
or private, commercial or residential, convictions that support this 10% figure. bidding process will ensure a level playing
new building or renovation, small town or field, the confidentiality of important bid
So what do you do if you are facing a
big city, American or international. Having information, identify or deter bid-rigging,
construction project that you know has a
investigated hundreds all over the world, I and insure that estimates and proposals
significant risk of fraud and corruption but
have not come across one that was totally do not contain fraud.
want to protect your corporate reputation
clean. Just Google the words “construction” Have a fraud specialist conduct random
and pocketbook? Regardless of where your
and “fraud,” and you get a staggering, and periodic forensic audits of
project is, or your role in it, consider the
almost endless list of projects that have requisitions and supporting
following:
been the subject of fraud and corruption. documentation. With proper audit rights
Do not rely on construction experts to
on GCs/CMs and vendors, the review will
In Britain, for instance, the Office of Fair police fraud risks. General contractors
greatly reduce a whole host of
Trading this year uncovered the largest bid- (GCs), construction managers (CMs), manipulative and abusive practices. Do
rigging cartel in its history: nearly 100 subcontractors (also called vendors), not rely on project auditors to conduct
companies, some among the country’s project consultants, architects, designers, this review: their role is to reconcile costs,
largest, fixed thousands of contracts valued engineers, or even your own internal not forensically analyze them.
in excess of $6 billion. In China, the facilities people are not fraud prevention
Ministry of Railways is investigating the and detection specialists. The pervasive Conduct random on-site audits. Have a
widespread use of fake materials in the $12 fraud expert discreetly track site labor,
fraud in the industry shows that using
billion construction of hundreds of materials usage and storage, equipment
them in this way will not work.
kilometers of high-speed passenger railway. usage, and safety and security issues.
Gauge the fraud risks in the project’s This will substantially decrease the use
In Brazil, federal police in May arrested 47 procedures. A fraud vulnerability
people tied to a complex bid-rigging and of unskilled, non-union, or non-existent
assessment on contracts, procurement, labor; no-show or no-work jobs; inferior,
kickback scheme on public works projects and requisition, as well as on materials over-purchased, or substituted materials;
worth millions of dollars. Twelve legislators and equipment receipt, usage, and theft of site property; on-site gambling,
have been implicated. storage processes greatly enhances your drug dealing, and alcohol abuse; and the
Transparency International, the anti- team’s capabilities and will act as a presence of organized crime and union
corruption NGO, estimates that 10% of total significant fraud detection and corruption by insuring compliance with
worldwide expenditure on construction is prevention mechanism. collective bargaining agreements. It will
lost to fraud and corruption. In 2001, Britain’s Institute a vendor screening process. also help the forensic review.
National Audit office estimated that the This will greatly reduce the risk of Understand that the nature of your
same amount is lost this way in the United vendor-related fraud and give you critical contract does not protect you against cost
Kingdom. In the United States, every month information about a vendor’s business abuses. Fraud and corruption is an equal
a press release from the Department of history, reputation, safety record, and opportunity abuser. A fixed-price contract
may protect you against cost overruns,
REPORT CARD CONSTRUCTION but it will not protect you against abuses
within the initial scope costs or stop
Financial Loss: Average loss per company over past three years: U.S.$4.5m (67% of average)
organized criminal activities, union
Prevalence: Percentage of companies suffering corporate fraud loss over past three years: 77%
Increase in Exposure: Percentage of companies where exposure to fraud has increased: 87%
corruption, labor or material misuse
Areas of High Vulnerability: Corruption and bribery (25% of sector firms indicate that they are highly schemes, or false billings.
vulnerable to this threat) • Regulatory or compliance breach (22%) • Information theft, loss or attack (22%)
The above safeguards need not adversely
Areas of Frequent Loss: Theft of physical assets or stock (44% have experienced in past three years) • Corruption
and bribery (33%) • Financial mismanagement (30%) • Regulatory or compliance breach (25%) • Vendor, supplier impact project costs or scheduling. They
or procurement fraud (23%) • Internal financial fraud or theft (22%) • Management conflict of interest (22%) will act as both a significant deterrent to
% 0 10 20 30 40 50 60 70 80 90 100 fraud and a detection measure that could
Corruption and bribery save you at least 10% to 12% of your project’s
Theft of physical assets or stock
costs, safeguard your image and reputation,
and minimize your future liability, all while
Money laundering
costing a fraction of the amount saved.
Financial mismanagement
Regulatory or compliance breach
Internal financial fraud or theft Blake Coppotelli is a senior
Information theft, loss or attack managing director and head of real
estate integrity services based in
Vendor, supplier or procurement fraud
New York. A former prosecutor for
IP theft, piracy or counterfeiting 13 years, he served as chief of
Management conflict of interest the Labor Racketeering Unit and
Construction Industry Strike Force
Highly vulnerable Moderately vulnerable Minimally vulnerable Don’t know/Not applicable in the Manhattan District Attorney’s office.
EIU SURVEY
Transparency is the In many countries, this industry has a
L
arge scale projects, such as those in being achieved through the supply chain.
the construction industry, commonly If necessary, tenders can be brought into suffers from a much higher incidence of
involve multiple suppliers and the original contractor’s procurement corporate fraud than other industries.
subcontractors. The costs and complexity department to insure compliance. Particular problems include the theft of
associated with these contracts can make physical assets (44% of sector firms have
3. Extend internal anti-fraud procedures experienced this compared with 35% on
them a target for fraud. Even companies
to suppliers. average), corruption and bribery (33%
with excellent internal controls can still
Large scale capital projects are likely to compared with an average of 19%),
find themselves exposed when their
require significant interaction between
requirements for probity are not followed financial mismanagement (30% compared
companies and their suppliers. Supplier
further down their supply chains. with 20%) and regulatory and
staff members are no more or less likely to
Kickbacks, collusion between contracted compliance breaches (25% compared
encounter or commit fraud. Companies
suppliers, price rigging, and over- with 19%).
therefore benefit from extending any anti-
specification are just some of the means by Construction even has the second highest
fraud measures, such as whistle-blowing
which suppliers can expose companies to prevalence of money laundering after the
lines and employee checks, down the
such risks. Supplier fraud can increase financial services industry (albeit still a
supply chain to their suppliers and
costs, lengthen timescales, and jeopardize a low figure). It is a problem that affects
subcontractors.
project’s very viability. 7% of firms.
