The complexities of handling international fraud investigations
INSIGHT ARTICLE |
Last year marked a record-setting performance for enforcement of the Foreign Corrupt Practices Act (FCPA). In fact, the Securities and Exchange Commission (SEC) and U.S. Department of Justice (Justice Department) finalized settlements with 27 companies in 2016 for a total of $2.48 billion in fines and other payments.1 And, despite a significant change in U.S. political leadership since that time, new Attorney General Jeff Sessions told attendees at a recent ethics and compliance conference that “we will continue to strongly enforce the FCPA and other anti-corruption laws.”2
These enforcement trends are important considerations for leaders of middle market companies, since boosting international revenue is often a top growth priority for those organizations. However, exposure to global markets also opens the door to new complexities, such as the potential need to navigate the political, legal and practical aspects of an international fraud investigation driven by allegations of bribery and corruption.
In RSM’s 2016 Global Corruption Law Compliance Survey, well over 80 percent of executives perceived little fraud risk when conducting business in the United States or Canada. While the assumed risk level was much higher in certain countries—most notably Mexico and China—business leaders must remain diligent about recurring threats in other parts of the world. Consider the following examples of recently resolved FCPA cases, where investigators determined internal controls were either ineffective against acts of fraud or corruption, or circumvented for extended periods of time:
- In January 2017, a large food company reached a settlement with the SEC over alleged issues with internal controls and accounting records that occurred with its British subsidiary in India. As part of the settlement, the companies agreed to pay a $13 million civil penalty.3
- In December 2016, the SEC and the Justice Department reached a $957 million settlement with a Brazilian petrochemical manufacturer, as regulators alleged that the company’s internal controls were unable to catch bribes paid to government officials through third-party intermediaries and off-book accounts during an eight-year period. The global settlement included $632 million in criminal penalties and fines, $260 million paid to Brazilian government authorities, and $65 million to SEC.4
- In November 2016, a large global financial institution agreed to pay over $130 million in connection with SEC charges that it improperly provided jobs to relatives and friends of foreign government officials in the Asia-Pacific region in order to win new business. The SEC noted this was a systemic bribery scheme, adding that “the firm’s internal controls were so weak that not a single referral hire was denied.” In addition to the SEC penalty, the firm is expected to pay nearly $62 million to the Federal Reserve and $72 million to the U.S. Department of Justice to satisfy fines for these violations of the FCPA.5
- In June 2016, the SEC announced a $15 million settlement with a middle market medical device manufacturer, after an agency investigation found the company’s subsidiary in Denmark had engaged in fake distributor transactions over a 10-year period that improperly routed $20 million to a host of individuals in Russia and shell companies in Belize, Cyprus, the British Virgin Islands and the Seychelles.6
What key lessons can be taken from these examples? First, any company with international operations must have a baseline understanding of the key obstacles that can hinder internal controls designed to detect potential fraud and prompt further due diligence (including foreign investigations). Additionally, businesses should ensure they have a corporate response plan that can help keep an initial problem from becoming a full-blown crisis. This is of particular importance to middle market companies, since our 2016 survey showed that a third of firms have no documented response strategy to address allegations of bribery or corruption.
Investigative barriers: More than just distance
It is not uncommon for middle market executives to have less control of foreign offices or subsidiaries, since interactions are often virtual, and global revenues in some instances make up only a fraction of overall company revenues (which may not even be considered by the organization to be material). Regardless of size, when fraud-related concerns arise, there are typically three issues that make an international investigation more challenging than one in the United States. These include:
Language and culture. This may be the single most difficult area to navigate, since a quality investigation requires accurate, precise communication between stakeholders, which can be next to impossible without fluency in the local language. Similarly, knowledge of local practices in foreign markets can help establish and prioritize investigative inquires based on known risks. Lack of knowledge of local markets may slow down or impede the success of investigations. In fact, 35 percent of leaders polled in RSM’s 2016 Global Corruption Law Compliance Survey viewed cultural differences or different norms for business operations as a significant hurdle to investigating charges of bribery and corruption.
