WHO’S DOING WHAT, WHERE: BEST PRACTICES INTEGRATING … · WHO’S DOING WHAT, WHERE: BEST PRACTICES INTEGRATING ANTI-BRIBERY AND CORRUPTION ANALYTICS INTO YOUR FCPA COMPLIANCE
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
WHO’S DOING WHAT, WHERE: BEST PRACTICES
INTEGRATING ANTI-BRIBERY AND CORRUPTION ANALYTICS INTO YOUR FCPA COMPLIANCE PROGRAM
According to the ACFE's 2010 Report to the Nations on Occupational Fraud and Abuse,
corruption and bribery is one of the leading fraud schemes within today's organizations. This session covers prime analytics and techniques—including text mining, journal entry analysis, and data visualization—used to detect improper payments.
VINCENT WALDEN, CFE, CPA
Partner Ernst & Young Dallas, Texas
Vincent Walden specializes in text analytics, forensic data mining, and electronic
discovery services, and has over twelve years of experience handling the information management and electronic discovery needs for large-scale, complex litigations, investigations, and proactive anti-fraud programs. Vincent is experienced in providing clients with leading anti-fraud based innovation, research, and analytics, including link analysis, text data mining, metadata analysis, entity extraction, and cluster analysis, that seek to identify or predict fraud risk variables, data anomalies, or data inefficiencies that can lead to unnecessary costs or enterprise risks. Vincent leads teams to help clients discover patterns and anomalies in huge sets of disparate data, with a focus on unstructured, text-based data sources such as e-mail and corporate file share networks.
Prior to joining Ernst & Young, Mr. Walden spent five years specializing in litigation
technology supporting investigative and legal matters at another Big Four firm. Before that, he served as president and CEO of a privately funded Internet company, which has subsequently been sold, as well as a large accounting firm specializing in economic and dispute advisory services.
“Association of Certified Fraud Examiners,” “Certified Fraud Examiner,” “CFE,” “ACFE,” and the ACFE Logo are trademarks owned by the Association of Certified Fraud Examiners, Inc.
► Integrating anti-bribery analytics using email and user documents► Communications with government or high-risk parties► Fraud Triangle analysis► Advanced text mining techniques to identify the who, what, when and why
► Components of an effective 3rd party vendor due diligence process
Current environmentThe perfect storm for fraud & business corruption
Layoffs, unemployment O t it t
Budgets are decreasing.
Companies and organizations are doing more with
less.
Companies are decentralized which has an
immediate effect on internal
controls
Stressed and disaffected
Opportunity
Large government
contracts
Lack of infrastructure and controls in many foreign countries
Page 3
Internal Controls
Internal and External Pressure
unemployment and unease
continue
Personal retirement plans
and market levels remain low
Opportunity to Commit Fraud
Anti-bribery regulatory focus
increased globally
disaffected employees may
have greater ability to
rationalize improper actions
Pressure Rationalization
Employees are working in countries with perception of bribery
May 22, 2008 Presentation titlePage 2
FCPA and UK Anti-Bribery Act compared
► FCPA► Concerns foreign bribery of public
officials only
► Concerns the briber payer only
► Based on business nexus for bribery i.e. award/retention/terms of business
► UK Anti-Bribery Act► Concerns domestic and foreign bribery
of public officials and the private sector
► Concerns the bribe payer and recipient
► Reflects a broader basis for bribery of breach of good faith, impartiality or trust
Page 4
► “Adequate procedures” requirement for publicly traded entities only
► Explicit exceptions for facilitating payments and reasonable marketing expenses
trust
► “adequate procedures” requirements for all businesses within scope
► No exceptions – it will depend on prosecutorial discretion and the facts of the case
► Effective July 1, 2011
Five Key Trends for FCPA enforcement
1.Expect steady uptick in FCPA enforcementPer Assistant Attorney General Lanny Breuer:US Attorney’s office will be teaming with IRS’s Criminal
Page 5
US Attorney s office will be teaming with IRS s Criminal Investigations Unit.
SEC is also increasing: In Aug. 2009, the director of SEC’s enforcement division, Robert Khuzami, announced the creation of a new FCPA Unit.
