This month, Roger Darvall-Stevens, Partner and National Head of Fraud & Forensic Services at RSM, is featured in Financier Worldwide’s Corporate Fraud & Corruption Annual Review. In the feature, he talks about regulatory developments in Australia, fraud & corruption risks and offers advice to businesses on how to mitigate those risks.
Here is an extract from the interview. If you’d like to read the full report, click below to visit the Financier Worldwide website.
Q. To what extent are boards and senior executives in Australia taking proactive steps to reduce incidences of fraud and corruption from surfacing within their company?
Roger: The steps taken by boards and senior executives to reduce fraud and corruption depend on their awareness, the industry in which they operate and the types of risk they are exposed to. There is a spectrum from boards that are unaware or ill-prepared for risks, to boards that are very aware and ever-vigilant. A key question to ask continues to be whether management has established, implemented and tested a process of oversight of fraud, bribery and corruption risks by the board of directors or others charged with governance, such as the audit and risk committee.
Q. Have there been any significant legal and regulatory developments relevant to corporate fraud and corruption in Australia over the past 12-18 months?
Roger: There have been two major legislative developments and one area of regulatory development. Firstly, whistleblowing and whistleblower protection is receiving an overhaul in the private sector in Australia. Government or public sector bodies are covered by specific whistleblower legislation in each jurisdiction of Australia and Australia-wide, the Commonwealth of Australia. However, this has been absent for the private sector, with companies under the Australian Corporations Act 2001 required to protect whistleblowers only for breaches or alleged breaches of the Australian Corporations Act 2001, which is very restrictive and does not include the bulk of fraud, bribery and corruption concerns. The second area of legislative development is the strengthening and expansion of the Australian Criminal Code Act 1995 concerning foreign bribery. Australia’s current legislation is modelled on the US Foreign Corrupt Practices Act 1977 but is moving towards the sort of requirements in the more stringent UK Bribery Act 2010. The regulatory development worthy of mention is that Australia is currently experiencing a national Royal Commission into misconduct in the banking, superannuation and financial services industry, which is revealing areas of systemic fraud, corruption and money laundering, which is attracting the enforcement efforts of regulators like the Australian Transaction Reports and Analysis Centre (AUSTRAC) for anti-money laundering breaches.
Q. When suspicions of fraud or corruption arise within a firm, what steps should be taken to evaluate and resolve the potential problem?
Roger: Drawing on the work done on process mapping the investigation process by the Open Compliance & Ethics Group (OCEG), the following steps are advisable.
First, monitor investigation triggers, such as data analytics, reporting avenues like hotlines, audit reports, integrity culture surveys and exit interviews. Second, collect, sort, escalate and notify based on the information received. Third, perform a triage approach on the information based on the severity, complexity and materiality or reputation risk of what is alleged. Fourth, plan the investigation and assign the investigation.
If you do not have the investigative expertise or require the perception and reality of an independent investigation, seek the advice of a forensic investigation or accounting team. Consider engaging lawyers who instruct the investigators for anticipated litigation and legal privilege. If you want to train your own staff, consider relevant globally-recognised credentials like the CFE credential from the ACFE. Fifth, conduct the investigation in a legal and ethical manner, ensuring adherence to the principles of natural justice and procedural fairness. Take into consideration local country jurisdictional issues or legislative requirements, such as mandatory investigator licensing. Finally, ensure closure and remediation to finalise investigation reporting. Take appropriate disciplinary and corrective action, strengthen internal controls to prevent reoccurrence, and recover from financial losses and reputation damage.
Q. Do you believe companies are paying enough attention to employee awareness, such as training staff to identify and report potential fraud and misconduct?
Roger: Many companies are quite active in ensuring that their employees undergo some sort of fraud and corruption control awareness training, but often lack the discipline to regularly refresh and repeat this training.
Fraud training for employees is a well- recognised anti-fraud control.
The 2018 ACFE Global Study on Occupational Fraud and Abuse highlights that fraud training can reduce the median loss of fraud by 41 percent and reduce the duration of fraud by 50 percent.
Q. How has the renewed focus on encouraging and protecting whistleblowers changed the way companies manage and respond to reports of potential wrongdoing?
Roger: In Australia, whistleblowing legislation for the private sector is undergoing changes. Australia’s draft legislation called the Treasury Laws Amendment (Whistleblowers) Bill 2017, which is being reviewed before parliament, will broaden whistleblower protection significantly. If these laws are enacted, there will be many changes, including a clear avenue for a whistleblower to escalate concerns, essentially a ‘one-stop shop’ whistleblower protection authority, stronger protections – without fear of losing employment or being financially punished – and inclusion of private sector employees, and ‘bounty’-style financial rewards for eligible whistleblowers, to obtain a percentage of any penalty imposed upon their employer.
Q. Could you outline the main fraud and corruption risks that can emerge from third-party relationships? In your opinion, do firms pay sufficient attention to due diligence at the outset of a new business relationship?
Roger: It is essential that companies monitor and manage their third-party relationships – from due diligence screening to managing each part of a procurement process in engaging third parties. Managing foreign bribery risk is relevant for those businesses that operate regionally or globally, use agents or intermediaries, and import and export.
Considerations include verification of bona fides, corporate registration details, background checks on directors, owners and executive management, professional registers, lists of banned and disqualified persons, prohibited persons, litigation history, and internet – including social media sites, commercial credit and bankruptcy checks, criminal history and legal proceedings.
Q. What advice can you offer to companies on implementing and maintaining a robust fraud and corruption risk management process, with appropriate internal controls?
Roger: When implementing a fraud and corruption risk management process, my advice is to keep it simple and involve, as necessary, subject matter experts coupled with management’s commitment and ‘tone from the top and the middle’. These strategies should include effective whistleblowing avenues, knowing your fraud, bribery and corruption risks, having a fraud and corruption control plan and a foreign bribery compliance programme, if relevant to your business operations.
For more information
If you would like to know more about the Fraud and Forensic services RSM offer or have any questions regarding the above, contact Roger Darvall-Stevens today.