4. Adopt open-book accounting. Respondents indicate that this high level
Existing measures, such as supplier
With open book accounting for projects, of corporate fraud has, if anything,
accreditation and employee checks, are
suppliers provide details of all their costs on increased slightly over the past three
essential to protect against companies and
a project and work to an agreed set of mark
staff who might engage in malpractice. But years, with 32% seeing an increase and
ups and margins. This practice enables a
these alone are insufficient to protect a 29% a drop.
business against supplier fraud, particularly company to monitor its supply chain, and
Construction is experiencing a greater
in high-cost projects. To protect themselves prevent price rigging or invoice inflation.
exposure to fraud through high staff
properly, companies must be prepared to 5. Run a good procurement function. turnover (46%), entry into new markets
exert their influence further along the A good understanding of a market’s (44%), and increased collaboration (35%)
supply chain, so that the levels of probity dynamic is the best tool for protecting than is experienced by other industries.
and compliance required do not just stop at against price rigging and over-specification. Thirty percent face increased exposure
its front door. Procurement professionals with an after having weakened existing internal
expertise in particular markets can provide controls.
How can firms better protect companies with sound pricing knowledge,
Despite these very widespread problems,
themselves against supply chain market intelligence on supplier
the response to corporate fraud has been
fraud? performance, and negotiation skills.
muted so far. Small signs of change are,
1. Audit the processes suppliers have The likely costs and resources required to however, appearing.
used to select subcontractors. defend against procurement fraud The proportion of construction
This should include auditors and committed by suppliers are considerable companies using anti-fraud strategies,
procurement managers seeing details of but, in capital projects that cost millions, such as financial controls, physical security
whether the supplier tested the market these need to be weighed against the systems and management controls is
when selecting the subcontractor, and the potential impact of fraud. The costs of slightly higher than in other industries,
outcome of this process. project delays, project failures, but the sector lags behind in IT security.
investigations, and the legal fees required
2. Monitor any contracts to be sub- A higher proportion of construction firms
to seek redress will far outweigh those of
contracted by suppliers during a project. than the average are investing further in
working with suppliers to protect a
If contracts are to be subcontracted, the these strategies.
company’s interests during a project.
contracting organization should demand The construction sector has a long way to
visibility of the associated procedures, go, but seems to be making a tentative
specification, and documentation. Audit Ian Makgill is the founder and head of
consulting for Ticon UK. He has co-authored
start. It needs to increase its efforts.
managers need to be confident that
the chapter on e-procurement for the
contracts are being subcontracted with National Procurement Strategy. Written by The Economist Intelligence Unit
robust processes, and that best value is
Red flags:
Behavior that may reveal problems
K
nowing why and how fraud infiltrates The largest frauds are generally committed
a project is the first step in stopping by people who have performed the same Contractors should
it. This article lists some red flags. job for a very long time, who act not only be selected
Civil construction projects involve a wide- independently of the usual checks and
approvals and who hold vast knowledge of
on price but also on
ranging and complex division of work.
Each stage has different managers in charge the sector’s processes and loopholes. technical capability
from the previous one, with the project Companies are most at risk when hiring and track record.
manager left to provide coherence across service providers and purchasing materials
all the activities. Moreover, each project without taking the proper precautions.
gives rise to diverse documents, contracts As for material purchases, employee
and other legal papers. This all creates huge Sometimes businesses operate in distant, behavior can be very revealing. Be aware if
difficulties for builders and their clients remote places, far from cities and business any of these situations occur:
trying to assure the quality of the work, centers, where there is little choice of
service providers. In that situation, builders If employees always insist on choosing
avoid financial waste and protect against
should screen providers carefully. When a the same supplier without any plausible
dishonest companies.
great variety of service providers exist, it is explanation, even if the price or quality
Based on our experience, Kroll believes that could be better;
important to hold a bidding process with
the most common areas of fraud in this
clear estimates, and preferably at least
sector involve: The estimates provided are not presented
three participants. Always be suspicious
Receipt of kickbacks from suppliers; in a clear, detailed, and standardized way;
when it is impossible to get exact values for
Misappropriation of materials; the costs of goods, material or services, or The schedule in the contract is not being
Embezzlement of funds; when the bid does not explain exactly what complied with;
Over-billing in contracts, often to cover will be done and how. Items such as labor
Or, the supplier’s employees display more
up kickbacks or even theft; costs, land-moving costs, machinery
wealth than is consistent with their likely
transport, extra or complementary services,
Non-compliance with measurement, mat- wages.
and all items preceded by the words
erial quantity and quality specifications;
“various,” “other,” or “miscellaneous” should
Bribes to procure inside information raise red flags. When specific expertise is Felipe Soares is a senior analyst
during the bidding process; needed, such as in tunnel drilling or marine in São Paulo. He has been involved
Bribes to insure tender notices bear excavation, contractors should be selected in numerous competitive
specifications that only a particular intelligence and asset searches
not only on price, but also on their across Brazil.
company can meet; technical capability and a track record of
Bribes to secure environmental licenses. earlier success.
