Fraud and Whistleblowing

by CA Rakesh Sud sud.rakesh@gmail.com

There has been a dramatic increase in fraud in recent times. Fraud and implicati ons of fraud have opened a whole new area of risk for owners, managers and direc tors. The solution to all these problems comes as an unlikely and some-times hat ed avataar: the whistleblower. Traditionally the person who squeals is at the lowest rung of society. The code of honour insists that one supports one's friends. Ratting on a partner is the b iggest crime. It has no absolution. Women gossip among each other but men consider themselves above all that. They w ould rather be known as the loyal friend who did not rat on another and held fas t to the law of omerta. Whistleblowers are the ultimate risk management tool. More and more boards are c oming to understand that the easiest way to manage risk is collecting, analysing and using whistleblower information. This information can be used to manage ris k very effectively. it is also very economic. It plays on the human emotion of w anting to rat without disclosing one's name There have been more than enough studies which conclude that the evils of inside r trading, sex discrimination, false claims, data theft, theft, embezzlement, co rruption, and the like will continue to increase with time. There seems no end t o man's avarice and capacity to do the wrong or unethical thing. Reports of fraud for an outsourced whistleblowers service accounted for 21% of t he calls it received from its clients employees compared with 11% three years ag o. The RATIO IS GOING UP. Clearly whistleblowers know where the skeletons are.Being insiders they understa nd the environment and can sniff out the frauds like well trained dogs.These tip sters fingered as per one report pointed out 45% of the white-collar crimes comm itted at more than 5,000 companies worldwide in 2007. In contrast, internal audi ts unearthed only 20%. Clearly more frauds are detected by tips from whistleblow ers than by audits and other controls put together. There are several ways in which Whistleblowers can help manage risk. There is ne ed to have an effective hotline system.By definition outsourced hotline systems are more effective than the hotlines handled in-house. In fact hotlines managed in-house are a disaster in the making. They are probabl y worse than having no hotline.The whole purpose ofwhistleblowing requires a chi nese wall between the collection of information and the management. It requires experts to collect the information querying as it unfolds, so that the false all egations can be filtered out. It requires an encouragement to talk without inhib itions.The whistleblower must be confident that his identity is seccret and will not be tracked and traced. He must be confident that the person about who he is complaining is not the person receiving the information from him. In order that whistleblowing opeartes optimally the program must include traini ng sessions that educate employees . The training sessions must put employees on high alert for various kinds of wrongdoing, taking place in the Company. This will ensure that the employees will be aware of all the different types of wrong doings which are taking place in the environment in which they are operating. Th e tips will then be forthcoming. Management can then track whistleblower tips an d analyse them. This will help them analyse the data from all angles so to ident ify the major sources of risk. This will help the management take corrective act

ion. They willbe able to focus on particular sections, divisions or regions .Man agements will react to the whistleblowing and subsequent analysis by sending som eone representing management to investigaye the issue, come out with the truth a nd finally deal with the problem.Almost every investigation will highlight certa in corporate practices that are not consistent with management s requirement of st rong and reliable risk control. The identification of these practices enables ma nagement to get a handle on longstanding problems and fix them. This lessens ris k. Whistleblowers are not new. They have been there from time immemorial. The first whistleblowing was a reporting by 10 revolutionary sailors and marines In 1777. They reported that their commander of the Continental Navy, Commodore Hopkins, had encouraged and himself participated in the inhuman and barbarous tr eatment of captured British sailors. This occurred during the winter of 1777. Du ring this time the warship Warren was anchored near Providence, R.I. The men acc using Commodore Hopkins included 10 sailors and marines that were fighting in th e revolutionary war. They met on the Warren in order to discuss their issues abo ut the commander. They knew full well the risks they faced. Hopkins was from a v ery powerful New England family. The wrote a petition which was presented to the Continental Congress by a Marine Captain named John Grannis. This resulted in the Continental Congress voting in 1777 to suspend Hopkins from his post. Hopkins was furious with the suspension. He retaliated with the filing inal libel suit in Rhode Island against the whistleblowers.Hopkins had influence. He manipulated the situation such that two of his accusers, in Rhode Island at the time, were jailed. In July 1778 the men pleaded had been arrested for doing what they then believed and still believe ng but their duty. of a crim a lot of who were that they was nothi

