WHO’S DOING WHAT, WHERE: BEST PRACTICES INTEGRATING … · WHO’S DOING WHAT, WHERE: BEST PRACTICES INTEGRATING ANTI-BRIBERY AND CORRUPTION ANALYTICS INTO YOUR FCPA COMPLIANCE

WHO’S DOING WHAT, WHERE: BEST PRACTICES

INTEGRATING ANTI-BRIBERY AND CORRUPTION ANALYTICS INTO YOUR FCPA COMPLIANCE PROGRAM

According to the ACFE's 2010 Report to the Nations on Occupational Fraud and Abuse,

corruption and bribery is one of the leading fraud schemes within today's organizations. This session covers prime analytics and techniques—including text mining, journal entry analysis, and data visualization—used to detect improper payments.

VINCENT WALDEN, CFE, CPA

Partner Ernst & Young Dallas, Texas

Vincent Walden specializes in text analytics, forensic data mining, and electronic

discovery services, and has over twelve years of experience handling the information management and electronic discovery needs for large-scale, complex litigations, investigations, and proactive anti-fraud programs. Vincent is experienced in providing clients with leading anti-fraud based innovation, research, and analytics, including link analysis, text data mining, metadata analysis, entity extraction, and cluster analysis, that seek to identify or predict fraud risk variables, data anomalies, or data inefficiencies that can lead to unnecessary costs or enterprise risks. Vincent leads teams to help clients discover patterns and anomalies in huge sets of disparate data, with a focus on unstructured, text-based data sources such as e-mail and corporate file share networks.

Prior to joining Ernst & Young, Mr. Walden spent five years specializing in litigation

technology supporting investigative and legal matters at another Big Four firm. Before that, he served as president and CEO of a privately funded Internet company, which has subsequently been sold, as well as a large accounting firm specializing in economic and dispute advisory services.

“Association of Certified Fraud Examiners,” “Certified Fraud Examiner,” “CFE,” “ACFE,” and the ACFE Logo are trademarks owned by the Association of Certified Fraud Examiners, Inc.

©2011

May 22, 2008 Presentation titlePage 1

Integrating Anti-Bribery & Corruption g g yAnalytics Into Your FCPA Compliance Program

ACFE 2011 Annual Conference – San Diego

Discussion topics

► Key trends with the FCPA and global anti-corruption enforcement

► Framework for Anti-Bribery & Corruption (“ABC”) Analytics

► Not your traditional accounting tests or mind set

► Integrating anti-bribery analytics using financial accounting data► Expense, payables & customer analysis

Page 2

► Case examples► Predictive modeling

► Integrating anti-bribery analytics using email and user documents► Communications with government or high-risk parties► Fraud Triangle analysis► Advanced text mining techniques to identify the who, what, when and why

► Components of an effective 3rd party vendor due diligence process

Current environmentThe perfect storm for fraud & business corruption

Layoffs, unemployment O t it t

Budgets are decreasing.

Companies and organizations are doing more with

less.

Companies are decentralized which has an

immediate effect on internal

controls

Stressed and disaffected

Opportunity

Large government

contracts

Lack of infrastructure and controls in many foreign countries

Page 3

Internal Controls

Internal and External Pressure

unemployment and unease

continue

Personal retirement plans

and market levels remain low

Opportunity to Commit Fraud

Anti-bribery regulatory focus

increased globally

disaffected employees may

have greater ability to

rationalize improper actions

Pressure Rationalization

Employees are working in countries with perception of bribery


FCPA and UK Anti-Bribery Act compared

► FCPA► Concerns foreign bribery of public

officials only

► Concerns the briber payer only

► Based on business nexus for bribery i.e. award/retention/terms of business

► UK Anti-Bribery Act► Concerns domestic and foreign bribery

of public officials and the private sector

► Concerns the bribe payer and recipient

► Reflects a broader basis for bribery of breach of good faith, impartiality or trust

Page 4

► “Adequate procedures” requirement for publicly traded entities only

► Explicit exceptions for facilitating payments and reasonable marketing expenses

trust

► “adequate procedures” requirements for all businesses within scope

► No exceptions – it will depend on prosecutorial discretion and the facts of the case

► Effective July 1, 2011

Five Key Trends for FCPA enforcement

1.Expect steady uptick in FCPA enforcementPer Assistant Attorney General Lanny Breuer:US Attorney’s office will be teaming with IRS’s Criminal

Page 5

US Attorney s office will be teaming with IRS s Criminal Investigations Unit.

SEC is also increasing: In Aug. 2009, the director of SEC’s enforcement division, Robert Khuzami, announced the creation of a new FCPA Unit.


