fraud360 issue 3 2014 web

Insider Fraud: Why Are Fraud Risks From Within So Often Treated as Secondary to External Threats? Pg. 8

Anti-Corruption Compliance: Mitigating Risks of Third-Party Misconduct Pg. 11

Economic Crime Rising Globally Pg. 28

Celebrate! CRI Group Looks Back to Commemorate 24-Year Anniversary Pg. 7

ISSUE 3 2014 Crigroup.Com

HOW TO COMBAT MANAgEMENT

FRAUD

Published by

Fraud and White-Collar Crime Investigations | Background Investigations | Business Intelligence | Corporate Security | Forensic Accounting | Investigative Due Diligence

Today’s economy cannot afford fraud, and pre-vention starts with management. Here’s how to navigate solutions from the top down. Pg. 20

2 | fraUd360 | ISSUE 3 2014

How to Combat Management FraudWelcome to the latest edition of Fraud360. As always, we endeavor to bring you carefully selected articles that are interesting and valuable to you and your business.

I am also proud to note a major milestone for CRI Group: we just marked our 24th anniversary, and I’d like to personally thank all of our staff, clients and colleagues for helping us along in our journey. Because of you, CRI Group has grown as an innovative leader in the world of due diligence, risk management and investigation — while always staying focused on the needs of our clients. We look forward to our 25th year, and the next 25 beyond that.

In this edition of Fraud360, you will read about management’s responsibility in preventing fraud — and how leaders in today’s business world need to look beyond bonuses and profit margins. Today, risk management and fraud are just as important to a company’s bottom line, a reality we explore in our cover article, “How to Combat Management Fraud” (page 20).

Third-party partners can cause irreversible harm to your company’s reputation and even your financial stability through their unethical behaviours. “Anti-Corruption Compliance: Mitigating Risks of Third-Party Misconduct” (page 11) outlines the facts you need to know about conduct-ing due diligence and protecting your organisation from outside threats.

Not to be overlooked, however, we have also placed a special focus on insider fraud (page 8), asking the question: “Why are the fraud risks from within an organisation so often treated as secondary to external threats?”

Don’t miss our special updates on where economic cybercrime is growing around the world, what you need to know about FATCA implementation and other important issues in fraud and due diligence.

I invite you to reach out and provide us with your thoughts on these issues and others that are important to you. Just send us an email at [email protected]. I thank you for reading, and I hope this edition of Fraud360 helps you prevent and detect more fraud threats to your business or organisation.

Zafar I. Anjum, CFE, CIS, MICA, Int. Dip. (Fin. Crime), MBCI Chief Executive Officer of CRI Group

Letter from the CEO

crIgroUp.com | 3

Spotlights & FeaturesFraud360 | Issue 3 | 2014

7celebrate! crI group Looks Back to commemorate 24-Year anniversary

8Insider fraud: Why are fraud risks from Within So often Treated as Secondary to External Threats?

11anti-corruption compliance: mitigating risks of Third-party misconduct

18Transparency International’s corruption perceptions Index

28Survey finds Economic crime rising globally

31organisation profile: The Society of corporate compliance and Ethics

20How to combat management fraudToday’s economy cannot afford fraud, and prevention starts with management. Review solutions to navigate solutions from the top down.

8

11 28

20

4 | fraUd360 | ISSUE 3 2014

Fraud360 is created for business leaders, directors, investors and professionals who need the latest informa-tion and best practices for protecting their assets from fraud. Presenting practical tools, case studies, and articles focused on fraud prevention and detection, Fraud360 provides an insightful look at the issues impacting businesses worldwide.

Fraud360 is published by Corporate Research and Investigations, LLC. (CRI Group).

middle east & North afriCacrI group Headquartersdubai, UaELevel 9, #917, Liberty House, DIFCP.O. Box 111794Dubai, UAETel: +971-4-3589884Fax: +971 4 3589094Email: [email protected]: CRIGroup.com

QatarLevel 22, Tornado TowerAl-Funduq StreetPO Box 27774Doha, QatarTel: +974 44292434Email: [email protected]

europeLondonLevel 3325 Canada SquareLondon E14 5LQUnited KingdomTel: +44 207 038 8023Email: [email protected]

North ameriCaNew York 600 Third Avenue, Suite 252New York, NY10016 USATel: +1 (646) 571-2501 Email: [email protected]

asiapakistanLevel 12, #1210, 121155-B, Islamabad Stock Exchange (ISE) TowersJinnah Avenue, Blue AreaIslamabad, PakistanTel: +92 51 111 888 400Toll Free: 0800 00 CRI (274)Email: [email protected]

Singapore1 Raffles Place, #19-61, Tower 2One Raffles PlaceSingapore 048616Tel: +65 6808 5634(35)(36) Email: [email protected]

Hong KongRooms 05-15, 13A/F, South Tower World Finance Centre, Harbour City 17 Canton Road Tsim Sha Tsui Kowloon, Hong Kong Tel: 852-2208-6064 Email : [email protected]

malaysiaLot 2-2, Level 2, Tower B,The Troika, 19 Persiaran KLCC,M50450 Kuala Lumpur, Malaysia

WorldWide loCatioNs

suBsCriptioNs

To subscribe to Fraud360, please email us at [email protected]. Or contact one of our worldwide locations directly.

Visit fraudInsider.com for even more fraud, compliance and due diligence coverage, including the latest news and web-only features.

Want to receive Fraud360 News Brief International, our monthly magazine email newsletter? Send us an email at [email protected] or visit FraudInsider.com/Fraud360.

To advertise with us, please send an email to [email protected]. Space is available for our printed magazine as well as our email newsletter, Fraud360 News Brief International. Contact us today for more information.

for editorial inquiries, questions and comments, please email us at [email protected].

Fraud360 is published by Corporate Research and Investigations LLC:

global HeadquartersLevel 9, #917, Liberty HouseDIFC, P.O. Box 111794Dubai, UAETel: +971-4-3589884Fax: +971 4 3589094

© 2014 Corporate Research and Inves-tigations, LLC. Copyright is reserved throughout. Although Fraud360 may be quoted with proper attribution, no part of this publication may be re-produced without the express written permission of the publisher. Contri-butions are invited but copies of all work should be kept as Fraud360 can accept no responsibility for loss. The views expressed in Fraud360 are those of the authors and might not reflect the official policies of CRI Group.

FRAUD360 oNliNe

adVertise With us

editorial

crIgroUp.com | 5

memBerships, partNers & affiliates

About CRI Group

IMPLEMENTED AND CERTIFIEDISO 9001:2008 (Quality Management Systems)ISO27001:2005 (Information Security Management Systems)

corporate research and Investigations, LLc (crI group) is a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organisations. A licensed and incorporated entity of the Dubai International Financial Centre (DIFC), CRI safeguards businesses by estab-lishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business.

connect with us on the web via your mobile device or social media.

LinkedIn

facebook

Twitter

Blog: FraudInsider.com

CRI Group maintains partnerships and memberships with leading global organisations in the fields of due diligence, fraud investigation, forensic accounting and more. Some of our affiliations include:

professional Trade associations

We are proud to be named the 2013 “Business Due Diligence Firm of the Year – UAE” and “Anti-Fraud Adviser of the Year – UAE” by Acquisition Interna-tional. AI’s Awards celebrate excel-lence and recognise investors, advisers and service providers for expertise in their specialized fields.

corporate memberships/alliances

6 | fraUd360 | ISSUE 3 2014

News & MediaCri group Nominated for awardsCRI Group’s “You secure their future... We’ll secure their past” advertise-ment has been named one of the finalists for “Most Effective Message” and “Best Headline” in a prestigious award competition hosted by PreemploymentDirectory.com. Voting commenced 11 June 2014 for the selection of the win-ners in the Best Ads Awards competition in the Background Screening Industry.

The “Most Effec-tive Message” award is for the advert that “will most likely pro-duce the intended or expected result it was designed to produce and/or will stimulate readers to take a desired action.” The “Best Headline” category recognises “the headline that grabs your attention the most and which you found to be most compelling.”

The ad helps communicate what CRI Group offers clients and part-ners: user-friendly, web-based back-ground screening services with flex-ible, bespoke employment solutions for a range of various industry sec-tors with clients utilising this service across the globe.

Winners will be announced in July and voters can be entered for the chance to win a gift.

Visit http://tinyurl.com/ks5qmmf today to cast your vote!

upcoming eventsFind CRI Group at the following events around the globe in 2014:

SccE – compliance & Ethics InstituteHyatt Regency ChicagoChicago, Illinois14-17 September 2014

NapBS – 2014 annual conferenceHyatt Regency Denver at Colorado Convention CenterDenver, Colorado19-21 October 2014

in the mediaCRI Group was the title sponsor for the June 2014 issue of EMEA Briefings — Buyer Be-ware: Do an Integrity Check Before Conducting Business in the Middle East. The magazine is a supplement to the award-winning ACC Docket, the journal of the Association of Corporate Counsel (ACC) and the premier publication for in-house counsel with more than 35,000 readers worldwide. To read the full article, visit http://tinyurl.com/qfgl6uo.

crIgroUp.com | 7

In 1990, Mikhail Gorbachev was premier of the Soviet Union. Great Britain was seized by a record heat wave. The space shuttle Discovery released the Hubble Telescope into orbit. And crI group was born, destined to be a leading due diligence firm serving clients worldwide.

A lot has changed in the past 24 years in the realm of due diligence and risk man-agement. fraud and corruption, once kept behind closed doors, are now in the public eye and under scrutiny. New laws and regu-lations like the UK Bribery act are in effect, promising steep penalties for companies that don’t conduct proper due diligence.

In any business, longevity is a sign of success. CRI Group has strived to be innova-tive in the world of due diligence, risk man-agement and investigation — while always staying focused on the needs of clients.

“As we celebrate our 24th anniversary and service in the industry, CRI Group is proud to have become one of the most re-spected names in global risk management,” says Zafar I. Anjum, CFE, CIS, MICA, Int. Dip. (Fin. Crime), MBCI, CII, MIPI, CEO of CRI Group. “Since our inception, we have culti-vated long-term relationships with clients, providing them with expertise in detect-ing and preventing risks to their business. Our wide range of specialists are experts of international law and perform their services discreetly yet effectively. We look forward to providing such expertise to clients for many more years to come.”

CRI Group would like to thank all clients and staff for making this special milestone a reality. As we enter our 25th year, we hold steadfast to our commitment to integrity and remaining faithful to our customers’ trust.

Celebrate! Cri group looks Back to Commemorate 24-Year anniversary

1990

13,120

50

7

10

Year CRI Group was established

Number of global events CRI attended or sponsored in 2013

Number of Facebook likes

Number of CRI employees,

working in more than 7 countries

Number of countries with CRI locations

8 | fraUd360 | ISSUE 3 2014

rganisations have typically

been able to appreciate the

fraud risks from outside of

their organisation (e.g. identity criminals,

hackers and fraudulent applications), but

the same cannot always be said for the

risks inside the organisation itself. With

KPMG’s latest Global Profile of the Fraudster

finding that 61 percent of fraudsters are

employed by the victim organisation —

the risk is clearly present.

Verify applicationsOrganisations do numerous checks (e.g. credit checks, voters’ roll and the CIFAS National Fraud Database) when dealing with a customer’s application to verify the information provided before any decision is made. The level of checks on applica-tions for employment should be no differ-ent. If you wouldn’t accept an individual as a customer due to a fraudulent past why would you run the risk of employing them and giving them access to your cus-

Insider FraudWhy are the fraud risks from Within an organisation So often Treated as Secondary to External Threats?

By SOPhIE KEEN

O

crIgroUp.com | 9

tomer’s data and accounts? Not only can employing a known fraudster pose serious financial damage, it can also result in huge reputational damage and destroy the trust of customers. While employers have com-monly made use of references and criminal records checks, it is widely acknowledged that fraud is rarely reported to law enforce-ment and references are becoming increas-ingly brief. It was due to this that CIFAS and its Member organisations saw the need to establish the Internal Fraud Database.