T
his heat map shows which sectors feel Professional services firms focus on compromises of IP), and those affecting
themselves to be vulnerable to information theft or loss, IP theft and reputation (corruption, or breaches of
particular fraud threats. The point it management conflict of interest. compliance and regulations) are taken
makes is simple: not every industry (or even Manufacturing respondents identified particularly seriously.
company within an industry) will face the corruption, information theft and conflict Some threats are seen as “industry
same issues: Fraud hits people in different of interest as high risks. problems”: only financial services regards
ways at different times, which is why we money laundering as a serious risk
Technology, media and telecoms firms
adapt our solutions to different situations.
saw information theft and IP theft as No sector regarded internal financial fraud
Healthcare, pharmaceuticals and significant issues. as a high risk, even though it is one of the
biotechnology is the most vulnerable most commonly reported issues.
Travel, leisure and transportation regards
of the sectors of those we have itself as having a relatively low We carried out a similar analysis of
examined. It sees itself as being at high vulnerability to fraud. industry approaches to countermeasures.
risk of corruption and bribery; regulatory Unsurprisingly, financial services emerged
Retail, wholesale and distribution regards
or compliance breaches; information as the industry that tended to top the list of
itself as at high risk from corruption, theft
theft or loss; IP theft; and vendor or countermeasures adopted: screening, IT
of assets and stock, and vendor fraud.
supplier fraud. security, reputation monitoring and adoption
The construction, engineering and These perceived vulnerabilities did not of risk officers. Natural resources, which
correlate very closely with the frauds that has suffered some high-profile issues, was
infrastructure sectors also face serious
companies had actually suffered. It seems almost as consistent in topping the list of
issues: corruption, theft of physical assets,
probable that this is because for a threat to adoption of risk countermeasures: whistle-
financial mismanagement, regulatory
be seen as serious, it is not enough for it to blower schemes, due diligence, media and
breach, and information theft or loss.
be common. It must strike at a high-value reputational monitoring, and risk officers.
Financial services is the only industry that asset, and that asset must be in some way Overall, the heat map and the analysis of
is perceived to face a high risk from money critical to the business. Vulnerability is a fraud issues supports what any
laundering. But it also faces high risks function of the likelihood of a threat, but experienced fraud practitioner would
from regulatory and compliance breaches, also of its severity. suggest: though there are broad trends,
information theft and conflict of interest. each company has its own vulnerabilities to
For example, most had suffered theft of
Consumer goods considers itself to have guard against, and its own assets to protect.
assets or stock, yet few regarded this as a
a very low vulnerability to fraud overall. Generalizing about the scale of fraud, or its
serious threat. There are two likely reasons
However, as our consultants discuss, incidence, is hard when one is comparing
for this. Firstly, only in some sectors are
certain areas – luxury goods, in particular phenomena as disparate as penetration of
physical assets so expensive (construction,
– are vulnerable to IP theft. an information system to steal customers’
for example) or theft so widespread (retail)
details, against the theft of a forklift truck.
The Natural Resources sector regards that it is considered a systematic, high-
itself as highly exposed to corruption and value threat. For the same reason, issues Written by Andrew Marshall.
vendor fraud. affecting information (information theft or
T
he flow of capital to emerging are dropping, and a correction looks
markets has boosted demand for almost certain unless companies can find The fraud was detected
Nigerian stocks, bonds and global new ways to prop up earnings. after the group changed
depositary receipts. New issues,
especially in bank shares, are heavily
The fraud discovered by Cadbury Schweppes its local auditors.
last year at its Nigerian subsidiary was a
oversubscribed as offshore funds boost
sharp reminder of the risks of overstated
the Lagos Stock Exchange to levels which judicial system is slow and inefficient.
earnings. The confectionery group said that
are causing concern locally, if not yet in Conflicts of interest are routinely flouted.
it had discovered “a significant and deliberate
foreign capitals. For example, senior market regulators can
overstatement” of Cadbury Nigeria’s results
own their own brokerage firms.
The buying spree by international private after increasing its stake in the business to
equity and hedge funds follows strong 50.02% in February 2006. Early this year, Nigeria’s most effective law enforcement
gains on the local stock market. Such Cadbury said that the problems in the agency in recent years, the Economic and
gains are more the result of government- country had reduced its 2006 group earnings Financial Crimes Commission, has a
led restructuring in the banking, by up to £53 million, and that Cadbury financial intelligence unit to monitor the
insurance, and pensions systems than Nigeria faces lawsuits from local shareholders. corporate sector. However, the unit has
earnings growth. Nigeria’s recapitalized focused most of its energy on an anti-
banks have offered a flood of new issues Cadbury has been one of Nigeria’s top corruption drive in the public sector.
just in time to match demand from manufacturers for decades. Its local affiliate
had a good reputation for corporate “If there is ever a major corporate scandal
global funds.
governance and the affiliate’s former chief in Nigeria, a local equivalent of a Barings or
A period of relatively stable government, executive, dismissed last year, had recently Enron, capital is likely to be very shy of
steady foreign exchange rates, and been named by PricewaterhouseCoopers as Nigeria,” says Soji Apampa, an academic
moderate GDP growth, underpinned by Nigeria’s “most respected CEO.” and consultant who heads the Convention
high oil prices, has restored investor on Business Integrity in Abuja.
confidence in the Nigerian economy. The problem at Cadbury Nigeria may be
the tip of the iceberg. The fraud was Investors would do well to remember that
Nigeria has secured its first-ever
detected after the group changed its local risks do not disappear because everyone
investment-grade credit rating and also
auditors. The previous firm, which had else is ignoring them, and that fraud and
negotiated the cancellation of most of its
failed to uncover the fraud, audits nearly market bubbles frequently go hand in hand.
foreign debt. This wave of optimism may
have obscured the dangers of which half the companies listed on the Lagos
investors in this difficult market have Stock Exchange. Paul Adams is a director based in
long been aware. London. He is a specialist in due
Local business analysts warn that, although
diligence and political risk
By July, the Lagos stock market had risen institutions, regulators, and a legal investigations in Sub-Saharan Africa.
