Risky business: fraud, corruption and corporate culture
February 2019 | SPECIAL REPORT: CORPORATE FRAUD & CORRUPTION
Financier Worldwide Magazine
February 2019 Issue
In the past decade, the expanding scope of corporate criminal liability and the increasing appetite by prosecutors and regulators to investigate potential misconduct have intensified the importance of accurately assessing and managing corporate risk. But how do you achieve this? Where do you start?
Conventional wisdom would point you to data analytics tools (that would help you spot questionable conduct) and to crisis management plans (that would help you manage problems when they arise). However, in recent years, the investigations landscape has shifted in a way that makes it more difficult to predict and contain risk with these conventional tools alone. There are many reasons for this increased uncertainty, including not only new laws and prosecutorial priorities but also social and technological developments such as the rise of cyber crime (which can turn any business into an attractive target of potential fraud) and the increased use of social media at work (which can increase the ease with which sensitive information can become public).
In this shifting risk landscape, companies are seeking ways to holistically manage corporate risk – and increasingly turning to corporate culture to help them do so. From an investigations risk perspective, companies that get culture ‘right’ encourage ethical behaviours in difficult situations – increasing the chances, say, that a supplier refuses to mislabel a product in a way that would be deceiving, or that an accountant flags up a group of transactions that together look suspicious. Companies that get culture ‘wrong’, by contrast, encourage questionable decisions in critical moments – such as, for example, declining to ask tough questions during due diligence of a possible agent, or following instructions to pay funds to an offshore bank account without asking why.
Culture is a slippery concept, however. It is hard to describe and harder to measure. Indeed, many corporate leaders find it difficult to assess whether their company has an effective culture until they find themselves in a crisis. But not many organisations have the appetite to wait for a crisis to test whether their culture is effective or not. Where, then, should a company look to see whether its culture is helping or hurting its investigations risk profile?
To answer this question, it is helpful to understand that there are a number of key common governance and risk factors behind the majority of corporate investigations and crises (e.g., lack of training, unclear allocations of responsibility and a failure to identify the broader implications of a series of discreet red flags). Identifying these kinds of cultural and governance factors present in major investigations, but for which the misconduct or crisis would not have occurred or would not have become so significant, can help boards test their own corporate culture before a crisis arises.
We discuss below two such risk factors and offer some initial thoughts about what organisations can do to avoid or address them.
Poor ‘listen up’ culture
Most large organisations today aim to promote a positive ‘speak up’ culture in which individuals feel comfortable raising concerns. Often, however, there is a gap between ambition and reality. Why? National culture can complicate efforts. For example, a common perception in Italy that whistleblowers are ‘spies’ can discourage reporting, so, too, can fear of retaliation. But most importantly, even where an organisation appropriately incentivises speaking up, concerns can be missed if it does not also have a positive ‘listen up’ culture.
Time and again we see simple concerns turn into complex crises that could have been avoided had the right person listened when they were first raised. Contrary to popular imagination, these situations do not typically involve callous managers turning a blind eye to ethics complaints. Rather, they involve sensible and ethical individuals who simply do not know how to ‘listen up’ for potential issues. In these circumstances, even well-meaning individuals can fall back on faulty heuristics – that is, making decisions based on characteristics of a complainant that, although accurate, have no bearing on the legitimacy of his or her concerns, for example because complainants speak a different language, have recently joined an organisation, perform poorly, complain often or are unpopular.
Complainants who feel dismissed can (and often do) take their concerns directly to prosecutors or regulators. The result is almost always a lengthier and more expensive investigation for the company. Earning cooperation credit becomes harder; earning the trust of the prosecutor or regulator becomes harder; accessing the complainant’s information becomes harder. Organisations that do not have a healthy ‘listen up’ culture also miss valuable opportunities to fix problems before they become systemic.
