BoardAndFraud

The Continued Evolution of Best Practices for Compliance Programs

In 2019 and 2020, the federal government released significant information which directly impacted compliance professionals. We cover all three releases in this eBook, the 2020 Evaluation of Corporate Compliance Programs – Guidance Document, the 2019 Framework for OFAC Compliance Commitments, and the 2019 Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations.

These three documents provided not only the government’s refreshed thinking on what constitutes a best practices compliance program. I have combined all three onto a best practices document.

Fraud Pentagon – Enhancements to the Three Conditions Under Which Fraud May Occur

Today’s fraudster is clever and operates in an environment ripe for criminal activity. Economic unrest is making it easier for employees to find ways to set fraud in motion – and a new breed of offenders is finding cunning ways to do so. After more than 60 years, the classic fraud triangle of three elements or events that motivate an employee to cross the line has morphed into the Fraud Pentagon.

Company boards and senior management must take an offensive stance against the five conditions that precipitate fraud with a clear plan that limits the opportunity for fraud and minimizes the impact when fraud does occur.

Board Overconfidence: An Often Unrecognized Risk

Directors on corporate boards are – almost by definition – men and women who are accomplished and successful. So it is only natural that most board members also are highly self-assured and confident in their judgment and abilities.

When that self-confidence is misplaced or overstated, however, the consequences can be costly. This is particularly true when overconfidence causes board members to underestimate or overlook the risks associated with fraud or management incompetence. Moreover, when board overconfidence is compounded by management overconfidence, the risks can multiply quickly.

Once the dangers of overconfidence are understood and appreciated, board and management teams alike can begin taking proactive steps to mitigate the risks. Knowing the warning signs of board overconfidence is an essential first step.

e-Guide for Chief Compliance Officers

This e-book is intended as a guide for Chief Compliance Officers (CCOs) and those responsible for developing and implementing compliance policies and procedures for an organization. Compliance, when done properly and embraced fully, should be seen as a necessary business process. It is our vision that companies have more than a best-in-class compliance program going forward.
The time is now for companies to take the next step up to make compliance a part of the business process of the organization. This would not only allow companies to meet the Department of Justice’s requirement that compliance programs be more fully operationalized, but it is our firm belief that a more effective compliance program will make the company’s internal controls operate more efficiently and enable it to operate more profitably. With the increased efficiencies for compliance offered by data analytics and AI, a robust compliance program can demonstrate internal commercial inefficiencies which can be remediated for greater return from assets.

Fraud Risk Assessment – A Recipe for Greater Success!

In addition to establishing an ethical environment, board members and management must also take the lead in implementing and maintaining a formal fraud risk management program. One key element of such a program is a fraud risk assessment.

Risk assessments are part of the discipline of risk management, where enhanced frameworks and techniques have emerged. Risk management comprises the identification, assessment, and prioritization of risks followed by the coordinated and efficient use of resources to monitor, minimize, and otherwise control the impact of the risks on the organization.

SEC and its New Silent Whistleblower: Risk Based Data Analytics

The SEC just announced its first actions arising from investigations generated by the Enforcement Division’s EPS (Earnings Per Share) Initiative, which utilizes risk-based data analytics to uncover potential accounting and disclosure violations caused by, among other things, earnings management practices.

» Read More

Donut Holes! Dunkin’ Data Breach Settlement

Dunkin’ was repeatedly alerted to attackers’ ongoing attempts to log in to customer accounts by a third-party app developer. The app developer even provided Dunkin’ with a list of nearly 20,000 accounts that had been compromised by attackers over just a sample five-day period. “Yet, Dunkin’ failed to investigate the attacks to identify other customer accounts that had been compromised, determine what customer information had been acquired, or whether customer funds had been stolen.

Dunkin agreed to pay $650,000 as penalty settlement costs for the lawsuit over its failure to respond to credential stuffing attacks.

» Read More

Tipsters – SEC Adds Clarity, Efficiency and Transparency to Its Whistleblower Award Program

On Wednesday, September 23. 2020, the SEC voted to adopt amendments to the rules governing its whistleblower program.
According to the SEC, the amendments are meant to “provide greater transparency, efficiency and clarity, and to strengthen and bolster the program.”

The amendments were proposed for public comment in June 2018 and have been adopted with some changes.

