white collar crime and fraud risk survey presentation

1

White Collar Crime and Fraud Risk Survey

Taking the Best Route to Managing Fraud and Corruption Risk

2

A Reminder…

You can download a copy of the presentation via the Resources Area on your

screen.

Following the webinar, all attendees will receive a link to a copy of the presentation and

recording.

There will be a Q&A session at the end of the webinar. Please submit your questions by

clicking on the Questions Area on your screen.

If you are having trouble hearing the audio through your computer, a separate phone line is

available for your use.

• US/Canada Line (866) 586-4566

• International Line (734) 385-2579

• Conference ID 15854002

3

CPE Credits and Supplemental Information

• We are offering 1.5 CPE credits for this webinar

– To be eligible to receive this credit, please ensure you answer at least four (4) out of the five (5) polling

questions

• We are offering 1.5 CLE general credits for this webinar (CA, CO, NJ and NY will be

provided (CLE for OH and IL is pending))

– To be eligible for this credit, please answer all five polling questions and e-mail the following information to

[email protected]:

Name

State bar number

State requesting CLE credit in

• In the Resources Area, you can:

− Save/Print a copy of today’s presentation

– Download Taking the Best Route to Managing Fraud and Corruption Risk

mailto:[email protected]

4

Today’s Presenters

Donald Rebovich, Ph.D., Professor of Criminal Justice is Chair of Utica

College’s Economic Crime & Justice Studies. Dr. Rebovich is also the

Executive Director of the Center for Identity Management & Information

Protection (CIMIP) of Utica College. Prior to coming to Utica College, Dr.

Rebovich served as Research Director for the National White Collar Crime

Center (NW3C) in Morgantown, West Virginia and the American Prosecutors

Research Institute of the National District Attorneys Association (NDAA) in

Alexandria, Virginia. At NW3C he was responsible for directing the national

analysis of Internet crime report data generated by the FBI's Internet Fraud

Complaint Center, and directing the National Public Survey on White Collar

Crime Program. He is the author of Dangerous Ground: The World of

Hazardous Waste Crime (2015), which presented the results of the first

empirical study of environmental crime and its control in the United States.

Email: [email protected]

Dr. Donald RebovichChair, Utica College

5


A seasoned litigator, George Stamboulidis has tried dozens of complex

federal jury trials as prosecutor and as defense attorney. Recognized for his

experience in the areas of white collar and business defense, George is

regularly engaged by corporations, directors, and officers to advise and

defend in complex federal grand jury and regulatory investigations. George is

trusted for his integrity and sound judgment in corporate monitorship

positions and has been appointed a federal monitor a notable six times by

the U.S. Department of Justice (DOJ).

George is co-leader of BakerHostetler's national White Collar Defense and

Corporate Investigations Practice, which is ranked in Chambers USA:

America's Leading Lawyers for Business. He is a nationally recognized

lecturer on corporate criminal liability and the use of proactive defense

tactics, and regularly presents to members of the financial services,

insurance, pharmaceutical, and energy industries, among others.


George A. StamboulidisPartner, BakerHostetler

6


Scott Moritz is the leader of Protiviti’s Fraud, Anti-Corruption and

Investigations practice. He has more than 28 years of investigative and

regulatory compliance experience working with a variety of organizations,

government and regulatory agencies to identify, triage, investigate and

remediate a wide variety of risks. With extensive experience investigating

transnational crime, corruption and money laundering, Scott is widely

regarded as a leading authority on the evaluation, design, remediation,

implementation and administration of corporate compliance programs, codes

of conduct, training and internal audit programs.


Scott MoritzProtiviti Managing Director, New York City

7


Pamela Verick is a Director in Protiviti’s Investigations & Fraud Risk

Management solution. Pam has over 22 years of risk management

experience, including creation of fraud governance systems and fraud risk

management programs, planning and execution of fraud risk assessments,

and conducting investigations to address fraud, misconduct and potential

violations of the Foreign Corrupt Practices Act, as well as, equivalent anti-

bribery laws and regulations. She also assists with compliance and ethics

programs for both the public and private sector.


Pamela VerickProtiviti Director, Washington D.C.

8


Peter Grupe is a Director in Protiviti’s Investigations & Fraud Risk

Management practice. He has over 30 years of experience in consulting, law

enforcement and corporate finance. He most recently served as the

president of an international corporate security consulting firm specializing in

fraud detection and prevention, risk mitigation, due diligence, executive

protection and crisis management. Peter has also held various executive

management roles with the Federal Bureau of Investigation (FBI). He retired

after 24 years of service as the assistant special agent in charge of the

largest white collar crime branch of the FBI (New York office). Peter has also

lectured and provided training around the world on corporate security

matters, fraud detection and prevention.


Peter GrupeProtiviti Director, New York City

9

A. Yes

B. No

Does your organization have a formal and documented fraud control policy?