Five Key Trends for FCPA enforcement
2. Greater focus on individuals (not just the corporation)
“Put simply the prospect of significant prison sentences for
Page 6
Put simply, the prospect of significant prison sentences for individuals should make clear to every corporate executive, every board member, and every sales agent that we will hold you personally accountable for FCPA violations”
-Assistant Attorney General for Criminal Division Lanny Breuer, Feb. 2010
May 22, 2008 Presentation titlePage 3
Five Key Trends for FCPA enforcement
3. Rise in Industry-Wide Investigations Industry-wide investigations started in 2007 and will continue.
Top industries targeted by DOJ and SEC currently are:
Aerospace and Defense
Page 7
Aerospace and DefenseOil and Gas and Oil & Gas Service IndustriesOrthopedic Medical Device MakersFreight forwarding and customsEnergy industryPharmaceutical
Five Key Trends for FCPA enforcement
4. Increasing severity of sanctions The hidden costs: Everybody reads about the fines in the news papers, but just as equally expensive are the:
Page 8
Cost of the investigation (e.g., Siemens had 1.5 million billable hours with $850 million in professional fees and over$100 million e-discovery costs)
Threat of debarment from government contracts if convicted
Remediation expenses – settlement and monitoringagreements after the conviction
Five Key Trends for FCPA enforcement
5. Growing cooperation between U.S. and Non U.S. Authorities
“Its fair to say we have a very active partnership with
Page 9
Its fair to say we have a …very active partnership with an unprecedented level of cooperation with our foreign counterparts”
-Asst. Attorney General Lanny Breuer (Feb. 17, 2010 speech)
Because of Siemens (US fine was $800 million + Germany’s fine was $800 million), governments realize that teaming with the U.S. makes good business sense
May 22, 2008 Presentation titlePage 4
FCPA monetary penalties
► Increased penalties► Siemens $ 1.6 Billion► Halliburton/KBR $579 Million► BAE Systems $400 Million► Snamprogetti $365 Million► Technip $338 Million
► Panalpina settlements► Panalpina $ 82 Million► Pride International $ 56 Million► Shell $ 48 Million► Transocean $ 21 million► Tidewater $ 16 Million
Page 10
► Daimler AG $185 Million► Panalpina $ 82 Million► ABB Ltd $ 58 Million► Pride $ 56 Million► Shell $ 48 Million
► Noble $ 8 Million► Global Santa Fe $ 5 Million
Who’s currently being investigated?Recently disclosed open DOJ investigations:Accenture plc ERHC Energy Inc Pfizer IncAlcoa Furmanite Corporation Raytheon CompanyAllianz SE GlaxoSmithKline plc RINO International CorporationAllied Defense Group Global Crossing Limited Rockwell Automation IncAllison Transmission Golden Minerals Company SchlumbergerAon GSI Group Sciclone Pharmaceuticals IncAstraZeneca Hewlett Packard Sensata TechnologiesAvon Ingersoll-Rand plc Smartmatic CorporationBall Corporation International Business Machines Smith & Nephew plcBHP Billiton Ltd JGC Corporation Smith & Wesson
Page 11
BHP Billiton Ltd JGC Corporation Smith & WessonBio-Rad Laboratories Inc Johnson & Johnson SojitzBiomet Inc. Layne Christensen StatoilHydro ASABJ Services Company LyondellBasell Industries STR Holdings IncBridgestone Corporation Magyar Telekom Telecommunications plc Stryker CorporationBristol-Meyers Squibb Marathon Oil Corporation Sun Microsystems IncCameron International Corporation Maxwell Technologies, Inc. Talecris Biotherapeutics Holdings CorpCB Richard Ellis Medtronic Inc Tata Communications LimitedChina Northeast Petroleum Corporation Merck Team Inc.Covidien plc Millipore Corporation Tenaris SADiageo plc Morgan Stanley Tyco Electronics LTDDiebold Incorporated Nabors Industries Ltd Watts Water Technologies IncDynCorp International LLC Orthofix International N.V. WeatherfordEli Lilly Parker Drilling Company Wright Medical Group IncENSCO International Inc PBSJ Corporation Zimmer Holdings
Framework for ABC Analytics
Page 12
May 22, 2008 Presentation titlePage 5
2010 Corruption Perceptions Index – An International Perspective
Page 13
DOJ’s five elements of an FCPA violation The FCPA potentially applies to any individual, firm, officer, director, employee, or agent of a firm and any stockholder acting on behalf of a firm.
