Transcript Slide 1

purco higher education procurement
conference 2012
minimising fraud and corruption threat
steven powell
cape town
26 october 2012
objectives?
to provide an update regarding:
 dramatic changes to the global anti-corruption regime
including South Africa
 the impact of the recession on fraud and corruption
 fraud facts and theory including the profile of the fraudster
 current trends and fraud modus operandi that pose a
threat to business in SA
 an explanation of the threat posed by electronic fraud
 critical controls to proactively manage the electronic funds
transfer (EFT) fraud risk
 case studies
the UK Bribery Act
• the UKBA which came into effect on 1 July 2011 is the most
dramatic change to the global corruption environment since
the introduction of FCPA more than 20 years ago.
• companies that are listed in, do business with the UK or
participate in JV’s, acquire or are acquired or merge with UK
based entities will have to comply
• targets bribery and forces companies to self regulate by
having robust anti-bribery processes and procedures
• strong anti bribery measures constitutes a defense against
prosecution for isolated incidents
• Ministry of Justice has indicated six principles that companies
should implement to escape liability
The UKBA
• The UK Bribery Act 2010 is a lot more thorough and repeals all
previous UK statutory and common law provisions relating to
bribery, replacing them with the crimes of
– bribery,
– being bribed,
– the bribery of foreign public officials and importantly for SA
organisations with links to the UK…
– the introduction of a new strict liability corporate offence:
“the failure of a commercial organisation to prevent
bribery on its behalf”
– reasonable and proportionate corporate hospitality is permitted
– facilitation payments are criminalized
the UKBA
• The new Act is broad and applies to "ordinary residents in the
UK” and “relevant commercial organisations” i.e. UK
partnerships, UK incorporated companies as well as entities
that “carry on business or part of a business in the UK”
regardless of where they are incorporated or registered.
• It is important for applicable SA companies to understand that
under this new Act they may be charged with the offence of
failing to prevent bribery on their behalf through their business
dealings and links with the UK.
• provides strict liability for “associated persons” who pay bribes
on behalf of co – includes employees, agents, subsidiaries,
and even subcontractors
more specifically the UKBA contains
• two general offences covering the offering, promising or giving of an
advantage, and requesting, agreeing to receive or accepting of an
advantage, covering both active and passive bribery and applies to
individuals and corporate bodies in the UK and covers bribes using
agents or intermediaries paid anywhere in the world
• the distinct offence of bribery of a foreign public official;
• the new offence of: failure by a commercial organisation to
prevent a bribe being paid for or on its behalf
divorce
(note that it may be a defence if the organisation has “adequate
procedures” in place to prevent bribery based on a balance of
probabilities standard, with consideration to the company’s size,
type of industry it operates in, the risk of corruption in its markets
and also how actively the business fosters a culture of compliance).
the six principles - (what you have to do to have a defence)
• Proportionate procedures - A commercial organisation’s
procedures to prevent bribery by persons associated with it are
proportionate to the bribery risks it faces and to the nature, scale
and complexity of the commercial organisation’s activities
• Top level commitment – Management tone will be critical. The
top-level management of a commercial organisation (be it a board
of directors, the owners or any other equivalent body or person)
should be committed to preventing bribery by persons associated
with it
• Risk assessment - The commercial organisation assesses the
nature and extent of its exposure to potential external and internal
risks of bribery on its behalf by persons associated with it
the six principles contd
•
Due diligence - The commercial organisation applies due
diligence procedures, taking a proportionate and risk based
approach, in respect of persons who perform or will perform
services for or on behalf of the organisation, in order to mitigate
identified bribery risks.
• Communication (including training) - The commercial
organisation seeks to ensure that its bribery prevention policies
and procedures are embedded and understood throughout the
organisation through internal and external communication,
including training, that is proportionate to the risks it faces.
• Monitoring and review - The commercial organisation monitors
and reviews procedures designed to prevent bribery by persons
associated with it and makes improvements where necessary.
the 2 most radical global anti-corruption enactments
United States Foreign Corrupt
Practices Act 1977 (FCPA)
United Kingdom Bribery Act
2010 (effective July 2011)
• 2008 – 11 companies paid
$890 million
• set to follow US example pre – UKBA, SFO setting
huge fines – pre UKBA
• 2009 - 11 companies paid
$644 million
• 2010 - 23 companies paid
$1.8 billion (Siemens R1,4)
• 2011 – slow year - fifteen
companies settled FCPA
enforcement actions by paying
a total of $ 508.6 million
• currently restructuring under
new head – David Green QC
• it will take a few years for the
SFO to get enforcement into
gear
• first FCPA prosecutions only
took place in 1995
the Prevention & Combating of Corrupt Activities Act (Act
12 of 2004) is the major anti-corruption initiative in SA:
• defines categories of corrupt activities
• creates reporting obligation if you know or suspect acts of
corruption, fraud, theft, extortion, forgery & uttering
• prohibits cross border acts of corruption (extra territorial
jurisdiction for SA courts)
• provides a black list for companies convicted of corruption
The reporting obligation is set out in Section 34 – any person in a
position of authority who knows, ought reasonably to have known, or
suspects that an act of corruption, fraud, theft, extortion, forgery or
uttering has been committed, where value exceeds R100,000.00,
has to report to the SA Police Services
failure to report is a criminal offence – max 10 years jail sentence
new definition of corruption
 under the new act, any person who directly or indirectly
gives or accepts or agrees or offers to give or accept any
gratification from another person with the purpose of acting
personally or influencing another person to act in a manner
that amounts to an illegal, dishonest, or unauthorized action or
an abuse of authority, a breach of trust, or a violation of a legal
duty – is guilty of an act of corruption
“gratification”
 the term “gratification” has purposefully been very widely
defined. it incorporates money, donations, indemnities,
offers of employment, discharge of a debt, the granting of
favours, rights or privileges, aid, votes, consent or benefits
of any kind
the latest anti-corruption weapon in South Africa
-
Section 43 of the regulations to the companies act requires the
establishment of a social and ethics committee
applies to:
• every state owned company
• every listed public company
• any other company that has in two of the previous 5 years scored
more than 500 points in relation to reg 26(2)
score is determined by one point per average employee number,
- one point per every R1 million in third party liability, - one point for
