white collar crime and fraud risk survey presentation
TRANSCRIPT
1
White Collar Crime and Fraud Risk Survey
Taking the Best Route to Managing Fraud and Corruption Risk
2
A Reminder…
You can download a copy of the presentation via the Resources Area on your
screen.
Following the webinar, all attendees will receive a link to a copy of the presentation and
recording.
There will be a Q&A session at the end of the webinar. Please submit your questions by
clicking on the Questions Area on your screen.
If you are having trouble hearing the audio through your computer, a separate phone line is
available for your use.
• US/Canada Line (866) 586-4566
• International Line (734) 385-2579
• Conference ID 15854002
3
CPE Credits and Supplemental Information
• We are offering 1.5 CPE credits for this webinar
– To be eligible to receive this credit, please ensure you answer at least four (4) out of the five (5) polling
questions
• We are offering 1.5 CLE general credits for this webinar (CA, CO, NJ and NY will be
provided (CLE for OH and IL is pending))
– To be eligible for this credit, please answer all five polling questions and e-mail the following information to
Name
State bar number
State requesting CLE credit in
• In the Resources Area, you can:
− Save/Print a copy of today’s presentation
– Download Taking the Best Route to Managing Fraud and Corruption Risk
4
Today’s Presenters
Donald Rebovich, Ph.D., Professor of Criminal Justice is Chair of Utica
College’s Economic Crime & Justice Studies. Dr. Rebovich is also the
Executive Director of the Center for Identity Management & Information
Protection (CIMIP) of Utica College. Prior to coming to Utica College, Dr.
Rebovich served as Research Director for the National White Collar Crime
Center (NW3C) in Morgantown, West Virginia and the American Prosecutors
Research Institute of the National District Attorneys Association (NDAA) in
Alexandria, Virginia. At NW3C he was responsible for directing the national
analysis of Internet crime report data generated by the FBI's Internet Fraud
Complaint Center, and directing the National Public Survey on White Collar
Crime Program. He is the author of Dangerous Ground: The World of
Hazardous Waste Crime (2015), which presented the results of the first
empirical study of environmental crime and its control in the United States.
Email: [email protected]
Dr. Donald RebovichChair, Utica College
5
Today’s Presenters
A seasoned litigator, George Stamboulidis has tried dozens of complex
federal jury trials as prosecutor and as defense attorney. Recognized for his
experience in the areas of white collar and business defense, George is
regularly engaged by corporations, directors, and officers to advise and
defend in complex federal grand jury and regulatory investigations. George is
trusted for his integrity and sound judgment in corporate monitorship
positions and has been appointed a federal monitor a notable six times by
the U.S. Department of Justice (DOJ).
George is co-leader of BakerHostetler's national White Collar Defense and
Corporate Investigations Practice, which is ranked in Chambers USA:
America's Leading Lawyers for Business. He is a nationally recognized
lecturer on corporate criminal liability and the use of proactive defense
tactics, and regularly presents to members of the financial services,
insurance, pharmaceutical, and energy industries, among others.
Email: [email protected]
George A. StamboulidisPartner, BakerHostetler
6
Today’s Presenters
Scott Moritz is the leader of Protiviti’s Fraud, Anti-Corruption and
Investigations practice. He has more than 28 years of investigative and
regulatory compliance experience working with a variety of organizations,
government and regulatory agencies to identify, triage, investigate and
remediate a wide variety of risks. With extensive experience investigating
transnational crime, corruption and money laundering, Scott is widely
regarded as a leading authority on the evaluation, design, remediation,
implementation and administration of corporate compliance programs, codes
of conduct, training and internal audit programs.
Email: [email protected]
Scott MoritzProtiviti Managing Director, New York City
7
Today’s Presenters
Pamela Verick is a Director in Protiviti’s Investigations & Fraud Risk
Management solution. Pam has over 22 years of risk management
experience, including creation of fraud governance systems and fraud risk
management programs, planning and execution of fraud risk assessments,
and conducting investigations to address fraud, misconduct and potential
violations of the Foreign Corrupt Practices Act, as well as, equivalent anti-
bribery laws and regulations. She also assists with compliance and ethics
programs for both the public and private sector.
Email: [email protected]
Pamela VerickProtiviti Director, Washington D.C.
8
Today’s Presenters
Peter Grupe is a Director in Protiviti’s Investigations & Fraud Risk
Management practice. He has over 30 years of experience in consulting, law
enforcement and corporate finance. He most recently served as the
president of an international corporate security consulting firm specializing in
fraud detection and prevention, risk mitigation, due diligence, executive
protection and crisis management. Peter has also held various executive
management roles with the Federal Bureau of Investigation (FBI). He retired
after 24 years of service as the assistant special agent in charge of the
largest white collar crime branch of the FBI (New York office). Peter has also
lectured and provided training around the world on corporate security
matters, fraud detection and prevention.