This enables organisations to share de-tails of confirmed internal frauds with one another. The database enables an addition-al check during the recruitment process, but allows organisations to create a record (when a confirmed fraud is spotted), and thus protect the wider UK industry. Doing this helps to prevent fraudsters from sim-ply moving on, unheeded, simply to com-mit the same acts at another unsuspecting organisation. The database is increasingly being made use of by a wide range of sec-tors and was described by the former Na-tional Fraud Authority in its National Fraud Strategy as a success in the area of ‘sharing data within a framework that safeguards people’s privacy’ and ‘is critical to identify-ing and preventing fraud’.

Cases of employment application fraud reported to CIFAS have continued to rise in recent years, so this threat shouldn’t be seen as different from a potential customer making fraudulent declarations. The types of fraud seen on employment applications include false employment history, income, qualifications or attempts to conceal an ad-verse credit history (in regulated positions where a clean history is required).

Fundamentally, the fraud threat from inside an organisation is not very different from the threat posed from outside. There-fore the same standard of check needs to be used. By performing such checks, organisations can gain a fuller picture of

the applicant and find out whether they are truly who they say they are … before making any decisions as to whether or not to offer them employment.

Theft by Staff membersOf course no organisation can fully protect themselves from insider threats by simply introducing a robust screening process at application stage. CIFAS research has highlighted that the average length of service before a fraud was discovered was six and a half years. This closely matches KPMG’s finding of 41 per cent of internal fraud committed by those who were in the organisation for more than six years. The large proportions of these frauds include dishonest actions such as theft/deception (e.g. stealing cash from customers, or sub-mitting false expenses).

It is not only the theft of cash that or-ganisations must consider when looking at their internal fraud prevention strategy. The theft of data is a very serious threat that has direct parallels to the external risks many organisations are already tackling. The external threat of organised criminals to an organisation’s data is easily appreciated and most organisations have long been putting counter fraud measures in place to stop a remote attack. But what about when these gangs approach mem-bers of staff, offering payment in exchange for customer data? Or when someone is planted inside an organisation purely to commit such frauds? What steps are in place to stop these individuals download-ing customers’ details and passing them on for use in identity fraud?

While the number of cases of data theft has always been proportionally smaller (compared with other internal frauds), when you consider that just one instance can involve thousands of customer records, the impact becomes obvious. Over 60 per cent of fraud filed to the CIFAS National

10 | fraUd360 | ISSUE 3 2014

Fraud Database was a data driven identity crime in 2013, and the National Fraud Au-thority reported the cost of identity fraud in the UK as £3.3 billion. How much of this therefore was enabled by data obtained from inside an organisation? Once again, when viewed in a larger picture, the threat and need for proper internal controls be-comes even clearer.

The True costsA common factor in all internal fraud is that the cost will always exceed any initial amount stolen. The cost of investigation, legal fees, possible fines, compensa-tion to customers have to be taken into consideration and then there are the unquantifiable extras: morale, damage to an organisation’s reputation and so on. Research conducted last year by CIFAS and the University of Portsmouth looked into the true cost of insider fraud and found that whatever the

size of the initial fraud the true cost can be (on average) up to four times higher. A full copy of the report can be found on the CIFAS website (www.CIFAS.org.uk).

prevention Is the first and Best StepNo organisation can successfully promote

safe practice to its customers without taking the threat of internal fraud seri-ously. Fraud is fraud, whether it is com-mitted by an insider or an outsider. While eliminating the risk is impossible, putting measures in place to prevent it and project a clear message of zero tolerance is not. The Internal Fraud Database can add to this effort by mak-ing vetting process

more robust, and providing a real deter-rent through filing confirmed fraud cases. By ensuring that all organisations adhere to data protection laws, CIFAS insists that the use of the database is openly commu-nicated both to current and potential staff. This not only adds to the deterrent effect, but also helps to underline the message that every effort is being made to protect the honest majority of staff from working alongside fraudsters, and that the protec-tion of customers’ details and an organisa-tion’s assets (including its staff) are of the highest importance.

about the author Sophie Keen is Internal Fraud Recruitment Manager at CIFAS – The UK’s Fraud Prevention Service. She can be reached at [email protected].

61%of fraudsters are employed by the victim organisation

Source: KPMG’s Global Profile of the Fraudster

Figure 1: Cost elements incurred by insider fraud (The True Cost of Insider Fraud, CIFAS, November 2013)

Fraud Losses

Staff Replacement

Costs

External Sanction

Costs

Misc. CostsInternal

Disciplinary Costs

Intangible Costs

Staff Sickness/Suspension

Costs

Costs of Investigation

crIgroUp.com | 11

ANTI-CORRUPTION COMPLIANCE

Mitigating Risks of Third-Party Misconduct

BY KEITH KORENCHUK

MARCUS ASNERSAMUEL WITTEN

FOREIgN CORRUPT PRACTICES ACT

early every multi-national company does business us-ing a combination of its own

employees and third parties it hires to help perform essential tasks. Companies routinely engage third party agents to assist in winning government contracts or to obtain permits to do business and perform services. Third-party agents also help companies comply with local law and regulations, and with the tasks

of moving personnel and goods across borders. But while third parties often can serve key roles in a company’s business, in today’s environment of heightened enforcement of anticorruption laws they may expose a company to major liabili-ties if those third parties act corruptly in violation of applicable law.

Under the U.S. Foreign Corrupt Practices Act1 (FCPA), the UK Bribery Act2 and many other anticorruption laws, a company can

N

Reproduced with permission from Securities Regulation & Law Report, 45 SRLR 1839, 10/07/2013. © 2013 by The Bureau of National Affairs, Inc. (800-372-1033) www.bna.com

12 | fraUd360 | ISSUE 3 2014

be held liable not only for the corrupt ac-tions of its employees, but also a third party’s actions when that third party acts on its behalf. The FCPA, for example, pro-hibits offering or paying a bribe or some-thing of value to a foreign government official ‘‘for the purpose of obtaining or retaining business for or with, or direct-ing business to, any person,’’ including where the bribe or offer is made indirectly through a third party.3 U.S. criminal law has an expansive view of corporate criminality, under which an agent’s criminal acts may lead to a corporate criminal conviction.4 The UK traditionally has had a much more narrow concept of corporate criminality, but vastly expanded criminal liability in Section 7 of the Bribery Act so that a cor-poration may be held responsible crimi-nally if it fails to have adequate procedures to prevent a third party agent from bribing.

To reduce the risk of liability, companies need to be vigilant in selecting and moni-toring the third parties that act on their behalf. To meet the expectations of govern-ments worldwide, this means developing and implementing a rigorous third-party due diligence procedure to properly iden-tify, mitigate and respond to the specific risks associated with the use of third parties. Effective due diligence will help a company guard against having a third party acting corruptly, but it also will help mitigate any exposure if the third party nevertheless acts corruptly, contrary to the company’s wishes. This article outlines the key legal consider-ations and practical steps companies can take to protect themselves from undue risks in working with third parties.

overview of Legal framework There are many types of third-party actions that regularly implicate anti-corruption laws such as the FCPA or the Bribery Act. For example, in the area of government procurement, third parties might seek

to obtain lucrative contracts by offering bribes to government officials with decision-making authority on issues rang-ing from the structure of the contract bidding or procurement process to the selection of the winner and the administra-tion of the contract. Outside of procure-ment, many other third parties interact on behalf of companies with government officials: regulatory agents (such as vehicle licensing agents and visa processors), shipping agents (such as customs brokers and freight forwarders), and professional services providers (such as lawyers, ac-countants, regulatory consultants, travel agencies interacting with government officials, and lobbyists) regularly deal with government authorities. Significantly, a bribe for purposes of the FCPA can include not only money but ‘‘anything of value,’’5 which could include, for example, gifts, meals, entertainment and travel.

In a large number of settled cases, companies have been held liable for the conduct of third parties operating on their behalf.6 For example, on 29 May 2013, Total S.A. (Total), a French oil and gas company whose securities trade on the New York Stock Exchange, resolved parallel enforce-ment actions brought by the Justice De-partment and the Securities and Exchange Commission based on allegations that the company violated the FCPA by paying over US$60 million in bribes to intermediaries of an Iranian official as part of a scheme to ob-tain and retain oil rights in Iran.7 On 22 April 2013, Ralph Lauren Corporation (Ralph Lauren) resolved parallel FCPA investiga-tions actions through a non-prosecution agreement (NPA) with the SEC — the Commission’s first-ever NPA in a matter involving the FCPA — and a separate NPA with the DOJ. The SEC and DOJ investiga-tions stemmed from bribes allegedly paid by Ralph Lauren’s subsidiary in Argentina (RLC Argentina) to government officials.

crIgroUp.com | 13

According to the SEC’s NPA, between 2005 and 2009 the General Manager and other employees of RLC Argentina approved approximately US$568,000 in payments to a customs broker to bribe Argentine customs officials in order to secure the importation of Ralph Lauren products into Argentina.8 The corrupt payments included agreements with consultants to pay bribes

in exchange for contracts and nonpublic information regarding tenders, as well as payments to consultants who never per-formed work for the company. U.S. regula-tors have vigorously enforced cases involv-ing third parties and DOJ has made clear in its recent series of deferred prosecution agreements under the FCPA that compa-nies must develop and implement robust anti-corruption compliance programmes to guard against corrupt payments by third parties.

U.S. corporate criminal law is especially onerous. Under U.S. law, companies techni-cally can be liable if the agent pays a bribe to help the company obtain or retain busi-ness, even if the bribed was not approved by a company employee. To make matters

worse, an individual company employee also can be held criminally responsible for the agent’s crimes if the employee knew of the agent’s deed or if she was aware of a ‘‘high probability’’ that the agent was bribing someone (unless the employee actually believed that the agent was not paying bribes).9 Thus, both the company itself and its individual employees who are

supervising third parties will be well served to provide oversight of the conduct of their agents to ensure their activities are lawful.

Conducting appropriate due diligence as part of a robust compliance programme also helps a company if a third-party agent, despite the company’s due diligence, nev-ertheless violates the anti-corruption laws. Under the U.S. Attorney Manual, federal prosecutors will consider the existence and effectiveness of the company’s compliance programme when deciding whether to charge the company criminally.10 More-over, if a corporation is criminally charged, the fact that it has an effective compliance programme can help mitigate the penalty under the United States Sentencing Guide-lines.11 The UK Bribery Act takes things a

To reduce the risk of liability,

companies need to be vigilant

in selecting and monitoring the

third parties that act on their

behalf.

14 | fraUd360 | ISSUE 3 2014

step further. Under the Bribery Act, having an effective compliance programme can serve as an affirmative defence, absolving the corporation of any criminal liability.12

Third party liability is of particular concern under the FCPA and other anti-corruption laws because third parties conducting business in other countries often operate under different cultural norms and expec-tations, and some third parties may view illicit actions as consistent with, and even necessary for success, in local markets.13

The following steps provide a roadmap, based on our experience in assisting com-panies worldwide in designing, implement-ing, and operating third-party due diligence procedures, combined with our analysis of language on third-party reviews in recent FCPA deferred prosecution agreements.14

Implementing an appropriate Third-party due diligence procedureAs detailed below, a properly designed third-party, anti-corruption due diligence procedure will have a number of essential elements, all of which should be imple-mented for the effort to be effective.

• The framework should be based upon a risk assessment of how the company conducts business, how, when, where and why it uses third parties, and how it supervises the work of those third parties.

• The diligence procedures should be formalised in writing as a policy or proce-dure, and should be supported by a clear top-down instruction about the impor-tance of following those procedures (the ‘‘tone at the top’’ must be clear).

• Third parties who are ‘‘in scope’’ for the review need to be determined; for ex-ample, third parties that interact with government officials15 in known risk areas and/or working in high-risk locations for corruption typically would be good candidates for due diligence.

• The nature of the review should be risk-based, varying by the nature of the anticipated interaction with the governments.

• The company should use contractual clauses and certifications from the third parties to formalise the commitment to compliance, employ mechanisms to provide effective oversight of third-party conduct, and in appropriate cases, train third-party agents on company policies and procedures.

