Category Archives: Ethics

Trust but Check

The community support for a business, and business in general, depends on the credibility that stakeholders place in corporate commitments, the company’s reputation, and the strength of its competitive advantage. All of these depend on the trust that stakeholders place in a company’s activities. Trust, in turn, depends on the values underlying corporate activities. Off-shore accounts, manipulation of shell corporations to evade taxes, loan fraud and management self-dealing are just a few instances of the moral cancer that, drop by drop, erodes trust until the point where the free enterprise systems of democratic nations are replaced by naked oligarchy, kleptocracy and cultures of corruption.

If the interests of all stakeholders are systematically not respected, then action that continues to be often painful to shareholders, officers, and directors usually occurs. In fact, it is unlikely that businesses or professions can achieve their long-run strategic objectives without the support of key stakeholders, such as shareholders, employees, customers, creditors, suppliers, governments, and host communities.

A constant theme and trend (as echoed in the trade press) has become increasingly more evident since the turn of the century. The judgment and moral character of executives, owners, boards of directors, and auditors has been often insufficient, on their own, to prevent increasingly severe corporate, ethical, and governance scandals. Governments and regulators world-wide have been required to constantly tighten guidelines and governance regulations to assure the protection of the public. The self-interested lure of greed has proven to be too strong for many to resist, and they have succumbed to conflicts of interest when left too much on their own. Corporations that were once able to shift jurisdictions to avoid new regulations regarding tax and other matters now are facing global measures designed to expose and control questionable ethics and governance practices. Assurance professionals themselves, of all types, are also facing international standards of behavior.

These changes have come about because of the pressures brought to bear on corporations and management by the reporting of scandals and abuses by a still potent free press and by suits by activist investors and other involved stakeholders. But changes in laws, regulations, and standards are only part of what stakeholders have contributed. The expectations for good ethical behavior and good governance practices have changed. Failure to comply with these expectations now impacts reputations, profits, and careers even if the behavior is strictly within legal boundaries.

As ACFE training tells us, it’s become increasingly evident to most executives, owners, and auditors that their individual success is directly related to their ability to develop and maintain a corporate culture of integrity. They cannot afford the loss of reputation, revenue, reliability, and credibility as a result of a loss of integrity. It is no longer an effective, sustainable, or medium or long-term strategy to project or practice questionable ethics. ACFE training goes on to indicate a number of causes, or signs, of ethical problems within any given corporation:

— Pressure to meet goals, especially financial ones, at any cost;
–A culture that does not foster open and candid conversation and discussion;
–A CEO who is surrounded by people who will agree and flatter the CEO, as well as a CEO whose reputation is ‘beyond criticism’;
–Weak boards that do not exercise their fiduciary responsibilities with diligence;
–An organization that promotes people on the basis of nepotism and favoritism;
–Hubris. The arrogant belief that rules are for other people, but not for us;
–A flawed cost/benefit attitude that suggests that poor ethical behavior in one area can be offset by good ethical behavior in another area.

The LIBOR rate scandal of 2012 is an almost perfect example of ethical collapse and manifests a majority of the red flags enumerated above. The scandal featured the systematic manipulation of a benchmark interest rate, supported by a culture of fraud in the world’s biggest banks, in an environment where little or no regulation prevailed. After decades of abuse that enriched the big banks, their shareholders, executives and traders, at the expense of others, investigations and lawsuits were finally undertaken resulting in prosecutions and huge penalties for the banks and the individual traders involved.

The London Interbank Offered Rate (LIBOR) rate is a rate of interest, first computed in 1985 by the British Banking Association (BBA), the Bank of England and others, to serve as a readily available reference or benchmark rate for many financial contracts and arrangements. Prior to its creation, contracts utilized many privately negotiated rates, which were difficult to verify, and not necessarily related to the market rate for the security in question. The LIBOR rate, which is the average interest rate estimated by leading banks that they would be charged if they were to borrow from other banks, provided a simple alternative that came to be widely used.

At the time of the LIBOR scandal, 18 of the largest banks in the world provided their estimates of the costs they would have had to pay for a variety of interbank loans (loans from other banks) just prior to 11:00 a.m. on the submission day. These estimates were submitted to Reuters news agency (who acted for the BBA) for calculation of the average, and its publication, and dissemination. Reuters set aside the four highest and four lowest estimates and averaged the remaining ten.

So huge were the investments affected that a small manipulation in the LIBOR rate could have a very significant impact on the profit of the banks and of the traders involved in the manipulation.

Insiders to the banking system knew about the manipulation of LIBOR rate submissions for decades, but changes were not made until the public became aware of the problem, and until the U.S. Department of Justice (DOJ) forced the U.K. government to act. The president of the New York Federal Reserve Bank (Fed), at that time emailed the governor of the Bank of England in June 2008, suggesting ways to “enhance” LIBOR. Although ensuing emails report agreement on the suggestions, and articles appeared in the trade press from 2008 to 2011, serious changes were not applied until October 2012 when the U.K. government accepted the recommendations of the Wheatley Review of Libor. This Review by Martin Wheatley, managing director of British Financial Services Authority, was commissioned in June 2012 in view of investigations, charges and settlements that were raising public awareness of LIBOR deficiencies.

One of the motivations for creating the Wheatley Review involved the prosecution of a former UBS and later Citigroup Inc. trader, on criminal fraud charges for manipulating the LIBOR rates. The trader, known to insiders as the “Rain Man” for his abilities and demeanor, allegedly sought his superiors approval before attempting to influence the LIBOR rates, an act that some observers thought at the time would provide a strong defense against conviction.

Insiders who knew of LIBOR manipulations were generally reluctant to take a public stand for earlier change. However, on July 27, 2012, a former trader for Morgan Stanley in London, published an article that told of his earlier attempts to bring LIBOR rate manipulations to the attention of authorities, but without success. In his article, he indicated how he learned as a new trader in 1991 that the banks manipulated their rate submissions to make profit on specific contracts, and to mask liquidity problems such as during the subprime lending crisis of 2008. For example, if the LIBOR rate submissions were misstated to be low, the discounted valuation of related assets would be raised, thus providing misleadingly higher levels of short-term, near-cash assets than should have been reported.

Numerous studies since the scandal have detailed the effects of unethical LIBOR manipulation. Just two examples of such manipulation. At the time of the scandal many home owners borrowed their mortgage loans on a variable- or adjustable-rate basis, rather than a fixed-rate basis. Consequently, many of these borrowers received a new rate at the first of every month based on the LIBOR rate. A study prepared for a class action lawsuit has shown that on the first of each month for the period 2007-2009, the LIBOR rate rose more than 7.5 basis points on average. As a consequence, one observer estimated that each LIBOR submitting bank may be liable for as much as $2.3 billion.

Municipalities raise funds through the issue of bonds, and many were encouraged to issue variable-rate, rather than fixed-rate, bonds to take advantage of lower interest payments. For example, the saving could be as much as $1 million on a $100 million bond. After issue, the municipalities were encouraged to buy interest rate swaps from their investment banks to hedge their risk of volatility in the variable rates by converting or swapping into a fixed rate arrangement. The seller of the swap agrees to pay the municipality for any requirement to pay interest at more than the fixed rate agreed if interest rates rise, but if interest rates fall the swap seller buys the bonds at the lower variable interest rate. However, the variable rate was linked to the LIBOR rate, which was artificially depressed, thus costing U.S. municipalities as much as $10 billion. Class action suits were eventually launched to recover these losses, which cost municipalities, hospitals, and other non-profits as much as $600 million a year.

At the end of the day, trust in each other and in our counter-parties is all we really have as economic actors; CFEs and forensic accountants thus have a vital role to play in investigating, documenting and assisting in the identification and possible prosecution of those, like the LIBOR manipulators, who knowingly collude in making the choice to violate that trust.