Building a healthy ‘listen up’ culture is not easy. A common pitfall is defining the problem too narrowly by encouraging employees to ‘speak up’ only about compliance or ethics concerns. Effective ‘listen up’ cultures, by contrast, encourage open and honest dialogue across topics, irrespective of whether they are conventionally considered compliance matters and regardless of whether they are ‘good’ or ‘bad’. Appointing ‘champions’ – individuals within the business who are trained to listen, answer questions and (where appropriate) direct others to a formal complaints process – can be especially helpful at fostering this kind of dialogue. Where deployed effectively, champions can act not only as publicists for the company’s compliance function, but also as sounding boards who know how to ‘listen up’ in an informed but informal way.
Strong personalities
In a high proportion of investigations, the actions of a single individual with a strong personality tend to be a key root cause of the potential fraud, corruption or other misconduct at issue. Of course, a strong personality in and of itself is not enough to make someone a corporate criminal. But, when combined with an inappropriate motive, individuals with strong personalities can have a serious negative influence on an organisation, whether directly by encouraging misbehaviour or indirectly by dissuading others from speaking up about potential issues.
Potential misbehaviour by individuals with strong personalities is often an ‘open secret’: colleagues suspect that these individuals are acting in a potentially non-compliant way but are too afraid or intimidated to speak up. Even where individuals successfully hide their potentially criminal behaviour, however, it is usually clear that their actions and attitudes are inconsistent with the company’s desired culture. Often these individuals are given a ‘pass’ because they have special characteristics (real or perceived) that appear to justify special treatment, such as high productivity, close connections to senior management or specialist expertise.
From an organisational perspective, then, the root cause of issues is not the strong personality of the particular individual, but the leeway he or she is given to flaunt the company’s culture. Fittingly, one strategy that can be effective at constricting this leeway is to hire or appoint individuals with strong personalities who do promote the company’s culture. Companies that deploy this strategy successfully often have ‘culture promoters’ at all levels – on the board; in ‘gatekeeper’ functions such as legal, compliance and finance, and across the business. These individuals do not need to be loud or confrontational to be effective. For example, a talented compliance officer who implements a well-managed, independent complaints and investigations process, with appropriate checks and balances and clear accountability for decisions, can effectively deter questionable decisions that are justified simply ‘because individual X is different’.
In addition, many of the tactics that promote a healthy ‘listen up’ culture also help mitigate the risks associated with strong personalities, and vice-versa. More generally, there is often overlap among the steps companies can take to mitigate the common governance and risk factors at the heart of most organisations, as there is interplay among the factors themselves. For example, two other factors are highly technical areas of a business and poor communication channels. It is easy to imagine how both of these areas could be manipulated by a strong personality or overlooked at an organisation with a weak ‘listen up’ culture.
The common thread running through all factors is, of course, the strength or weakness of a company’s culture. And as investigations risk becomes more unpredictable, corporate culture is increasingly coming into focus as a tool that can effectively mitigate this risk in a holistic way. Or, as Tony Hsieh put it: “for organisations, culture is destiny”. This is wise counsel for anyone who seeks to understand the risk of corruption, fraud or other criminal activity within their organisation.
Matthew Bruce is a partner and Katie Palms is a senior associate at Freshfields Bruckhaus Deringer LLP. Mr Bruce can be contacted on +44 (0)20 7936 4000 or by email: matthew.bruce@freshfields.com. Ms Palms can be contacted on +44 (0)20 7936 4000 or by email: katie.palms@freshfields.com.
© Financier Worldwide
BY
Matthew Bruce and Katie Palms
Freshfields Bruckhaus Deringer LLP
FORUM: Tackling fraud and corruption in Africa
Risky business: fraud, corruption and corporate culture
Key takeaways from recent SEC financial reporting and auditing enforcement matters
Pursuing individual officers and directors responsible for criminal fraud
The limitations on the police response to fraud: what other options are open to victims?
Are the sands of trust law shifting?
FATF assesses the UK’s anti-money laundering and counter-terrorist financing measures
Crypto-assets – the UK’s response to regulation