• The company should monitor and audit the company’s payment to third parties, including in many cases the payments made by the third parties, to ensure that the third party’s actions comply with the company’s policies and relevant anti-corruption laws.

• All due diligence of third parties should be documented to ensure that there is a record of consideration of risks and appropriate supporting documentation should be retained in an easily accessible database.

• Finally, the company should consider who should actually conduct and over-see the review procedure, as every company should organise its compliance framework to meet its particular needs with decisions being made at the appro-priate local, regional and global levels.

To facilitate implementing these pro-gramme elements, the following analytical framework is suggested.

1. risk assessment The first step to implementing any due diligence review is a well considered cost/benefit analysis and risk assessment of the hiring, reten-tion, and oversight of third parties.16 Every company will have a different assessment process depending on a number of fac-tors, such as the types of business in which

crIgroUp.com | 15

the company is engaged, the markets in which it operates, the contemplated interactions with govern-ment officials, the types of third parties typically used for such interactions, the way the company is gov-erned, and the company’s anticipated growth and business plan. A risk assess-ment identifies key types of interactions creating risk, the types and locations of third parties who perform work on behalf of the com-pany and the frequency of those interactions. A com-prehensive risk assessment serves as the cornerstone of the design and operation of the third-party due diligence review pro-cedure, as it informs such key programme design questions such as the scope, inten-sity, resources, organisation and controls in the review. It need not be a lengthy or complex process.

In terms of assessing risk another task is to evaluate certain functions of employees (and the third parties they supervise) that by their nature create incentives for the use of bribery. For example, if compensation for a particular employee is based on ob-taining regulatory approvals, the employee might have incentives to bribe to ensure that such approvals are forthcoming, and may hire regulatory agents who might be prone to doing the same. In other words, if the employees have incentives, those same incentives will exist for the third parties, but the company may have less control over the third party, making the risk of cor-ruption greater.

A key threshold question is whether the use of any particular third party is necessary to achieve the company’s business objectives or whether the

actions contemplated can be handled ‘‘in house.’’ Performing a function in house frequently brings with it better oversight, more accountability and potentially significant cost- savings. Because a compa-ny generally has less con-trol over third parties than it would over its own inter-nal operations, a company should consider whether the potential liability engendered by the use of third parties is appropriate and worth the risk in each particular situation.

2. Clearly articulated Written policies and procedures Once a company conducts its assessment and confirms the necessity of using third parties for particu-lar tasks, the next step is to develop and implement clear anti-corruption policies and procedures detailing the third-party review. These policies and procedures must be known to all company directors, officers, and employees as well as to actual and potential third parties.17 These written materials should:

• Provide a framework for identifying, reporting and resolving warning signs of corruption arising out of the third-party review.

• Minimise actual corruption risks.

• Ensure the company is partnering with appropriately qualified third parties for proper business purposes.

The risk assessment and the written policies and procedures the company cre-ates will drive the questions asked in the actual review process outlined below.

Most importantly, the written policies and procedures cannot be simply an-nounced on paper — they must be

The nature of the review should be risk-based, varying by the nature of the anticipated interaction with the governments.

16 | fraUd360 | ISSUE 3 2014

accompanied by clear support from the top of the company that the compliance framework in general and the review of third parties in particular are essential and non-discretionary, and that there are substantial consequences for failing to follow the review procedure. In some cir-cumstances, third parties interacting with government employees should themselves receive training directly from the company to help ensure that they understand the policies and procedures and the conse-quences of non-compliance.

3. Which third parties are ‘in scope’? The first level of review is to determine which third parties are ‘‘in scope,’’ and thus sub-ject to heightened due diligence review. In this respect, all third parties that deal with foreign government officials on behalf of a company present corruption risks and should therefore be presumptively in scope. Because each company will need to develop its risk analysis based on its own circumstances, it may decide that certain third parties are automatically in scope if they have contracts with the company over a certain monetary threshold. Com-panies may also want to consider the type of government interactions likely to be pursued by third parties and also the country or countries in which the third party operates. For example, because of endemic corruption risks in a particular country, a company may decide that all third parties operating in that country are in scope, even if their primary responsibili-ties do not include significant government interactions on behalf of the company. If

the third party is not in scope (e.g., it is not expected to have dealings with foreign governmental authorities on behalf of the company or otherwise not subject to additional scrutiny), then companies may choose to limit or adapt the due diligence described below or may decide it is ulti-mately unnecessary.18

4. heightened review for third parties in scope For those third parties in scope, a review should follow, both in vetting for suitability and risk signs and in

overseeing their work for the company. The type, scope and control/ decision-making struc-ture of such a review will be a highly indi-vidualised decision for each company, based on important issues of timing, manner and the depth of review of exist-ing third parties and new third parties. How-ever, there are some common elements that should be present in

any effective procedure:

• After the initial determination of which third parties are in scope, the company should ask those parties preliminary questions on a variety of relevant issues, including, but not limited to, qualifica-tion to perform the work, staffing, level of experience, references and company history. These responses are typically provided by the third party in a written questionnaire.

• The company should also conduct refer-ence checks with other parties with whom the third party conducts business, but should not include any references who may receive compensation from

Accountability of those conducting the review for the company is essential for success.

crIgroUp.com | 17

the third party under review. The results of these inquiries should be thoroughly documented.

• A background search for news concern-ing the third party’s prior conduct — as well as the conduct of the third party’s owners, officers, directors, senior man-agement, and those executives who are principally involved in the relationship with the company — is also an essential part of the review. These searches will also assist in identifying any connections or relationships with government offi-cials. Options for conducting these types of searches include commercial databas-es, the Internet, local news sources, the local U.S. or other relevant embassy, or a combination of these resources.

• During any review, company personnel should be alert for the classic warning signs of corruption, such as excessive requests for compensation, substantial amounts sought in advance, payments going to third-party subcontractors, pay-ment only upon ‘‘success,’’ or involvement of government officials in the company or its operations. If there are still ques-tions or unresolved warning signs, the company should always leave open the option of a further review with additional follow up questions and due diligence re-view relating to actual or possible prob-lems, which could involve further ques-tions, a background search and/or a site visit. The situation may also require the hiring of an outside expert to conduct a more detailed diligence review.

• In the course of conducting the due diligence review, if warning signs cannot be resolved, the company may decline to begin a relationship with a new third party or terminate its relationship with an existing third party. Companies may seek to address potential warning signs — if possible and prudent — through

enhanced reporting, more training, a more robust compliance programme for the third party, anti-corruption contract clauses, more auditing, ongoing monitor-ing and/or other risk mitigation strategies.

• Once a third party completes the review, the company should establish a policy on how often a third party should be subject to a new review. Many companies will elect to review each third party relation-ship at set periods, for example, every two to three years, or sooner if there is a fundamental change in the relationship.

5. tools a Company may use to miti-gate Corruption risks with third parties Companies should have available a num-ber of tools to mitigate third-party cor-ruption risks. The finance function at the company should conduct an independent review of any expenses and reimburse-ment requests sought by the third party prior to authorisation of payment. This might include checking claims for payment against the obligations under the contract, ensuring adequate supporting documen-tation exists, and generally being alert for warning signs of corruption. The company should also require annual compliance certifications. Finally, companies should in-clude standard anti-corruption provisions in third-party contracts. Depending on the circumstances, and as noted very clearly by the DOJ in recent deferred prosecution agreements, these contractual clauses could include:

a. anti-corruption representations and undertakings relating to compliance with the anti-corruption laws;

b. rights to conduct audits of the books and records of the agent or business partner [third party] to ensure compli-ance with the foregoing; and

» continued on page 33

90 - 10080 - 8970 - 7960 - 6950 - 5940 - 4930 - 3920 -2910 - 190 - 9No data

Highly Corrupt

Very Clean

2012 CPI Score

© 2013 Transparency International. All rights reserved.

CORRUPTION PERCEPTIONS INDEX 2013The perceived levels of public sector corruption in 177 countries/territories around the world.

SCORE

0-9 10-19 20-29 30-39 40-49 50-59 60-69 70-79 80-89 90-100 No data

Very Clean

Highly Corrupt

21 Ireland 72

22 Bahamas 71

22 Chile 71

22 France 71

22 Saint Lucia 71

26 Austria 69

26 United Arab Emirates

69

28 Estonia 68

28 Qatar 68

30 Botswana 64

31 Bhutan 63

31 Cyprus 63

33 Portugal 62

33 Puerto Rico 62

33 Saint Vincent and the Grenadines

62

36 Israel 61

36 Taiwan 61

38 Brunei 60

38 Poland 60

40 Spain 59

61 Oman 47

61 Slovakia 47

63 Cuba 46

63 Ghana 46

63 Saudi Arabia 46

66 Jordan 45

67 Macedonia (FYR) 44

67 Montenegro 44

69 Italy 43

69 Kuwait 43

69 Romania 43

72 Bosnia and Herzegovina

42

72 Brazil 42

72 Sao Tome and Principe

42

72 Serbia 42

72 South Africa 42

77 Bulgaria 41

77 Senegal 41

77 Tunisia 41

80 China 40

1 Denmark 91

1 New Zealand 91

3 Finland 89

3 Sweden 89

5 Norway 86

5 Singapore 86

7 Switzerland 85

8 Netherlands 83

9 Australia 81

9 Canada 81

11 Luxembourg 80

12 Germany 78

12 Iceland 78

14 United Kingdom 76

15 Barbados 75

15 Belgium 75

15 Hong Kong 75

18 Japan 74

19 United States 73

19 Uruguay 73

RANK COUNTRY/TERRITORY SCORE RANK COUNTRY/TERRITORY SCORE

41 Cape Verde 58

41 Dominica 58

43 Lithuania 57

43 Slovenia 57

45 Malta 56

46 Korea (South) 55

47 Hungary 54

47 Seychelles 54

49 Costa Rica 53

49 Latvia 53

49 Rwanda 53

52 Mauritius 52

53 Malaysia 50

53 Turkey 50

55 Georgia 49

55 Lesotho 49

57 Bahrain 48

57 Croatia 48

57 Czech Republic 48

57 Namibia 48

RANK COUNTRY/TERRITORY SCORE

80 Greece 40

82 Swaziland 39

83 Burkina Faso 38

83 El Salvador 38

83 Jamaica 38

83 Liberia 38

83 Mongolia 38

83 Peru 38

83 Trinidad and Tobago

38

83 Zambia 38

91 Malawi 37

91 Morocco 37

91 Sri Lanka 37

94 Algeria 36

94 Armenia 36

94 Benin 36

94 Colombia 36

94 Djibouti 36

94 India 36

94 Philippines 36

94 Suriname 36

102 Ecuador 35

102 Moldova 35

102 Panama 35

102 Thailand 35

106 Argentina 34

106 Bolivia 34

106 Gabon 34

106 Mexico 34

106 Niger 34

111 Ethiopia 33

111 Kosovo 33

111 Tanzania 33

114 Egypt 32

114 Indonesia 32

116 Albania 31

116 Nepal 31

116 Vietnam 31

119 Mauritania 30

119 Mozambique 30

119 Sierra Leone 30


119 Timor-Leste 30

123 Belarus 29

123 Dominican Republic

29

123 Guatemala 29

123 Togo 29

127 Azerbaijan 28

127 Comoros 28

127 Gambia 28

127 Lebanon 28

127 Madagascar 28

127 Mali 28

127 Nicaragua 28

127 Pakistan 28

127 Russia 28

136 Bangladesh 27

136 Côte d´Ivoire 27

136 Guyana 27

136 Kenya 27

140 Honduras 26

140 Kazakhstan 26

140 Laos 26

140 Uganda 26

144 Cameroon 25

144 Central African Republic

25

144 Iran 25

144 Nigeria 25

144 Papua New Guinea 25

144 Ukraine 25

150 Guinea 24

150 Kyrgyzstan 24

150 Paraguay 24

153 Angola 23

154 Congo Republic 22

154 Democratic Republic of the Congo

22

154 Tajikistan 22

157 Burundi 21

157 Myanmar 21

157 Zimbabwe 21


160 Cambodia 20

160 Eritrea 20

160 Venezuela 20

163 Chad 19

163 Equatorial Guinea 19

163 Guinea-Bissau 19

163 Haiti 19

167 Yemen 18

168 Syria 17

168 Turkmenistan 17

168 Uzbekistan 17

171 Iraq 16

172 Libya 15

173 South Sudan 14

174 Sudan 11

175 Afghanistan 8

175 Korea (North) 8

175 Somalia 8

#stopthecorrupt www.transparency.org/cpi

CORRUPTION PERCEPTIONS INDEX 2013We all know corruption is a problem, but how bad is it? For the Corruption Perceptions Index 2013, we ranked 177 countries and territories around the world on their perceived levels of public sector corruption. Here are the results.