#We Too

The #Me Too phenomenon is just one of the latest instances of a type of fraud featuring a betrayal of trust by a fellow community member which is as old as humanity itself. The ACFE calls it affinity fraud, and it is one of the most common instances of fraud with which any CFE or forensic account is ever called upon to deal. The poster boy for affinity frauds in our time is, of course, Bernard L. Madoff, whose affinity fraud and Ponzi scheme ended with his arrest in 2008. The Madoff scandal is considered an affinity fraud because the vast majority of his clientele shared Madoff’s religion, Judaism. Over the years, Madoff’s clientele grew to include prominent persons in the entertainment industry, including Steven Spielberg and Larry King. This particular affinity fraud was unprecedented because it was perpetrated by Madoff over several decades, and his investment customers were defrauded of approximately twenty billion dollars.

But not all targets of affinity fraud are wealthy investors; such scams touch all genders, religions, age groups, races, statuses, and educational levels. One of the saddest are affinity frauds targeting children and the elderly.

Con artists prey on vulnerable underage targets by luring them to especially designed websites and phone Aps and then collecting their personal information. TRUSTe, an Internet privacy seal program, is a safe harbor program under the terms of the Children’s Online Privacy Protection Act (COPPA) administered by the U.S. Federal Trade Commission. This was the third safe harbor application approved by the Commission. Safe harbor Aps and programs are submitted by the Children’s Advertising Review Unit (CARL) of the Council of Better Business Bureaus, an arm of the advertising industry’s self-regulatory program, and the Entertainment Software Rating Board (ESRB), which were both previously approved as COPPA safe harbors. Sadly, in spite of all this effort, data collection abuses by websites and Aps targeting children continue to increase apace to this day.

Then there’s the elderly. It’s an unfortunate fact that elderly individuals are the most frequent targets of con artists implementing all types of affinity frauds. Con artists target the elderly, since they may be lonely, are usually willing to listen, and are thought to be more trusting that younger individuals. Many of these schemes are performed over the telephone, door-to-door, or through advertisements. The elderly are especially vulnerable targets for schemes related to credit cards, sweepstakes or contests, charities, health products, magazines, home improvements, equity skimming, investments, banking or wire transfers, and insurance.

Fraudsters will use different tactics to get the elderly to cooperate in their schemes. They can be friendly, sympathetic, and willing to help in some cases, and use fear tactics in others. The precise tactics used are generally tailored to the type of individual situation the con artist finds herself in in relation to the mark.

Ethically challenged fraud practitioners frequently focus on home ownership related schemes to take advantage of the vulnerable elderly. The scammer will recommend a “friend” that can perform necessary home repairs at a reasonable price. This friend may require the mark to sign a document upon completion confirming that the repairs have been completed. In some cases, the elderly victim later learns that s/he signed the title of his house over to the repairman. In other cases, not only is the person overcharged for the work, but the work is not performed properly or at all.

Another frequent scheme targeting the elderly involves sweepstakes or prizes. The fraudster continues to influence the elderly victim over a period of time with the hope that the victim will eventually win the “grand prize” if they will just send in another fee or buy a few more magazines.

Fraudsters also frequently solicit the elderly with “great” investment opportunities in precious metals, artwork, securities, prime bank guarantees, futures, exotics, micro-cap stocks, penny stocks, promissory notes, pyramid and Ponzi schemes, insurance, and real estate. Other common scams involve equity skimming programs, debt consolidation offers, or other debt relief services which only result in the loss of the home used as collateral if the victimized debtor misses a payment.

The societal effects of affinity fraud are not limited solely to the amount of funds lost by investors, churches, the elderly or by other types of victims. Once these frauds are uncovered, investor confidence can diminish the financial and other legitimate markets, and a general level of distrust can decrease the government’s ability to provide protection. Loss of confidence manifested itself after the Madoff fiasco with such negative effects evident throughout the economy. Unfortunately, affinity fraud erodes the trust needed for legitimate investments to occur and grow our economy. Essentially, affinity fraud victims of all types become less likely to trust any future monetary request and honest charitable organizations suffer from a loss of endowments. Subsequent to a large affinity fraud being discovered, time is spent by regulators and law enforcement not only prosecuting these cases but also in the expenditure of endless taxpayer dollars assessing what went wrong. Time consuming, expensive investigations generally also include implementation of regulatory changes in an attempt to assist in detection of these frauds in the future, another costly burden on taxpayers.

Once affinity fraud offenders have targeted a community or group, they seek out respected community leaders to vouch for them to potential victims. By having an esteemed figurehead who appears to be knowledgeable about the investment or other opportunity and endorses it, the offender creates legitimacy for the con. Additionally, others in the community are less likely to ask questions about a venture or investment if a community leader recommends or endorses the fraudster. In the Madoff case, Madoff himself was a highly esteemed member of the community he victimized.

Experts tells us that projection bias is one reason why affinity fraudsters are able to continually perpetrate these types of crimes. Psychological projection is a concept introduced by Freud to explain the unconscious transference of a person’s own characteristics onto another person. The victims in affinity fraud cases project their own morals onto the fraudsters, presuming that the criminals are honest and trustworthy. However, the similarities are almost certainly the reason why the fraudster targeted the victims in the first place. In some cases when victims are interviewed after the fact, they indicate to law enforcement that they trusted the fraudster as if they were a family member because they believed that they both shared the same value system.

Because victims in affinity frauds are less likely to question or go outside of their group for assistance, information or tips regarding the fraud may not ever reach regulators or law enforcement. In religion related cases, there is often an unwritten rule that what happens in church stays there, with disputes handled by the church elders or the minister. Once the victims place their trust in the fraudster, they are less likely to even believe they have been defrauded and also unlikely to investigate the con.

The ACFE tells us that in order to stop affinity frauds from occurring in the first place, one of the best fraud prevention tools is the implementation of increased educational efforts. Education is especially important in geographical areas where tight-knit cultural communities reside who are particularly vulnerable to these frauds. By reaching out to the same cultural or religious leaders that fraudsters often target in their schemes, law enforcement could launch collaborative relationships with these groups in their educational efforts.

In summary, frauds like Madoff’s occur daily on a much smaller scale in communities across the United States. The effects of these affinity frauds are widespread, and the emotional consequences experienced by the victims of these scams cannot be overstated. CFEs, assurance professionals, regulators and law enforcement and investigative personnel need to assess the harm caused by affinity fraud and continue to determine what steps need to be taken to effectively confront these types of scams. State and Federal laws should be reviewed and amended where necessary to ensure appropriate enhanced sentencing is enforced for all egregious crimes involving affinity fraud. Regulators and law enforcement should approach fraud cases from different angles in an attempt to determine if new methods may be more effective in their prosecution.

Additionally, anti-fraud education as provided by the ACFE is needed for both the general and investing publics and for regulators and law enforcement personnel to ensure that they all have the proper knowledge and tools to be able to understand, detect, stop, and prevent these types of scenarios. Affinity frauds are not easily anticipated by the victims because people are not naturally inclined to think that one of their own is going to cheat them. Affinity frauds can, therefore, only be most effectively curtailed by the very communities who are their victims.

Loose Ends

A forensic accountant colleague of mine often refers to “loose-ends”. In his telling, loose-ends are elements of an investigation that get over-looked or insufficiently investigated which have the power to come back and bite an examiner with ill effect. That a small anomaly may be a sign of fraud is a fact that is no surprise to any seasoned investigator. Since fraud is typically hidden, the discovery of fraud usually is unlikely, at least at the beginning, to involve a huge revelation.

The typical audit does not presume that those the auditor examiners and the documents s/he reviews have something sinister about them. The overwhelming majority of audits are conducted in companies in which material fraud does not exist. However, the auditor maintains constant awareness that material fraud could be present.

Imagine a policewoman walking down a dark alley into which she knows a suspect has entered just before her. She doesn’t know where the suspect is, but as she walks down that alley, she is acutely aware of and attuned to her surroundings. Her senses are at their highest level. She knows beyond the shadow of a doubt that danger lurks nearby.

Fraud audits (and audits in general) aren’t like that. Fraud audits are more like walking through a busy mall and watching normal people go about their daily activities. In the back of the examiner’s mind, he knows that among all the shoppers are a few, a very few, shoplifters. They look just like everyone else. The examiner knows they are there because statistical studies and past experience have shown that they are, but he doesn’t know exactly where or who they are or when he will encounter them, if at all. If he were engaged to find them, he would have to design procedures to increase the likelihood of discovery without in any way annoying the substantial majority of honest shoppers in whose midst they swim.