50% this year, trading at an average price- framework are in place, low standards of He previously worked as a journalist
earnings ratio of 43, nearly three times enforcement and corporate governance for 15 years, including postings at the
place shareholders’ interests at risk. Financial Times, Reuters, BBC World
that of the Johannesburg Stock Exchange,
Service and The Economist in countries including
Africa’s only mature and low-risk market. Supervision by the central bank and Nigeria, South Africa and Singapore.
While share prices have risen, dividends ministerial departments is weak. The
The impact of
United States
regulation on
other countries
“What happens in Vegas stays in Vegas,”
runs the advertising tag line. The
implication is that misbehavior doesn’t
have to follow you around. As many
companies know to their cost, that is no
longer true. In particular, it is no longer
easy to regard emerging markets as
somehow “separate” or different in terms of
ethical, reputational or legal behavior.
The U.S.A. Patriot Act, the Sarbanes-Oxley There are some clear regional patterns in physical security, due diligences, IT security,
Act, and the Foreign Corrupt Practices Act terms of the prevalence of fraud as reported audit committees, reputational monitoring,
by respondents in the EIU survey. Fraud is, or whistleblower hotlines.
are just three United States laws that, in
broadly speaking, perceived as a greater The Middle East respondents showed the
seeking greater accountability, threat in emerging markets than in developed highest levels of concern about internal
transparency, and protection for investors, economies. Some fraud threats have greater financial fraud, and also suffered most
creditors, and also the public, have changed regional prevalence, though most are more from it.
the international context in which business highly correlated with sectors than with The pattern is the same in Asia: in Asia’s
operates. Actions previously justified as regions. emerging markets, concern over fraud is
necessary evils to compete in South In Latin America, the Middle East and higher. In India, 49% see fraud as having
American countries are now clearly defined Africa, roughly fifty percent of the sample increased; in China, 42%; in Japan, 33%.
saw the threat as having increased in the In both India and China, sixty percent see
by law as acts of corruption and contrary to last three years. In the developed themselves as vulnerable to bribery and
best practice in good corporate governance. economies of Western Europe and North corruption; in Japan, the figure is only 10%.
America, two thirds see the prevalence of Central and eastern Europe saw fraud as a
After 9/11, Congress passed the Patriot Act fraud as the same or lower. declining problem, overall, including Russia.
seeking to end the funding of terrorist
In Latin America, 72% saw themselves as However, there were some very specific
organizations. This had a huge impact on vulnerable to fraud and corruption, the concerns. Over 60% saw themselves as
domestic financial institutions and highest of any region; and Latin America highly or moderately vulnerable to bribery
companies and also on any businesses that also recorded the highest concerns about and corruption, and the region also showed
had an interest in maintaining relations money laundering and theft of assets. Yet the highest levels of concern about vendor/
with United States entities. Some Latin America also showed the least supplier fraud and management conflicts of
investment in background screening, interest.
companies in Colombia found that they
needed to improve their money laundering
prevention programs and refused to engage demand greater accountability from of corruption, tax evasion or the funding of
in relations with high-risk clients. As a companies both inside and outside their extra-legal groups.
result of the law, the U.S. Department of country. Payments of any kind to an official
These conditions are creating greater
Justice imposed penalties on United States to influence the contracting process; the
awareness and care among senior
companies for making payments to use of a third party or lobbyist to negotiate
executives in the United States when
guerrilla forces in Colombia. The inclusion extraordinary benefits; or any illegal acts
acquiring companies or entering into
of Colombian firms and citizens on the U.S. committed by local representatives or
strategic alliances outside of their country.
Treasury’s Office of Foreign Asset Control agents of a United States company, even for
More and more businesses are also starting
List means that these companies are now the benefit of a third party, may mean
to see the importance of undertaking
obliged to conduct due diligence trouble for the company, whatever the
regular reviews of branches or subsidiaries
investigations into the people with whom nationality, if they have operations in the
in order to identify risks and vulnerabilities.
they intend to do business. U.S. or securities listed there.
These precautions are now essential for
As the corporate world was adapting to This extraterritoriality has not just affected firms everywhere. A sin in one jurisdiction
these changes, Sarbanes-Oxley emerged, United States government actions. Interest may lead to a penance paid in another –
demanding greater accountability and groups, non-governmental organizations, perhaps many times over.
transparency in order to protect shareholders, and even other governments have started
investors, employees, and the public suing multinationals in the United States Andres Otero is head of the Bogota
against business fraud. Targeted in principle for damages incurred from fraud outside office, Colombia. Having run his own
at domestic companies, the law also applies the country. risk consulting firm, he now helps
to any firm in the world with a trading or conduct anti-money laundering,
This increasingly complex legal framework fraud and conflict resolution cases for
business interest in the United States. governments and private companies.
has not appeared in a vacuum. Societies
Meanwhile, the Foreign Corrupt Practices around the world are ever more demanding He previously held senior positions
in the Colombian government, European Union and
Act has re-emerged as a tool for United regarding the behavior of companies and Inter-American Development Bank.
States judicial and regulatory authorities to their representatives, and are less tolerant
A proactive strategy
for operational risk
W
hy has there been, in the last few So what can Boards do to improve account opening policies also form part of
years, extraordinary public and governance with the aim of combating an overall Fraud Control Plan.
media focus on corporate fraud and operational risk?