Scoring less than 50 out of 100, almost 70 per cent of countries are perceived to have a serious corruption problem. No country achieves a perfect score. How corrupt is your country?

How to read the infographic

Countries and territories in the Corruption Perceptions Index are scored and ranked. The colour indicates the level of perceived corruption and the size of the circle shows the percentage of countries that fall within the score range. Countries are listed in order of rank going clockwise.

SCORE

90-100

80-89

70-79

60-69

50-59

40-49

30-39

20-29

10-19

0-9

Very Clean

Highly Corrupt

89 Finland

Luxem

bourg

80

Can

ada

Aust

ralia

Netherlands

SwitzerlandSingapore

Norway

Sweden80-89

SCORE

91 Denmark

91 New Zealand90-100

SCORE

78 G

erm

any

Saint Lucia 71

Franc

eCh

ile

Baha

mas

Ireland

UruguayUnited States

Japan

Hong Kong

Belgium

BarbadosUnite

d King

dom

Icelan

d70-79

SCORE

69 Austria

Poland 60Brunei

Taiwan

Israel

St Vincent & Grenadines

Puert

o Rico

Portu

gal

Cypr

us

Bhutan

BotswanaQatar

Estonia

United Arab Emirates

60-69SCORE

Afgh

anist

an 8

Somalia 8

Korea

(Nort

h)

0-9SCORE

49 G

eorg

ia

Greece 40

China

Tunisia

Sene

gal

Bulga

riaSo

uth

Afric

aSe

rbia

Sao

Tom

e &

Prin

cipe

Braz

il Bosnia & HerzegovinaRom

aniaKuwait

ItalyMontenegro

Macedonia (FYR)

Jordan

Saudi Arabia

Ghana

Cuba

SlovakiaOman

NamibiaCzech RepublicCroa

tiaBahra

inLeso

tho

40-49SCORE

39 S

waz

iland

Timor-Leste 30

Sierra Leone

Mozam

bique

Mauritania

VietnamNepalAlbaniaIndonesiaEgypt

Tanzania

Kosovo

Ethiopia

Niger

Mexico

Gabon

Bolivi

aAr

gent

inaTh

ailan

dPa

nam

a

Mol

dova

Ecuador

Suriname

PhilippinesIndia

DjiboutiColombia

Benin

Armenia

Algeria

Sri Lanka

Morocco

MalawiZambia

Trinidad & TobagoPeru

Mongo

liaLiberi

aJam

aica

El S

alva

dor

Burk

ina

Faso

30-39SCORE

29 B

elar

us

Venezuela 20

Eritrea

Cambodia

Zimbabwe

MyanmarBurundiTajikistanDR of the CongoCongo Republic

Angola

Paraguay

Kyrgyzstan

Guinea

Ukraine

Papu

a New

Guinea

Nige

riaIra

nCe

ntra

l Afri

can

Repu

blic

Cam

eroo

n Uganda

Laos

KazakhstanHonduras

KenyaGuyana

Côte d´Ivoire

Bangladesh

Russia

Pakistan

Nicaragua

Mali

MadagascarLebanon

GambiaComoro

sAzerb

aijan

TogoGu

atem

ala

Dom

inic

an R

epub

lic

20-29SCORE

19 C

had

Suda

n 11

Sout

h Su

dan Libya

IraqUzbekistan

Turkmenistan

Syria

Yemen

HaitiGuinea-

Bissau

Equa

torial

Guin

ea

10-19SCORE

59 S

pain

Turkey 50

Malaysia

Mauritius

Rwan

daLa

tvia

Cost

a Ri

ca Seychelles

HungaryKorea (South)

Malta

Slovenia

Lithuania

DominicaCap

e Verd

e

50-59SCORE AMERICAS

66% score below 50 Top: Canada Bottom: Haiti

50

ASIA PACIFIC 64% score below 50Top: New Zealand Bottom: Afghanistan, Korea (North)

50

EASTERN EUROPE & CENTRAL ASIA 95% score below 50Top: Turkey Bottom: Turkmenistan, Uzbekistan

50

EU & WESTERN EUROPE 23% score below 50Top: Denmark Bottom: Greece

50

MIDDLE EAST & NORTH AFRICA 84% score below 50Top: United Arab Emirates Bottom: Sudan