The person making or authorizing the payment must have a corrupt intent, and the payment must be intended to induce the recipient to misuse his official position to
Prohibits payments made in order to assist the firm in obtaining or retaining businessfor or with, or directing businessto any person
Page 14
pdirect business wrongfully to the payer or to any other person.
Prohibits paying, offering, promising to pay (or authorizing to pay or offer) money or anything of value.
Extends only to corrupt payments to a foreign official, a foreign political party or party official, or any candidate for foreign political office.
Anti-Bribery & Corruption Analytics (ABC Analytics) Work PlanElements of an FCPA Violation Sample analytical tests
Who(vendor & agent analysis)
-Stratify agent payments by time period and currency amount-Stratify agent payments by contract or project code-Identify large, round sum payments by agent and frequency-Identify top ten agents with highest expense to fee ratio-Analysis of agent commissions, recurring commissions, large/round dollars, etc.
Page 15
-Identify payments to vendors that not listed in the vendor master-Cluster bottom ten agent payments & frequency
Corrupt Intent(text analytics)
Concept analysis of free text fields of selected GL data: -Cash Disbursements-Travel & Entertainment-Consultant / Agent payments-Marketing expenditures-Charitable expenditures-Customs clearance account-Cost of Sales
May 22, 2008 Presentation titlePage 6
Anti-Bribery & Corruption Analytics Work Plan (continued)Elements of an FCPA Violation Sample analytical tests
Payment(Cash disbursements analysis)
-Cash disbursement analysis, by country-Petty cash account analysis in selected countries-Payments made w/o a P.O. or not in Vendor Master-Compare payment activity to Transparency International’s CPI index (generate heat map)
-Analysis of travel and entertainment, by country-Analysis of payments to charity, by country-Analysis of payments made to customs agents, by countryV d b k d h k / 3rd t d dili
Page 16
-Vendor background checks / 3rd party due diligence
Recipient(Customer / buyer analysis)
-Customer segmentation by country-Government customer segmentation by country-Transparency International’s CPI index-Sale price and margin analysis across customers, by product-Free goods or credits as a percentage of sales
Business Purpose Test(Revenue analysis)
-Trending analysis of revenue by country-Stratification of revenue by country-Trending analysis of revenue by customer-Stratification of revenue by customer-Calculation of effective commission rate paid to agents
Not your traditional accounting tests or mind set
Page 17
Who was monitoring FCPA/corruption risks?
Fraud tree
Revenuerecognition
Nonfinancial
Conflicts of
interest
Bribery andcorruption/
FCPAIllegal
gratuitiesBid-rigging/procurement
Corruption Fraudulent statements
GAAP Reserves
General focus of external auditorsUntil recently, internal and external audit did not consider corruption in their monitoring efforts since it was immaterial to the financial statements. Not anymore.
Page 18
Cash larceny
Theft of other assets – inventory/
AR/fixed assets
Asset misappropriation
Fake vendor
Payroll fraud
T&E fraud
Theft of data
General focus of internal auditors
New tools and methodologies are required to effectively prevent and detect bribery & corruption!These are not your traditional accounting tests and controls.
May 22, 2008 Presentation titlePage 7
Focus on the payment text descriptionsWhat if you saw these terms used as justification for payments to third parties?
Facilitation pay Pay on behalf of
Handover feeSpecial commission
Friend fee
Nobody calls it “bribe expense”
Page 19
Help fee Special payment
Volume contract facilitation
One time payment
Incentive payment
Pay per management
Commission to the customer
► Perform Text Analytics on free text fields
► Conduct “term frequency” analysis for most occurring or unusual transaction descriptions
Text mining in the cash disbursements journalIdentify potentially improper payments
“Volume contract facilitation”“release expense”
Page 20
descriptions
► Capture “concepts”
ABC Analytics: Text mining dash board interface linked to cash disbursements
Page 21
May 22, 2008 Presentation titlePage 8
ABC Analytics: Disbursements AnalysisWho paid what, when, when and why?