A fraud risk assessment evaluates areas of potential fraud to determine whether the current control structure and environment are addressing fraud risk at a level that aligns with the organization’s risk appetite and risk tolerance. Therefore, it is important during the development and implementation of the risk management program to specifically address various fraud schemes to establish the correct levels of control.

It occurred to me a while back that a fraud risk assessment can of thought of as ignoring a loose-end if it fails to include sufficient consideration of the client organization’s ethical dimension. That the ethical dimension is not typically included as a matter of course in the routine fraud risk assessment constitutes, to my mind, a lost opportunity to conduct a fuller, and potentially, a more useful assessment. As part of their assessments, today’s practitioners can potentially use surveys, Control Self-Assessment sessions, focus groups, and workshops with employees to take the organization’s ethical temperature and determine its ethical baseline. Under this expanded model, the most successful fraud risk assessment would include small brainstorming sessions with the operational management of the business process(s) under review. Facilitated by a Certified Fraud Examiner (CFE), these assessments would look at typical fraud schemes encountered in various areas of the organization and identify the internal controls designed to mitigate each of them. At a high level, this analysis examines internal controls and the internal control environment, as well as resources available to prevent, detect, and deter fraud.

Fraud risk assessments emphasize possible collusion and management overrides to circumvent internal controls. Although an internal control might be in place to prevent fraudulent activity, the analysis must consider how this control could be circumvented, manipulated, or avoided. This evaluation can help the CFE understand the actual robustness and resilience of the control and of the control environment and estimate the potential risk to the organization.

One challenge at this point in the process is ensuring that the analysis assesses not just roles, but also those specific individuals who are responsible for the controls. Sometimes employees will feel uncomfortable contemplating a fellow employee or manager perpetrating fraud. This is where an outside fraud expert like the CFE can help facilitate the discussion and ensure that nothing is left off the table. To ask and get the answers to the right questions, the CFE facilitator should help the respondents keep in mind that:

o Fraud entails intentional misconduct designed to avoid detection.
o Risk assessments identify where fraud might occur and who the potential perpetrator(s) might be.
o Persons inside and outside of the organization could perpetrate such schemes.
o Fraud perpetrators typically exploit weaknesses in the system of controls or may override or circumvent controls.
o Fraud perpetrators typically find ways to hide the fraud from detection.

It’s important to evaluate whether the organization’s culture promotes ethical or unethical decision-making. Unfortunately, many organizations have established policies and procedures to comply with various regulations and guidelines without committing to promoting a culture of ethical behavior. Simply having a code of conduct or an ethics policy is not enough. What matters is how employees act when confronted with an ethical choice; this is referred to by the ACFE as measuring the organization’s ethical baseline.

Organizations can determine their ethical baseline by periodically conducting either CFE moderated Control Self-Assessment sessions including employees from high-risk business processes, through an online survey of employees from various areas and levels within the organization, or through workshop-based surveys using a balloting tool that can keep responses anonymous. The broader the survey population, the more insightful the results will be. For optimal results, surveys should be short and direct, with no more than 15 to 20 questions that should only take a few minutes for most employees to answer. An important aspect of conducting this survey is ensuring the anonymity of participants, so that their answers are not influenced by peer pressure or fear of retaliation. The survey can ask respondents to rate questions or statements on a scale, ranging from 1—Strongly Disagree to 5—Strongly Agree. Sample statements might include:

1. Our organizational culture is trust-based.
2. Missing approvals are not a big deal here.
3. Strong personalities dominate most departments.
4. Pressure to perform outweighs ethical behavior.
5. I share my passwords with my co-workers.
6. Retaliation will not be accepted here.
7. The saying “Don’t rock the boat!” fits this organization.
8. I am encouraged to speak up whenever needed.
9. Ethical behavior is a top priority of management.
10.I know where I can go if I need to report a potential issue of misconduct.

The ethical baseline should not be totally measured on a point system, nor should the organization be graded based on the survey results. The results should simply be an indicator of the organization’s ethical environment and a tool to identify potential areas of concern. If repeated over time, the baseline can help identify both positive and negative trends. The results of the ethical baseline survey should be discussed by the CFE with management as part of a broader fraud risk assessment project. This is especially important if there are areas with a lack of consensus among the survey respondents. For example, if the answer to a question is split down the middle between strongly agree and strongly disagree, this should be discussed to identify the root cause of the variance. Most questions should be worded to either show strong ethical behaviors or to raise red flags of potential unethical issues or inability to report such issues promptly to the correct level in the organization.

In summary, the additional value created by combining of the results of the traditional fraud risk assessment with an ethical baseline assessment can help CFEs better determine areas of risk and control that should be considered in building the fraud prevention and response plans. For example, fraud risk schemes that are heavily dependent on controls that can be easily overridden by management may require more frequent assurance from prevention professionals than those schemes that are mitigated by system-based controls. And an organization with a weak ethical baseline may require more frequent assessment of detective control procedures than one with a strong ethical baseline, which might rely on broader entity-level controls. By adding ethical climate evaluation to their standard fraud risk assessment procedures, CFEs can tie up what otherwise might be a major loose-end in their risk evaluation.

A Ship of Fools

Our Chapter’s January-February 2018 lecture for CPE credit is concerned with the broader ethical implications of the types of fraud, many interlocking and coordinated, that made up the 2007-2008 Great Recession.  At the center of the scandal were ethically challenged actions by bank managements and their boards, but also by the investment companies and ratings agencies, who not only initiated much of the fraud and deception but, in many cases, actively expanded and perpetuated it.

Little more than a glance at the historical record confirms that deception by bank executives of regulators and of their own investors about illegal activity or about the institution’s true financial condition to conceal poor performance, poor management, or questionable transactions is not new to the world of U.S. finance. In fact, it was a key practice during the meltdown of the financial markets in 2007. In addition, the period saw heated debate about alleged deception by the rating agencies, Standard & Poor’s, Moody’s, and Fitch, of major institutional investors, who depended on the agencies’ valuations of subprime-backed securities in the making of investment decisions. Thus, not only deceptive borrowers and unscrupulous mortgage brokers and appraisers contributed to the meltdown. The maelstrom of lies and deception that drove the entire U.S. financial system in mid to late 2005 accelerated to the point of no return, and the crisis that ensued proved unavoidable.

There were ample instances of bank deception in the years leading up to the Great Depression of the 1930’s. The facts came out with considerable drama and fanfare through the work of the era’s Pecora Commission. However, the breadth and scope of executive deception that came under the legal and regulatory microscope following the financial market collapse of 2007 to 2009 represent some of history’s most brazen cases of concealment of irresponsible lending practices, fraudulent underwriting, shady financial transactions, and intentionally false statements to investors, federal regulators, and investigators.

According to the ACFE and other analysts, the lion’s share of direct blame for the meltdown lies with top executives of the major banks, investment firms, and rating agencies. They charge the commercial bank bosses with perpetuating a boom in reckless mortgage lending and the investment bankers with essentially tricking institutional investors into buying the exotic derivative securities backed by the millions and millions of toxic mortgages sold off by the mortgage lenders. The commercial bank bosses and investment bankers were, according to these observers, aided and abetted by the rating agencies, which lowered their rating standards on high-risk mortgage-backed securities that should never have received investment-grade ratings but did so because the rating agencies were paid by the very investment banks which issued the bonds. The agencies reportedly feared losing business if they gave poor ratings to the securities.

As many CFEs know, fraud is always the principal credit risk of any nonprime mortgage lending operation. It’s impossible in practice to detect fraud without reviewing a sample of the loan files. Paper loan files are bulky, so they are photographed, and the images are stored on computer tapes. Unfortunately, most investors (the large commercial and investment banks that purchased non-prime loans and pooled them to create financial derivatives) didn’t review the loan files before purchasing them and did not even require the original lenders to provide them with the loan tapes requisite for subsequent review and audit.