» Read More

FCPA – Mergers & Acquisition Due Diligence

When a company acquires another company, the successor company can be liable for the acquired company’s activities before acquisition. The U.S. Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) have administered Foreign Corrupt Practices Act (“FCPA”) enforcement actions against successor companies in cases involving egregious and sustained violations, where the successor company directly participated in the violations, or where the successor company failed to stop the misconduct from continuing after the acquisition.

This writing explores some key steps that should be taken pre and post acquisition.

» Read More

DOJ Unravels a Decade-Old Scheme that involved Kickbacks, Money Laundering, Sham Shell Companies, and Fake Invoices

According to evidence presented at trial, Aleksandr Pikus, 45, of Brooklyn, New York, and his co-conspirators perpetrated a scheme through a series of medical clinics in Brooklyn and Queens over nearly a decade.   The clinics employed doctors, physical and occupational therapists, and other medical professionals who were enrolled in the Medicare and Medicaid programs.  In return for illegal kickbacks, Pikus referred beneficiaries to these health care providers, who submitted claims to the Medicare and Medicaid programs.

Pikus and his co-conspirators then laundered a substantial portion of the proceeds of these claims through companies he controlled, including by cashing checks at several New York City check-cashing businesses.  Pikus then failed to report that cash income to the IRS.  Instead, Pikus used the cash to enrich himself and others and to pay kickbacks to patient recruiters, who, in turn, paid beneficiaries to receive treatment at the medical clinics.  The evidence further established that Pikus and his co-conspirators used sham shell companies and fake invoices to conceal their illegal activities.

» Read More

Fraud tip Friday! Coming soon the New EU Whistleblower Protection Law

Soon all public and private organizations in the EU with more than fifty (50) employees will soon be required to comply with a new EU Whistleblower Protection law. The new law highlights the importance of responsive, transparent, and timely whistleblowing case management. So just implementing a hotline is not enough. Organizations must consider confidentiality, acknowledgment of the tip or compliant, response times, the competence of persons receiving the reports, communication with the whistleblower, and feedback on how the case is being processed. The new law also includes the right to report concerns externally while remaining legally protected. That’s a risk organizations must avoid. With the December 2021 deadline fast approaching, there is no better time for management and boards to act. 

Read more!

» Read More

Erasing the “Lines” to Enhance Risk Management

In July 2020, The Institute of Internal Auditors (“IIA”) updated its Three Lines of Defense Model (“Model”) to emphasize more active forms of risk management and governance that appear to go beyond merely defensive maneuvers made by the internal audit function.  

Some believed the old model sent a message that we should fear risk. I never saw it that way. I understood the subliminal message was the model was about achieving objectives, which requires both the creation and the protection of value. The new model does a much better job of confirming that risk management contributes “to achieving objectives and creating value, as well as to matters of “defense” and protecting value.”

Learn why the Enterprise Risk Resilient Model might be a better choice.

» Read More

Baker Tilly’s Global Forensic Investigations, Compliance & Integrity Practice Continues to Impress and Grow!

Our experience conducting fraud investigations, domestically and globally, allows us to advise our clients on measures they can take to prevent fraud from occurring and detect issues before they expand. Our clients look to us to design anti-fraud programs and controls, perform anti-bribery and anti-corruption compliance assessments, and perform proactive fraud examinations to identify possible red flags or indicators of fraudulent activity. Because of our collective skills and the depth and breadth of our experiences, we are also able to design and enhance compliance programs and serve as integrity monitors. 

Correcting deficiencies, addressing gaps in controls, and remediation of specific issues is important at the end of every investigation to prevent the same or similar frauds from recurring.

We address these important client needs at the end of our investigations and can assist with implementing remedial actions.

» Read More

Webinar – July 28, 2020 – Best Practices for Conducting Remote Internal Investigations

In this pandemic era, global companies have been challenged to maintain a reliable and effective internal investigation program. Companies have relied on remote investigation strategies to collect and review documents and conduct interviews. In conducting remote investigations, companies have to ensure that they follow investigation requirements, maintain the confidentiality of the process, and comply with applicable data privacy rules and security requirements.

In this webinar, Jessica Sanderson, Partner at The Volkov Law Group, and Jonathan T. Marks, Partner| Leader of the Global Forensic Investigation, COmpliance & Integrity Practice at Baker Tilly, will discuss best practices for conducting remote internal investigations. They will outline strategies for collecting and reviewing documents, analyzing financial data, and conducting interviews using remote technologies.