The result of their pleading was that Congress enacted the whistleblower-protect ion law. Congress went another step further by authorizing payment for the legal fees of the two men. They did this to ensure that the whistle-blowers could hav e the funds for legal counsel to fight the libel charges.

in fact, they were given institutional status in a Civil War-era law that offere d rewards to those who turned in a particular type of crooked contractor (for mo re, see the box on page 28) but they took center stage with the 2002 passage of Sa rbanes-Oxley. The act requires all companies to establish an early-warning syste m that will bring suspect financial behavior to the attention of the audit commi ttee. It doesn t dictate that companies set up a whistleblower apparatus, but who better to sound an early warning than employees? The law also stipulates that whistleblowers must be protected from management wr ath or revenge, though companies have sometimes fallen short on this, as the box below makes clear. That needs to change. A big challenge for directors looking to manage the increased risk brought on by a high incidence of fraud is pushing management to set up a system that makes sure whistleblowers are listened to and not punished. This will encourage tipsters to make their noise through internal channels rather than approaching prosecutors or other outsiders. It s also crucia l for CEOs and directors to set the right tone at the top by promoting the compa ny s code of conduct and providing regular training in it. The code should be a hi gh-profile guide to behavior throughout the enterprise.

In other words, directors must make sure that their companies treat whistleblowe rs as watchdogs to be encouraged rather than muzzled, and value them as a line o f defense against misconduct. The goal is to have a group of people inside compan ies who are effectively self-policing, says Neil Keenan, a principal at Pricewate rhouseCoopers. Advanced Micro Devices, a semiconductor manufacturer, is one of a group of compa nies with whistleblower systems that seem to meet this goal. Based in Sunnyvale, California, AMD has outsourced a 24/7 telephone hotline that its 10,500 employe es can use to lodge anonymous tips about alleged wrongdoing with operators who s peak what assistant general counsel Ron Johnstone calls virtually any language an ad vantage for a company with operations in more than 20 countries. The people answ ering the phone take a good summary, and within 15 to 20 minutes it goes to me an d members of the company s senior management, says Johnstone, who sits on AMD s corpo rate compliance committee, along with top-level executives from the company s fina nce, sales, human-resources, and internal-audit departments. Another committee m ember is corporate vice president and secretary Katy Wells, who also serves as d eputy to the CEO. The committee reviews all allegations, monitors follow-ups, including investigat ions, and makes recommendations on what to do next. Members of the board s audit c ommittee see a summary of all this at their regular quarterly meeting, no matter how trivial the hotline complaints may have been, Johnstone says. All the hotline calls are investigated. About a third are found to be dead ends. Another third involve questions or concerns about workday processes, and are referred to the a ppropriate folks for resolution. The remainder involve policy violations and res ult in some form of corrective action or counseling, says Johnstone. Potentially serious issues for example, alleged financial corruption or an apparen t violation of the Foreign Corrupt Practices Act would trigger immediate notice to both the audit and the finance committees. So far such allegations are essential ly nonexistent at AMD, Johnstone says. The company s internal prevention and detecti on controls over those activities are very robust and have served us well. Yet even strong hotline systems may be no guarantee against problems. Motorola I nc. has put out a welcome mat for whistleblowers, inviting its more than 60,000 employees, plus vendors, customers, and others, to voice complaints by way of it s internally run telephone hotline or via e-mail, fax, or regular mail. But the Schaumburg, Illinois, mobile-phone maker faces a lawsuit brought by Paul Liska, a former CFO, who says he was fired in February for challenging the accuracy of financial forecasts made by the company s ailing mobile-devices division. Liska wa s let go after raising the issue before Motorola s board. The company says he was fired for cause and declines to discuss the litigation. Motorola is embroiled in the case despite a whistleblower program that emphasize s transparency. Not only does its ethics and compliance office turn the results of hotline investigations over to the board s audit and legal committee on a month ly and quarterly basis at minimum, but the company also posts a statistical summ ary of the highlights on its website. Thus visitors can see that last year emplo yees, suppliers, customers, and others reported 977 cases of possible wrongdoing . Motorola investigated 184 of them and found that 119 had merit. As a result, t he company bade farewell to 52 employees and 22 vendors and contractors. Motorol a says privacy concerns prevent it from providing an example of a major offense that its whistleblower system has brought to light. Directors should know which executive oversees the whistleblowing operation it s oft en the compliance officer and whether telephone and online hotlines are run in-hou se or outsourced to outfits like the Network. Both arrangements have their fans. Some experts recommend outsourcing as a way to reduce the risk that managers mi ght block inquiries. Companies like Motorola prefer to keep hotline systems unde

