Posted by Katharine TAN Pei Shi, Year 4 undergrad at the School of Accountancy, Singapore Management University
FW moderates a discussion examining corporate fraud in Asia between Kanupriya Jain, practice leader for Corporate Investigations, at Control Risks, Denis Brock, a partner at King & Wood Mallesons, and Matthias Oberlinner, a director at Siemens Ltd.
FW: How would you characterise perceptions – both from outside the region and internally – of corporate fraud across Asia?
Jain: In recent years, the risk of corporate fraud and corruption has become increasingly prominent across Asia, particularly India. While external parties still perceive Asia to be full of opportunities, the business environment is complex, high-risk and very often confusing, if not hostile, to foreign investors. Major challenges for companies operating in this market are only increasing, not least because in a downturn companies look to protect their bottom lines more, and part of that is about rooting out fraud and corruption within their existing operations and supply chains, as opposed to assessing potential risks in the external relationships they would have been developing during happier economic times. However, this has not deterred companies from associating with local partners or targeting opportunities here. Various political and regulatory factors in the region will bring about changes in the coming months; these may well completely change perceptions and open up more opportunities for international businesses to focus on this region.
Brock: There is no doubt there is still a perception that there is a long way to go in terms of effective fraud prevention policies within the region, although I do not think that is necessarily specific to Asia. Internal policies always pay lip service to these issues, but are not always able to properly address the risks associated with potential fraudulent activities within an organisation, and enforcement of the policies is not always as strict as it should be.
Oberlinner: Most multinational corporations agree that Asia is a region of great business opportunity; those who actually do business in Asia and have a strong compliance organisation encounter significant risks of fraud and corruption. We have created risk parameters and rated countries of lower and medium risks like Singapore, Australia and New Zealand and partially also South Korea and Japan; and countries of significantly higher risks like the economic giants P.R. China and India, but also the increasingly important Indonesia, Thailand, Malaysia, Vietnam and Philippines. Overall, the economic downturn seems to have increased the willingness for fraudulent behaviour on all levels. Supported by a detailed knowledge of the internal control system, increasingly complex and sophisticated fraud schemes are being perpetrated. Personal relationships to suppliers and distributors – an important business factor in Asia – are then abused to achieve personal benefits.
FW: From your perspective, what have been the most noteworthy cases of corporate fraud in Asia in recent years? Are there any particular lessons that we can draw from these cases?
Brock: I would not say there have been any really noteworthy cases in recent years in Asia; that is we have not had a Madoff style Ponzi scheme. There have been frauds in the IFA market but the victims have been relatively few. We have not seen any large scale corporate collapses as a result of fraud since the late 1990s. The risk of fraud causing problems within organisations is still very real, but nowadays it is being identified earlier and addressed before it becomes a larger problem and so often it is not widely reported.
Oberlinner: While the events are less present in the media than three months ago, the investigations in the healthcare industry in China are still on the top of the list. The results so far – admissions of systematic fraud and corruption – and the publicised consequences could be a first step to fundamentally changing the environment in this market; sophisticated compliance controls were not able to prevent the misconduct. We are working on an ongoing project to continually review our compliance processes and re-evaluate their effectiveness regarding fraud schemes as disclosed by the official investigations – an exercise that I recommend for any company doing business in China. The change in local enforcement makes additional compliance safeguards necessary to prove the legality of established business practices.
Jain: We are increasingly helping our clients in relation to FCPA-driven and very often whistleblower initiated investigations. These often result in a crisis situation for a client which requires immediate attention. The pharmaceutical, liquor and food industries are particularly susceptible and have widespread fraud and corruption risks due to a variety of sector-specific factors. To take the pharmaceutical sector as an example, high risks include money changing hands between doctors or hospitals and company sales officers to achieve sales targets, and the forging of documents and setting up non-existent medical centres to receive money from the company’s business development schemes. We have also noted an increase in work flowing from Indian and international law firms on huge and complex litigation support cases which involve evidence gathering and analysis of accounting records in support of legal hearings.
“The best internal processes will not be able to prevent fraud if the external business partner – on the sales or supplier side – becomes complicit in the fraud. Therefore a strict and thorough due diligence of business partners and key suppliers has become essential in recent years.”
— Matthias Oberlinner
FW: What are the essential elements of an anti-fraud program that companies in Asia should consider putting in place?