The rating agencies also never reviewed samples of loan files before giving AAA ratings to nonprime mortgage financial derivatives. The “AAA’ rating is supposed to indicate that there is virtually no credit risk, the risk being thought equivalent to U.S. government bonds, which the finance industry refers to as “risk-free.”  The rating agencies attained their lucrative profits because they gave AAA ratings to nonprime financial derivatives exposed to staggering default risk. A graph of their profits in this era rises like a stairway to the stars. Turning a blind eye to the mortgage fraud epidemic was the only way the rating agencies could hope to attain, and sustain, those profit levels. If they had engaged forensic accountants to review even small samples of nonprime loans, they would have been confronted with only two real choices: (1) rating them as toxic waste, which would have made it impossible to sell the associated nonprime financial derivatives or (2) documenting that they themselves were committing, aiding and abetting, a blatant accounting fraud.

A statement made during the 2008 House of Representatives hearings on the topic of the rating agencies’ role in the crisis represents an apt summary of how the financial and government communities viewed the actions and attitudes of the three rating agencies in the years leading up to the subprime crisis. An S&P employee, testified that “the rating agencies continue to create an even bigger monster, the CDO [collateralized debt obligation] market. Let’s hope we all are wealthy and retired by the time this house of cards falters.”

With respect to bank executives, the examples of proved and alleged deception during the period are so numerous as to almost defy belief. Among the most noteworthy are:

–The SEC investigated Citigroup as to whether it misled investors by failing to disclose critical details about the troubled mortgage assets it was holding as the financial markets began to collapse in 2007. The investigation came only after some of the mortgage-related securities being held by Citigroup were downgraded by an independent rating agency. Shortly thereafter, Citigroup announced quarterly losses of around $10 billion on its subprime-mortgage holdings, an astounding amount that directly contributed to the resignation of then CEO, Charles Prince;

–The SEC conducted similar investigations into Bank of America, now-defunct Lehman Brothers, and Merrill Lynch (now a part of Bank of America);

–The SEC filed civil fraud charges against Angelo Mozilo, cofounder and former CEO of Countrywide Financial Corp. In the highest-profile government legal action against a chief executive related to the financial crisis, the SEC charged Mozilo with insider trading and alleged failure to disclose material information to shareholders, according to people familiar with the matter. Mozilo sold $130 million of Countrywide stock in the first half of 2007 under an executive sales plan, according to government filings.

As the ACFE points out, every financial services company has its own unique internal structure and management policies. Some are more effective than others in reducing the risk of management-level fraud. The best anti-fraud controls are those designed to reduce the risk of a specific type of fraud threatening the organization.  Designing effective anti-fraud controls depends directly on accurate assessment of those risks. How, after all, can management or the board be expected to design and implement effective controls if it is unclear about which frauds are most threatening? That’s why a fraud risk assessment (FRA) is essential to any anti-fraud Program; an essential exercise designed to determine the specific types of fraud to which your client organization is most vulnerable within the context of its existing anti-fraud controls. This enables management to design, customize, and implement the best controls to minimize fraud risk throughout the organization.  Again, according to the ACFE (joined by the Institute of Internal Auditors, and the American Institute of Certified Public Accountants), an organization’s contracted CFEs backed by its own internal audit team can play a direct role in this all-important effort.

Your client’s internal auditors should consider the organization’s assessment of fraud risk when developing their annual audit plan and review management’s fraud management capabilities periodically. They should interview and communicate regularly with those conducting the organization’s risk assessments, as well as with others in key positions throughout the organization, to help them ensure that all fraud risks have been considered appropriately. When performing proactive fraud risk assessment engagements, CFEs should direct adequate time and attention to evaluating the design and operation of internal controls specifically related to fraud risk management. We should exercise professional skepticism when reviewing activities and be on guard for the tell-tale signs of fraud. Suspected frauds uncovered during an engagement should be treated in accordance with a well-designed response plan consistent with professional and legal standards.

As this month’s lecture recommends, CFEs and forensic accountants can also contribute value by proactively taking a proactive role in support of the organization’s underlying ethical culture.

An Ethical Toolbox

As CFE’s we know organizations that have clearly articulated values and a strong culture of ethical behavior tend to control fraud more effectively. They usually have well-established frameworks, principles, rules, standards, and policies that encompass the attributes of generally accepted fraud control. These attributes include leadership, an ethical framework, responsibility structures, a fraud control policy; prevention systems, fraud awareness, third-party management systems, notification systems, detection systems, and investigation systems.

CFE’s are increasingly being called upon to assist in the planning for an assessment of a client organization’s integrity and ethics safeguards and then as active members of the team performing the engagement. The increasing demand for such assessments has grown out of the increasing awareness that a strong ethical culture is a vital part of effective fraud prevention.  Conducting such targeted research within the client organization, within its industry; and its region will help determine the emerging risk areas and potential gaps in most organizational anti-fraud safeguards. Four key elements of integrity and ethics safeguards have emerged over the past few years.  These are the fraud control plan, handling conflicts of interest, shaping ethical dealings with third parties, and natural justice principles for employees facing allegations of wrongdoing.

The need for a fraud control plan is borne out by an organization’s potential fraud losses; typically, about five percent of revenues are lost to fraud each year, according to the ACFE’s 2016 Report to the Nations on Occupational Fraud and Abuse. A fraud control plan typically will articulate an organization’s fraud risks, controls, and mitigation strategies, including:

–Significant business activities;
–Potential areas of fraud risk;
–Related fraud controls;
–Gaps in control coverage and assurance activities;
–Defined remedial actions to minimize fraud risks;
–Review mechanisms evaluating the effectiveness of fraud control strategies.

Management should review and update the fraud control plan periodically and report the results to the audit committee and senior management. Thus, the role of the board and of the audit committee of the board are vital for the implementation of any ethically based fraud control plan. The chairman of the board is, or should be, the chief advocate for the shareholders, and completely independent of management. It is the chairman’s primary job to direct the company’s executives and drive oversight of their activities in the name of the shareholders. An independent and highly skilled audit committee chairman is essential to maintain a robust system of checks and balances over all operations. To be truly effective, the chairman must be independent of those he or she is charged with watching.  The chairmen of the board and the audit committee must devote material time to their duties. While the board can use the company’s oversight functions to maintain a checks and balances process, there is no substitute for personal, direct involvement. The board must be willing to direct inquiries into allegations of misconduct, and have unquestioned confidential spending authority to conduct reviews and investigations as it deems necessary.

One of the most effective compliance tools available to the board is the day-to-day vigilance of the company’s employees. When an individual employee detects wrongdoing, he or she must have an effective and safe method to report observations, such as a third-party ethics hotline that reports to the chairman of the board and audit committee. All employees must be protected from retribution to avoid any possibility of corrupting the process.

A zero-based budgeting process, requiring that the individual elements of the company’s budget be built from the bottom up, reviewed in detail, and justified, can identify unusual spending in numerous corporate and operating units. This provides an in-depth view of spending as opposed to basing the current year’s spending, in aggregate, on last year’s spending, where irregularities may be buried and overlooked.

In organizations with an internal audit division the overall review would typically be performed by Director of Internal Audit (CAE) whom the CFE and other specialists would support. This review should be integrated into the organization’s wider business planning to ensure synergies exist with other business processes, and should link to the organization-wide risk assessment and to other anti-fraud processes.

The ACFE tells us that there is a growing consensus that managing conflicts of interest is critical to curbing corruption. Reports indicate that unmanaged conflicts of interest continue to cost organizations millions of dollars. To minimize these risks, organizations need a clear and well-understood conflict of interest policy, coupled with practical arrangements to implement and monitor policy requirements. Stated simply, a conflict of interest occurs when the independent judgment of a person is swayed, or might be swayed, from making decisions in the best interest of others who are relying on that judgment. An executive or employee is expected to make judgments in the best interest of the company. A director is legally expected to make judgments in the best interest of the company and of its shareholders, and to do so strategically so that no harm and perhaps some benefit will come to other stakeholders and to the public interest. A professional accountant is expected to make judgments that are in the public interest. Decision makers usually have a priority of duties that they are expected to fulfill, and a conflict of interests confuses and distracts the decision maker from that duty, resulting in harm to those legitimate expectations that are not fulfilled. Sometimes the term apparent conflict of interest is used, but it is a misnomer because it refers to a situation where no conflict of interest exists, although because of lack of information someone other than the decision maker would be justified in concluding (however tentatively) that the decision maker does have one

A special or conflicting interest could include any interest, loyalty, concern, emotion, or other feature of a situation tending to make the decision maker’s judgment (in that situation) less reliable than it would normally be, without rendering the decision maker incompetent. Commercial interests and family connections are the most common sources of conflict of interest, but love, prior statements, gratitude, and other subjective tugs on judgment can also constitute interest in this sense.