The next step in implementing a proactive
governance and operational risk,
The problem with fraud is that its risk strategy is to identify where the
specifically fraud? Recent corporate scandal organization may be exposed. The U.S.
occurrence and form are unpredictable.
is an obvious place to start – what Common risk management practice Securities and Exchange Commission has
happened at Enron, Worldcom, Tyco, and overlays controls throughout a function or not specified the exact framework to be
Parmalat was criminal, as the courts are process to minimize breaches. This works used here, although it has indicated that it
showing – but is there another reason for standard situations but fraud breaks all must be free from bias and permit
corporate governance is being pushed? rules. A fraudster seeks out and exploits reasonably consistent qualitative and
weaknesses in an organization. quantitative measurements of a company’s
There are now more Mom and Pop
internal control environment. The
shareholders than ever before and ordinary Boards can combat fraudsters with a fraud framework on internal control suggested by
investors are wiser and shrewder with their risk management strategy and Fraud the Committee of Sponsoring Organizations
money. They demand value and want a Control Plan. of the Treadway Commission is a good
return. Recent questionable decisions by place to start. While this exercise can be
Boards have left these shareholders seeking The tone for a robust fraud risk
management strategy starts at the top. The complicated and time consuming,
answers and, in some ways, retribution for afterwards, the businesses will be in a
media report large-scale fraud on a daily
their losses. Recognition by politicians that better position to identify, analyze, evaluate,
basis and yet most firms treat it as
these same investors are voters explains treat, monitor, and review fraud risk. The
something that happens to other people,
the growing interest in redressing exercise also helps in meeting the rules and
placing misguided trust in “all” staff
grievances of this kind. This political regulations of various jurisdictions and
members. Instead, a corporate culture that
pressure has led to increased severity in stock exchanges, as well as, for financial
heightens and maintains awareness of
how regulators enforce the rules. institutions, helping with Basel II
fraud must be established. This can be
achieved through training sessions, compliance processes.
The problem with fraud literature, and e-learning. The advantage of Finally, risk strategy must change with the
is that its occurrence and the latter is that it can provide valuable organization, being continuously reviewed
statistical information to organizations on to insure that the controls that have been
form are unpredictable. the levels of fraud awareness that staff instigated are still effective.
actually have.
The introduction of enhanced corporate Adopting a strategy along these lines places
Once the cultural tone is set, a company an organization in the best possible
governance regimes should give the
must build a framework for an overall position to avoid the damaging
average investor, with relatively few means
Fraud Control Plan. The plan should include consequence of fraud. It is also an
of influence, confidence in Board actions.
policies and procedures – including Codes indication to insurance companies,
Corporations are now being forced to do
of Conduct or Ethics – that must be regulators, and investors that the company
something about governance and
communicated to, and adhered to, by all takes the issues of fraud and corporate
operational risk: the United States has
members of the organization. Employment governance seriously, thereby reducing
established some very onerous rules with costs and increasing access to capital.
screening is another key element in the
the Sarbanes-Oxley Act; the Code on plan: approximately one in four resumés
Corporate Governance Practices is being has material errors or omissions. Whistle-
implemented across Asia; and the financial Ferrier Hodgson offers a large and independent
blower policies provide an excellent source forensics service. With more than 50 dedicated
sector’s governance is being further of information relating to misdeeds within specialists across Asia-Pacific, including a number of
enhanced with the Basel II Capital Accord. an organization, although companies need widely regarded experts, we have one of the region’s
These and other instruments are to distinguish good information from the most significant
introducing substantial changes in how forensic
vexatious or malicious. For financial capabilities.
directors and Boards must operate. institutions, anti-money laundering and
Resources
Such incidents also occur in the business
world. In February 2006, David Edmonson,
CEO of RadioShack, a NYSE-listed company,
resigned after the company discovered that
he had falsely claimed to have earned two
college degrees. In reality, Edmonson had
T
he human resources division of any The time and expense of conducting a or qualification for those positions. And
organization should serve as its first background search should be considered while these incidents did not necessarily
line of defense in decreasing the risk the cost of doing business that a company result in direct economic injuries, they did
of fraud. If organizations spend time and cannot afford not to incur. It will be time result in great embarrassment and raised
money up front screening prospective and money well spent in comparison to the questions regarding both organizations.
employees and also internal candidates for consequences of not researching all
position changes and promotions, they will prospective employees, or existing
greatly decrease the potential for economic, Nancy Goldstein is an associate
employees seeking to change positions managing director for Latin America
reputational, and other types of injuries.
within a company. Companies should also and the Caribbean. She specializes in
While many job applicants may “embellish” securities and accounting fraud and
verify the backgrounds of candidates for all
their experience, skills, or responsibilities market manipulation cases. She spent
levels of responsibility, as even CEOs and 17 years as an enforcement attorney
on their resume, others make blatant
misrepresentations, fabricate college other senior level executives have been for the U.S. Securities & Exchange
known to falsify their resumes. Commission, NYSE and NASD.
degrees and other information.
Protecting
your investments
S
top and think for a moment about how pseudonym for a real company which had “smoke signal” was in an anonymous fax to
many companies all around the world just acquired a smaller firm). the CEO, who decided to investigate the
are right this minute looking at a huge case immediately. The investigation
opportunity to grow, either through merger, One of XPTO’s executives suspected that revealed that the Commercial Director had
the inventory recorded under assets was a lifestyle far above what would be
acquisition, or joint venture. A good part of
significantly overstated. He accordingly reasonable based on his income from XPTO.
these opportunities may seem irresistible
conducted a reactive due diligence process Further investigation showed a fully
and, in the business world, speed is of the
that confirmed his suspicions. The operational competing business, registered
essence. It is precisely within this context
subsequent investigation revealed that the in the name of the executive’s spouse to
that proper due diligence is overlooked.