50

SUB-SAHARAN AFRICA 90% score below 50Top: Botswana Bottom: Somalia

50

VERY CLEAN

HIGHLY CORRUPT


18 | fraUd360 | ISSUE 3 2014

90 - 10080 - 8970 - 7960 - 6950 - 5940 - 4930 - 3920 -2910 - 190 - 9No data

Highly Corrupt

Very Clean

2012 CPI Score



SCORE

0-9 10-19 20-29 30-39 40-49 50-59 60-69 70-79 80-89 90-100 No data

Very Clean

Highly Corrupt

21 Ireland 72

22 Bahamas 71

22 Chile 71

22 France 71

22 Saint Lucia 71

26 Austria 69


69

28 Estonia 68

28 Qatar 68

30 Botswana 64

31 Bhutan 63

31 Cyprus 63

33 Portugal 62

33 Puerto Rico 62


62

36 Israel 61

36 Taiwan 61

38 Brunei 60

38 Poland 60

40 Spain 59

61 Oman 47

61 Slovakia 47

63 Cuba 46

63 Ghana 46

63 Saudi Arabia 46

66 Jordan 45


67 Montenegro 44

69 Italy 43

69 Kuwait 43

69 Romania 43


42

72 Brazil 42


42

72 Serbia 42

72 South Africa 42

77 Bulgaria 41

77 Senegal 41

77 Tunisia 41

80 China 40

1 Denmark 91

1 New Zealand 91

3 Finland 89

3 Sweden 89

5 Norway 86

5 Singapore 86

7 Switzerland 85

8 Netherlands 83

9 Australia 81

9 Canada 81

11 Luxembourg 80

12 Germany 78

12 Iceland 78


15 Barbados 75

15 Belgium 75

15 Hong Kong 75

18 Japan 74

19 United States 73

19 Uruguay 73


41 Cape Verde 58

41 Dominica 58

43 Lithuania 57

43 Slovenia 57

45 Malta 56

46 Korea (South) 55

47 Hungary 54

47 Seychelles 54

49 Costa Rica 53

49 Latvia 53

49 Rwanda 53

52 Mauritius 52

53 Malaysia 50

53 Turkey 50

55 Georgia 49

55 Lesotho 49

57 Bahrain 48

57 Croatia 48


57 Namibia 48


80 Greece 40

82 Swaziland 39

83 Burkina Faso 38

83 El Salvador 38

83 Jamaica 38

83 Liberia 38

83 Mongolia 38

83 Peru 38


38

83 Zambia 38

91 Malawi 37

91 Morocco 37

91 Sri Lanka 37

94 Algeria 36

94 Armenia 36

94 Benin 36

94 Colombia 36

94 Djibouti 36

94 India 36

94 Philippines 36

94 Suriname 36

102 Ecuador 35

102 Moldova 35

102 Panama 35

102 Thailand 35

106 Argentina 34

106 Bolivia 34

106 Gabon 34

106 Mexico 34

106 Niger 34

111 Ethiopia 33

111 Kosovo 33

111 Tanzania 33

114 Egypt 32

114 Indonesia 32

116 Albania 31

116 Nepal 31

116 Vietnam 31

119 Mauritania 30

119 Mozambique 30

119 Sierra Leone 30


119 Timor-Leste 30

123 Belarus 29


29

123 Guatemala 29

123 Togo 29

127 Azerbaijan 28

127 Comoros 28

127 Gambia 28

127 Lebanon 28

127 Madagascar 28

127 Mali 28

127 Nicaragua 28

127 Pakistan 28

127 Russia 28

136 Bangladesh 27


136 Guyana 27

136 Kenya 27

140 Honduras 26

140 Kazakhstan 26

140 Laos 26

140 Uganda 26

144 Cameroon 25


25

144 Iran 25

144 Nigeria 25


144 Ukraine 25

150 Guinea 24

150 Kyrgyzstan 24

150 Paraguay 24

153 Angola 23



22

154 Tajikistan 22

157 Burundi 21

157 Myanmar 21

157 Zimbabwe 21


160 Cambodia 20

160 Eritrea 20

160 Venezuela 20

163 Chad 19



163 Haiti 19

167 Yemen 18

168 Syria 17

168 Turkmenistan 17

168 Uzbekistan 17

171 Iraq 16

172 Libya 15

173 South Sudan 14

174 Sudan 11

175 Afghanistan 8

175 Korea (North) 8

175 Somalia 8


90 - 10080 - 8970 - 7960 - 6950 - 5940 - 4930 - 3920 -2910 - 190 - 9No data

Highly Corrupt

Very Clean

2012 CPI Score



SCORE

0-9 10-19 20-29 30-39 40-49 50-59 60-69 70-79 80-89 90-100 No data

Very Clean

Highly Corrupt

21 Ireland 72

22 Bahamas 71

22 Chile 71

22 France 71

22 Saint Lucia 71

26 Austria 69


69

28 Estonia 68

28 Qatar 68

30 Botswana 64

31 Bhutan 63

31 Cyprus 63

33 Portugal 62

33 Puerto Rico 62


62

36 Israel 61

36 Taiwan 61

38 Brunei 60

38 Poland 60

40 Spain 59

61 Oman 47

61 Slovakia 47

63 Cuba 46

63 Ghana 46

63 Saudi Arabia 46

66 Jordan 45


67 Montenegro 44

69 Italy 43

69 Kuwait 43

69 Romania 43


42

72 Brazil 42


42

72 Serbia 42

72 South Africa 42

77 Bulgaria 41

77 Senegal 41

77 Tunisia 41

80 China 40

1 Denmark 91

1 New Zealand 91

3 Finland 89

3 Sweden 89

5 Norway 86

5 Singapore 86

7 Switzerland 85

8 Netherlands 83

9 Australia 81

9 Canada 81

11 Luxembourg 80

12 Germany 78

12 Iceland 78


15 Barbados 75

15 Belgium 75

15 Hong Kong 75

18 Japan 74

19 United States 73

19 Uruguay 73


41 Cape Verde 58

41 Dominica 58

43 Lithuania 57

43 Slovenia 57

45 Malta 56

46 Korea (South) 55

47 Hungary 54

47 Seychelles 54

49 Costa Rica 53

49 Latvia 53

49 Rwanda 53

52 Mauritius 52

53 Malaysia 50

53 Turkey 50

55 Georgia 49

55 Lesotho 49

57 Bahrain 48

57 Croatia 48


57 Namibia 48


80 Greece 40

82 Swaziland 39

83 Burkina Faso 38

83 El Salvador 38

83 Jamaica 38

83 Liberia 38

83 Mongolia 38

83 Peru 38


38

83 Zambia 38

91 Malawi 37

91 Morocco 37

91 Sri Lanka 37

94 Algeria 36

94 Armenia 36

94 Benin 36

94 Colombia 36

94 Djibouti 36

94 India 36

94 Philippines 36

94 Suriname 36

102 Ecuador 35

102 Moldova 35

102 Panama 35

102 Thailand 35

106 Argentina 34

106 Bolivia 34

106 Gabon 34

106 Mexico 34

106 Niger 34

111 Ethiopia 33

111 Kosovo 33

111 Tanzania 33

114 Egypt 32

114 Indonesia 32

116 Albania 31

116 Nepal 31

116 Vietnam 31

119 Mauritania 30

119 Mozambique 30

119 Sierra Leone 30


119 Timor-Leste 30

123 Belarus 29


29

123 Guatemala 29

123 Togo 29

127 Azerbaijan 28

127 Comoros 28

127 Gambia 28

127 Lebanon 28

127 Madagascar 28

127 Mali 28

127 Nicaragua 28

127 Pakistan 28

127 Russia 28

136 Bangladesh 27


136 Guyana 27

136 Kenya 27

140 Honduras 26

140 Kazakhstan 26

140 Laos 26

140 Uganda 26

144 Cameroon 25


25

144 Iran 25

144 Nigeria 25


144 Ukraine 25

150 Guinea 24

150 Kyrgyzstan 24

150 Paraguay 24

153 Angola 23



22

154 Tajikistan 22

157 Burundi 21

157 Myanmar 21

157 Zimbabwe 21


160 Cambodia 20

160 Eritrea 20

160 Venezuela 20

163 Chad 19



163 Haiti 19

167 Yemen 18

168 Syria 17

168 Turkmenistan 17

168 Uzbekistan 17

171 Iraq 16

172 Libya 15

173 South Sudan 14

174 Sudan 11

175 Afghanistan 8

175 Korea (North) 8

175 Somalia 8


90 - 10080 - 8970 - 7960 - 6950 - 5940 - 4930 - 3920 -2910 - 190 - 9No data

Highly Corrupt

Very Clean

2012 CPI Score



SCORE

0-9 10-19 20-29 30-39 40-49 50-59 60-69 70-79 80-89 90-100 No data

Very Clean

Highly Corrupt

21 Ireland 72

22 Bahamas 71

22 Chile 71

22 France 71

22 Saint Lucia 71

26 Austria 69


69

28 Estonia 68

28 Qatar 68

30 Botswana 64

31 Bhutan 63

31 Cyprus 63

33 Portugal 62

33 Puerto Rico 62


62

36 Israel 61

36 Taiwan 61

38 Brunei 60

38 Poland 60

40 Spain 59

61 Oman 47

61 Slovakia 47

63 Cuba 46

63 Ghana 46

63 Saudi Arabia 46

66 Jordan 45


67 Montenegro 44

69 Italy 43

69 Kuwait 43

69 Romania 43


42

72 Brazil 42


42

72 Serbia 42

72 South Africa 42

77 Bulgaria 41

77 Senegal 41

77 Tunisia 41

80 China 40

1 Denmark 91

1 New Zealand 91

3 Finland 89

3 Sweden 89

5 Norway 86

5 Singapore 86

7 Switzerland 85

8 Netherlands 83

9 Australia 81

9 Canada 81

11 Luxembourg 80

12 Germany 78

12 Iceland 78


15 Barbados 75

15 Belgium 75

15 Hong Kong 75

18 Japan 74

19 United States 73

19 Uruguay 73


41 Cape Verde 58

41 Dominica 58

43 Lithuania 57

43 Slovenia 57

45 Malta 56

46 Korea (South) 55

47 Hungary 54

47 Seychelles 54

49 Costa Rica 53

49 Latvia 53

49 Rwanda 53

52 Mauritius 52

53 Malaysia 50

53 Turkey 50

55 Georgia 49

55 Lesotho 49

57 Bahrain 48

57 Croatia 48


57 Namibia 48


80 Greece 40

82 Swaziland 39

83 Burkina Faso 38

83 El Salvador 38

83 Jamaica 38

83 Liberia 38

83 Mongolia 38

83 Peru 38


38

83 Zambia 38

91 Malawi 37

91 Morocco 37

91 Sri Lanka 37

94 Algeria 36

94 Armenia 36

94 Benin 36

94 Colombia 36

94 Djibouti 36

94 India 36

94 Philippines 36

94 Suriname 36

102 Ecuador 35

102 Moldova 35

102 Panama 35

102 Thailand 35

106 Argentina 34

106 Bolivia 34

106 Gabon 34

106 Mexico 34

106 Niger 34

111 Ethiopia 33

111 Kosovo 33

111 Tanzania 33

114 Egypt 32

114 Indonesia 32

116 Albania 31

116 Nepal 31

116 Vietnam 31

119 Mauritania 30

119 Mozambique 30

119 Sierra Leone 30


119 Timor-Leste 30

123 Belarus 29


29

123 Guatemala 29

123 Togo 29

127 Azerbaijan 28

127 Comoros 28

127 Gambia 28

127 Lebanon 28

127 Madagascar 28

127 Mali 28

127 Nicaragua 28

127 Pakistan 28

127 Russia 28

136 Bangladesh 27


136 Guyana 27

136 Kenya 27

140 Honduras 26

140 Kazakhstan 26

140 Laos 26

140 Uganda 26

144 Cameroon 25


25

144 Iran 25

144 Nigeria 25


144 Ukraine 25

150 Guinea 24

150 Kyrgyzstan 24

150 Paraguay 24

153 Angola 23



22

154 Tajikistan 22

157 Burundi 21

157 Myanmar 21

157 Zimbabwe 21


160 Cambodia 20

160 Eritrea 20

160 Venezuela 20

163 Chad 19



163 Haiti 19

167 Yemen 18

168 Syria 17

168 Turkmenistan 17

168 Uzbekistan 17

171 Iraq 16

172 Libya 15

173 South Sudan 14

174 Sudan 11

175 Afghanistan 8

175 Korea (North) 8

175 Somalia 8


90 - 10080 - 8970 - 7960 - 6950 - 5940 - 4930 - 3920 -2910 - 190 - 9No data

Highly Corrupt

Very Clean

2012 CPI Score



SCORE

0-9 10-19 20-29 30-39 40-49 50-59 60-69 70-79 80-89 90-100 No data

Very Clean

Highly Corrupt

21 Ireland 72

22 Bahamas 71

22 Chile 71

22 France 71

22 Saint Lucia 71

26 Austria 69


69

28 Estonia 68

28 Qatar 68

30 Botswana 64

31 Bhutan 63

31 Cyprus 63

33 Portugal 62

33 Puerto Rico 62


62

36 Israel 61

36 Taiwan 61

38 Brunei 60

38 Poland 60

40 Spain 59

61 Oman 47

61 Slovakia 47

63 Cuba 46

63 Ghana 46

63 Saudi Arabia 46

66 Jordan 45


67 Montenegro 44

69 Italy 43

69 Kuwait 43

69 Romania 43


42

72 Brazil 42


42

72 Serbia 42

72 South Africa 42

77 Bulgaria 41

77 Senegal 41

77 Tunisia 41

80 China 40

1 Denmark 91

1 New Zealand 91

3 Finland 89

3 Sweden 89

5 Norway 86

5 Singapore 86

7 Switzerland 85

8 Netherlands 83

9 Australia 81

9 Canada 81

11 Luxembourg 80

12 Germany 78

12 Iceland 78


15 Barbados 75

15 Belgium 75

15 Hong Kong 75

18 Japan 74

19 United States 73

19 Uruguay 73


41 Cape Verde 58

41 Dominica 58

43 Lithuania 57

43 Slovenia 57

45 Malta 56

46 Korea (South) 55

47 Hungary 54

47 Seychelles 54

49 Costa Rica 53

49 Latvia 53

49 Rwanda 53

52 Mauritius 52

53 Malaysia 50

53 Turkey 50

55 Georgia 49

55 Lesotho 49

57 Bahrain 48

57 Croatia 48


57 Namibia 48


80 Greece 40

82 Swaziland 39

83 Burkina Faso 38

83 El Salvador 38

83 Jamaica 38

83 Liberia 38

83 Mongolia 38

83 Peru 38


38

83 Zambia 38

91 Malawi 37

91 Morocco 37

91 Sri Lanka 37

94 Algeria 36

94 Armenia 36

94 Benin 36

94 Colombia 36

94 Djibouti 36

94 India 36

94 Philippines 36

94 Suriname 36

102 Ecuador 35

102 Moldova 35

102 Panama 35

102 Thailand 35

106 Argentina 34

106 Bolivia 34

106 Gabon 34

106 Mexico 34

106 Niger 34

111 Ethiopia 33

111 Kosovo 33

111 Tanzania 33

114 Egypt 32

114 Indonesia 32

116 Albania 31

116 Nepal 31

116 Vietnam 31

119 Mauritania 30

119 Mozambique 30

119 Sierra Leone 30


119 Timor-Leste 30

123 Belarus 29


29

123 Guatemala 29

123 Togo 29

127 Azerbaijan 28

127 Comoros 28

127 Gambia 28

127 Lebanon 28

127 Madagascar 28

127 Mali 28

127 Nicaragua 28

127 Pakistan 28

127 Russia 28

136 Bangladesh 27


136 Guyana 27

136 Kenya 27

140 Honduras 26

140 Kazakhstan 26

140 Laos 26

140 Uganda 26

144 Cameroon 25


25

144 Iran 25

144 Nigeria 25


144 Ukraine 25

150 Guinea 24

150 Kyrgyzstan 24

150 Paraguay 24

153 Angola 23



22

154 Tajikistan 22

157 Burundi 21

157 Myanmar 21

157 Zimbabwe 21


160 Cambodia 20

160 Eritrea 20

160 Venezuela 20

163 Chad 19



163 Haiti 19

167 Yemen 18

168 Syria 17

168 Turkmenistan 17

168 Uzbekistan 17

171 Iraq 16

172 Libya 15

173 South Sudan 14

174 Sudan 11

175 Afghanistan 8

175 Korea (North) 8

175 Somalia 8


crIgroUp.com | 19

Transparency Internation-al’s Corruption Perceptions Index 2013 offers a warning that the abuse of power, secret dealings and bribery continue to ravage societ-ies around the world.

More than two thirds of the 177 countries in the 2013 index score below 50, on a scale from 0 (per-ceived to be highly cor-rupt) to 100 (perceived to be very clean).

“The Corruption Percep-tions Index 2013 demon-strates that all countries still face the threat of corruption at all levels of government, from the issu-ing of local permits to the enforcement of laws and

regulations,” said Huguette Labelle, Chair of Transpar-ency International.

Corruption Perceptions Index 2013: The ResultsIn the Corruption Percep-tions Index 2013, Denmark and New Zealand tie for first place with scores of 91. Afghanistan, North Korea and Somalia this year make up the worst performers, scoring just 8 points each.

“The top performers clearly reveal how trans-parency supports ac-countability and can stop corruption,” said Labelle. “Still, the better perform-ers face issues like state

capture, campaign fi-nance and the oversight of big public contracts which remain major cor-ruption risks.”

The Corruption Per-ceptions Index is based on experts’ opinions of public sector corruption. Countries’ scores can be helped by strong access to information systems and rules governing the behaviour of those in pub-lic positions, while a lack of accountability across the public sector coupled with ineffective public institutions hurts these perceptions.

For more information, visit transparency.org/cpi.

Corruption Perceptions Index Released

HOW TO COMBAT MANAgEMENT

FRAUDA critical analysis to setting the tone at the top

crIgroUp.com | 21

as well as unethical busi-ness activities. The ap-parent lack of regulations and the consequential financial mismanagement it provokes has brought to light a number of cases of fraud and contract fraud. This has particularly been the case in the context of large corporations and fraud of corporate manag-ers. The recently-revealed ‘bonus culture’ highlights a central cause of perhaps the most major instances of fraud that pose a risk to organisations.

Corporate manage-ment more often than not focuses its attention on be-ing awarded huge bonuses rather than effectively managing organisations.

This has resulted in share-holder deception and high-lights the need for greater attention to be attached to external mechanisms in combatting fraud. The public has become recently aware of huge bonuses that have been rewarded to directors, causing out-rage most prominently when compared to the huge losses that have been experienced by consum-ers and shareholders. The recent crisis has ultimately unveiled huge inconsisten-cies and a prominent lack of efficiency in external legal mechanisms and regulations, which seek to monitor and prevent fraud and contract fraud.