Source: ACFE 2010 Report to the Nations On Occupational Fraud
48.5% by tipor accident
May 22, 2008 Presentation titlePage 9
Forensic analytics maturity modelBeyond traditional “rules-based” queries and analytics
Detection RateLow High
Stru
ctur
edD
ata Traditional Rules-Based
Queries and Analytics
Predictive Modeling, Statistical Analysis &
Data Visualization
Page 25
False Positive RateHigh Low
Uns
truc
ture
dD
ata Traditional Keyword
Searching
Text Analytics
Fraud Triangle Analytics
Integrating anti-bribery analytics using financial accounting data
Page 26
Travel & expense analytics
Analytics include:► Where are expenses occurring
(country, state, city) by category?► What is the expense for?► How much?► Who is submitting?► Duplicate expenses
EY’s interactive T&E Expense Review Dashboard
Page 27
► Duplicate expenses► Text mining & keyword search
Questions to ask:► Are there patterns with respect to who executives entertained (state
owned entities, PEPs and other government officials)?► Are there patterns of inappropriate expenses (nightclubs, gift giving, etc.)?► Are there bogus reimbursements to fund improper cash to executives so
they could to entertain public officials?
May 22, 2008 Presentation titlePage 10
Vendor cash disbursement, payment analytics
Analytics include:► Vendor stratification and clustering by amount and over time► Duplicative invoice testing ► Requestor / approver conflicts – fake invoices or ghost vendors► Conflicts of interest – employee and vendor master comparison► Text mining and keyword searching of suspicious payment descriptions► Identify government vendors or payments in unusual foreign currencies
Page 28
► Identify government vendors or payments in unusual foreign currencies
Questions to ask:► Did executives have fake vendors on the vendor master linked to their
home, friends, or personal bank accounts?► Were there duplicative invoices being submitted to extract cash?► Were executives overriding controls to extract cash for bribes?► What are the nature of the vendors that certain executives approved?
FCPA Procurement Red Flags
► Family or business ties to non-U.S. officials/royal family► History of corruption in country or industry► Request for unusually high commission or other payment► Refusal to provide anti-bribery certification► Transactions recorded as “cash”► Over-invoicing, use of non-standard invoices► Unusual bonuses paid to foreign representatives
Page 29
► Unusual bonuses paid to foreign representatives► Large/frequent fourth quarter adjustments► Lack of written agreement► Shell companies► Request for payments to third countries or third parties► Request for increase in compensation during sales campaign► Request for payments in cash or bearer instrument► Lack of experience or track record with product field or industry
Customer analytics
Analytics include:► Customer stratification and clustering by amount and over time► Free goods, credits and discount sales analysis/comparison to customers► Conflicts of interest – employee and customer master comparison
Questions to ask:A t tti f bl t t t f t i ti i
Page 30
► Are any customers getting favorable treatment from certain executives in terms of average sale price, discounts, credits, etc.?
► Are there customers related to certain executives that pose conflict of interest concerns? E.g., family members, same last name, same bank account, same address, etc.
May 22, 2008 Presentation titlePage 11
Challenge: Analyze 400,000 transactions for suspected bribery payments per DOJ subpoena
1. Team reviewed 2,000 transactions from ledger data (text comments, amounts, dates, etc.)► Identified 400 suspicious and 1,600 non-suspicious entries
C t d t ti ti l d l “I S i i ” / “I N t S i i ”
Predictive modeling
Page 31
2. Created statistical model: “Is Suspicious” / “Is Not Suspicious”
3. Applied model to remaining 398,000 additional transactions
4. Identified 14,000 new suspicious transactions ► With confidence over 95% similar to “Is Suspicious”► Identified over $8 million in highly suspicious payments► Methodology accepted by the DOJ for this case
These variables were less important whenpredicting suspicious transactions. Client should focus resources on
Perform Variable Analysis
Predictive modelingFocus on the variables that matter most
Page 32
These three variableswere this highest drivers of suspicious transactions
p g pmonitoring efforts for the three leading drivers, which accounts for 80%of the predictive value.
Integrating anti-bribery analytics using email and user documents
Page 33
May 22, 2008 Presentation titlePage 12
Email and document analysis – government & regulatory considerations
Analytics include:► Targeted keyword search around government projects & entertainment► Keyword search in local language► Domain name searches and review of “.gov” domain names
Page 34
Questions to ask:► Are there improper relationships with government officials / inspectors?► Are there discussions about improper entertainment?► Are there discussions asking for “special treatment”, “special payment”,
etc.?