» Read More

SEC & DOJ Release Second Edition of the Resource Guide to the U.S. Foreign Corrupt Practices Act

The SEC and DOJ Resource Guide is intended to provide information for businesses and individuals regarding the U.S. Foreign Corrupt Practices Act (FCPA). The guide has been prepared by the staff of the Criminal Division of the U.S. Department of Justice and the Enforcement Division of the U.S. Securities and Exchange Commission.

The key changes to the Second Edition reflect developments and issues that are well-known to experienced practitioners. Nevertheless, the updated Guide emphasizes the importance of effective (and “adequately resourced”) compliance programs, risk-based diligence efforts, and voluntary self-disclosures.   

» Read More

Fraud On The Rise is No Surprise!

Last week, the Association of Certified Fraud Examiners (” ACFE”) published the results of a survey taken by more than 1,800 anti-fraud professionals in late April and early May 2020, while we were deep into the Covid-19 crisis.  The findings, for the most part, are not surprising, but does reveal some disappointing information.  While I have not seen a raw copy of the survey, I was surprised the ACFE didn’t ask if the company’s fraud risk assessment was reviewed and modified accordingly.

In addition, the survey highlights trends in the overall level of fraud. Survey respondents provided information about their current observations and expected changes regarding ten (10) specific types of fraud.

» Read More

DOJ Revises its Guidance on the Evaluation of Corporate Compliance Programs

Without any fanfare, the U.S. Department of Justice Criminal Division has once again revised its Evaluation of Corporate Compliance Programs (“ECCP”).  The ECCP  remains  organized around three overarching questions that prosecutors ask when evaluating compliance programs, with some revisions, which are in bold text below:

Is the corporation’s compliance program well designed?
Is the program being applied earnestly and in good faith? In other words, is the program being implemented adequately resourced and empowered to function effectively?
Does the corporation’s compliance program work in practice?

While most of the document is identical to the 2019 Guidance, there are subtle and noticeable revisions.  The revisions appear to be designed to help provide additional clarity when answering the above three questions. 

» Read More

The Next Level of Investigations

Many investigations are currently being performed remotely, in concert with the general counsel, the chief compliance officer, the chief audit executive, and depending on the how the allegation was triaged, with outside counsel, a forensic accounting firm, and the board.  Even government prosecutors are interviewing witnesses remotely.

The primary goal of the interview is to elicit information in a non-coercive manner. My personal preference is always to conduct interviews face to face because I can control the subject and the environment, and evaluate the nonverbal behavior of the interviewee.  But, if performing a face-to-face interview is not possible, I suggest using video over the telephone.

This writing provides some suggestions for techniques to consider when conducting internal investigations remotely.

» Read More

Internal Investigations and Keywords

Investigative search terms are specific to each situation and are a primary tool used by the investigation team to identify possible relevant information in a data set. However, overly broad or poorly chosen terms or keywords can produce excessive and irrelevant results, or worse, miss the  “smoking gun” e-mail or document. Additionally, have you thought about the list of search terms or keywords being privileged or protected opinion work product in the context of an internal investigation?

» Read More

COSO Releases Thought Leadership on Risk Appetite

Organizations encounter risk every day as they pursue their objectives. In conducting appropriate oversight, management and the board must deal with a fundamental question: How much risk is acceptable in pursuing these objectives? Added to this, regulators and other oversight bodies are calling for better descriptions of organizations’ risk management processes, including oversight by the board.

COSO has released a thought leadership piece to help understand and communicate risk appetite, an amorphous concept to many.

» Read More

Tone from the top: Leadership’s challenge during a crisis

Leaders must find ways to engage with their people to motivate them, and this becomes increasingly important during uncertain or trying times. If done correctly, talking can be incredibly powerful. It can help relieve anxiety and help people find the strength they didn’t know was in them. Studies have shown that talking shuts down the brain’s fear center.

As Dr. Judson A. Brewer stated in a recent New York Times article, “Anxiety is a strange beast. As a psychiatrist, I have learned that anxiety and its close cousin, panic, are both born from fear.”

Fear and anxiety can be debilitating. Without proper communication in a crisis, it’s easy for people to spin and spread stories of fear, creating social contagion. To balance this tendency, in a crisis, leaders need to take their “tone from the top” to the next level.

» Read More
Skip to toolbar