The perception of competing interests, impaired judgment, or undue influence also can be a conflict of interest. Good practices for managing conflicts of interest involve both prevention and detection, such as:

–Promoting ethical standards through a documented, explicit conflict of interest policy as well as well-stated values and clear conflicts provisions in the code of ethics;
–Identifying, understanding, and managing conflicts of interest through open and transparent communication to ensure that decision-making is efficient, transparent, and fair, and that everyone is aware of what to do if they suspect a conflict;
–Informing third parties of their responsibilities and the consequences of noncompliance through a statement of business ethics and formal contractual requirements;
–Ensuring transparency through well-established arrangements for declaring and registering gifts and other benefits;
–Ensuring that decisions are made independently, with evidence that staff and contractors routinely declare all actual, potential, and perceived conflicts of interests, involving at-risk areas such as procurement, management of contracts, human resources, decision-making, and governmental policy advice;
–Establishing management, internal controls, and independent oversight to detect breaches of policy and to respond appropriately to noncompliance.

Contemporary business models increasingly involve third parties, with external supplier costs now representing one of the most significant lines of expenditure for many organizations. Such interactions can provide an opportunity for fraud and corruption. An enterprise’s strong commitment to ethical values needs to be communicated to suppliers through a Statement of Business Ethics. Many forward-thinking organizations already have codes of ethics in place that set out the values and ethical expectations of both their board members and staff. The board code of conduct should define the behavioral standards for members, while the staff code of conduct should detail standards for employee conduct and the sanctions that apply for wrongdoing. Similar statements also are appropriate for third parties such as suppliers, service providers, and business partners.

A statement of business ethics outlines both acceptable and unacceptable practices in third-party dealings with an organization. Common features include:

–The CEO’s statement on the organization’s commitment to operating ethically;
–The organization’s values and business principles;
–What third parties can expect in their dealings with the organization and the behaviors expected of them;
–Guidance related to bribery, gifts, benefits, hospitality, travel, and accommodation; conflicts of interest; confidentiality and privacy of information; ethical communications; secondary employment; and other expectations.
–Contact information for concerns, clarification, reporting of wrongdoing, and disputes.

Once established, the organization needs to implement a well-rounded communication strategy for the statement of business ethics that includes education of staff members, distribution to third parties, publication on the organization’s website, references to it in the annual report, and inclusion in future tender proposals and bid packs.

Engaged and capable employees underpin the success of most organizations, yet management does not always recognize the bottom-line effects and employee turnover costs when innocent employees are the subject of allegations of fraud and other wrongdoing. About 60 percent of allegations against employees turn out to be unsubstantiated, according to the ACFE. A charter of rights compiles in a single document all the information that respondents to allegations of wrongdoing may require. Such a charter should be written in an easy-to-understand style to meet the needs of its target audience. It should:

–Outline the charter’s purpose, how it will operate, how it supports a robust complaints and allegations system, and how it aligns with the organization’s values;
–Describe how management handles workplace allegations and complaints, and ensure principles of natural justice and other legislative obligations, such as privacy, are in place;
–Provide a high-level overview diagram of the allegation assessment and investigation process, including the channels for submitting allegations; the distinct phases for logging, assessing, and investigating the allegations; and the final decision-making phase;
–Include details of available support such as contact information for human resource specialists, details about an external confidential employee help line, and processes for updates throughout the investigation;
–Illustrate the tiered escalation process for handling allegations that reflects (at one end) how issues of a serious, sensitive, or significant nature are addressed, and encourages (at the other end) the handling of low level localized issues as close to the source as possible;
–Provide answers to frequent questions that respondents might have about the process for dealing with allegations, such as “What can I expect?” “Are outcomes always reviewable?” “What does frivolous and vexatious mean?” “What will I be told about the outcome?” and “What happens when a process is concluded?”;
–Outline the options for independent reviews of adverse investigation outcomes.

For Appearance Sake

By Rumbi Petrozzello, CPA/CFF, CFE
2017 Vice-President – Central Virginia Chapter ACFE

Last Thursday, the 15th of June 2017, the New York State Senate Committee on Ethics and Internal Governance met. The previous sentence reads like a big yawn with which no one, beyond perhaps the members of the committee itself, would be concerned. However, this meeting was big news. The room was packed with members of the media and every member of the committee was in attendance. Why? Because this was the first meeting the committee had empaneled since 2009, as confirmed by the committee’s published archive of events. It turns out that it was indeed a big deal that all committee members were in attendance because, for eight years straight, none of the committee members had attended a single meeting.

If you are thinking that the ethics committee did not meet for eight years because there were no ethical issues to discuss and our state’s legislative leadership practiced only ethical and upright behavior, you would be sorely mistaken. John Sampson, the State Senator who chaired the committee at that last meeting in 2009 was found guilty, of obstruction of justice and of lying to federal agents in 2015 and sentenced to jail time in January 2017. Evidently, taking their cues from the tone at the top evidenced by the leadership of their ethics committee, during the same eight-year meeting hiatus, seven other state senators were convicted on charges that included mail fraud, looting a nonprofit and bribery.

So, you might ask, what happened at the meeting last week? The committee had come together to discuss stipends, that are supposed to go to committee chairs, that were apparently also being paid to committee vice-chairs (and, in one case, to a deputy vice-chair, whatever that is). There was a motion proposed to stop making these payments to anyone but the committee chair. It seems that just coming together was more than enough work for the committee and, therefore, they tabled the motion, a motion that would not even have been binding, until its next meeting. It should be noted that two of the senators receiving this chair stipend, as vice-chairs, serve on the ethics committee and both voted to postpone voting on the motion. It would be laughable if it were a laughing matter.

Think about where you work and about all the clients with whom we work, as fraud examiners and forensic accountants. We work with our clients and with those who employ us to suggest comprehensive policies that cover good business practices and ethical behaviors and actions. Reading about the shenanigans of the State Senate Committee on Ethics recalled several thoughts:

The assumption that personnel will automatically be motivated to behave as corporate owners want is no longer valid. People are motivated more by self-interest than in the past and are likely to come from backgrounds that emphasize different priorities of duty. As a result, there is greater need than ever for clear guidance and for identifying and effectively managing threats to good governance and accountability.

Even when different employee backgrounds are not an issue, personnel can misunderstand the organization’s objectives and their own role and fiduciary duty. For example, many directors and employees at Enron evidently believed that the company’s objectives were best served by actions that brought short term profit:

—through ethical dishonesty, manipulation of energy markets or sham displays of trading floors;
—through book keeping that was illusory;
—through actions that benefited themselves at the expense of other stakeholders.

Frequently, employees are tempted to cut ethical corners, and they have done so because they believed that their top management wanted them to; they were ordered to do so; or they were encouraged to do so by misguided or manipulative incentive programs. These actions occurred although the board of directors would have preferred (sometimes with hindsight) that they had not. Personnel simply misunderstood what was expected by the board because guidance was unclear or they were led astray and did not understand that they were to report the problem for appropriate corrective action, or to whom or how.

Among our clients, lack of proper guidance or reporting mechanisms may have been the result of directors and others not understanding their duties as fiduciaries. Directors owe shareholders and regulators several duties, including obedience, loyalty, and due care. Recognition of the increasing complexity, volatility and risk inherent in modern corporate interests and operations, particularly as their scope expands to diverse groups and cultures has led to the requirement for risk identification, assessment and management systems.

