How to catch a rogue employee

If there is one person that most financial industry charlatans try to avoid, it is Preet Bharara, the US attorney for the Southern District of New York, who has taken the prosecution of white-collar crime to a whole new level. Since taking office in 2009 Bharara has become the most feared prosecutor on Wall Street, cracking an impressive string of fraud cases involving the theft of many billions of dollars.

Bharara is revered for the convictions of prominent hedge fund figures such as Douglas Whitman, Raj Rajaratnam and Rajat Gupta, and has seen many star executives rise from humble beginnings, only to make a sharp fall from grace. In an exclusive essay posted on CNBC’s website, entitled ‘Why corporate fraud is so rampant: Wall Street’s cop’, he discusses his disappointment at finding that for many companies, a corrupt corporate culture is just as rampant as insider trading.

‘History has shown that one cannot legislate a culture of integrity,’ the top federal prosecutor notes. ‘And yet, one of the paramount responsibilities and challenges of corporate leadership is to ensure such a culture. Without it, a troubling phenomenon that should be anathema to any company emerges: the penchant to test the legal and ethical line.’

Moreover, a good corporate culture should not just rely on adhering to regulations, says Bharara. Instead, companies need to start going beyond the bare minimum requirements of compliance programs and start setting high expectations.

The bottom line is that when business leaders fail to set the right tone, corporate misconduct can easily spiral out of control. This is when Bharara’s office will step in to address the problem – and no one wants to travel down that road.

Bulletproofing your company

Regulators are working day and night to limit the amount of fraudulent activity that has been taking place across the globe. There has been a renewed focus on pursuing Foreign Corrupt Practices Act (FCPA) violations over the past two years. While the FCPA was enacted in 1977, the SEC and Department of Justice (DoJ) have been working feverishly in recent years to increase the number of FCPA enforcement actions – in fact, the DoJ’s FCPA enforcement program reported 2010 as the year with the largest FCPA awards in history, resulting in more than $1 billion in penalties. In a 2010 article, the DoJ’s former assistant chief for FCPA enforcement candidly stated that ‘the government sees a profitable program, and it’s going to ride that horse until it can’t ride it anymore.’ For regulators, this presents a win-win situation – a government agency can gain some extra revenue while keeping a tight grip on corporate misconduct.

As the old adage goes, however, all good things must come an end. Within the last year, there has been a plunge in the number of FCPA violations. Michael Volkov, a partner at LeClairRyan and an expert in anti-corruption issues, has been tracking the number of enforcements for years. He says that six of the top 10 settlements came in 2010, but between 2011 and 2012 there have not been many notable actions in this area.

According to Volkov’s analysis, it seems that there has been a spike in the number of investigations being conducted behind closed doors, but with no successful enforcements made. In his article, ‘A ‘slow down’ in FCPA enforcement’, Volkov suggests one possible reason for the downturn is that there are ‘major investigations on the [regulator’s] plate which are eating up resources and slowing down processing of more ‘routine cases’.’

Governance and compliance professionals should use this time to start understanding their employees better and enhancing their fraud detection programs in an effort to prevent a future FCPA enforcement action.

Inside an employee’s mind: what motivates fraud?

One way to avoid fraud investigations is to understand the prime motivations for fraud – including greed.

The late criminologist Donald Cressey theorized that a person is likely to swindle money or participate in other forms of corporate wrongdoing if there is sufficient motive, opportunity and rationalization. He called this the ‘fraud triangle’. Professionals in fraud prevention circles use the 10-10-80 rule: 10 percent of employees will never steal, 10 percent will always steal, and 80 percent might if the circumstances are right.

Fraud is not limited to the top executives simply because they have more resources and opportunities to commit fraud. Skilled compliance officers know that fraud can be committed throughout the organization.

Kelli McTaggart, vice president, associate general counsel and chief ethics and compliance office at Time Warner, (pictured left), is well aware that fraud can take place at any level. ‘Even a well-meaning employee can be susceptible to committing an act of fraud, such as lying about a meal on a travel and expense report, if given the right set of circumstances,’ she explains.

Such small acts of fraud are often the first indication of bigger problems. ‘Some organizations may tend to ignore small acts of fraud or frauds which are seemingly isolated instances, because they think it is not cost-effective to pursue them, or managers think these are one-off occurrences,’ says McTaggart. ‘But small frauds expose gaps in controls or oversight, and often, where there’s smoke, there’s fire.’ She adds that her own company investigates all frauds, whether large or small.