Email and document analysis
Analytics include:► Targeted keyword search► Social network analysis
(who’s talking to whom)
► Date frequency analysis(who said what, when)
EY’s online review and issue tagging platform
Page 35
► Fraud Triangle Analytics(linking email to components ofthe Fraud Triangle)
Questions to ask:► Are there improper relationships with employees?► Are there improper relationships with government officials/inspectors?► Are there improper relationships with customers or vendors?
The Fraud Triangle¹Applying the theory to email communications
Page 36
1. Donald R. Cressey's “Fraud Triangle” ; Incentive/Pressure, Opportunity and Rationalization are present when fraud exists.
May 22, 2008 Presentation titlePage 13
Interactive Email Analysis DashboardFraud Triangle Analytics to identify top individuals using words of “incentive/pressure”, “opportunity” and “rationalization”
Fraud Triangle Analytics – Interactive Dashboard
Page 37
Advanced E-mail Analytics – text mining
WHO WHAT WHEN WHY
Social Networking Concept Clustering Communication Over Time Sentiment Analysis
Page 38
• People-to-people analysis
• Entity-to-entity analysis
• Map communication linesto organization chart
• Top words mentioned
• Key concepts / topics
• Top or unusual dollar amounts
• Sensitive words / phrases
• When communications occur
• Communication spikes around key business events
• Positive vs. Negative Sentiment
• Top 10 angry or negative emails
•Customer survey analysis
• Employee survey analysis
“Who is talking to whom?
Social Networking Concept Clusteringand Keywords
Communication Over Time Sentiment Analysis
about what? over which time period? how do they feel?”
Integrating investigative skills with both email and financial accounting information (an example)
Email & DocumentAnalysis
2. That vendor nameis searched in the email communications to gather the full context.
Page 39
InterviewForensic Analysis
1. A suspicious vendor is identified in the payables data.
3. Email and transactional data is discussed with interviewee to support confession.
May 22, 2008 Presentation titlePage 14
Components of an effective 3rd party vendor due diligence process
Page 40
Why is third party vendor due diligence important to you?
“Third party due diligence must be robust, thorough, impeccably documented and preserved.”-Former DOJ Fraud Section Deputy Chief Mark Mendelsohn (2005 – 2010), FCPA Conference
Page 41
“Consistency, intentionality, independence and reasonableness –these are the key attributes that characterize a robust, defensible third-party vetting program, regardless of industry sector, degree of workforce/operational distribution or geographic location.”
-EY White Paper
p y ( ),in November 2009
Four components of an effective 3rd party due diligence program
► Consistency — Automating the process of vetting third parties, especially overseas, drives consistency and transparency across the enterprise.
► Management Intention — Does the program reflect management’s intent and actions to provide for a robust third-party due diligence process? Is management doing the best they can with limited resources?
► Independence — Are the decisions objective and performed separately from the
Page 42
► Independence Are the decisions objective and performed separately from the requestor, which may contain inherent conflicts of interest?
► Reasonableness — Given limited resources, taking a risk-based, tiered approach to third-party due diligence helps management allocate resources accordingly. Reasonableness addresses the question “how much is enough?”
May 22, 2008 Presentation titlePage 15
Selected guidance:Organization for Economic Co-Operation & Development (OECD)*
Ethics and compliance programs to include the following essential elements:
► A properly documented risk-based due diligence pertaining to the hiring, as well as the appropriate and regular oversight of business partners
I f b i t f th ’ it t t bidi b
Page 43
► Informs business partners of the company’s commitment to abiding by laws on the prohibitions against foreign bribery, and of the company’s ethics and compliance program or measures for preventing and detecting such bribery, and
► Seeks a reciprocal commitment from business partners
*February 18, 2010 OCED adoption of “Good Practice Guidance on Internal Controls, Ethics and Compliance.”
The supplier vetting activities
Total supplier universe
ire m Che
cks
80,000 third parties
Regulatory & Legal Expectations on Supplier Due Diligence:► Consistently deployed► Reasonable due diligence efforts applied► Independent processes (e.g., minimal management override)► Demonstrated Management’s Involvement