  • If our client businesses want to do an excellent job at implementing effective ethics programs, orientation of new employees should always involve a review of the code of ethical practice by the staff tasked with compliance and with enforcing policies. How many entities are actively practicing what they preach during such sessions? The values that a company’s directors wish to instill to motivate the beliefs and actions of its personnel need to be conveyed to provide the required guidance. Usually, such guidance takes the form of a code of conduct that states the values selected, the principles that flow from those values, and any rules that are to be followed to ensure that appropriate values are respected.
  • After orientation, what steps are companies taking to maintain their ethics programs on an on-going basis? Principles are more useful to employees than just rules because principles facilitate interpretation when the precise circumstances encountered do not exactly fit the rules prescribed. A blend of principles and rules is often optimal in maintaining of a code of conduct in the long term.
  • Is leadership periodically coming together to talk about where their firm stands when it comes to ethics and compliance? A code on its own may be nothing more than ‘ethical art’ that hangs on the wall but is rarely studied or followed. Experience has revealed that, to be effective, a code must be reinforced by a comprehensive ethical culture.
  • Is anyone reviewing how whistleblowing claims are being dealt with? Does the company even have a whistleblower program? If so, does the staff even know about it and how it works? Whistle-blowers are part of a needed monitoring, risk management and remediation system.
  • Is leadership setting a positive tone at the top and displaying the behaviors that it is demanding from employees? The ethical behavior expected must be referred to in speeches and newsletters by top management as often as they refer to their health and safety programs, or to their antipollution program or else it will be viewed as less important by employees. If personnel never or rarely hear about ethical expectations, they will perceive them as not a serious priority.

Once, I worked at a company where senior management smoked in the office; behavior that is illegal and was, on paper, not allowed. When staff members complained to human resources, no corrective action was taken. Frustrated, some staff members called the city hotline to file a report. Following visits from the city, human resources put up no smoking signs and then notices encouraging employees to keep reports of inappropriate staff smoking internal. By only paying lip service to policy, this company’s management seemed populated by future candidates for the State’s Senate Ethics Committee. But my former employer doesn’t stand alone as evidenced by frauds at Wells Fargo and at others. A company can pull out screeds of rules and regulations, but what matters most is what the staff knows and what the leadership does.

In the case of the New York State Senate Committee on Ethics and Internal Governance, what it did was delay a vote on the issues before it until the next meeting. And when will the next meeting be? After taking eight years to set up its last meeting, the committee was in no hurry to set a date for the next. They adjourned without scheduling the next one. They did, however, take a moment to congratulate themselves on attending this meeting. You can’t forget the important stuff.

Rigging the Casino

I attended an evening lecture some weeks ago at the Marshall-Wythe law school of the College of William & Mary, my old alma mater, in Williamsburg, Virginia. One of the topics raised during the lecture was a detailed analysis of the LIBOR scandal of 2012, a fascinating tale of systematic manipulation of a benchmark interest rate, supported by a culture of fraud in the world’s biggest banks, and in an environment where little or no regulation prevailed.

After decades of abuse that enriched the big banks, their shareholders, executives and traders, at the expense of others, investigations and lawsuits were finally initiated, and the subsequent fines and penalties were huge. The London Interbank Offered Rate (LIBOR) rate is a rate of interest, first computed in 1985 by the British Banking Association (BBA), the Bank of England and others, to serve as a readily available reference or benchmark rate for many financial contracts and arrangements. Prior to its creation, contracts utilized many privately negotiated rates, which were difficult to verify, and not necessarily related to the market rate for the security in question. The LIBOR rate, which is the average interest rate estimated by leading banks that they would be charged if they were to borrow from other banks, provided a simple alternative that came to be widely used. For example, in the United States in 2008 when the subprime lending crisis began, around 60 percent of prime adjustable-rate mortgages (ARMs) and nearly all subprime mortgages were indexed to the US dollar LIBOR. In 2012, around 45 percent of prime adjustable rate mortgages and over 80 percent of subprime mortgages were indexed to the LIBOR. American municipalities also borrowed around 75 percent of their money through financial products that were linked to the LIBOR.

At the time of the LIBOR scandal, 18 of the largest banks in the world provided their estimates of the costs they would have had to pay for a variety of interbank loans (loans from other banks) just prior to 11:00 a.m. on the submission day. These estimates were submitted to Reuters news agency (who acted for the BBA) for calculation of the average and its publication and dissemination. Reuters set aside the four highest and four lowest estimates, and averaged the remaining ten.

So huge were the investments affected that a small manipulation in the LIBOR rate could have a very significant impact on the profit of the banks and of the traders involved in the manipulation. For example, in 2012 the total of derivatives priced relative to the LIBOR rate has been estimated at from $300-$600 trillion, so a manipulation of 0.1% in the LIBOR rate would generate an error of $300-600 million per annum. Consequently, it is not surprising that, once the manipulations came to light, the settlements and fines assessed were huge. By December 31, 2013, 7 of the 18 submitting banks charged with manipulation, had paid fines and settlements of upwards of $ 2 billion. In addition, the European Commission gave immunity for revealing wrongdoing to several the banks thereby allowing them to avoid fines including: Barclays €690 million, UBS €2.5 billion, and Citigroup €55 million.

Some examples of the types of losses caused by LIBOR manipulations are:

Manipulation of home mortgage rates: Many home owners borrow their mortgage loans on a variable- or adjustable-rate basis, rather than a fixed-rate basis. Consequently, many of these borrowers receive a new rate at the first of every month based on the LIBOR rate. A study prepared for a class action lawsuit has shown that on the first of each month for 2007-2009, the LIBOR rate rose more than 7.5 basis points on average. One observer estimated that each LIBOR submitting bank during this period might have been liable for as much as $2.3 billion in overcharges.

Municipalities lost on interest rate swaps: Municipalities raise funds through the issuance of bonds, and many were encouraged to issue variable-rate, rather than fixed-rate, bonds to take advantage of lower interest payments. For example, the saving could be as much as $1 million on a $100 million bond. After issue, the municipalities were encouraged to buy interest rate swaps from their investment banks to hedge their risk of volatility in the variable rates by converting or swapping into a fixed rate arrangement. The seller of the swap agrees to pay the municipality for any requirement to pay interest at more than the fixed rate agreed if interest rates rise, but if interest rates fall the swap seller buys the bonds at the lower variable interest rate. However, the variable rate was linked to the LIBOR rate, which was artificially depressed, thus costing U.S. municipalities as much as $10 billion. Class action suits were launched to recover these losses which cost municipalities, hospitals, and other non-profits as much as $600 million a year; the remaining liability assisted the municipalities in further settlement negotiations.

Freddie Mac Losses: On March 27, 2013, Freddie Mac sued 15 banks for their losses of up to $3 billion due to LIBOR rate manipulations. Freddie Mac accused the banks of fraud, violations of antitrust law and breach of contract, and sought unspecified damages for financial harm, as well as punitive damages and treble damages for violations of the Sherman Act. To the extent that defendants used false and dishonest USD LIBOR submissions to bolster their respective reputations, they artificially increased their ability to charge higher underwriting fees and obtain higher offering prices for financial products to the detriment of Freddie Mac and other consumers.

Liability Claims/Antitrust cases (Commodities-manipulations claims): Other organizations also sued the LIBOR rate submitting banks for anti-competitive behavior, partly because of the possibility of treble damages, but they had to demonstrate related damages to be successful. Nonetheless, credible plaintiffs included the Regents of the University of California who filed a suit claiming fraud, deceit, and unjust enrichment.

All of this can be of little surprise to fraud examiners. The ACFE lists the following features of moral collapse in an organization or business sector:

  1. Pressure to meet goals, especially financial ones, at any cost;
  2. A culture that does not foster open and candid conversation and discussion;
  3. A CEO who is surrounded with people who will agree and flatter the CEO, as well as a CEO whose reputation is beyond criticism;
  4. Weak boards that do not exercise their fiduciary responsibilities with diligence;
  5. An organization that promotes people based on nepotism and favoritism;
  6. Hubris. The arrogant belief that rules are for other people, but not for us;
  7. A flawed cost/benefit attitude that suggests that poor ethical behavior in one area can be offset by good ethical behavior in another area.