Oberlinner: One foundation is an excellent internal control system that encompasses all steps in the purchase to pay chain. This includes automatic red flags and warnings if steps – controls – are not followed in the established processes. However, the best internal processes will not be able to prevent fraud if the external business partner – on the sales or supplier side – becomes complicit in the fraud. Therefore a strict and thorough due diligence of business partners and key suppliers has become essential in recent years. While this requires considerable work, the potential rewards include a supplier that refuses and reports any approach by staff with the goal of setting-up a fraud scheme. Additionally, the organisation should establish a process that learns from past investigation findings and from experienced members of the sales and supply departments to improve the control system and the due diligence checks therein.
Jain: An incident of fraud or misconduct could have a serious financial, operational or reputational impact on an organisation. An anti-fraud program in Asia, like anywhere, has to be industry-specific, regularly updated and focused on proactive and reactive monitoring. It should define the tone of the senior management and strengthen corporate governance. We have often seen that companies implement these programs to ‘comply’ with global guidelines but are not rigorously enforced. Companies need to ensure they are implementing and then enforcing a robust risk management programme, including all the key elements of due diligence, anti-corruption, regular internal strategic audits and integrity reviews, and, where relevant, thorough investigations into the beneficiaries and mechanisms of fraud, including reviews of business relationships identified in the audit, and the recording and effective management of often very large quantities of data. The key, as ever, is about not just having strict policies but actually enforcing them, not just through messages being communicated from senior management, but by encouraging a culture throughout the organisation that does not tolerate fraud or other malpractice. It is also important to conduct regular checks and take necessary action against people who act unethically within the company, to send out a clear message that fraud or other corrupt practices will not be tolerated. Some recent cases in the region, especially in the liquor and pharmaceutical sectors, have raised questions concerning the commitment of some global companies to implement and enforce their anti-fraud programs.
Brock: There will never be a ‘one size fits all’ approach for organisations; a fraud prevention program needs to identify the key risk areas for that particular business and put in place processes that will target potential fraudulent activity in those areas. However, a critical element of any compliance programs is staff training. A robust program can still be entirely ineffective if staff are not properly trained, not only initially, but on an ongoing basis.
FW: In your opinion, how important is it to check the backgrounds of board members and senior level corporate officers during the hiring process?
Jain: In recent years we have seen the introduction of tighter laws and more proactive law enforcement internationally, while specifically in India discussions are ongoing over how to strengthen national anti-corruption legislation. As a result, board members and independent directors are being held more accountable; it is imperative to conduct background checks when appointing individuals. In South Asian countries, where the public record is often disorganised and incomplete, it is particularly important to conduct thorough background and reference checks during the hiring process.
Brock: It is an essential element in the hiring process of any senior executive and appointment of board members. Not only as a tool for assessing whether those individuals will be a risk from a fraud perspective, but also because the reputation of those individuals will reflect on the organisation and ‘skeletons in the closet’ so to speak need to be known in advance so the organisation can determine whether they are deal breakers.
Oberlinner: It is very important to make these background checks; given the visibility and authority of senior members, their behaviour and tone-form-the-top, will affect large parts of the organisation. Either the effects will be direct, by misconduct of the senior person themselves or indirect, via, for example, an unclear or weak compliance message to the company. Recent investigations clearly demonstrated that whenever a senior manager was involved in a fraud scheme, the organisation that he or she was responsible for, had additional compliance problems on lower levels. On the other hand, the culture in Asia often allows a strong leader with a clear pro-compliance message to discourage fraudulent behavior in his area of responsibility. In this regard, the background checks during the hiring process of senior members should also include ‘integrity interviews’ to evaluate soft compliance factors that you would ordinarily not find in a resume.
FW: What particular risks may exist when working with third-parties in Asia’s emerging markets? What steps can firms take to reduce potentially damaging exposure?
Brock: The difficulty that organisations face across the region is the disparity in views about acceptable behaviour when it comes to this fraud and corruption. There are some areas where it is very difficult to mitigate those risks and organisations need to form a view as to whether the benefit of working with those parties outweighs those risks.
Oberlinner: One element that occurs quite frequently during larger projects is that of ‘forced suppliers’ or other business partners. Any member of a project might try to introduce a third party in order to generate profits; the end-use of these profits is initially unclear, but it will always have a negative financial impact for at least one of the partners in the project. The first step to mitigate this risk is to train and educate members of the project teams to identify these types of ‘forced’ third parties. Close cooperation between the sales and the procurement project teams will support the evaluation in this regard. After such an instance is detected, an extensive due diligence and background check – sometimes only the announcement to the project participants that such a check is required and will be conducted – will help mitigate the risks of fraud in that project.