Data privacy and local compliance. Simply put, there is no global standard covering data privacy or the transfer of information collected in one country to another country. Nearly all countries where middle market companies have operations have some level of data privacy laws designed to regulate the collection, processing, storage and cross-border transfer of information, meaning that U.S. companies attempting to investigate foreign incidents of fraud, bribery or corruption must navigate a patchwork landscape of rules driven by international, national, regional and local government bodies.
Lack of qualified internal resources. Foreign satellite offices and subsidiary operations are often lightly staffed, with employees generally focused and trained on areas related to sales, production and operations, and are not well-versed on issues related to bribery, corruption or compliance. Without adequate training and support, local employees can hinder the discovery, verification and evaluation of a potential fraud event by not applying appropriate investigative techniques, or by not leveraging proper internal resources. Further, in situations where local management is implicated or involved in the fraud, a scheme can be concealed or an investigation delayed when local employees do not have a process in place to permit them to notify appropriate levels of senior management.
Tips to help triage the discovery of international fraud activity
While there is no sure-fire way to prevent fraudulent activity from bribery and corruption schemes, simple steps can help any business reduce the risk of fraud and accelerate fraud detection. Some of these steps include:
Having a documented fraud response strategy. The power of a written fraud response plan can be summarized by the following ratio: 7-to-1. In our 2016 survey, we found that companies with a documented fraud response strategy were seven times more likely to initiate follow-up investigations when illicit activity was suspected than firms lacking such a road map. The power of such a plan becomes even more critical in international investigations, since it should encompass local market contingencies that may arise during a fact-finding process.
In addition to a road map, a sense of urgency and appropriate level of importance should be placed on investigating fraudulent claims or findings. Too often organizations fail to swiftly collect initial facts and preserve evidence resulting in incomplete evidence for evaluation by the trier of fact. After the potentially illicit activity has been triaged, the next step is for an empowered decision-maker to coordinate and analyze the flow of information, and recommend event resolution options (in accordance with the response plan).
Training and empowering first responders. As part of the fraud response plan, team leaders in foreign offices or subsidiaries (and domestic employees that may be exposed to fraud risks) should incorporate training on how to spot and report bribery, corruption and fraud as part of their broader ethics compliance program. Moreover, employees—both foreign and domestic—should be provided the managerial latitude to escalate any potential or identified issue without fear of retaliation or retribution. Further, to keep the threat of fraud top of mind, it can be helpful to conduct periodic messaging to continually reinforce that fraud awareness and prevention are key corporate priorities.
Creating open communication lines between corporate and local management. Perhaps the most important, but often most overlooked element is the need to establish an open line of communication (formal and informal) between responders in the foreign country and key decision-makers at the company’s headquarters. Because of differences in culture, language, time zones and other factors, it can be challenging, if not impossible, to evaluate a situation from afar. However, if an organization can consistently and effectively relay information between foreign and domestic locations, it can reduce the impact that thousands of miles, multiple time zones and different languages can have on an investigation.
The evidence shows that organizations still struggle with implementing strong anti-bribery compliance programs. To that end, RSM has helped numerous organizations reduce their potential exposure to fraudulent activity by developing effective compliance programs, both domestically and abroad. And in situations where fraud has been suspected or identified, our experienced team of professionals (including forensic accountants, forensic technology and data analytics specialists) quickly mobilize to investigate and analyze those complex financial situations.
1. “The 2016 FCPA Enforcement Index,” (January 3, 2017) The FCPA Blog.
2. “Attorney General Jeff Sessions Delivers Remarks at Ethics and Compliance Initiative Annual Conference,” (April 24, 2017) The United States Department of Justice.
3. “Administrative Proceeding File No. 3-17759,” (January 6, 2017) U.S. Securities and Exchange Commission
4. “Petrochemical Manufacturer Braskem S.S. to Pay $957 Million to Settle FCPA Charges,” (December 21, 2016) U.S. Securities and Exchange Commission.
5. “JP Morgan Chase Paying $264 million to Settle FCPA Charges,” (November 17, 2016) U.S. Securities and Exchange Commission.
6. “SEC Charges Medical Device Manufacturer With FCPA Violations,” (June 21, 2016) U.S. Securities and Exchange Commission.