Reminder: Answer 4 out of 5 questions to qualify for CPE credit.

Poll Question #1

10

• This global survey, conducted online,

consisted of a series of questions

grouped into six categories:

‒ Fraud Risk Governance

‒ Fraud Risk Assessment

‒ Fraud Prevention Techniques

‒ Fraud Detection Techniques

‒ Corruption

‒ Reporting, Investigation and

Corrective Action

• The survey explored organizational

readiness to deter, detect, investigate

and report fraud and corruption.

• Nearly 300 executives and professionals

completed our online questionnaire.

The Inaugural Benchmarking Report

Download the publication at: www.protiviti.com/fraudsurvey

11

Today We Will Explore…

How few companies are availing themselves of the tools and best

practices for mitigating fraud risk

How third-party fraud and corruption risk is barely on the radar of most

organizations today

How organizations without strong fraud detection and reporting programs

face a higher risk of damaging “whistleblower” disclosures

How the Yates Memorandum and DOJ’s increased scrutiny of corporate

compliance programs will impact organizations

12

Fraud Risk Governance

13

Which of the following best describes your organization’s fraud risk strategy?

Fraud Risk Strategy

Few respondents consider their fraud risk strategy to be well-defined.

14

Which of the following challenges does your organization face in managing its

fraud risk proactively?

Challenges to Managing Fraud Risk

With regard to the

challenges organizations

face in managing fraud risk

proactively, 47 percent of

respondents cited the lack

of internal resources.

15

Who in the ranks of senior management is designated with ownership and

responsibility for fraud risk management in your organization?

Ownership of Fraud Risk Management

CFOs are often the lead

person from the ranks of

senior management

designated with ownership

and responsibility for fraud

risk management in the

organization.

16

Does your organization have a formal and documented fraud control policy?

Fraud Control Policy

A majority of large companies indicated their organization DO have a formal and

documented fraud control policy in place.

17

A. Very well defined

B. Defined

C. Less defined

D. Reactive only

E. Undefined

Which of the following best describes your organization’s fraud risk strategy?


Poll Question #2

18

Fraud Risk Assessment

19

How often does your organization conduct a formal fraud risk assessment?

Frequency of Fraud Risk Assessment

An effective fraud risk assessment process should be conducted in alignment

with the organization’s objectives and should thoroughly consider potential

vulnerabilities arising from fraud and misconduct.

20

Who within your organization is primarily responsible for conducting your fraud

risk assessment?

Responsibility for Fraud Risk Assessment

Internal audit is

often the group

primarily

responsible for

conducting an

organization’s fraud

risk assessment.

21

Does your fraud risk assessment team include members from different

departments?

Staffing the Fraud Risk Assessment

More organizations should consider creating fraud risk assessment teams that

include members from different departments to enhance the process.

22

How is your organization’s fraud risk assessment process structured?

Structuring the Fraud Risk Assessment

Some companies consider a fraud risk assessment to be part of their

SOX compliance process. This narrow focus fails to address

the systemic nature of fraud risk.

23

Does your organization have a fraud risk management (mitigation) program?

Fraud Risk Management Program

Large companies emerged as the leaders of organizations that have a fraud risk

management (mitigation) program in place.

24

A. Quarterly

B. Annually

C. As needed

D. Never

E. Don’t know

How often does your organization conduct a formal fraud risk assessment?


Poll Question #3

25

Corruption

26

On a scale of 1 to 5, rate your level of confidence that the organization has

effective oversight of the external third parties retained in the United States

and/or outside the United States.

Effective Oversight of External Third Parties

Companies have a long way to go when it comes to assessing

and monitoring third-party corruption risk, with few respondents

giving their organizations a high confidence rating.

27

Does your organization conduct due diligence on business intermediaries (e.g.,

agent, distributor, consultant, subcontractor) prior to onboarding?

Due Diligence on Business Intermediaries

More than a third of respondents (35 percent) indicated that they were

not aware of any due diligence being performed by their companies

on intermediaries prior to onboarding.

28

Does your organization have the ability to distinguish between foreign

government agencies, state-owned companies, public international

organizations and private enterprises among its customer base?

Customer Base Differentiation

35 percent of respondents were not aware of efforts to identify

foreign government agencies, state-owned companies or

international organizations as customers.

29

Does your organization perform any of the following? (Multiple responses

permitted.)

Activities to Monitor Corruption

Base: Organizations that categorize third parties according to risk

Without the ability to readily distinguish between the different categories of

customers, companies risk operating “in the blind” as to which of their customers’

employees meet the definition of a “foreign official.”

30

If your organization performs investigative due diligence, who performs the work

associated with this process? (Multiple responses permitted.)

Investigative Due Diligence Responsibility

For those that

perform

investigative due

diligence, most

organizations

perform the work

in-house.

31

Do your hiring practices include an examination as to whether candidates are

family members or associates of government officials?