Jain: Key third-party risks include companies whose ultimate beneficial owners have been concealed, political connections, sources of capital, and unethical practices more broadly. Other common risks include grey practices, paying ‘kickbacks’ to employees or public officials, inter-linked and undisclosed business relationships, shell companies and the use of offshore entities. Important steps to mitigate against these risks include conducting proactive due diligence, regular monitoring, strong checks and balances, reviews by independent third parties, and the effective use of the ‘right to audit’ clause.
“I think it is very important to appoint specialised independent investigators and not auditors to investigate these issues and conduct a root cause analysis.”
— Kanupriya Jain
FW: When suspicions of fraud arise within a firm, what steps should be taken to evaluate and resolve the potential problem?
Oberlinner: A company needs an efficient, fair, and transparent process to deal with allegations of wrongdoing. The transparency helps especially in those environments in Asia where democratic government and independent judicial systems are not in place. Employees should be able to inform themselves on most aspects of ‘how’ an investigation will be conducted in their company. The investigation must then be conducted in accordance with the local law by professional and competent persons who are independent of local hierarchies. Findings of the investigation and its conduct should be protected and such information only distributed according to an established need-to-know principle. In most Asian cultures, giving ‘negative’ information about one’s superior is still considered highly inappropriate. Only ‘lived’ confidentiality in the investigation process allows the development of trust and the continued disclosure of information to the investigation department. Finally, once misconduct is found and the persons are heard in a disciplinary process, appropriate sanctions must be applied swiftly.
Jain: I think it is very important to appoint specialised independent investigators and not auditors to investigate these issues and conduct a root cause analysis. Response time is critical to avoid information being compromised and evidence destroyed. Also, companies need to look at these issues from a neutral perspective and first try to identify facts and evidence. I have come across instances of clients asking innocent employees to leave with insufficient evidence that does not address the root cause. Aside from the obvious repercussions of firing the wrong personnel, if the root cause is not addressed the company is left vulnerable to a recurring problem. This is why it is of paramount importance that the issue is identified, addressed and a long term solution is implemented – not a ‘quick fix’. Some of the techniques which are currently used to gather facts and evidence are data analysis, documentation review, witness interviewing, ediscovery and electronic document analysis, and business intelligence gathering from multiple sources.
Brock: Immediate investigation is critical when a suspicion arises. This can be an internal review in the first instance and should always be discrete. However, where that suspicion appears to be well founded it is important that an independent investigation be undertaken. That will not necessarily mean an external advisor, if an internal fraud investigation team can be utilised, but it should be undertaken promptly to ensure that evidence is preserved.
FW: Have there been any significant legal and regulatory developments relevant to corporate fraud in Asia over the past 12-18 months?
Jain: In India there been significant developments, though not directly related to fraud. The New Companies Act has been passed which makes it mandatory for listed companies to have a whistleblower mechanism in place; it defines fraud, puts more responsibility on independent directors. There are multiple acts that relate to these issues but they are all at the draft stage. The critical point is, however, that these laws – when implemented – need to be enforced and not just sit on the statute.
Brock: There has not been anything significant to the extent that organisations have had to undertake a major overhaul in policies in this area.
Oberlinner: The development with the highest impact appears to be a change in the enforcement actions in China. In the past, allegations of corruption were mainly investigated with regard to the recipient of the bribe; now, the provider of the bribe has moved into focus. Corporations are also no longer able to easily insulate themselves from sanctions by layers of distributors; recent enforcement shows that the company behind the distributors will be held accountable even for relatively distant actions of its sub-distributors. A somewhat vague formulation of the Chinese Anti Unfair Competition Law, combined with the fact that local enforcement agencies now get part of their budget from fines, additionally increased the enforcement pressure.
“A typical D&O policy will cover directors and officers for the legal costs and civil liabilities arising from civil and administrative proceedings, regulatory investigations and criminal prosecutions brought in the context of corporate fraud.”
— Denis Brock
FW: What potential personal liabilities might directors and officers (D&Os) of Asian companies face when fraud surfaces within their organisation? What insurance solutions are available to help protect D&Os, and what are the benefits and limitations associated with this coverage?
