The ‘je ne sais quoi’ of preventing corporate fraud
February 2024 | SPECIAL REPORT: CORPORATE FRAUD & CORRUPTION
Financier Worldwide Magazine
February 2024 Issue
When it comes to preventing corporate fraud and corruption, it is important to move on from ‘old-fashioned’ perspectives and techniques. Using the full range of available anti-fraud tools will be an important factor in designing an effective compliance programme, but this article will make the case for the often-overlooked ‘je ne sais quoi’ of what makes a compliance programme truly effective in preventing corporate fraud and corruption. Supporting and bringing focus on values and corporate culture is equally, if not more, important than any modern tool in reducing the risk of corporate fraud and corruption.
It is no secret that the risk of fraud in companies is constantly evolving. Estimates show that companies lose 5-6 percent of their annual revenue to fraud. As a result, regulators, enforcement agencies and several corporate functions are continuously updating their requirements and efforts to mitigate exposure. In this landscape, it is easy to overlook the importance of supporting ethical culture in a company. We have all heard the famous phrase ‘culture eats strategy for breakfast’. But this could be broadened to: ‘culture eats everything important to your company for breakfast’. And ‘everything’ would include your company’s corporate compliance programme and fraud-prevention mechanisms.
This article discusses why it is important not to neglect an ethical culture as part of an anti-fraud and corruption programme, despite it being perhaps the most difficult aspect to measure or demonstrate compared to the many other metrics and tools available. In other words, ethical culture is the je ne sais quoi of a compliance programme. Below we discuss some of the key technologies, tools and controls used today, and how poor company culture can diminish their effect. The focus of this article will be on corporate fraud involving the employees of a company.
Clear and easy to understand policies and procedures. Companies should have clear internal rules covering expected and prohibited conduct, as well as processes and controls to prevent fraud. Clear rules help set a benchmark within the company and portray the desired company culture. The challenge, in real life, is often that a code of conduct becomes a standardised document describing a perfect world or containing rules that are too complicated. It is challenging to comply with internal rules if they are difficult to understand or impractical in a real-life setting. Even worse, the rules may become a joke among employees, leading them to accept a lower ethical standard. Circumventing the rules is easy as colleagues fail to hold each other accountable for following them, and they lack credibility.
Checking references for all new hires. Ensuring that trustworthy employees are hired is, on the surface, a great way to ensure an ethical culture is not diluted or disrupted by onboarding new employees who bring lesser standards. The challenge is often that a candidate is required to forward a list of their references, putting them in control of the image they portray to the hiring company.
Segregation of duties. Divide activities so one employee does not have too much control over an area or duty. Separating important accounting and accounts payable functions, applying the four-eyes principle, the two-signatories rule, and one-over approval, are all typical and important measures for preventing fraud. However, these methods are not perfect as they are still vulnerable to close relationships where the expected scrutiny is not applied. As an example, a high-performing but fraudulent employee may easily get their manager to sign an approval-form for expense reports. Sometimes employees submit expense-reports on their fraudulent manager’s behalf, which then just needs approval by the fraudulent manager in question. If controls are split between different departments, they should in theory be stronger, but a company with an ethical culture is still not safe from a well-spoken, convincing fraudulent employee, who with a quick call to accounts payable can convince a colleague that a particular expense is in line with company standards.
Internal audit and whistleblower hotlines. A tough internal auditor who asks direct questions and requests documentation for every single activity is typically considered a powerful force for preventing fraud. If company culture is of a low standard, the auditor may face an entire team or department aligned on accepting dubious activities, forcing general process changes instead of bringing fraudulent activity into the open. Whistleblower hotlines are similarly considered a powerful tool, but their effectiveness depends on a speak-up culture where employees feel comfortable reporting fraudulent activity. They also require employees to be able to identify fraudulent activity, which can be nearly impossible if you are surrounded by fraudulent colleagues.