Vice-President of Finance of the acquired prevent suspicions. Even more disturbing,
In general, there are three types of due business, an employee with over five years the Commercial Director was a trusted
diligence: financial, legal and reputational. of service, had been stealing goods and employee who had been with the
The first checks the accuracy of the selling them to the competition, covering organization for about 10 years.
financial statements, as well as the financial up his wrongdoing by falsifying the
health of the target company, including an company’s inventory control records. An in- Kroll, in its more than three decades of
analysis of its assets and the origin and depth assessment of the company’s conducting investigations, has found that
destination of its funds. The second does internal controls revealed serious failures that often fraud is committed by people
the same for legal aspects. Reputational due that left it vulnerable on several fronts. The who have been with the company for years,
question that immediately arose, of course, never go on vacation, and are well trusted.
diligence explores the background and
was if this had been the first case of Companies considering a transaction
market image of the company with which
internal fraud. therefore must include background checks
one wants to do business. This includes its
in the due diligence process. The results
corporate culture and its reputation with
can be surprising and will serve as a
employees, investors, consumers, the press Often fraud is committed powerful fraud prevention tool, avoiding a
– all groups that are directly or indirectly
part of the market chain. by people who have lot of headaches.
been with the company As the CEO of XPTO later told us, “the next
Proper due diligence is obviously important.
for years, never go time we consider an important acquisition,
Many companies, however, only become we will check the barn before we close the
aware of how important after the fact, on vacation and are doors.”
especially when they conduct a reactive well trusted.
process to see if there are grounds for Vivian Bialski is head of marketing
suspicions. & communications for Latin America.
Time showed that it had not. Almost one
Based in Brazil she has provided
In addition to protecting companies year after the acquisition, it became marketing and communication
considering an investment, due diligence apparent that the Commercial Director of support in New York and across Latin
can be a very efficient fraud prevention the acquired company owned a competing America for eight years. Prior to this
business, in direct violation of XPTO’s she coordinated internal and external
tool. As experience is always the best communications projects at Vasp and Votorantim.
teacher, consider the example of XPTO (a policies and rules of conduct. The first
F
raud at companies such as Enron and criminal behavior in business, as executives
within their own firm and from outside
WorldCom led Congress in 2002 to were encouraged to engage in corrupt
firms in order to deceive the auditors. As in
pass the Sarbanes-Oxley Act, which activity to complete deals and audit firms
turned into consultancies driven by senior management clique cases, CEOs and
tightened reporting requirements for
companies and increased penalties for revenue generation.1 CFOs tend to be heavily involved.
financial crime. Despite stringent Overall, one leading cause for any financial
legislation aimed at combating financial Types of Financial Fraud statement fraud is a corrupt CEO. However,
fraud, however, it remains a public concern. inadequate internal controls and an ability
This research finds three basic types of
Why, then, does financial statement fraud to deceive outside auditors also contribute.
financial fraud: isolated, perpetrated by
occur? Although further legislation will not stop
senior management cliques, and boundary-
crossing. In all of these, CEOs may be financial statement fraud, the requirements
Motivating Factors of Sarbanes-Oxley have significantly
involved. According to the General
Robert Tillman and Michael Indergaard Accounting Office, between January 1, 1997 increased the attention paid by
recently described various factors which and June 30, 2002, they were named in management, Boards of Directors, and
produce this fraud, including: a desire by nearly 90% of the class action suits and auditors to corporate governance and to
firms to meet earnings estimates or to raise Securities and Exchange Commission internal controls and financial reporting.
funds from capital markets at low costs; actions filed as a result of restatements.2 This has helped improve the quality of
Boards having fewer outside directors, these controls and deter fraud, which
The characteristics of the categories are as
making them more likely to manipulate should, in turn, continue to boost investor
follows:
earnings; the presence of certain confidence.
Isolated: Isolated frauds involve only one or
performance-based executive
two senior managers executing simple 1
“Control Overrides in Financial Statement Fraud”, Report to
compensation which is more susceptible to the Institute for Fraud Prevention. (2007)
embezzlements or revenue manipulation,
fraud; and insider trading. The authors also 2
Financial Statement Restatements: Trends, Market
such as the U.S. Wireless case in which the
tied the flood of financial statement fraud Impacts, Regulatory Responses, and Remaining
former CEO and General Counsel diverted Challenges. (2002)
to larger changes in the economic
millions in stock and cash into personal
environment, business organizations, and
off-shore accounts. They tend to be Doug Farrow is a managing director
corporate culture. For example, after the
revealed quickly because the managers in Los Angeles. He has over 20 years
deregulation of the 1990s came the of experience dealing with accounting
operate with little or no assistance from
evolution of “network structures”: flexible irregularities and litigation related
their peers.
relationships between firms “in which to financial issues. He previously
business [became] increasingly organized Senior Management Clique: These involve worked at KPMG and serves as an
expert witness and arbitrator. He is a
around ‘deals’ and ‘deal flows’,” as well as a number of senior managers colluding to Certified Fraud Examiner (CFE) and CPA.
the further development of “reputational manipulate financial results, with CEOs and
intermediaries” – such as banks, law firms, CFOs often heavily implicated. According to David Hess is a managing director
or accounting firms – that assisted in the Tillman and Indergaard, the “collective in Washington. He has more than 20
financial engineering of deals. The result mustering of the information advantages years of experience providing forensic
accounting, auditing and consulting
was an environment ripe for the execution and institutional levers” exercised by these
services in both government
of financial fraud. According to Tillman and managers greatly extends how far these contracting and commercial arenas.
Indergaard, these changes normalized frauds can go.