Hiring Practices

Half of large companies indicated that their organizations attempt to

determine whether job candidates are family members or associates of

government officials who are in a position to influence contract awards.

32

A. Yes

B. No

C. Don’t know

Does your organization conduct due diligence on business intermediaries (e.g.,

agent, distributor, consultant, subcontractor) prior to onboarding?


Poll Question #4

33

A. Yes

B. No

C. Don’t know

Does your organization have the ability to distinguish between foreign

government agencies, state-owned companies, public international

organizations and private enterprises among its customer base?


Poll Question #5

34

Reporting, Investigation and

Corrective Action

35

Based on your personal knowledge, how many allegations of fraud or

misconduct have been received and investigated by your company in the past

three years?

Investigating Fraud or Misconduct

A substantial

percentage of

respondents said

there have been

NO allegations of

fraud or

misconduct

investigated over

the past three

years.

36

For known fraud events or incidents of misconduct within your company, what

was the primary root cause or control breakdown that allowed the incident to

occur?

Fraud – Primary Root Cause

Base: Organizations in which there have been allegations of fraud or misconduct that have been

investigated in the past three years.

Overall, insufficient

management review and

inadequate controls have

accounted for more than

half of all fraud and

misconduct investigated

over the last three years.

37

What level of involvement does your organization’s audit committee have in the

investigation of alleged fraud or misconduct?

Audit Committee – Level of Involvement

Organizations

should inform the

audit committee

of investigations

of alleged fraud or

misconduct on a

more timely basis.

38

Common Corrective Actions

Disciplinary action and termination were the most common corrective actions

taken by companies at the conclusion of an investigation.

39

FCPA is “fertile ground” for whistleblowers.

• Section 922 of Dodd-Frank Act provides monetary awards for providing the

SEC with “original information” that leads to a successful enforcement

action and recovery of more than $1 million in sanctions.

• Original information is defined as information that:

(A) is derived from the independent knowledge or analysis of a

whistleblower;

(B) is not known to the Commission from any other source, unless the

whistleblower is the original source of the information; and

(C) is not exclusively derived from an allegation made in a judicial or

administrative hearing, in a governmental report, hearing, audit, or

investigation, or from the news media, unless the whistleblower is a

source of the information.

Overview of the SEC’s Whistleblower Rules

40

Whistleblowers could receive sizeable rewards for providing information about

violations of the FCPA.

Overview of the SEC’s Whistleblower Rules

Factors the SEC will consider that may increase an award are:

1. the significance of the information provided;

2. the assistance provided by the whistleblower;

3. law enforcement interest in making a whistleblower award;

and

4. participation by the whistleblower in internal compliance

systems.

Factors the SEC will consider that may decrease an award are:

1. culpability of the whistleblower;

2. unreasonable reporting delay by the whistleblower; and

3. interference with internal compliance and reporting systems by

the whistleblower.

Eligible whistleblowers can receive awards of between 10% and 30% of the sanctions

collected by the SEC or other prosecuting authority.

41

Six key principles:

The Yates Memo: A New DOJ Investigative Focus

1. To be eligible for any cooperation credit, corporations must provide to the

Department all relevant facts about the individuals involved in corporate misconduct.

2. Criminal and civil corporate investigations should focus on individuals from

inception.

3. Routine communication between criminal and civil attorneys handling corporate

investigations.

4. No corporate resolution will provide protection for individuals absent

extraordinary circumstances.

5. No corporate case will be resolved without a clear plan to resolve related

individual cases before the statute of limitations expires, and declinations as to

individuals must be memorialized.

6. Civil attorneys are directed to focus on individuals accused of corporate

wrongdoing without regard to the individual's ability to pay.

42

Some of the practical difficulties potentially created by the Yates Memo:

• The benchmark for cooperation is much

higher.

• Cooperation may be required to continue

after case settles.

• Greater willingness by the DOJ to

scrutinize the scope, independence and

thoroughness of a corporate investigation.

• Greater threat of civil enforcement against

individuals.


43

Prevention remains the best defense.

• At regular intervals, review and update the company's compliance policies

and program.

• Provide adequate training on the revised programs.

• Insure that all new employees in relevant positions are adequately trained.

• Consider obtaining an independent and updated risk assessment of the

company's compliance profile.

• Act quickly and appropriately to respond to reports of potential misconduct

and have clear systems and protocols in place for doing so.


44

In Summary…

Earn cooperation credit in an FCPA context

Individual accountability continues to be the linchpin of white collar

crime prosecutions

Companies are not well-positioned to detect fraud and corruption or

conduct internal investigations

Effective fraud and corruption risk management should be part of the

overall strategic planning process

45

Q & A

Let us know how we did on this webinar. Click on the

Survey icon to give us feedback.

46

Thank You for Attending!

Download the publication at: www.protiviti.com/fraudsurvey