Each of the financial institutions involved in the LIBOR scandal struggled, to a greater or lesser degree with one or more of these crippling characteristics and, a distressing few, manifested all of them.

Overhanging Liabilities

Most experienced CFE’s are familiar with financial fraud cases involving the overhanging liabilities represented by artfully constructed schemes to avoid income taxes since multiple ACFE training courses over the years have focused on the topic in detail.  But for those new to fraud examination and to the Central Virginia Chapter, a little history.  Before 2002, accounting firms would provide multiple services to the same firm. Hired by the shareholders, they would audit the financial statements that were prepared by management, while also providing consulting services to those same managers. Some would also provide tax advice to the managers of audit clients. However, the Sarbanes-Oxley Act of 2002 (SOX) restricted the type and the intensity of consulting services that could be provided to the management of audit clients because the provision of such services might compromise the objectivity of the auditor when auditing the financial statements prepared by client management on behalf of the shareholders. Nevertheless, both before and after the passage of SOX, as subsequently reported in the financial press, both the major accounting firms Ernst & Young (E&Y) and KPMG were offering very aggressive tax shelters to wealthy taxpayers as well as to the senior managers of their audit clients.

In the 1990s, E&Y had created four tax shelters that they were selling to wealthy individuals. One Of them, called E.C.S., for Equity Compensation Strategy, resulted in little or no tax liability for the taxpayer. The complicated tax plan was a means of delaying, for up to thirty years, paying taxes on the profits from exercising employee stock options that would otherwise be payable in the year in which the stock options were exercised. E&Y charged a fee of 3 percent of the amount that the taxpayer invested in the tax shelter, plus $50,000 to a law firm for a legal opinion that said that it was “more likely than not” that the shelter would survive a tax audit. E&Y had long been the auditor for Sprint Corporation. They also took on as clients William Esrey and Ronald LeMay, the top executives at Sprint. In 2000 E&Y received:

  • $2.5 million for the audit of Sprint,
  • $2.6 million for other services related to the audit;
  • $63.8 million for information technology and other consulting services, and
  • $5.8 million from Esrey and LeMay for tax advice.

In 1999 Esrey announced a planned merger of Sprint with WorldCom that potentially would have made the combined organization the largest telecommunications company in the world. The deal was not consummated because it failed to obtain regulatory approval. Nevertheless, Esrey and LeMay were awarded stock options worth about $3ll million. E&Y sold an E.C.S. to each of the two executives. In the three years from 1998 to 2000, the options profits for Esrey were $159 million and the tax that would have been payable had he not bought the tax shelter amounted to about $63 million. The options profits for LeMay were $152.2 million and the tax thereon about $60.3 million.

Subsequently, the Internal Revenue Service rejected the E&Y tax shelter of each man. Sprint then asked the two executives to resign, which they did. Sprint also dismissed E&Y as the company’s auditor. On July 2, 2003, E&Y reached a $15 million settlement with the IRS regarding their aggressive marketing of tax shelters. Then, in 2007, four E&Y partners were charged with tax fraud. These four partners worked for an E&Y unit called VIPER, “value ideas produce extraordinary results,” later renamed SISG, “strategic individual solutions group.” Its purpose was to aggressively market tax shelters, known as Cobra, Pico, CDS, and CDS Add-Ons, to wealthy individuals, many of whom acquired their fortunes in technology-related businesses. These four products were sold to about 400 wealthy taxpayers from 1999 to 2001 and generated fees of approximately $121 million. The government claims that the tax shelters were bogus and taxpayers were reassessed for taxes owed as well as for related penalties and interest.

On August 26, 2005, KPMG in turn agreed pay a fine of $456 million for selling tax shelters from 1996 through 2003 that fraudulently generated $11 billion in fictitious tax losses that cost the government at least $2.5 billion in lost taxes. The four tax shelters went by the acronyms FLIP, OPIS, BLIPS, and SOS.  Under the Bond Linked Premium Issue Structure (BLIPS), for example, the taxpayer would borrow money from an offshore bank and invest in a joint venture that would buy foreign currencies from that same offshore bank. About two months later, the joint venture would then sell the foreign currency back to the bank, creating a tax loss. The taxpayer would then declare. a loss for tax purposes on the BLIPS investment. The way that BLIPS were structured, the taxpayer only had to pay $1.4 million to declare a $20 million loss for tax purposes. BLIPS were targeted at wealthy executives who would normally pay between $10 million and $20 million in taxes.

Buying a BLIPS, however, effectively reduced the investor’s taxable income to zero. They were sold to 186 wealthy individuals and generated at least $5 billion in tax losses. The FLIP and OPIS involved investment swaps through the Cayman Islands, and SOS was a currency swap like the BLIPS. The government contended that these were sham transactions since the loans and investments were risk-free. Their sole purpose was to artificially reduce taxes. Some argued that the KPMG tax shelters were so egregious that the accounting firm should be put out of business. However, Arthur Andersen had collapsed in 2002, and if KPMG failed, then there would be only three large accounting firms remaining: Deloitte, PricewaterhouseCoopers, and Ernst & Young. KPMG Chairman, Timothy Flynn, said “the firm regretted taking part in the deals and sent a message to employees calling the conduct inexcusable. KPMG remained in business, but the firm was fined almost a half billion dollars.

Because of the Ernst & Young and KPMG tax fiascos, the large accounting firms have become wary of marketing very aggressive tax shelters. Now, most shelters are being sold by tax “boutiques” that operate on a much smaller scale and so are less likely to be investigated by the IRS.  The question that remains, however, is to what extent should professional accountants be selling services that directly or indirectly abet even lawful tax avoidance which, as the ACFE tells us,  can so easily shade into what the IRS calls tax evasion?

Beyond the Sniff Test

Many years ago, I worked with a senior auditor colleague (who was also an attorney) who was always talking about applying what he called “the sniff test” to any financial transaction that might represent an ethical challenge.   Philosophical theories provide the bases for useful practical decision approaches and aids like my friend’s sniff test, although we can expect that most of the executives and professional accountants we work with as CFEs are unaware of exactly how and why this is so. Most seasoned directors, executives, and professional accountants, however, have developed tests and commonly used rules of thumb that can be used to assess the ethicality of decisions on a preliminary basis. To their minds, if these preliminary tests give rise to concerns, a more thorough analysis should be performed using any number of defined approaches and techniques.

After having heard him use the term several times, I asked my friend him if he could define it.  He thought about it that morning and later, over lunch, he boiled it down to a series of questions he would ask himself:

–Would I be comfortable as a professional if this action or decision of my client were to appear on the front page of a national newspaper tomorrow morning?
–Will my client be proud of this decision tomorrow?
–Would my client’s mother be proud of this decision?
–Is this action or decision in accord with the client corporation’s mission and code?
–Does this whole thing, in all its apparent aspects and ramifications, feel right to me?

Unfortunately, for their application in actual practice, although sniff tests and commonly used rules are based on ethical principles and are often preliminarily useful, they rarely, by themselves, represent a sufficiently comprehensive examination of the decision in question and so can leave the individuals and client corporations involved vulnerable to making unethical decisions.  For this reason, more comprehensive techniques involving the impact on client stakeholders should be employed whenever a proposed decision is questionable or likely to have significant consequences.

The ACFE tells us that many individual decision makers still don’t recognized the importance of stakeholder’s expectations of rightful conduct. If they did, the decisions made by corporate executives and by accountants and lawyers involved in the Enron, Arthur Andersen, WorldCom, Tyco, Adephia, and a whole host of others right up to the present day, might have avoided the personal and organizational tragedies that occurred. Some executives were motivated by greed rather than by enlightened self-interest focused on the good of all. Others went along with unethical decisions because they did not recognize that they were expected to behave differently and had a duty to do so. Some reasoned that because everyone else was doing something similar, how could it be wrong? The point is that they forgot to consider sufficiently the ethical practice (and duties) they were expected to demonstrate. Where a fiduciary duty was owed to future shareholders and other stakeholders, the public and personal virtues expected (character traits such as integrity, professionalism, courage, and so on), were not sufficiently considered. In retrospect, it would have been wise to include the assessment of ethical expectations as a separate step in any Enterprise Risk Management (ERM) process to strengthen governance and risk management systems and guard against unethical, short-sighted decisions.