Making
employee
hotlines
work
A
ll too often, preventable frauds occur management’s conspiratorial schemes to
because employees with suspicions protect themselves. Establishment of sensitively. When fraud is alleged, there is
lack any effective mechanism reporting mechanisms is fundamental in a two-way obligation. The first is to the
through which to share them. A confidential fighting fraud, but simply hoping that the company to preserve its position and
reporting channel for employees, suppliers, good, honest employees will call is wishful reputation. The second is to the person
and others is an excellent and very useful thinking. A successful reporting line against whom the allegation is made, who
tool to improve fraud detection. requires constant hard work. must be positively cleared or exposed. The
worst outcome is for a cloud of suspicion
Many international surveys of fraud, and Here are a few dos and don’ts: to hang over an honest person;
Kroll’s own experience, make clear that the Train specialist teams in both Audit and
most effective means of uncovering fraud is Do:
Security to handle the reports or even
the “tip off”. Each year, our investigators Make a reporting line part of a wider, outsource management of the whole
receive anonymous letters, emails and positive integrity program that will system to an independent third party;
messages indicating possible fraud. Perhaps review and update existing company
policies and demonstrate support from Insure that strict disciplinary action is
more interesting, however, is that these “tip taken against those found to abuse the
offs” are frequently not reported through the top. Individuals do not like to suspect
people or organizations with which they system.
existing channels, such as whistle-blower
lines. In fact, of the many frauds we have have a relationship, but it is critical that Do not:
detected, the investigation has rarely begun the employees see reporting suspicions Delay when suspicions are aroused. This
after a report on a company hotline. as not only their obligation but also in allows perpetrators to seize the initiative
their own interests. For example, if and prevents allegations from being
money is successfully recovered from a professionally investigated;
The most effective fraud, then give the users of the reporting
Discuss suspicions with anyone who
line some of it, or agree that for every
means of uncovering report received the company will donate does not need to know;
fraud is the tip-off. something to a local charity; Allow employees to investigate
Link the policy into the local culture of suspicions without reporting them. This
the employees; may, in the process, alert perpetrators
Why is this? Many employees do not
that they have been detected.
believe that such mechanisms will make a Involve trade union representatives with
difference. They are often scared of the scheme. Without their support Charles Carr Is a managing director and head of
personal repercussions or are bound by a workers will have another reason to feel Fraud for Europe, Middle East and Africa. He was
culture of omertà, which holds that the reluctant to use it; previously head of the Milan office and country
manager for Mexico and specializes in fraud
worst thing you can possibly do is to Make a substantial effort in advertising. presentation programs and training. He previously
implicate your fellow worker. Some even Use company intranets, posters, training spent time as an oil futures broker for Kidder Peabody.
believe that the lines form part of senior programs;
over contractors
The obvious solutions are not enough to
suggest that someone in this position
“contact one of the three credit reporting
agencies” disregards the majority of the
risk they face. The U.S. Federal Trade
Commission reports that less than 24% of
identity theft is revealed by credit-related
data. Moreover, data repositories are not
known for providing upset callers with
easy access to customer service experts
who can calm nerves or offer help with
what to do next.
Blanket recommendations to “file a fraud
alert or secure a credit freeze” leave that
same gap. Besides, neither a fraud alert
nor a credit freeze can stop check fraud, tax
fraud or sale of stolen identities for cash
or drugs.
While “credit monitoring” generates an
alert when suspicious activity occurs,
privacy breach victims are frequently left
to fix the problem themselves, with no
support.
Elements of Best Practice
Companies interested in retaining loyalty,
reputation, and share value differentiate
themselves by offering solutions such as
identity theft restoration. True restoration
solutions give individuals access to experts
who understand what has happened, know
what needs to be done and can take most
of the burden off the victim’s shoulders to
restore an identity to pre-theft status.
Following the trail of identity fraud beyond
credit-related data and into a potentially
complicated landscape is no job for
marketers or “advocates” without a risk or
security management background. A
credentialed team of licensed investigators,
working with the victim’s permission,
knows where to look and how to recognize
fraudulent activity, and is more likely to
employ security industry resources that
might otherwise be unavailable. Licensed
investigators work with the victim until
the stolen identity is restored to his or her
satisfaction, no matter how long it takes.
T
he United States Government is for $1.3 of the $3.1 billion. Accordingly,
Damage from identity fraud associated increasing action to address fraud whistleblowers received $190 million in 2006.
with a data breach can be expensive, for against itself in a variety of ways. Attorney General Alberto Gonzales claimed
both the breached company and the that “these recoveries send a clear message
people whose data was lost. Response The U.S. Department of Justice (DOJ) recovered
that the Justice Department will not tolerate
plans that demonstrate accountability and $3.1 billion in connection with fraud and
fraud against the government. Since 1986,
put the affected individual’s best interests false claims actions in 2006, a record for a
the Department of Justice has recovered
first are critical to restoring trust and single year. Of these, 72% occurred in health
reclaiming consumer confidence. $18 billion from those who commit fraud.”
care, 20% in defense, and 8% in other areas
such as disaster assistance and agricultural Barry M. Sabin, Deputy Assistant Attorney
Brian Lapidus is a senior vice president based in
Minnesota. He leads a team of investigators in ID theft subsidies. Suits brought by whistleblowers General for DOJ’s Criminal Division,
discovery, investigation and restoration including under the False Claims Act – which lets appearing before a Congressional
helping corporations to safeguard against and respond individuals file on behalf of the government committee, reiterated the department’s
to data breaches.
against those who have defrauded it and “commitment to a strong and vigorous
share in any funds recovered – accounted enforcement effort.” He added that DOJ has
Profiting from
made the investigation and prosecution of
procurement fraud a priority and that it is
working through a specialist government
agency to investigate such fraud relating to
the wars and rebuilding efforts in Iraq and
Afghanistan. Sabin also stated that, in order
stolen information
N
to leverage law enforcement resources and o one would think of leaving a
more effectively investigate and prosecute factory unlocked at night, yet few
It is possible for
procurement fraud, DOJ had formed the companies have as effective controls
National Procurement Fraud Task Force. on their information assets as they do on investigators to look
This action, in October 2006, was a
their physical assets. More and more, Kroll quickly for key digital
gets asked to help clients who have had
significant step in the government’s war on fingerprints left by
confidential information stolen –
fraud. The Task Force’s purpose is to information which in unauthorized hands thieves.