every million in t/o and - one point for every person with
direct/indirect beneficial interest in issued securities, and then for
NPO’s – one point per member or per association that is a member
Section 43 of the 2011 regs to the Companies Act
The Social and ethics committee of the company shall monitor
the company’s progress and standing regarding:
• the implementation of the OECD recommendations on
preventing corruption:
– Not offer, promise or give undue pecuniary or other advantage
to public officials or the employees of business partners.
– Develop and adopt adequate internal controls, ethics and
compliance programmes or measures for preventing and
detecting bribery, developed on the basis of a risk assessment
addressing the individual circumstances of an enterprise, in
particular the bribery risks facing the enterprise (such as its
geographical and industrial sector of operation)
– Prohibit and discourage facilitation payments
recommendations contd
• Perform due diligence on agents and intermediaries
• Enhance the transparency of their activities in the fight against
bribery, bribe solicitation and extortion
• Promote employee awareness of and compliance with company
policies and internal controls, ethics and compliance
programmes or measures against bribery, bribe solicitation and
extortion
• not make political donations
(non compliant entities face a million Rand penalty)
The committee must also ensure companies adhere to UN Global
compact principles – Principle 10 is reducing corruption
The impact of the recession on fraud & corruption
financial distress = fraud risk
 staff are financially distressed
 spiralling debt and the inability to manage debts is a
massive factor inducing fraud and corruption
 implications of staff indebted to micro lenders
 monitor the situation - how many garnishee orders are
there on your payroll?
 how many of your staff in finance are under pressure?
 controls must be tighter than ever
understanding the fraud risk
– who is the fraudster in your organisation
the typical fraudster possesses the following attributes:
capable, reliable, persuasive, charming, presentable & popular
and is usually a trusted employee - mr fixit!
• more than 80% of all frauds involve employees, most of whom
have more than 5 years of service
• TRUST REPLACES THE CONTROLS
• generally the profile is:
– older than 30, higher percentage are male, stable family
situation, above average education, first offender
(look around)
the fraud recipe
Incentive /
pressure
!
FRAUD RISK
Opportunity
Attitude /
rationalisation
fraud pressures
 living beyond means
 insecurity regarding tenure of position
 trigger events
 divorce
 extra marital affairs
 medical emergency
 peer pressure
 addictions - gambling, alcohol or drugs
opportunity
• poor control environment
• remote location
• shared passwords
• limited segregation of duties
• limited independent review
• high trust
examples of “rationalizations”
 “it was just a loan I am going to pay it back”
 “it was a spotters fee”
 “it was just a commission”
 “the company does not pay enough money for us to
survive”
 “the company has retrenched a lot of staff”
 “i should have been promoted long ago”
white collar crime is escalating
• but the capacity on the part of the criminal justice process to
address the problem is diminishing….
– investigations done poorly
– dockets go missing
– cases end up in the hands of weak and inexperienced
prosecutors
• ENS solution
– perform entire investigation, try secure confessions, focus on
recovery, give the state a foolproof package – plea agreement
– perform proactive anti fraud procedures
current fraud trends
• EFT fraud, internal and
external poses a major
threat
• procurement fraud &
kickbacks to buyers
• syndicate activity has been
problematic for our clients
in retail
• ghost employees,
particularly in respect of
labour broker staff
– organized crime in DC’s
– cloned credit card activity
– gift voucher and refund abuse
•
conflicts of interest
• ghost suppliers
• increased incidents of theft
of intellectual property by
employees leaving and
joining competitors
EFT fraud definition
• EFT fraud is essentially the diversion of funds from
the organisation’s bank accounts to third parties, to
whom those funds are not due, usually involving
manipulation of the vendor payment system
electronic funds transfer fraud
• two methods
•
creation of alternative vendor profile which is then selected to
perform illicit transactions
•
substitution of employee account and deletion
whose problem is EFT fraud ?
• it is invariably an account holder problem,
• and usually not a bank problem
• it is usually facilitated by password abuse within the finance team
• spyware and collusion with bank officials must be excluded
case study 1 eft payment clerk
 shaken not stirred – 007 steals R740k from a large
retailer
 position - eft payment clerk – earnings R10k
weak controls
divorce
fraud
the black hole
• lost payment – software programmers showed our suspect
how to manually override the system to ensure that payments
reach the intended destination
• every time our suspect made a legitimate payment he knew
he could steal by changing a text file on his c drive “I could
not resist the temptation, the controls were so weak they
deserved it
• testing thresholds
case study 2 – chief accountant
•
R2 million in one year
•
modus operandi – amendment of vendor banking account
detail on vendor master file
•
substituted account not own account (DRC)
•
once illicit transaction concluded – amended vendor profile
deleted and vendor banking info restored to original
•
when routine audits are performed – all appears as it should
•
where did the money go?
– the local casino received R1,95 million out of the R2 million stolen
case study 3 - FD at packaging company
•
R4.2 mil misappropriated
•
R1,7 in one morning substitution and deletion
•
vehicles, houses, timeshare (house search), gambling,
overseas travel, holidays, private schooling, heart
operation,
•
property for family, vehicles for close friends
•
safety deposit boxes?
•
3 million rand recovery via full co-operation which
translated into mitigation for an effective 5 year jail term
case study 4 & 5
• R3.2 million EFT’s 63 transactions over one weekend syndicate involved
– accounts frozen, R2.1 recovered
– password abuse prevalent
•
R4,2 million in Western Cape over 8 years
– suspect placed personal stop orders (DSTV, Telkom cars and
insurance on organisation account)
– suspect paid for her house R1.3 million with EFT to lawyers
– suspect overpaid suppliers and diverted reimbursement to her
account
what should the company have picked up?
•
eft clerk
– the payments to a particular supplier whose profile was exploited
was far over budget
– routine audits testing payroll against the vendor master files would
have identified the illicit profile
•
chief accountant
– password control was abused
– cfo signed off batches of eft’s – if he just counted the transactions
he would have noticed that there were more payments in the
batch than the paperwork reflected
– supplier payments were duplicate- a proper recon of each supplier
against approved budget would have identified the overspend
key controls
– vet vendors properly (address, history, bank
account, expertise & infrastructure)
– enforce tight control over changes to suppliers bank
accounts – add management authorisation
– audit changes to supplier banking info over the past
year
– interrogate the changes
– verify with suppliers and banking institution
mitigating fraud risk: screen staff & suppliers