It’s also evident that employees who continually make decisions for the wrong reasons, even if the right consequences result, can represent a high governance risk.  Many examples exist where executives motivated solely by greed have slipped into unethical practices, and others have been misled by faulty incentive systems. Sears Auto Center managers were selling repair services that customers did not need to raise their personal commission remuneration, and ultimately caused the company to lose reputation and future revenue.  Many of the classic financial scandals of recent memory were caused by executives who sought to manipulate company profits to support or inflate the company’s share price to boost their own stock option gains. Motivation based too narrowly on self-interest can result in unethical decisions when proper self-guidance and/or external monitoring is lacking. Because external monitoring is unlikely to capture all decisions before implementation, it is important for all employees to clearly understand the broad motivation that will lead to their own and their organization’s best interest from a stakeholder perspective.

Consequently, decision makers should take motivations and behavior expected by stakeholders into account specifically in any comprehensive ERM approach, and organizations should require accountability by employees for those expectations through governance mechanisms. Several aspects of ethical behavior have been identified as being indicative of mens rea (a guilty mind).  If personal or corporate behavior does not meet shareholder ethical expectations, there will probably be a negative impact on reputation and the ability to reach strategic objectives on a sustained basis in the medium and long term.

The stakeholder impact assessment broadens the criteria of the preliminary sniff test by offering an opportunity to assess the motivations that underlie the proposed decision or action. Although it is unlikely that an observer will be able to know with precision the real motivations that go through a decision maker’s mind, it is quite possible to project the perceptions that stakeholders will have of the action. In the minds of stakeholders, perceptions will determine reputational impacts whether those perceptions are correct or not. Moreover, it is possible to infer from remuneration and other motivational systems in place whether the decision maker’s motivation is likely to be ethical or not. To ensure a comprehensive ERM approach, in addition to projecting perceptions and evaluating motivational systems, the decisions or actions should be challenged by asking such questions as:

Does the decision or action involve and exhibit the integrity, fairness, and courage expected? Alternatively, does the decision or action involve and exhibit the motivation, virtues, and character expected?

Beyond the simple sniff test, stakeholder impact analysis offers a formal way of bringing into a decision the needs of an organization and its individual constituents (society). Trade-offs are difficult to make, and can benefit from such advances in technique. It is important not to lose sight of the fact that the concepts of stakeholder impact analysis need to be applied together as a set, not as stand-alone techniques. Only then will a comprehensive analysis be achieved and an ethical decision made.

Depending on the nature of the decision to be faced, and the range of stakeholders to be affected, a proper analysis could be based on any of the historical approaches to ethical decision making as elaborated by ACFE training and discussed so often in this blog.  A professional CFE can use stakeholder analysis in making decisions about financial fraud investigations, fraud related accounting issues, auditing procedures, and general practice matters, and should be ready to prepare or assist in such analyses for employers or clients just as is currently the case in other areas of fraud examination. Although many hard-numbers-oriented executives and accountants will be wary of becoming involved with the “soft” subjective analysis that typifies stakeholder and ethical expectations analysis, they should bear in mind that the world is changing to put a much higher value on non-numerical information. They should be wary of placing too much weight on numerical analysis lest they fall into the trap of the economist, who, as Oscar Wilde put it: “knew the price of everything and the value of nothing.”

Talking Through the Hindrances

That control self-assessment (CSA) can be used as an effective facilitation tool to develop fraud risk assessments is, I’m sure, of no surprise to many of the readers of this blog.  But, for those of you who are not so aware … typically, a control self-assessment session to identify fraud risk is a facilitated meeting of managerial and operational staff (the business process experts) coming together to openly discuss fraud risk prevention objectives related to identified risk factors associated with one or more of a company’s business processes.

Fraud prevention objectives for the business process are identified, as well as obstacles impeding the success of those objectives.  Finally, the team suggests, for upper management consideration, ways to overcome identified obstacles and a proposed corrective action plan is prepared.  At the start of the self-assessment session, the participants adopt a Team Operating Agreement to ensure that an open and honest discussion takes place in a threat free environment.  It takes a consensus of the participants to approve the operating agreement which all the participants in the session sign; no management decisions regarding actions to be taken are made during the session.

After the Operating Team Agreement is in place, team members typically develop and approve what they perceive to be a list of fraud prevention objectives for the target business process under discussion.  Once the anti-fraud objectives are defined, the participants enter a discussion (and develop a list) of what they feel to be the existing overall fraud prevention strengths of the subject process.  Next, the team discusses and develops a list of the hindrances currently preventing the process from achieving its anti-fraud related objectives.  Finally, the team develops recommendations for overcoming the identified hindrances.  Sometimes the team ranks its fraud reduction recommendations by order of importance but this step is not critical.

A CSA for fraud prevention is akin to a risk assessment brainstorming session.  For example, the scope of such a session regarding a financial reporting related business process might be tailored to the risks of financial statement fraud and misstatement as well as to the issue of management override of controls over financial statement reporting.  The objective of the CSA is for the team to identify and discuss fraud risks, fraud scenarios and mitigating controls followed by the preparation of a set of recommendations for referral to management.

For each risk factor identified the CSA team should:

–try to identify what would cause a fraud to occur, or detail the risk factor itself;
–determine the specific fraud risk;
–determine potential fraud schemes or scenarios associated with the risk;
–identify affected financial accounts;
–identify staff positions that could potentially be involved;
–try to assess the type, likelihood, significance and inherent risk involved;
–formulate the controls that could mitigate the risk;
–classify the controls by type (i.e., preventative, detective, entity, and process level);
–identify and assess residual risk.

Certified fraud examiners (CFE’s) have an active role to play in tailoring the CSA format for use in risk identification and mitigation as well as in performing actual facilitation of the CSA sessions.   Specifically, CFE’s can help client staff develop a more detailed, in-depth understanding of complex fraud risks that management and operational staff sometimes only vaguely perceive.  Armed with the knowledge developed during the CAE session(s) and coupled with their risk assessment and group facilitation skills, CFE’s can assist management and the audit committee of the client to identify, assess, and develop final fraud risk mitigation strategies to strengthen the fraud prevention program of the organization as a whole.  Following what are sometimes multiple CAE sessions, CFE’s can assist the team in detailing the menu of anti-fraud measures developed during the individual sessions in a report to client management embodying the anti-fraud recommendations of the CAE session members to the Executive Management Team and to the audit committee for their consideration.  It’s up to top management to decide which of the CSA team’s anti-fraud recommendations to implement and which of the team’s identified risks to accept.

Just a few of the advantages of conducting fraud prevention related CAE’s for critical client business processes include:

–building fraud risk awareness among those middle level managers charged with day-to- day management of our client companies business processes;
–mapping organization wide fraud prevention efforts to specific business processes;
–establishing links between information technology (IT) systems development projects and the broader fraud prevention program;
–identifying, documenting and integrating fraud prevention skill sets across all the business processes of the organization;
–support for the construction of a strong, management supported fraud prevention program that enjoys full management and board support company wide.

Finally, consider the advantages that the self assessment process brings to the ethical dimension of the utilizing enterprise.  The values that a corporation’s managers and directors wish to instill in order to motivate the beliefs and actions of its personnel need to be conveyed to provide the required guidance.  Usually such guidance takes the form of a code of conduct that states the values selected, the principles that flow from those values, and any rules that are to be followed to ensure that the appropriate values are respected.

The code of conduct itself is a worthy subject for a series of separate control self assessment sessions composed of representative levels of company staff such as the management team, lower level management and the operating staff.  The results of these sessions can be analyzed and a final comprehensive report produced documenting the comments (and even suggested revisions) that CSA participants have made regarding the code during their respective sessions.  This exercise is, thus,  an excellent vehicle to build “ownership of the code” among the staff comprising all levels of the enterprise.