If an employee has a reason to commit fraud and the right opportunity presents itself, that employee can go rogue. McTaggart says some of the more common reasons for committing fraud are family problems, debt, bad investments, the employee living well beyond his or her means, extramarital affairs, pressure to hit high performance targets, ego, and children’s education expenses. But, she notes, ‘a lot of factors which lead people to commit fraud may not be known to a company at first and are only exposed during an investigation.’

When examining a firm’s compliance structure, most experts have found that lax internal controls are where the true problem lies. If a company can divide the responsibilities of its accounts between several employees who are constantly rotated on different projects, there will be less opportunity for one employee to succeed in a fraudulent operation. Conversely, if one employee is trusted with monitoring a company’s finances, it’s easier for that employee to funnel some money out. Keep in mind that an ineffective internal controls system can allow scammers to get away with unjust actions for months or even years.

‘That’s why controls at all levels are important,’ says McTaggart. ‘Fraud prevention and detection should really be a partnership between legal, compliance, audit, finance and other groups responsible for internal controls.’

Creating an effective compliance program

Most compliance programs are focused on how to catch fraud and root out erratic employees who seem capable of making unethical decisions. Fraud may be difficult to predict, but companies should try to create a sustainable compliance program that includes preventative measures as well. Many firms neglect this issue because corporate officers are generally more concerned about catching fraudsters after the fact than preventing them from committing fraud in the first place.

When building an effective compliance program, governance officers should consider the culture in which their employees currently operate. A highly regulated corporate culture is not recommended, says Karen Moore, director of compliance at global cigarette and tobacco giant Phillip Morris International.

‘Controls are particularly important in fraud prevention, but they have to be balanced by a good element of autonomy – no employee flourishes in an environment with overly strict controls,’ Moore explains. ‘Such environments can often backfire by reducing employee commitment to the company and increasing a sense of looking out for number one before looking out for the interests of the company.’

Ideally, fraud detection should be a critical component of a robust compliance program. Moore adds that programs should be implemented that include frequent audits. Some of the best fraud detectors are in fact employees, she notes – illegal actions can be sniffed out through reports from other employees who are usually aware of activity before it is detected by controls. ‘In that regard, it goes without saying that a strong reporting environment is created by an effective compliance program and reinforced by management,’ Moore explains.

Fraud will always be a problem in the corporate world, but multiple reporting channels, impartial investigations, attention to real or perceived retaliation against whistleblowers, and a commitment to strong disciplinary measures can help companies catch the perpetrators before they do too much damage.

Creating and sustaining a strong compliance structure

Karen Moore, director of compliance for Phillip Morris International, advocates a three-step approach to developing an effective compliance program.

1. Risk assessment. Once a rigorous risk assessment has been carried out, the company will have pretty clear signposts as to what program elements can be effectively implemented to prevent or detect fraudulent activities. These should be carefully targeted at those individuals and activities which present the greatest risk rather than applied arbitrarily throughout the company. In that way, you build efficiencies and credibility across the organization.

2. Hiring the right set of people. Good background checks and references are imperative when adding a new employee to the company’s ranks, as well as, for example, asking probing questions about a prospective employee’s integrity during the interview.

3. Education. Employees need to understand what is expected of them and why certain processes are important. Controls are particularly important in fraud prevention, but they have to be balanced by a good element of autonomy.

Fraud warning signs

Kelli McTaggart, Time Warner’s top compliance official, suggests that corporate compliance officers should train managers to be on the lookout for the following warning signs of a good employee going bad:

• Trying to influence events outside their area of responsibility: employees who want to have a hand in accounts in a department that is outside their area of responsibility should be scrutinized

• Moody or nervous behavior: a person constantly on the edge about minor issues is another telltale sign

• Regularly breaking rules to get a job done: sometimes this is not taken as seriously as it should be – whether it’s breaking IT rules or other company policies, all employees should be held accountable for their actions

• Not taking vacations or refusing promotions: those who are wrapped up in illegal activity need to stay where they are to continue the scheme

• The employee exhibits inappropriate anger or defensiveness to the person asking questions about their actions.