“promote the early detection, prevention, can cost them millions of dollars.
and prosecution of procurement fraud
In the last year, these cases have ranged should act quickly if it learns of such a theft,
associated with the increase in contracting
from pricing information in a multi-million or becomes suspicious that one is about to
activity for national security and other
dollar bid to proprietary software and client occur – perhaps by employees who intend to
government programs.” The body includes
lists. Each time the data was taken with the set up their own rival business. Server logs,
the FBI, multiple federal agencies’
intention of inflicting commercial damage laptops, cellphones, PDAs and other potential
inspectors general, defense investigative
on the rightful owners, and often to make sources of evidence should be secured.
agencies, federal prosecutors, and DOJ
money for the thieves. In one case, a company
divisions. It is emphasizing increased civil worth millions of dollars had left its key It is possible for investigators to look
and criminal enforcement in areas such as information database open to all employees quickly for key digital fingerprints left by
defective pricing, product substitution, – without even basic password protection. thieves. Computers contain information
misuse of classified and procurement- about web mail accounts, often used to
Advances in the storage capacity of small send information out of companies. Data
sensitive information, false claims, grant
USB memory sticks mean that large mining techniques can be used to analyze
fraud, fraud involving foreign military sales,
volumes of data can leave a company in an thousands of phone calls or emails for tell-
ethics and conflict of interest violations,
employee’s pocket. In one recent case, a tale clues. Surveillance of the key suspects
and public corruption associated with
disgruntled employee took confidential can reveal potential buyers or backers.
procurement fraud. Since its formation,
financial information home on his iPod. Typically, with some initial evidence,
more than 150 procurement related fraud
While good information-security interviews with staff and suspects will
cases – although not all stemming from its procedures can make information theft
work – have resulted in criminal charges, unravel details of the scam. Fellow workers
more difficult, the range of ways may have noticed something strange, the
criminal resolutions, or civil settlements. information can be relayed means that suspects may have bragged at work or at
Two amendments to the Federal such prevention can never be complete. home, or simply made a mistake in
Acquisition Regulation have also been The work of retrieving stolen information, covering their tracks. In other cases, with
proposed recently to assist in the fight however, and of recovering damages, is sufficient prima facie evidence of
against procurement fraud. One would made much easier if companies have at wrongdoing, courts can be persuaded to
require contractors to establish and least observed the following: allow the search of residential property or
maintain internal controls to detect and Insure that IT staff routinely record and seizure of financial records to yield clues.
prevent fraud in connection with their retain logs of activity on company data Sometimes the investigation may even reveal
contracts, and to notify contracting officers servers, despite the marginal loss of that things are not as bad as they seem.
promptly if they become aware of a performance that results; A credit card company engaged Kroll to
contract overpayment or fraud. The second Make clear in employee contracts, retrieve a missing hard drive which contained
would require contractors to have an company IT policies or employee important details of all its customer accounts.
effective compliance and ethics program. handbooks that the employer has the The appropriate regulatory authorities were
It is evident that the government will explicit right to monitor emails for the duly informed. The worst-case scenario was
continue to combat fraud through a purposes of preventing or catching that an organized crime group had stolen
concerted and coordinated effort. wrong-doing. Also, make it clear that the data to use in perpetrating identity
Accordingly, it is likely that the substantial corporate equipment – including frauds. Meticulous questioning of all those
monies spent in the war on terrorism in computers, cellphones, PDAs, and similar who had come into contact with the hard
devices – remains company property even drive, combined with computer forensic
recent years, along with other initiatives,
if it contains personal data; evidence showing access, eventually led us
will be targets of government fraud
Keep itemized number-called logs of to the thief. Why had he stolen the hard
investigations.
telephone calls made from office phones drive? He had run out of computer memory
James Check is a managing director based in and corporate cellphones; to record the TV series Lost and had taken
Washington. He specializes in government contractor it for that purpose. The valuable personal
Consider the use of CCTV on office exits
advisory services having previously spent 16 years at data? Deleted.
Arthur Andersen, five as partner. He is a CPA and and entrances, and the use of security
member of the AICPA. card-controlled doors in areas where
Benedict Hamilton is a senior director based
confidential information is stored. in London. He works on fraud and financial
Gary Adams is a director based in Washington. He The good news is that if stolen information mismanagement investigations and loss recovery.
has over 25 years of experience of federal compliance Previously he spent 12 years working as an
and budget preparation oversight. Previously he was is valuable, it will be used somewhere and investigative journalist for the BBC and Channel 4 and
vice president of FAR compliance services. He is a CPA. is likely to come to the attention of the was twice nominated for RTS journalist awards.
company from which it is taken. A business
Latin America
Consulting Services
Sam Anson
Miami
1 305 789 7100
sanson@kroll.com
Eduardo Gomide
São Paulo
55 113 897 0900
egomide@kroll.com
Disclaimer The information contained herein is based on sources and analysis we believe reliable and should be understood to be general management information only.
The information is not intended to be taken as advice with respect to any individual situation and cannot be relied upon as such. This document is owned by Kroll and
its contents, or any portion thereof, may not be copied or reproduced in any form without the permission of Kroll. Clients may distribute for their own internal purposes
only. Statements concerning financial, regulatory or legal matters should be understood to be general observations based solely on our experience as risk consultants and
may not be relied upon as financial, regulatory or legal advice, which we are not authorized to provide. All such matters should be reviewed with appropriately qualified
advisors in these areas. Kroll is a subsidiary of Marsh & McLennan Companies, Inc (NYSE:MMC), the global professional services firm.