r their own supervision on the grounds that their staffs know the terrain better than any third party could. Either way, hotlines should be sufficiently independ ent to avoid reports of wrongdoing by senior management being suppressed, says To by Bishop, director of the Deloitte Forensic Center at Deloitte Financial Adviso ry Services LLP and co-author of the recently published Corporate Resiliency: Ma naging the Growing Risk of Fraud and Corruption (John Wiley & Sons). Such independence calls for a direct link between the head of the hotline operat ion and the company s directors. There s got to be an unfiltered relationship between the chief compliance officer and the board, says Keith T. Darcy, executive direc tor of the Ethics & Compliance Officer Association in Waltham, Massachusetts. As required by Sarbanes-Oxley, members of the audit committee need to be kept abre ast of specific financial complaints and informed of their disposition, and must be notified immediately if anything serious is unearthed. Committee members also need to watch out for any change in the volume or pattern of complaints. A variety of computer programs known as case-management systems help track these things. One system might sort whistleblowers tips by category or geography, for instance, while another might compare what they re saying with ind ustry norms, says Nick Ciancio, a senior vice president at Global Compliance, wh ich is headquartered in Charlotte, North Carolina. The company provides this kin d of software to Advanced Micro Systems, among other clients. Coldwater Creek, an Idaho retailer of women s apparel and gift items, tracks trend s in whistleblower tips with the help of programs developed by EthicsPoint, the company that handles its hotlines. Not every pattern makes obvious sense, of cou rse. Sometimes there s an uptick in cases being reported, but there s no increase in the ones that are substantiated, says Fred Halpin, Coldwater s divisional vice pres ident of internal audit, who reports directly to the audit committee. We ll want to know why people are having this perception and how we can improve communication . Internal audit is the only function that doesn t report to management. And it s th e nature of our job to always be looking for things that are potentially illegal or contrary to our code of conduct. Retailing, as it happens, had the second-highest rate of whistleblowing activity last year, with 13.03 hotline calls per thousand employees, according to the Ne twork. That trailed only the transportation, communication, and utilities category , which generated 13.9 calls per thousand. Manufacturing had the lowest rate, wi th 4.5 calls per thousand employees. The ailing finance, insurance, and real esta te sector recorded 7.9 calls per thousand. If the surveys are right, look for tha t last rate to increase. The Network cautions that raw numbers alone tell only p art of the story. For example, a relatively low number of calls could be the sig n of a strong compliance program or a red flag signaling that employees don t know about the hotline or are reluctant to use it. So companies should look behind t he numbers before jumping to conclusions. There s no doubt that fraud takes a slice out of a company s profits, an unwelcome r isk whatever the state of the economy. The Association of Certified Fraud Examin ers estimates that this category of crime costs U.S. companies about 7% of their annual revenue, which last year worked out to some $994 billion. Not surprising ly, the chances of spotting fraudulent behavior increase with the number of cont rols a company has in place. A 2007 PricewaterhouseCoopers report showed that gl obal outfits with more than five fraud-detection safeguards hotlines, vendor-monit oring systems, internal audits, and the like uncovered an average $3.4 million in losses, while those with five or fewer controls found losses of only $900,000. Direct financial losses are only part of the damage fraud can inflict, and not n ecessarily the worst part. Just as costly is what PricewaterhouseCoopers calls t he collateral damage that companies suffer from fraud, including legal fees, man agement time and effort, and stains on the corporate image. Boards ought to real

ize that reputational risk is as great as operation risk, says Keith Darcy of the Ethics & Compliance Officer Association. People feel a great deal of distrust the se days, and we ve got to focus on rebuilding the sacred trust between all stakeho lders. The damage can be most destructive when allegations of misconduct slip the confi nes of the company. A major reason that these whistleblowing systems are set up, aside from the legal requirements, is to give people inside the company the chan ce to raise the issue, Darcy says. Handling the issue after that is a management responsibility and guess who s responsible for making sure management does its job.