too many organizations employ individuals with criminal
records – you can ask about and check prior criminal history
when you appoint to positions of trust

too many of our suppliers don’t have the skills to do the work
they sell to us – verify expertise and infrastructure
declaration of interests coupled to regular screening is vital
to identify
 moonlighting
 related party transactions (hidden)
 ghost suppliers
the symptoms of fraudulent behavior
the red flags or warning signals in respect of the corrupt
employee are always present - make sure that you
detect the obvious
fraud red flags

excessive lifestyle

gambling alcohol or drug problems

staff who constantly claim underpaid

close relationships with suppliers

sole suppliers - not shopping around

poor credit rating

poor communication and reports

indulging in affairs

not taking leave

refusal of promotion

excessive & unexplained overtime

criminal record
the tools to combat fraud
 an effective fraud hotline
 data mining
 FRM - fraud risk management strategies
 code of ethics/conduct
 fraud awareness training
 fraud risk measurement (focused approach)
 fraud prevention and response plans
 gift policies
 proper enforcement of existing policies
 zero tolerance policy
conclusion

get your anti-corruption measures in place , people will try
bribe our staff

promote a strong ethics culture

minimize your risk with strong anti-fraud controls, don’t rely
on trust

close down the gaps in the control environment - this is an
ever moving target

do not rely only on controls - only as effective as the
people enforcing them

the red flags are there, don’t ignore the symptoms

do not work in a vacuum - use the tools and technology

and the experts - CALL ENS
©2006 S Powell
• Questions
tel +2721 410 2553
cell 082 820 1036
[email protected]
thank you