C-suite fraud: yes, it happens more regularly than one would like to believe!

According to the Association of Certified Fraud Examiners (ACFE) Occupational Fraud 2022 Global Fraud Study revealed that there is a strong correlation between the fraudster’s level of authority and the size of the fraud. Owner/executives only committed 23% of the frauds but they caused a median loss of USD $337,000. In addition, employees committed 37% of the frauds but they only caused a median loss of USD $50,000. Managers ranked in the middle, committing 39% of fraud with a median loss USD $125,000.

Further, the motivations for fraud for employees including owners/executives are captured in the top eight behavioural fraud red flags as follows in order of prevalence (note: percentages exceed 100% as there are in some cases multiple red flags):

1. Living beyond means 39%
2. Financial difficulties 25%
3. Unusually close association with vendor/customer 20%
4. Control issues, unwillingness to share duties 13%
5. Irritability, suspiciousness or defensiveness 12%
6. Bullying or intimidation 12%
7. Divorce / family problems 11%
8. “Wheeler-dealer attitude" 10%

There are a few examples of C-suite fraud or accounting scandals which exemplify this. Examples include:

• Wirecard, a German electronics payments company admitted (in June 2020) that approximately 1.9 billion euros that was supposed to be held in trustee accounts in the Philippines likely did not exist. An investigation into Wirecard's financial practices uncovered a complex web of fraudulent activities, including the creation of fake profits and false transactions to inflate the company's financial position. In June 2023, their CEO, Markus Braun was arrested, and the company was declared insolvent.
• Luckin Coffee is a coffee chain in China. In April 2020, the company announced that its Chief Operating Officer (COO), Jian Liu, played a central role in orchestrating the fraudulent activities including with several other employees had fabricated sales transactions. In July 2020, Luckin Coffee announced that an internal investigation had revealed sales fraud totalling approximately $310 million.
• Satyam Indian IT company (2009) company founder and Chairman Ramalinga Raju falsified revenue by USD$1.5 billion and admitted this in a letter to the company’s Board and was found guilty along with 9 others of inflating of the company's revenue, falsifying accounts, income tax returns and more.
• Bernard L. Madoff Investment Securities LLC a Wall Street investment firm (2008) with Bernie Madoff as founder and Chairman (sentenced to 150 years imprisonment and USD$170 billion restitution) deceiving investors out of $64.8 billion through a Ponzi scheme.
• WorldCom telecommunications company (2002) where assets were inflated as much as USD$11 billion, the company filed for bankruptcy, USD$180 billion in losses for investors, and those involved included the CEO Bernie Ebbers who was sentenced to 25 years imprisonment due to fraud.
• Enron energy and commodities company (2001) where shareholders lost USD$74 billion, the company filed for bankruptcy, led to the demise of the Arthur Andersen accounting firm, and those involved included the CEO Jeff Skilling (sentenced to 24 years imprisonment) and the former CEO Ken Lay (who died before being imprisoned).

From the experience of our RSM Australia’s Fraud & Forensic Services, we have conducted multiple investigations involving allegations of impropriety perpetrated by executives/owners. Some examples include the following:

• RSM was appointed by a law firm for a state government entity to undertake a forensic investigation into certain allegations of code of conduct and policy breaches made against the then CEO. The then CEO was stood down following our investigation.
• Conducted a forensic investigation for a property development company into alleged impropriety by the former CFO of fraudulently diverting monies owed to the business into their personal bank account as well as creating fake supplier invoices to have monies paid from the business bank account to their personal bank account.
• Conducted a forensic investigation for the Board of a national professional association into allegations of impropriety by the CEO, including the misuse of the corporate credit card for non-business purposes, remuneration and salary payment anomalies, and the purchase of vehicle without Board approval. RSM’s investigation result in a confession from the CEO, repayment of funds and benefits misappropriated and disciplinary action from the Board to dismiss the CEO from their employment.
• Investigated a $5 million fraud within a private family business where the ‘trusted’ CFO had stolen for several years, with unauthorised expenditure on gold bullion and progress construction / renovation payments on multiple investment properties

Boards, audit committees and executive or senior management have vested interests in ensuring that there are checks and balances to ensure that ‘C-suite professionals are leading the way with the tone from the top and ethical behaviour beyond reproach.

In Australia, the Australian Standard AS 8001:2021 Fraud and Corruption Control has been the pre-eminent guide on how to prevent, detect and respond to the risks of fraud and corruption. Organisations can use AS8001:2021 as a guide to prevent and detect fraud by implementing a robust anti-fraud system or framework / program. This means ensuring that organisations create and regularly update policies and procedures that clearly outline their approach to fraud prevention and detection, and ensure its operationalisation (that is, that controls are in place and operating as intended). In relation to mitigating against C-suite fraud, an example could be reviewing and updating policies around Segregation of Duties and dividing responsibilities among different individuals to prevent a single executive from having too much control over a particular business process. For example, the person who approves transactions should be different from the one who initiates them. In addition, employees should receive regular training on recognising fraud and reporting fraud suspicions and concerns. AS8001:2021 suggests developing training programs to educate employees about the types of fraud, including C-suite fraud that can occur, fraud red flags, and how to report suspicions.

An effective prevention method for organisations to consider is ensuring that adequate workforce screening (pre-employment and periodically undertaken once employed) is undertaken on C-suite executives. This includes conducting forensic due diligence / OSINT (open source intelligence) background checks on the C-suite executive (and sometimes family and associates) that are either publicly available (e.g. ASIC checks for director, secretary and shareholders roles, social media sites) or with consent where required (e.g. police checks) to ensure that any conflict of interest, perceived or actual, is managed.

An effective detection method for organisations to implement is fit-for-purpose whistleblower reporting mechanisms. According to the Association of Certified Fraud Examiners (ACFE) Occupational Fraud 2022 Global Fraud Study report, 58% of fraud in the Asia-Pacific region is detected by a tip^[1]. Therefore, it is imperative for organisations to provide avenues for employees, contractors, and other stakeholders to report suspected fraud and corruption involving C-suite executives or other employees. This can involve implementing secure and anonymous reporting channels where individuals can safely report their concerns. These channels should be easily accessible to all stakeholders, and it is better practice for these reporting avenues to be available to current and former employees, contractors, and other stakeholders.

C-suite fraud is not new a new phenomenon and will continue to be an area of concern for businesses. Mitigating C-suite fraud is crucial for safeguarding the financial health, reputation, and sustainability of an organisation. The risk of fraud at the highest levels necessitates a multifaceted approach, including the implementation of robust internal controls, the promotion of an ethical culture, and continuous monitoring of executive activities often with the tripartite albeit often separate efforts of the anti-fraud function(s) within a business, an internal audit function, and the external auditor.