It can be concluded that the UK’s response to fraud within an organisational context consists of a broad number of legal and regu-latory mechanisms. This has resulted in fraud being potentially dealt with through civil, company and criminal law, as well as external and internal methods of combatting fraud. A comparison of the existing mechanisms sug-gests that perhaps a more concentrated approach is necessary which retains both internal and exter-nal methods of combat-ting fraud, but which also avoids the confusion that often a arises as a result of a mixed civil/criminal/company law approach. However, it is similarly

By Zafar i. anjum, Cfe, Cis, miCa, int. dip. (fin. Crime), mBCi, Cii, mipiGroup Chief Executive OfficerCorporate Research and Investigations LLC

the recent financial crisis suffered on a European-wide level has focused a lot of attention on fraud,

22 | fraUd360 | ISSUE 3 2014

important to point out that organisations concern many broad principles and concepts, and that a single approach to combatting fraud would perhaps not be suitable or practical.

For example, it is evident that the issue of directors’ duties is a vast and important issue which is relevant to fraud but which also concerns other important topics that are not restricted to fraud. Therefore, its implementation through the Companies Act 2006 as a separate field is both realistic and suitable.

However, the overall attempt to combat fraud within the UK is clearly

lacking, and it is evident that looking towards ex-amples from other juris-dictions could prove help-ful. The criminal nature of fraud suggests that it should be kept within the criminal law realm in the UK, though this does not eradicate the potential for special regulatory bodies to be formed solely for the purpose of combat-ting fraud.

For example, the U.S.’s Security and Exchange Commission (SEC) has proven to be a power-ful body in the attempt to combat fraud. The SEC takes an active role in the fight against fraud within an organisational context,

responding harshly to in-stances of fraud in recog-nition of the devastating consequences that it can have. In the UK, such harsh responses to fraud are few and far between, which leads one to suggest that if anti-fraud legal mecha-nisms were to be more closely related to criminal law, then their deterrent effects could contribute greatly to reducing in-stances of fraud. Existing regulatory bodies in the UK such as the Financial Services Authority are not adequately able to regu-late corporate activities.

The FSA, for example, was unable to effectively regulate and monitor

The FSA, for example, was unable to ef-fectively regu-late and moni-tor Northern Rock, which resulted in its

hugely damaging collapse.

crIgroUp.com | 23

Northern Rock, which resulted in its hugely damaging collapse. Such examples demonstrate that liability needs to be assigned to those respon-sible and that greater effort needs to be invested in the prevention of fraud. This ultimately requires more stringent, enforceable reg-ulations, which are intru-sive and hence preventa-tive rather than responsive to huge and devastating instances of fraud.

Such mechanisms are of course primarily exter-nal, and it is recognised that implementation problems could arise as a result of the need for complex provisions, which may be difficult to ap-ply in practice due to the vast nature of business practices. The question as to whether internal mechanisms would prove suitable in the attempt to combat fraud is similarly important. Although the Code on Corporate Gov-ernance is a useful tool in guiding organisations as to the standards they should aspire to, self-regulatory mechanisms struggle when the management of organisations harbors fraudulent intentions. Self-regulation ultimately un-dermines efforts to combat fraud because a fraudulent management, particularly due to its powerful

position in the organ-isation, can utilise such regulations to conceal its fraudulent activities.

It is generally recog-nised that “corporations governed by a rational profit-maximizing goal … are inherently disposed to malpractice”. Internal and self-regulatory mecha-nisms are severely limited in their ability to combat management fraud be-cause blame is difficult to attach to certain individu-als. Management decisions are also generally made by a group of individu-als, which leads some to conclude that the criminal concept of fraud is difficult to apply to the organisa-tional context because “corporate activities do not fit that paradigm”. Yet this does not mean that com-pany or civil law may be better-equipped to com-bat fraud. Rather, it seems that the problem is one of complexity and rigidity, despite the fact that some claim that such character-istics can cause legislation to become “impenetrable and ambiguous”.

There is however poten-tial for both internal and external mechanisms to be better-formulated to com-bat fraud. Fraud risk man-agement can form part of an overall programme designed to manage and combat fraud. This could

be implemented through a committee designed to formally oversee and regu-late the management of organisations. The commit-tee could be given exten-sive powers of review and regulation of important decisions, though such powers could be limited to applications made by concerned non-executive directors. It could be funded by the taxpayer in order to ensure that it re-mains independent. Such funding could be justified because its existence ulti-mately aids the taxpayer. The members of the com-mittee could be required to have a certain degree of experience in certain fields, which ensures that the expertise of the committee is varied yet competent. No members of the com-mittee should, however, be a member of an existing company, or have been a member for the past ten years for example, in order to prevent corruption. It could also be possible to base the powers of such a committee in legislation.

Fraud risk management from an internal point of view should be more close-ly instilled into the overall objectives of the manage-ment board. It is proposed that fraud risk manage-ment, if it is implemented as a primary objective of both the management

24 | fraUd360 | ISSUE 3 2014

board and a regulatory committee, can effectively manage and combat fraud. This draws upon principles of both corporate gover-nance and directors’ duties.

Yet internal mechanisms can only go so far in com-batting fraud, precisely because the powerful position of the man-agement can enable it to conceal and conduct fraud on a massive scale. External con-trols in this respect are hence vital, and while they may be more suitable for punish-ing fraud once it has occurred, the deterrent qualities of harsh crimi-nal punishment should not be understated. Hence, principles of corporate governance, criminal law and directors’ duties com-bine to provide us with an overall potentially effec-tive response to fraud. This approach is both internal in that it instills a culture of fraud management within the organisational struc-ture, and external in that it provides suitable penal responses to individuals who attempt to take ad-vantage of their powerful position. Corporate gover-nance regulations should therefore attach greater importance to fraud risk management, imposing upon the entirety of the organisational structure

certain requirements that are designed to prevent and monitor fraud risks.

From a legal point of view, it is clear that direc-tors’ duties contained in the Companies Act 2006 function as far as possible to prevent fraud. Section 172 for example has been

described as providing for “greater judicial interven-tion in corporate decision-making” than ever before.

It can therefore be concluded that, although the risk of management fraud for organisations is considerably high, there are a number of mechanisms that can be adopted and applied to reduce such a risk. The combined ap-proach which promotes both internal and external risk management mecha-nisms has the potential to be extremely useful although it is clear that a fraud risk management culture must be devel-oped. This can be achieved through more rigorous principles and requirements

set out by corporate gov-ernance; particularly the Code on Good Corporate Governance. The Code and the directors’ duties con-tained in the Companies Act 2006 have the poten-tial to instill such a culture although the code should be made binding.

Fraud cannot, how-ever, be completely eradicated and it is hence necessary for penal responses to be better-refined when ap-plying to the organisa-tional context. Despite criticisms, a criminal law response is per-haps the most suitable, particularly in terms of

deterring fraudulent be-haviour. Overall, this com-bined approach to manag-ing the risk of fraud within the organisational context has the greatest potential to combat fraud.

about the author Zafar I. Anjum, CFE, CIS, MICA, Int. Dip. (Fin. Crime), MBCI is Chief Executive Officer of CRI Group, a global supplier of investi-gative, forensic accounting, busi-ness due diligence and employee background screening services for some of the world’s leading business organisations. CRI Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI Group maintains offices in the UAE, Pakistan, Qatar, Hong Kong, Malaysia, Singapore, London and New York.

Yet internal mechanisms can only go so far in combatting fraud...

AFGHANISTANRisk index: 8.551 GUINEA-BISSAU

Risk index: 8.176IRANRisk index: 8.482 HAITI

Risk index: 8.097CAMBODIARisk index: 8.353 MALI

Risk index: 7.958TAJIKISTANRisk index: 8.274 SWAZILAND

Risk index: 7.909IRAQRisk index: 8.195 MOZAMBIQUE

Risk index: 7.9010crIgroUp.com | 25

global Review

The 2013 EU anti-corruption report demonstrated corruption is a persis-tent problem across the 28 member states of the Eu-ropean Union and that ur-gent action is needed. Just last month, Transparency International EU’s assess-ment of corruption risks in EU institutions unearthed major flaws including the absence of mandatory lob-bying rules and the grow-ing trend of EU institutions to negotiate laws behind closed doors.

Corruption damages so-ciety and the economy and creates an uncompetitive environment for business. It wastes public money and degrades public insti-tutions. We need to be able to rely on the EU and its institutions to help stamp out corruption.

A good starting point is to gain commitments from Members of the European Parliament (MEPs), who are up for election this month. We will hear much rheto-ric in the campaign about how the EU institutions are wasteful, and how the European Commission lets other countries get away with poor behaviour while Britain faithfully imple-ments all the Brussels directives. Those messages from MEPs and political parties will have much more credibility if they commit to doing some-thing about it.

Across Europe, TI chap-ters have written to the political parties whose candidates are standing for election to the European Parliament this month.

We have asked them to sign a simple Anti- Corruption Pledge, whose full text you can read online at anticorruption-pledge.eu/static/pledge.pdf. In summary, we are asking each party to en-sure its MEPs work to achieve the following aims:

1. The governance and law-making of EU in-stitutions will become

EU makes pledge against corruption

The Basel AML Index is a country risk ranking to measure the risk of money laundering/terrorist financing and other relevant aspects, such as financial standards and public trans-parency. The Basel AML Index aggregates third party data from sources such as the FATF, World Bank and the World Economic Forum to assess a country’s overall money laundering risk. For information and the full index, visit http://tinyurl.com/m67pomx.

Index Names Top 10 highest Risk Countries for Corruption

26 | fraUd360 | ISSUE 3 2014

a global model of transparency, account-ability and integrity, establishing the high-est standards.

2. The EU will promote greater integrity and transparency in public spending.

3. The EU will promote initiatives and legisla-tion that will provide effective protection to whistleblowers in the public, private and non-profit sectors.

The letter has been sent to the Conservative Party, Green Party, Labour Party, Liberal Democrats and UKIP.

We will publish details on our website of the parties that have, and have not, signed the Anti-Corruption Pledge, and be speaking to the media about the importance of combating corruption in the EU and its institutions.

After the election, we will hope to arrange a meeting with MEPs to discuss in more detail how the pledge commitments can be implemented and, where necessary, to pro-vide further information on corruption in the EU and its institutions.

— By Robert Barrington, Transparency International

Cybercrime in 2013 was dominated by a core of around 50 active groups, including Russian and Chinese ‘threat actors’ whose activities are only now coming to light, a re-port from monitoring firm CrowdStrike has found.

Using an approach that foregrounds the ‘threat actors’ above the malware itself, the firm divides groups according to whether they are deemed to be motivated primarily by national, political and purely commercial motives

At first, the categorisa-tion system looks more like a blizzard of inscru-table names, with major cyber-groups including ‘Numbered Panda’, ‘Magic Kitten’, ‘Energetic Bear’ and Deadeye Jackal.

But the underlying system explains things a little clearer — nation-state groups from China are always ‘pandas’, groups tied to politics rather than nation are ‘jackals’ and professional cybercriminals are always ‘Spiders’.

The most active groups included the Syrian Elec-tronic Army (SEA) and a range of Chinese groups but this much was already known. More interesting, CrowdStrike thinks it has discovered a few that are

less well documented, including ‘Emissary Panda’ and ‘Energetic Bear’, as their codenames would suggest the first being a Chinese group the second Russian. Emissary Panda appears to be a recently formed group that goes after the high-tech sector, defence firms and embassies in a clutch of targets countries.

More significant per-haps is Energetic Bear, which has been going after energy-sector firms.

Beyond energy firms, targets have included European governments and defence sector firms, engineering firms, and European, U.S. and Asian academics.

Its clear to say that cybercrime is becoming a global phenomenon with many more countries likely to see activity from local groups acting as proxies for state subversion in the next year.