Brock: At a minimum, directors and officers should take out D&O insurance to protect themselves against the consequence of fraud. A typical D&O policy will cover directors and officers for the legal costs and civil liabilities arising from civil and administrative proceedings, regulatory investigations and criminal prosecutions brought in the context of corporate fraud. It may also cover the insured company where both it and the directors are being sued for alleged securities fraud. However, D&O insurance only offers third party protection and does not cover the company’s direct losses as a result of the fraud. As such ‘first party’ losses from fraud can often lead to third party claims, it is prudent for companies to consider taking out additional ‘first party’ insurance. This might include a form of employee dishonesty insurance to protect against fraud committed by staff or a comprehensive crime policy that addresses both internal and external fraud. Companies handling sensitive data may also benefit from cyber security insurance, which provides cover for risks arising from electronic fraud and data leakage. Of course, the overriding exception is that insurance will not cover directors or officers if they participated in, or were aware of, the fraud.
Oberlinner: D&Os of Asian subsidiaries of multinational companies are well aware of their responsibilities and duties. Global processes – for example, financial certifications – continuously ensure at least the awareness thereof. While insurance might provide a financial cover, recent events in China suggest that representatives might now be held personally responsible for fraud and corruption in their area of responsibility. The best options for preventing fraud and corruption remain an unmistakeable tone-from-the-top, establishing sound risk management and compliance systems, and a professional investigation and disciplinary process in order to detect and sanction fraud.
FW: Looking ahead, do you expect to see any major changes in the way Asian companies mitigate potential fraud occurring within their organisations? To what extent will this be driven by external factors, such as legislative change, and internal factors, such as overhauling policies and controls to go beyond mere compliance?
Oberlinner: A professional risk management is essential when evaluating the consequences of fraud in any transaction. Except from the amount involved in the fraud, two basic categories can be specified: first, that fraud that ‘only’ costs the company money, and second, that fraud that will negatively affect the reputation of the company and has the risk of governmental sanctions. The main driver to prevent fraud will continue to be financial. In the first category we will see that the costs of protecting the transaction from fraud will be weighed against the value of the transaction. This might enable small frauds, but the combination of a strong tone-from-the-top, sound investigation process and a zero-tolerance disciplinary policy will effectively mitigate the risks. The financial risks in the second category are significantly higher, requiring extensive checks and due diligence to protect transactions from fraud and corruption. In addition to internal controls and standard processes, high quality background checks on business partners and employees will become standard over the next few years.
Jain: Yes, companies are increasingly becoming aware of the risks and are realising that it’s better to be compliant than lose money or increase liability. External regulatory factors do play a role, but ultimately it’s a company’s strong tone at the top and implementation of policies which ensures that the company stays compliant, follows the right policies, undertakes regular process control reviews and conducts periodic and adequate training for its employees. One of the big drivers for foreign companies working in Asia is to reduce their risks. The economic downturn encourages companies to get their business in the right shape, as it is not the time for expansive M&A but rather for stepping back and consolidating existing businesses. The internal drivers of risk assessment play a very important role at such times. Also, it is not only about compliance as that is not the end goal; it is also an opportunity to assess and respond to any vulnerabilities in the business. There is also a need for senior management to change their perception that compliance is a ‘cost function’ and see it as a ‘future cost-saving function’ which every company should invest in. Corporate governance and transparency are the two drivers which are relevant today.
Brock: Any major change will almost certainly be driven by external factors, which could be legislative change, but also more aggressive intervention from regulators in this area. The more the regulators around the region are seen to be focusing on internal control failings, the more likely organisations are to focus on improving those controls. Certainly in terms of licensed entities regulators have become increasingly aggressive when it comes to internal control failings, but that will have less of an impact on non-licensed entities.
Kanupriya Jain leads Control Risks’ India and South Asia Corporate Investigation practice, and is based in Mumbai. Ms Jain works on business development, post-transaction due-diligence and investigation assignments, litigation support, and risk analysis for clients across various sectors. She provides specialist financial and accounting assistance by conducting fraud investigations, risk assessments, anti-bribery and corruption, and other regulatory checks along with providing corruption training to key management personnel.Prior to joining Control Risks, Ms Jain worked with EY and KPMG. She is a Chartered Accountant, and holds Bachelor of Law and Bachelor of Commerce degrees. Ms Jain can be contacted on +91 22 40977666 or by email: firstname.lastname@example.org.
Denis Brock is a partner in the Hong Kong office of King and Wood Mallesons. He specialises in commercial, corporate and regulatory litigation and arbitration. His experience over the years has included minority shareholder litigation, professional negligence claims (particularly auditors, brokers and lawyers), banking litigation, fraud investigations and PRC related disputes. He advises on risk management and on regulatory issues. His industry focus includes banks, corporates (recently in the oil & gas sector), accounting firms, insurance companies and brokers. Mr Brock can be contacted on +852 3443 1020 or by email: email@example.com.