Email: [email protected]
Peter GrupeProtiviti Director, New York City
9
A. Yes
B. No
Does your organization have a formal and documented fraud control policy?
Reminder: Answer 4 out of 5 questions to qualify for CPE credit.
Poll Question #1
10
• This global survey, conducted online,
consisted of a series of questions
grouped into six categories:
‒ Fraud Risk Governance
‒ Fraud Risk Assessment
‒ Fraud Prevention Techniques
‒ Fraud Detection Techniques
‒ Corruption
‒ Reporting, Investigation and
Corrective Action
• The survey explored organizational
readiness to deter, detect, investigate
and report fraud and corruption.
• Nearly 300 executives and professionals
completed our online questionnaire.
The Inaugural Benchmarking Report
Download the publication at: www.protiviti.com/fraudsurvey
11
Today We Will Explore…
How few companies are availing themselves of the tools and best
practices for mitigating fraud risk
How third-party fraud and corruption risk is barely on the radar of most
organizations today
How organizations without strong fraud detection and reporting programs
face a higher risk of damaging “whistleblower” disclosures
How the Yates Memorandum and DOJ’s increased scrutiny of corporate
compliance programs will impact organizations
13
Which of the following best describes your organization’s fraud risk strategy?
Fraud Risk Strategy
Few respondents consider their fraud risk strategy to be well-defined.
14
Which of the following challenges does your organization face in managing its
fraud risk proactively?
Challenges to Managing Fraud Risk
With regard to the
challenges organizations
face in managing fraud risk
proactively, 47 percent of
respondents cited the lack
of internal resources.
15
Who in the ranks of senior management is designated with ownership and
responsibility for fraud risk management in your organization?
Ownership of Fraud Risk Management
CFOs are often the lead
person from the ranks of
senior management
designated with ownership
and responsibility for fraud
risk management in the
organization.
16
Does your organization have a formal and documented fraud control policy?
Fraud Control Policy
A majority of large companies indicated their organization DO have a formal and
documented fraud control policy in place.
17
A. Very well defined
B. Defined
C. Less defined
D. Reactive only
E. Undefined
Which of the following best describes your organization’s fraud risk strategy?
Reminder: Answer 4 out of 5 questions to qualify for CPE credit.
Poll Question #2
19
How often does your organization conduct a formal fraud risk assessment?
Frequency of Fraud Risk Assessment
An effective fraud risk assessment process should be conducted in alignment
with the organization’s objectives and should thoroughly consider potential
vulnerabilities arising from fraud and misconduct.
20
Who within your organization is primarily responsible for conducting your fraud
risk assessment?
Responsibility for Fraud Risk Assessment
Internal audit is
often the group
primarily
responsible for
conducting an
organization’s fraud
risk assessment.
21
Does your fraud risk assessment team include members from different
departments?
Staffing the Fraud Risk Assessment
More organizations should consider creating fraud risk assessment teams that
include members from different departments to enhance the process.
22
How is your organization’s fraud risk assessment process structured?
Structuring the Fraud Risk Assessment
Some companies consider a fraud risk assessment to be part of their
SOX compliance process. This narrow focus fails to address
the systemic nature of fraud risk.
23
Does your organization have a fraud risk management (mitigation) program?
Fraud Risk Management Program
Large companies emerged as the leaders of organizations that have a fraud risk
management (mitigation) program in place.
24
A. Quarterly
B. Annually
C. As needed
D. Never
E. Don’t know
How often does your organization conduct a formal fraud risk assessment?
Reminder: Answer 4 out of 5 questions to qualify for CPE credit.
Poll Question #3
26
On a scale of 1 to 5, rate your level of confidence that the organization has
effective oversight of the external third parties retained in the United States
and/or outside the United States.
Effective Oversight of External Third Parties
Companies have a long way to go when it comes to assessing
and monitoring third-party corruption risk, with few respondents
giving their organizations a high confidence rating.
27
Does your organization conduct due diligence on business intermediaries (e.g.,
agent, distributor, consultant, subcontractor) prior to onboarding?
Due Diligence on Business Intermediaries
More than a third of respondents (35 percent) indicated that they were
not aware of any due diligence being performed by their companies
on intermediaries prior to onboarding.
28
Does your organization have the ability to distinguish between foreign
government agencies, state-owned companies, public international
organizations and private enterprises among its customer base?
Customer Base Differentiation
35 percent of respondents were not aware of efforts to identify
foreign government agencies, state-owned companies or
international organizations as customers.
29
Does your organization perform any of the following? (Multiple responses
permitted.)
Activities to Monitor Corruption
Base: Organizations that categorize third parties according to risk
Without the ability to readily distinguish between the different categories of
customers, companies risk operating “in the blind” as to which of their customers’
employees meet the definition of a “foreign official.”
30
If your organization performs investigative due diligence, who performs the work
associated with this process? (Multiple responses permitted.)
Investigative Due Diligence Responsibility
For those that
perform
investigative due
diligence, most
organizations
perform the work
in-house.