— By Fraud360 Staff

Global Cybercrime Dominated by 50 Core Groups

crIgroUp.com | 27

The Foreign Account Tax Compliance Act (FATCA) is a U.S. law aimed at foreign financial institutions (FFIs) and other financial inter-mediaries to prevent tax evasion by U.S. citizens and residents through use of offshore accounts. The FATCA provisions were included in the HIRE Act, which was signed into U.S. law on 18 March 2010.

FATCA will have a far-reaching impact on U.S.-based companies as well as foreign companies with U.S. assets or clients. Under the new provisions, a FFI may enter into an agree-ment with U.S. tax authori-ties (the Internal Revenue Service, or IRS) requiring it, among other things, to report information on the FFI’s U.S. accounts. A FFI that enters into such an agreement becomes a “participating FFI.”

If a FFI does not enter into an agreement with the IRS, all relevant U.S.-sourced payments, such as dividends and interest paid by U.S. corporations, will be subject to a 30 percent withholding tax. The same 30 per cent withholding tax will also apply to gross sale proceeds from the sale of relevant U.S. property.

All FFIs must comply with FATCA or be subject to withholding. Given the significant lead times large companies may need to comply with FATCA re-quirements — particularly for IT system changes — fi-nancial leaders are strongly encouraged to act now.

— By Fraud360 Staff

fatCa implemeNtatioN: WHaT YoU NEEd To KNoW

FATCA Key Dates1 July 2014• Requirement to implement

new individual account onboarding procedures for U.S. Withholding Agents, Par-ticipating FFIs, and Registered Deemed-Compliant FFIs

• FATCA withholding on Fixed, Determinable, Annual, Periodi-cal (FDAP) income payments to non-participating FFIs, non-compliant NFFEs, and recalci-trant account holders begins

• Last date for obligations to be outstanding to qualify as grandfathered obligations and exempt from FATCA withholding (still subject to reporting)

31 December 2014• U.S. Withholding Agents,

Participating FFIs and Registered Deemed-Compliant FFIs must doc-ument preexisting entity accounts identified as Prima Facie FFIs. If the FFI signed an agreement after 1 July 2014, the deadline is six months from the effective date of the FFI agreement.

1 January 2015• Withhold on FDAP payments

to undocumented pre-existing NPFFIs (prima facie FFIs)

• WAs, USWAs and PFFIs must begin treating undocumented pre-existing prima facie FFIs as NPFFIs after the 31 December 2014 due diligence deadline (or, for PFFIs, six months after the effective date of the FFI agree-ment, if later) passes until the date the withholding agent ob-tains documentation sufficient to establish a different Chapter 4 status for the payee. There-fore, all withholding agents must withhold on withholdable payments made to these NPFFIs.

While complaints about the unilateral-ism and extraterrito-riality of FATCA are not without merit, FATCA has enhanced multilateral coopera-tion in combating tax evasion, and it has spawned similar legis-lation and treaties in other jurisdictions.

— Law professors Joshua Blank

and Ruth Mason

$100 billionestimated revenue lost in 2008 as a result of tax evasion aided by off-shore bank accounts.

— The U.S. Department of Homeland Security

““

28 | fraUd360 | ISSUE 3 2014

conomic crime against busi-nesses and other organisations continues to rise around the

world. Some 37% of respondents, a 3% rise since 2011, say they have been victims of economic crime, according to PwC’s 2014 Global Economic Crime Survey. And, about 25% say they have been victims of cyber-crime, as fraudsters increasingly turn to technology as their main crime tool.

PwC’s global survey, the most extensive on the subject, found that theft remains the most common form of economic crime, reported by 69% of respondents. It is fol-lowed by procurement fraud, 29%, bribery and corruption, 27%, cybercrime, 24%, and

accounting fraud, 22%. Other reported crimes include human resources fraud, money laundering, intellectual property or data theft, mortgage fraud and tax fraud.

The exact direct loss associated with economic crime is difficult to assess. Among crime victims, a total of 20% place the financial impact of economic crime on their organisation at more than US$1 million; and 2% of victims — representing 30 organisations — put the impact at more than US$100 million each.

For the first time this year, the survey measures procurement fraud, reported by nearly 30% of respondents. Procure-ment fraud is seen as a double threat,

Survey Finds Economic Crime Rising Globallyall Business Sectors, regions Suffer from Impact of fraud

By FRAUD360 STAFF

E

crIgroUp.com | 29

victimising businesses both in their acqui-sition of goods and services and in their efforts to compete for new opportunities.

Respondents also report significant col-lateral damage in such areas as employee morale, cited by 31%, and in corporate reputation and business relationships, both reported by 17%. Despite the finan-cial and collateral effects of crime, just 3% of respondents said incidents of fraud have impacted their company’s share price.

“Like a stubborn virus, economic crime persists despite ongoing efforts to combat it. No organisation of any size anywhere in the world is immune to the impact of fraud and other crimes,” said Steven Skalak, PwC Forensic Services partner and lead editor of the survey. “Those commit-ting economic crime succeed by adapting to shifting global conditions like reliance on technol-ogy and the expansion of emerging economies.”

“Even worse than the direct financial impact of economic crime is its threat to a wide range of business systems that are the life-blood of corporate operations. Economic crime damages internal processes, erodes the integrity of employees and tarnishes reputation,” he added.

Where Does Economic Crime Occur?Economic crime is a pervasive, global threat. Regionally, economic crime is most prevalent in Africa, where 50% of respondents say they have been victims, though down from 59% in 2011. It is fol-lowed by North America, 41%, Eastern Europe, 39%, Latin America and Western Europe, each 35%, Asia Pacific, 32%, and the Middle East, 21%.

Respondents from 65 countries and territories reported that they have expe-rienced economic crime. South African respondents report the highest level, 69%, up from 60% in 2011. Crime is also grow-ing rapidly in the Ukraine, 63% up from 36% three years ago, Russia, 60% vs. 37% in 2011, and Australia, 57% vs. 47% in 2011.

The survey identified eight emerging economies — Brazil, Russia, India, China, South Africa, Turkey, Mexico and Indo-nesia — where 40% of total respondents said they have experienced economic crime, reflecting in part a shift in wealth to those countries.

Which Industries are Most Affected?By industry, economic crime is most common in the financial services, retail and consumer and communications sectors. Nearly 50% of respon-dents in each said they have been crime victims. Financial services or-ganisations are victims

of high levels of cybercrime and money laundering, while retail and consumer and communications companies have suf-fered from most from theft. Hospitality and leisure, and government both 41%, also report high crime levels.

Who commits fraud?Typically economic crime is committed when three conditions are present: life pressure, opportunity and personal ratio-nalisation for the crime. According to the survey, 56% of economic crime is com-mitted by someone inside the company, while 40% is external. There are wide vari-ances by industry, however. In financial services, for example, nearly 60% of crime

Nearly 40% of respondents

said they were victims of fraud

25% report cybercrimes

30 | fraUd360 | ISSUE 3 2014

comes from outside the company, while 36% is internal.

Globally, a fifth of economic crime is committed by those in senior manage-ment, 42% by middle managers and 34% by junior staff.

The profile of the typical fraudster is middle-aged males with a college degree

or higher level of education who have been with their organisation for a sub-stantial period. Globally, almost half of all frauds are committed by employees with six or more years of experience and almost a third are committed by employees with three to five years of experience.

how is Fraud Found?The survey found that 55% of economic crime is discovered through corporate con-trols such as reporting of suspicious trans-actions, internal audit, or fraud risk man-agement. Whistle-blowing systems or tips offs uncover about a quarter of reported crimes, and about one-fifth is uncovered by other means such as law enforcement, the media, or by accident.

The survey finds that respondents expect economic crime will continue to increase in the future among nearly all categories. This result was also found in PwC’s 17th Annual CEO Survey. CEOs glob-ally also recognise the impact of

economic crime; 50% said ‘lack of trust’ was a key issue in the marketplace, a sharp increase from 37% a year ago. Bribery and corruption also are ranked among CEOs’ top concerns.

For more information and to down-load the full report, visit www.pwc.com/crimesurvey.

Editor’s note: The 2014 Global Eco-nomic crime Survey was completed by 5,128 respondents from 95 coun-tries between August and October 2013. Of the respondents, 50% were senior executives, 35% represented publicly listed companies, and 54% were from organisations with more than 1,000 employees.

37% One in three organisations reports being hit by economic crime in 2014

advertise With Us

To advertise with us, please send an email to [email protected].

Space is available for Fraud360 magazine as well as our monthly email newsletter, Fraud360 News Brief International.

Contact us today for more information.

crIgroUp.com | 31

Organisation ProfileThe Society of Corporate Compliance and Ethics (SCCE)The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports their members’ work with educa-tion, news and discussion forums. SCCE is a community of leaders, defining and shap-ing the corporate compliance environ-ment across a wide range of industries and geographic regions to which CRI is one of those members.

roy snell is the CEO of SCCE as well as the Health Care Compliance Association (HCCA). Snell was a co-founder and SCCE’s first president. CRI Group had the pleasure of speaking with him at a compliance con-ference in New York City.

Cri: What’s integrity mean to you?rs: Telling the truth. Every time.

Cri: To what extent are boards and senior executives in your region taking proac-tive steps to reduce incidences of fraud and corruption from surfacing within their company?rs: In the U.S. there is a very strong move-ment to move beyond “talking about doing the right thing” to auditing, investi-gating and taking disciplinary action when necessary. Companies are implementing compliance and ethics programmes. The enforcement community previously con-centrated on holding a company respon-sible for regulatory infractions and fining that company. The enforcement commu-nity has not seen the reaction they were looking for and believe companies are

too willing to pay a fine and consider it a cost of doing business. Now they are now holding individuals and boards account-able. As a result, senior executives and boards are taking this more seriously and implementing compliance programmes to

prevent find and fix ethical and regulatory problems. The U.S. is moving beyond just telling people to do the right thing — they are enforcing it.

Cri: Have there been any significant legal and regulatory developments relevant to corporate fraud and corruption in your region over the past 12-18 months?rs: The most visible regulatory devel-opments have been in the area of anti-bribery. There have been many large settlements. There are more settlements to come. Some involve companies based outside the U.S. that do business in the U.S. These settlements are so large that it has become “profitable” for the govern-ment to invest in more enforcement. There is a positive return on investment. We will see a continued enforcement and regula-tory effort involving all regulations. More importantly, many believe that to become an effective player in the global economy your country needs to have a trusted eco-nomic environment to conduct business in. The only way for a country to become trusted is to have the rule of law and

www.scce.org

32 | fraUd360 | ISSUE 3 2014

enforce it. Countries that achieve that trust are going to prosper in the global economy. Most countries that have no enforcement are suffer-ing economically. Those in the middle or those that make a half-hearted effort will be less effec-tive and less prosperous in the global economy.

Cri: When suspicions of fraud or corruption arise within a firm, what steps should be taken to evalu-ate and resolve the potential problem?rs: People need to stay calm and have a process in place. They need to rely on that process. That process should be free of conflict of interest so that an independent investigation can take place. I would start with finding an outside expert who has handled many cases just like the case you are investigating. Not just any expert but rather a very experienced specialist. That expert will help you with all of the other many details that must be considered such as record retention, conflicts of interest, information gathering, interviews, the po-tential need for disclosure, etc.

Cri: How has the renewed focus on en-couraging and protecting whistleblow-ers changed the way companies man-age and respond to reports of potential wrongdoing?rs: The “protect the whistleblower” move-ment is staggering. The pendulum has swung from cases of retaliation to an all-out war on the accused. There are two ways this can go badly, not listening or retaliating against the whistleblower to stunning damage to the life and career of the falsely accused. There are countries in

Europe that are leading the way in taking a balanced approach. The rest of the world has yet to appreciate that we must pro-tect the whistleblower and the accused. Reputations of innocent people are often dragged down the street and ruined only to find out later that they are innocent. This can have a harmful effect on the organisa-tions culture and the ability to attract and retain great employees.