2. Greater focus on individuals (not just the corporation)

“Put simply the prospect of significant prison sentences for

Page 6

Put simply, the prospect of significant prison sentences for individuals should make clear to every corporate executive, every board member, and every sales agent that we will hold you personally accountable for FCPA violations”

-Assistant Attorney General for Criminal Division Lanny Breuer, Feb. 2010



3. Rise in Industry-Wide Investigations Industry-wide investigations started in 2007 and will continue.

Top industries targeted by DOJ and SEC currently are:

Aerospace and Defense

Page 7

Aerospace and DefenseOil and Gas and Oil & Gas Service IndustriesOrthopedic Medical Device MakersFreight forwarding and customsEnergy industryPharmaceutical


4. Increasing severity of sanctions The hidden costs: Everybody reads about the fines in the news papers, but just as equally expensive are the:

Page 8

Cost of the investigation (e.g., Siemens had 1.5 million billable hours with $850 million in professional fees and over$100 million e-discovery costs)

Threat of debarment from government contracts if convicted

Remediation expenses – settlement and monitoringagreements after the conviction


5. Growing cooperation between U.S. and Non U.S. Authorities

“Its fair to say we have a very active partnership with

Page 9

Its fair to say we have a …very active partnership with an unprecedented level of cooperation with our foreign counterparts”

-Asst. Attorney General Lanny Breuer (Feb. 17, 2010 speech)

Because of Siemens (US fine was $800 million + Germany’s fine was $800 million), governments realize that teaming with the U.S. makes good business sense


FCPA monetary penalties

► Increased penalties► Siemens $ 1.6 Billion► Halliburton/KBR $579 Million► BAE Systems $400 Million► Snamprogetti $365 Million► Technip $338 Million

► Panalpina settlements► Panalpina $ 82 Million► Pride International $ 56 Million► Shell $ 48 Million► Transocean $ 21 million► Tidewater $ 16 Million

Page 10

► Daimler AG $185 Million► Panalpina $ 82 Million► ABB Ltd $ 58 Million► Pride $ 56 Million► Shell $ 48 Million

► Noble $ 8 Million► Global Santa Fe $ 5 Million

Who’s currently being investigated?Recently disclosed open DOJ investigations:Accenture plc ERHC Energy Inc Pfizer IncAlcoa Furmanite Corporation Raytheon CompanyAllianz SE GlaxoSmithKline plc RINO International CorporationAllied Defense Group Global Crossing Limited Rockwell Automation IncAllison Transmission Golden Minerals Company SchlumbergerAon GSI Group Sciclone Pharmaceuticals IncAstraZeneca Hewlett Packard Sensata TechnologiesAvon Ingersoll-Rand plc Smartmatic CorporationBall Corporation International Business Machines Smith & Nephew plcBHP Billiton Ltd JGC Corporation Smith & Wesson

Page 11

BHP Billiton Ltd JGC Corporation Smith & WessonBio-Rad Laboratories Inc Johnson & Johnson SojitzBiomet Inc. Layne Christensen StatoilHydro ASABJ Services Company LyondellBasell Industries STR Holdings IncBridgestone Corporation Magyar Telekom Telecommunications plc Stryker CorporationBristol-Meyers Squibb Marathon Oil Corporation Sun Microsystems IncCameron International Corporation Maxwell Technologies, Inc. Talecris Biotherapeutics Holdings CorpCB Richard Ellis Medtronic Inc Tata Communications LimitedChina Northeast Petroleum Corporation Merck Team Inc.Covidien plc Millipore Corporation Tenaris SADiageo plc Morgan Stanley Tyco Electronics LTDDiebold Incorporated Nabors Industries Ltd Watts Water Technologies IncDynCorp International LLC Orthofix International N.V. WeatherfordEli Lilly Parker Drilling Company Wright Medical Group IncENSCO International Inc PBSJ Corporation Zimmer Holdings

Framework for ABC Analytics

Page 12


2010 Corruption Perceptions Index – An International Perspective

Page 13

DOJ’s five elements of an FCPA violation The FCPA potentially applies to any individual, firm, officer, director, employee, or agent of a firm and any stockholder acting on behalf of a firm.

The person making or authorizing the payment must have a corrupt intent, and the payment must be intended to induce the recipient to misuse his official position to

Prohibits payments made in order to assist the firm in obtaining or retaining businessfor or with, or directing businessto any person

Page 14

pdirect business wrongfully to the payer or to any other person.

Prohibits paying, offering, promising to pay (or authorizing to pay or offer) money or anything of value.

Extends only to corrupt payments to a foreign official, a foreign political party or party official, or any candidate for foreign political office.

to, any person.

Source: http://www.justice.gov/criminal/fraud/fcpa/docs/lay-persons-guide.pdf

Anti-Bribery & Corruption Analytics (ABC Analytics) Work PlanElements of an FCPA Violation Sample analytical tests

Who(vendor & agent analysis)

-Stratify agent payments by time period and currency amount-Stratify agent payments by contract or project code-Identify large, round sum payments by agent and frequency-Identify top ten agents with highest expense to fee ratio-Analysis of agent commissions, recurring commissions, large/round dollars, etc.