Utilise new technologies and software tools. The latest thinking on mitigating exposure places a high importance on using new technologies and software tools to support various financial and non-financial control activities to prevent fraud. These tools can help to automate processes, reduce the risk of human error and provide real-time monitoring of transactions. In the best-case scenario, they can even help to identify potential fraud risks before they become a problem. Many companies are looking to artificial intelligence (AI) as a game-changer in preventing fraud, with its ability to analyse large amounts of data and identify patterns indicating fraud. The blockchain can also be used to create a tamper-proof record of financial transactions, which can help to prevent fraud. At the end of the day, new technologies and software tools will also need employees to draw conclusions from them and take steps to address possible fraudulent activity. This opens up such tools to the same vulnerabilities within an unethical culture, as fraudulent employees can be quite convincing when making bogus explanations, getting the support of their managers and colleagues, and influencing internal politics to disregard otherwise convincing reports generated by software tools.
Many of these anti-fraud measures are expected to be present in most companies today and are regarded as necessary for a functional compliance programme that reduces the risk of fraud and corruption. However, an unethical company culture can undermine the positive impact of these activities. That is why any function involved in the fight against fraud, including senior management, must constantly focus on reinforcing an ethical culture. This is the most important asset in defending against fraud. An ethical culture will encourage all employees to identify and speak up about activities which may seem fraudulent.
How to achieve a strong ethical culture
Firstly, let us define what we mean here. An ethical culture is a system of shared beliefs, attitudes and behavioural norms that represent a company’s ethical principles and standards when engaging with employees, customers, suppliers, the community and so on. While difficult to measure, see or prove, it is a feeling of connectivity among the stakeholders of a company.
A strong ethical culture is built on a foundation of transparency, integrity and accountability, creating an environment where fraud is less likely to take root. Supporting, building and maintaining an ethical culture requires a number of important steps, as outlined below.
Lead by example. To lead by example, you do not need to be a leader, but leaders need to communicate that leading by example is expected from everyone. Everyone should be encouraged to behave ethically and hold themselves accountable for their actions. Companies should share examples of such conduct by employees through various internal communication tools.
Encourage open communication. Management and leaders must encourage employees to speak up if they see something that does not seem right. This message should be sent continuously, not only at an annual meeting. The more it is communicated, the more employees will start believing in the message and trust that open communication is part of the company culture. Of course, follow-up action is required on reports of potential misconduct.
Provide ethics training. Training, whether e-learning or face-to-face, is often viewed as boring or unnecessary. But if the content is exciting and grabs the attention of employees, it will be an effective tool in showcasing how ethical conduct is critical to the company’s success. Do not be afraid to focus on company values. Content should be inspirational and make employees proud to work for a company committed to doing the right thing.
Reward ethical behaviour. This is a widely debated topic. Should you reward someone for just doing the right thing? Is this not expected from everyone? Should you just focus on punishing unethical behaviour? While the number of companies rewarding ethical behaviour is still likely very low, it is not simply about granting a financial reward for ethical behaviour. Most employees appreciate praise, including company-wide praise, above a financial reward. Companies should highlight examples of ethical conduct to support the relationship between company culture and high levels of integrity.
A comprehensive fraud prevention programme is essential to preventing corporate fraud. As new technology and software become more commonplace, and companies become more adept at using them and implementing control measures to address the increased complexity of fraud, many overlook the je ne sais quoi of an anti-fraud programme: company culture. Without a strong company culture, the impact of other measures becomes insignificant.
Nicolai Ellehuus is global head of compliance, risk management, insurance, privacy and QMS at Bang & Olufsen. He can be contacted on +45 2072 1798 or by email: clne@bang-olufsen.dk.
© Financier Worldwide
BY
Nicolai Ellehuus
Bang & Olufsen
Q&A: Data-driven anticorruption compliance programmes
US government agencies raise the bar on national security-related corporate compliance
Economic uncertainty and fraud
The ‘je ne sais quoi’ of preventing corporate fraud
Corporate integrity: employee training on fraud awareness and ethical conduct
Whistleblower programmes: the why and the how