Cri: could you outline the main fraud and corruption risks that can emerge from third-party and counterparty rela-tionships? In your opinion, do firms pay sufficient attention to due diligence at the outset of a new business relationship?rs: There are too many laws and ethical expectations to mention. However, the appreciation for the compliance and eth-ics efforts of business partners and the consideration of compliance and ethics in acquisition and mergers is changing before our very eyes. A few years ago third-party compliance was not considered much at all. Many wise organisations have developed policies and procedures. They have compli-ance and ethics expectation not only for their own company but expectations of their partners. Many organisations now

Lara A. Jezeph BSc, CIPR, CMI, CRI Group Marketing & PR Manager – EMEA, interviews Roy Snell, CEO of SCCE, at the Compliance and Ethics Conference in New York.

crIgroUp.com | 33

consider compliance and ethics an impor-tant aspect of mergers and acquisitions. In the past a company may have looked the other way when a partner got into trouble. Now they are more likely to sever ties with that organisation. Many organisations have come to the realization that the smallest of acquisitions can result in tremendous pain if shortly after the acquisition the acquired entity runs into trouble. The ultimate regret occurs when a small acquisition results in an investigation that then spreads to the entire organisation.

Cri: What is the most important skill of a compliance officer?rs: Influence.

Cri: What advice can you offer to com-panies on implementing and maintain-ing a robust fraud and corruption risk assessment process, with appropriate internal controls?rs: The most important thing to under-stand in implementing a compliance risk programme is the difference between risk to the company (insurance, investments, etc.) vs. risk the company causes others such as not following the rule of law. Most all risk assessments in the past were assessments of risks to the company. A compliance and ethics risk assessment is very different. It is often watered down with a focus on risks to the company. If you have the people in charge of risk assessments that have tradi-tionally focused on risks to the company you are likely to come up way short on your compliance and ethics risk assessment. This is easily solved if you separate the compli-ance and ethics risk assessment out and have it conducted by an experience compli-ance and ethics professional.

Cri: Name a person with integrity?rs: No one is perfect. All we can do is get in the ballpark. My father.

» ANTI-CORRUPTION COMPLIANCE, continued from page 17

c. rights to terminate an agent or busi-ness partner as a result of any breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.19

6. monitoring and auditing An impor-tant aspect of implementing a third-party due diligence procedure is including a systematic and consistent way to monitor, audit and review third-party relationships.

Monitoring may be built into a com-pany’s internal controls through its finance function (i.e., a reconciliation of expenses and reimbursement claims against con-tractually required documentation and supporting documentation). In addition to the finance check, another control that many companies use is to identify a person within the company who is designated as the point of contact with the third party and manages the relationship between the company and the third party. This lead point of contact should have actual and on-going knowledge of all relevant activities of the third party on behalf of the company.

Companies also should establish a written audit plan that is based on a reasonable sample of third parties, that considers the nature of the third parties’ activities, and the risks inherent in spe-cific countries or regions where corrup-tion risks with the use of third parties are greater. This determination of the sample size and third parties selected should be based on assumptions that are articulated in the audit plan. The auditing function may already exist as a discreet function in a company, and if so, auditing should be integrated with that existing function.

No matter the type and extent of the monitoring and auditing, the company should be sure to document its oversight

34 | fraUd360 | ISSUE 3 2014

so that this monitoring and auditing pro-cess itself can be reviewed periodically to ensure effective operation.

7. oversight and administration of due diligence programme A successful third-party due diligence procedure needs staff and resources to conduct the review and oversight. Each company should con-sider a number of factors in deciding who actually conducts the review and adminis-ters the overall procedure, and each organ-isation will have its own approach on these issues. Relevant considerations include:

• The type of business involved and how it operates, with considerations including size, complexity, lines of business and decision makers.

• The extent to which a company is decen-tralised or centralised and the roles to be undertaken by headquarters versus regional and local operations.

• The role of the legal department at vari-ous phases of the development and over-sight of third-party relationships.

• Whether the due diligence relating to third parties should be conducted inter-nally or externally, and if externally, at what point these external reviewers are involved in the process.

Company personnel who actually con-duct this due diligence review must un-derstand the level of risk of relevant third parties, be specifically trained to address this risk, and understand how to raise con-cerns within the company when they arise. It is also clear that, to be effective, a review procedure must have built-in mechanisms to ensure consistency of review across the company, a mechanism to create and maintain a complete review ‘‘file’’ to docu-ment the work undertaken and resolution of any warning signs, and appropriate

oversight of programme operation by senior management regardless of how de-centralised a review procedure operates.

Accountability of those conducting the review for the company is also essential for programme success.

Conclusion Governments have made clear in recent guidance and settlements that they expect a robust review of third parties as part of an overall effective anti-corruption compli-ance programme. Companies that imple-ment a third-party anti-corruption due diligence procedure will minimise the risks that arise when working with third parties.

While the principles stated provide guideposts and checklists, the nature of a review must be individually tailored to particular company risks, needs, capabili-ties and markets. In this era of heightened enforcement of anti-corruption laws, inac-tion or a failure to properly oversee the actions of one’s third parties is simply not an option.

about the authors Marcus Asner, a partner at Arnold & Porter LLP, has extensive experience with investigations and prosecutions under the Foreign Corrupt Practices Act. Previously, Asner was an Assistant U.S. Attorney in New York for nine years, where he served as Chief of Major Crimes and in the Public Corruption unit. Keith Korenchuk, also a partner at Arnold & Porter, coun-sels companies on regulatory and compliance matters worldwide, focusing on compliance programme effective-ness, implementation and operations and related regula-tory counseling. Samuel Witten, counsel at Arnold & Porter, is a member of the firm’s international practice and was formerly Deputy Legal Adviser at the U.S. Department of State.

1 The FCPA prohibits a broad range of persons and businesses, including U.S. and foreign issuers of securities registered in the U.S., from making a corrupt payment to a foreign official for the purpose of obtaining or retaining business for or with, or directing business to, any person. These provisions also apply to foreign persons and companies that take any act in furtherance of such a corrupt payment while in the U.S. The FCPA also requires companies with securities listed in the U.S. to meet its provisions on recordkeeping

crIgroUp.com | 35

and internal accounting controls. These accounting provisions were designed to operate in tandem with the anti-bribery provisions of the FCPA and require companies covered by the law to make and keep books and records that accurately and fairly reflect the trans-actions of the company and to devise and maintain an adequate system of internal accounting controls.

2 2010 UK Bribery Act, available at http:// www.legislation.gov.uk/ukpga/2010/23/pdfs/ukpga_20100023_ en.pdf. For a detailed analysis of the law, see Arnold & Porter, UK Bribery Act 2010: An In-Depth Analysis (May 2010) available at http://www.arnoldporter.com/public_document.cfm? id=15833&key=23D1.

3 15 U.S.C. §§ 78dd-1, et seq. (1977).

4 A corporation can be held liable for the actions of its agents, even where the agent may have acted for mixed motives, so long as one motivation of its agent is to benefit the corporation. See United States v. Potter, 463 F.3d 9, 25 (1st Cir. 2006) (stating that the test to determine whether an agent is acting within the scope of employment is ‘‘whether the agent is performing acts of the kind which he is authorized to perform, and those acts are motivated, at least in part, by an intent to benefit the corporation’’).

5 15 U.S.C. §§ 78dd-1(a).

6 For example, in the recent non-prosecution agreement involving Ralph Lauren, the Justice Department determined that corrupt payments were being made to Argentine customs officials by a customs clearance company hired by Ralph Lauren’s Argentine subsidiary. See http://www.justice.gov/opa/pr/2013/ April/13-crm-456.html.

7 See Press Release, Justice Dep’t, French Oil and Gas Company, Total, S.A., Charged in the United States and France in Connection with an International Bribery Scheme (May 29, 2013), available at http://www.justice.gov/opa/pr/2013/ May/ 13-crm-613.html; Press Release, SEC, SEC Charges Total S.A. for Illegal Payments to Iranian Official (May 29, 2013), available at http://www.sec.gov/news/press/2013/2013-94.htm.

8 SEC Non-Prosecution Agreement with Ralph Lauren Corpora-tion (Apr. 18, 2013) at Ex. A, Statement of Facts ¶¶ 5, 7, available at http://www.sec.gov/news/press/2013/2013-65- npa.pdf.

9 15 U.S.C. §§ 78dd-1 (f )(2)(B).

10 U.S.A.M. §§ 9-28.300, .800.

11 U.S.S.G. § 8C2.5(f ).

12 Bribery Act § 7(2).

13 The UK Bribery Act is likely to be interpreted even more widely in scope than the FCPA, prohibiting bribes not just to foreign officials but to commercial parties as well. The Bribery Act was enacted on April 8, 2010 and came into force on July 1, 2011.

14 Keith M. Korenchuk, Samuel M. Witten, & Dawn Y. Yamane Hewett, Advisory: Building an Effective Anti-Corruption Compliance Program: Lessons Learned from the Recent Deferred Prosecution Agreements in Panalpina, Alcatel-Lucent, and Tyson Foods, March 2011, available at http:// www.arnoldporter.com/resources/docu-ments/Advisory- Building_an_Effective_Anti-Corruption_Compli-ance_ Program_Lessons_Learned_031611.pdf.

15 While the Bribery Act prohibits commercial bribery as well, for most companies the greater risk will be where third parties interact with government officials.

16 See, e.g., Deferred Prosecution Agreement, United States v. Total S.A., Crim. No. 1:13CR00239 (E.D. Va. May 29, 2013), Dkt. Entry No. 2, at Attachment C-5, available at http:// www.justice.gov/iso/opa/resources/ 9392013529103746998524.pdf (‘‘To the extent that

the use of agents and business partners [third parties] is permitted at all by [the company], it will institute appropriate due diligence and compliance requirements pertaining to the retention and oversight of all agents and business partners, including: . . . Properly documented risk-based due diligence pertaining to the hiring and appropriate and regular oversight of all agents and business partners’’).

17 The DOJ has required in connection with settling FCPA mat-ters that companies inform all third parties of the company’s ‘‘com-mitment to abiding by laws on the prohibitions against foreign bribery, and of [the company’s] ethics and compliance standards and procedures and other measures for preventing and detecting such bribery.’’ See, e.g., Deferred Prosecution Agreement, United States v. Total S.A., Crim. No. 1:13CR00239 (E.D. Va. May 29, 2013), Dkt. Entry No. 2, at Attachment C-5, available at http://www.justice.gov/iso/opa/ resources/9392013529103746998524.pdf.

18 Of course, simply because a third party is not ‘‘in scope’’ for the heightened due diligence review, the company should not ignore the possibility of corruption issues and may want to take additional steps to ensure compliance with these or other laws, including appropriate reviews and certifications.

19 See, e.g., Deferred Prosecution Agreement, United States v. Total S.A., Crim. No. 1:13CR00239 (E.D. Va. May 29, 2013), Dkt. Entry No. 2, at Attachment C-5-6, available at http:// www.justice.gov/iso/opa/resources/ 9392013529103746998524.pdf.

advertise With Us

To advertise with us, please send an email to [email protected].

Space is available for Fraud360 magazine as well as our monthly email newsletter, Fraud360 News Brief International.

Contact us today for more information.

You Know the Language. But Do You Know the Culture?

Taking your business across international borders presents new opportunities — along with some serious challenges. Before taking a leap, make sure you have the right experts conduct due diligence and evaluate any risks to your company, both seen and unseen. Experts who understand the culture and business practices within the countries where you seek to grow.

Local Knowledge. International Scope.CRI Group can help. We are a global supplier of investigative, forensic accounting, business due diligence and employee background screen-ing services for some of the world’s leading business organisations. CRI Group’s experts can help protect your organisation from fraud and other serious risk factors. Our services include:

•Fraud Risk Investigations

•FCPA Due Diligence

•Background Checks

•ConflictofInterest Investigations

•Business Intelligence

•3PRM: Third-Party Risk Management

•...and moreContact us [email protected] / +44 207 038 8023

United Kingdom / USA / Singapore / Hong Kong / Malaysia / Pakistan / Qatar / UAE

fraud360 issue 3 2014 web

Documents