Compliance Failures Promote Fraud and Blackmail
Over the last several years we have noticed an interesting development in the world of fraud. This is a bit of a follow up to a “Get out of Jail Free” article from November 2010 issue of the Aegis Journal.
It seems the fraudsters, often inside a company’s compliance or internal audit department, have taken it upon themselves to print their own ‘Get Out Of Jail Free’ cards. These fraudsters often have many years with a company and are valued and trusted employees. Their frauds begin with the employee finding that the company is out of compliance. While we focus on AML and OFAC issues, non-compliance issues often include rules and regulations the employer may not even know exist, such as environmental, disclosure, or Fair Labor Act compliance.
Fraudsters quickly realize that their unique position within the company allows them to document these violations in great detail, and in some cases the fraudsters may even facilitate the continuation of the violations. Once the fraudster has documented and secured the required evidence — they are now free to defraud the company. Often the level of skill in finding a compliance violation, or helping it along, requires more sophistication than perpetrating a fraud. Why? It’s simple. There is little motivation to work on concealment of the fraud. If the fraud is discovered, they can report the company under whistle blower statutes, and the fraudsters may even collect 30% of the total fine imposed on the company (often more lucrative than the fraud). If the company accuses the whistleblower of fraud — the company is accused of retaliation — yet another expensive legal claim to defend.
Many frauds using this odd form of protection are the direct result of a compliance error. The error and the corporate fear of fines and repercussions from regulators are used by fraudsters as a shield against being prosecuted for their fraud. This is blackmail, short and simple.
It can be avoided, but it’s not easy. Government’s have not made voluntary disclosure of non-compliance (or compliance error) a favorable option for most enterprises. The lack of forgiveness by the governments is what promotes the essential environment for the blackmail/fraud scenario to succeed. Since the regulatory enforcement climate is not going to change any time soon, employers have to look at prevention. Prevention is best accomplished with outside experts reviewing compliance issues on a periodic basis. Audits may be required every few months if the regulations are rapidly changing, or as infrequent as every few years if the regulations are more seasoned.
Keep internal audit and compliance apart – with no overlap. Also eliminate individual fiefdoms within the company, encouraging more than one person or department to review compliance issues. When conducting internal audits, don’t focus solely on financial matters — include compliance, disclosure, and reporting requirements. Establish employment agreements that have real penalties for fraud, for example, allowing retirements to be clawed back if fraud by an employee is substantiated, or bonus money to be repaid, etc…
Last, but not least, if a fraudster pulls a stunt similar to this on you — attack, do not submit. Work with your experts on voluntary disclosure to the regulators, and assume that the fraudster engineered the setup. It will be difficult, ugly, and painful — but it will be over.