31
Do your hiring practices include an examination as to whether candidates are
family members or associates of government officials?
Hiring Practices
Half of large companies indicated that their organizations attempt to
determine whether job candidates are family members or associates of
government officials who are in a position to influence contract awards.
32
A. Yes
B. No
C. Don’t know
Does your organization conduct due diligence on business intermediaries (e.g.,
agent, distributor, consultant, subcontractor) prior to onboarding?
Reminder: Answer 4 out of 5 questions to qualify for CPE credit.
Poll Question #4
33
A. Yes
B. No
C. Don’t know
Does your organization have the ability to distinguish between foreign
government agencies, state-owned companies, public international
organizations and private enterprises among its customer base?
Reminder: Answer 4 out of 5 questions to qualify for CPE credit.
Poll Question #5
35
Based on your personal knowledge, how many allegations of fraud or
misconduct have been received and investigated by your company in the past
three years?
Investigating Fraud or Misconduct
A substantial
percentage of
respondents said
there have been
NO allegations of
fraud or
misconduct
investigated over
the past three
years.
36
For known fraud events or incidents of misconduct within your company, what
was the primary root cause or control breakdown that allowed the incident to
occur?
Fraud – Primary Root Cause
Base: Organizations in which there have been allegations of fraud or misconduct that have been
investigated in the past three years.
Overall, insufficient
management review and
inadequate controls have
accounted for more than
half of all fraud and
misconduct investigated
over the last three years.
37
What level of involvement does your organization’s audit committee have in the
investigation of alleged fraud or misconduct?
Audit Committee – Level of Involvement
Organizations
should inform the
audit committee
of investigations
of alleged fraud or
misconduct on a
more timely basis.
38
Common Corrective Actions
Disciplinary action and termination were the most common corrective actions
taken by companies at the conclusion of an investigation.
39
FCPA is “fertile ground” for whistleblowers.
• Section 922 of Dodd-Frank Act provides monetary awards for providing the
SEC with “original information” that leads to a successful enforcement
action and recovery of more than $1 million in sanctions.
• Original information is defined as information that:
(A) is derived from the independent knowledge or analysis of a
whistleblower;
(B) is not known to the Commission from any other source, unless the
whistleblower is the original source of the information; and
(C) is not exclusively derived from an allegation made in a judicial or
administrative hearing, in a governmental report, hearing, audit, or
investigation, or from the news media, unless the whistleblower is a
source of the information.
Overview of the SEC’s Whistleblower Rules
40
Whistleblowers could receive sizeable rewards for providing information about
violations of the FCPA.
Overview of the SEC’s Whistleblower Rules
Factors the SEC will consider that may increase an award are:
1. the significance of the information provided;
2. the assistance provided by the whistleblower;
3. law enforcement interest in making a whistleblower award;
and
4. participation by the whistleblower in internal compliance
systems.
Factors the SEC will consider that may decrease an award are:
1. culpability of the whistleblower;
2. unreasonable reporting delay by the whistleblower; and
3. interference with internal compliance and reporting systems by
the whistleblower.
Eligible whistleblowers can receive awards of between 10% and 30% of the sanctions
collected by the SEC or other prosecuting authority.
41
Six key principles:
The Yates Memo: A New DOJ Investigative Focus
1. To be eligible for any cooperation credit, corporations must provide to the
Department all relevant facts about the individuals involved in corporate misconduct.
2. Criminal and civil corporate investigations should focus on individuals from
inception.
3. Routine communication between criminal and civil attorneys handling corporate
investigations.
4. No corporate resolution will provide protection for individuals absent
extraordinary circumstances.
5. No corporate case will be resolved without a clear plan to resolve related
individual cases before the statute of limitations expires, and declinations as to
individuals must be memorialized.
6. Civil attorneys are directed to focus on individuals accused of corporate
wrongdoing without regard to the individual's ability to pay.
42
Some of the practical difficulties potentially created by the Yates Memo:
• The benchmark for cooperation is much
higher.
• Cooperation may be required to continue
after case settles.
• Greater willingness by the DOJ to
scrutinize the scope, independence and
thoroughness of a corporate investigation.
• Greater threat of civil enforcement against
individuals.
The Yates Memo: A New DOJ Investigative Focus
43
Prevention remains the best defense.
• At regular intervals, review and update the company's compliance policies
and program.
• Provide adequate training on the revised programs.
• Insure that all new employees in relevant positions are adequately trained.
• Consider obtaining an independent and updated risk assessment of the
company's compliance profile.
• Act quickly and appropriately to respond to reports of potential misconduct
and have clear systems and protocols in place for doing so.
The Yates Memo: A New DOJ Investigative Focus
44
In Summary…
Earn cooperation credit in an FCPA context
Individual accountability continues to be the linchpin of white collar
crime prosecutions
Companies are not well-positioned to detect fraud and corruption or
conduct internal investigations
Effective fraud and corruption risk management should be part of the
overall strategic planning process