Page 15

-Identify payments to vendors that not listed in the vendor master-Cluster bottom ten agent payments & frequency

Corrupt Intent(text analytics)

Concept analysis of free text fields of selected GL data: -Cash Disbursements-Travel & Entertainment-Consultant / Agent payments-Marketing expenditures-Charitable expenditures-Customs clearance account-Cost of Sales


Anti-Bribery & Corruption Analytics Work Plan (continued)Elements of an FCPA Violation Sample analytical tests

Payment(Cash disbursements analysis)

-Cash disbursement analysis, by country-Petty cash account analysis in selected countries-Payments made w/o a P.O. or not in Vendor Master-Compare payment activity to Transparency International’s CPI index (generate heat map)

-Analysis of travel and entertainment, by country-Analysis of payments to charity, by country-Analysis of payments made to customs agents, by countryV d b k d h k / 3rd t d dili

Page 16

-Vendor background checks / 3rd party due diligence

Recipient(Customer / buyer analysis)

-Customer segmentation by country-Government customer segmentation by country-Transparency International’s CPI index-Sale price and margin analysis across customers, by product-Free goods or credits as a percentage of sales

Business Purpose Test(Revenue analysis)

-Trending analysis of revenue by country-Stratification of revenue by country-Trending analysis of revenue by customer-Stratification of revenue by customer-Calculation of effective commission rate paid to agents

Not your traditional accounting tests or mind set

Page 17

Who was monitoring FCPA/corruption risks?

Fraud tree

Revenuerecognition

Nonfinancial

Conflicts of

interest

Bribery andcorruption/

FCPAIllegal

gratuitiesBid-rigging/procurement

Corruption Fraudulent statements

GAAP Reserves

General focus of external auditorsUntil recently, internal and external audit did not consider corruption in their monitoring efforts since it was immaterial to the financial statements. Not anymore.

Page 18

Cash larceny

Theft of other assets – inventory/

AR/fixed assets

Asset misappropriation

Fake vendor

Payroll fraud

T&E fraud

Theft of data

General focus of internal auditors

New tools and methodologies are required to effectively prevent and detect bribery & corruption!These are not your traditional accounting tests and controls.


Focus on the payment text descriptionsWhat if you saw these terms used as justification for payments to third parties?

Facilitation pay Pay on behalf of

Handover feeSpecial commission

Friend fee

Nobody calls it “bribe expense”

Page 19

Help fee Special payment

Volume contract facilitation

One time payment

Incentive payment

Pay per management

Commission to the customer

► Perform Text Analytics on free text fields

► Conduct “term frequency” analysis for most occurring or unusual transaction descriptions

Text mining in the cash disbursements journalIdentify potentially improper payments

“Volume contract facilitation”“release expense”

Page 20

descriptions

► Capture “concepts”

ABC Analytics: Text mining dash board interface linked to cash disbursements

Page 21


ABC Analytics: Disbursements AnalysisWho paid what, when, when and why?

Page 22

FCPA Analytics: expense reviewWho, what, where, why, how…

Page 23

How is bribery and corruption detected?

Page 24

Source: ACFE 2010 Report to the Nations On Occupational Fraud

48.5% by tipor accident


Forensic analytics maturity modelBeyond traditional “rules-based” queries and analytics

Detection RateLow High

Stru

ctur

edD

ata Traditional Rules-Based

Queries and Analytics

Predictive Modeling, Statistical Analysis &

Data Visualization

Page 25

False Positive RateHigh Low

Uns

truc

ture

dD

ata Traditional Keyword

Searching

Text Analytics

Fraud Triangle Analytics

Integrating anti-bribery analytics using financial accounting data

Page 26

Travel & expense analytics

Analytics include:► Where are expenses occurring

(country, state, city) by category?► What is the expense for?► How much?► Who is submitting?► Duplicate expenses

EY’s interactive T&E Expense Review Dashboard

Page 27

► Duplicate expenses► Text mining & keyword search

Questions to ask:► Are there patterns with respect to who executives entertained (state

owned entities, PEPs and other government officials)?► Are there patterns of inappropriate expenses (nightclubs, gift giving, etc.)?► Are there bogus reimbursements to fund improper cash to executives so

they could to entertain public officials?


Vendor cash disbursement, payment analytics

Analytics include:► Vendor stratification and clustering by amount and over time► Duplicative invoice testing ► Requestor / approver conflicts – fake invoices or ghost vendors► Conflicts of interest – employee and vendor master comparison► Text mining and keyword searching of suspicious payment descriptions► Identify government vendors or payments in unusual foreign currencies

Page 28

► Identify government vendors or payments in unusual foreign currencies

Questions to ask:► Did executives have fake vendors on the vendor master linked to their

home, friends, or personal bank accounts?► Were there duplicative invoices being submitted to extract cash?► Were executives overriding controls to extract cash for bribes?► What are the nature of the vendors that certain executives approved?

FCPA Procurement Red Flags

► Family or business ties to non-U.S. officials/royal family► History of corruption in country or industry► Request for unusually high commission or other payment► Refusal to provide anti-bribery certification► Transactions recorded as “cash”► Over-invoicing, use of non-standard invoices► Unusual bonuses paid to foreign representatives

Page 29

► Unusual bonuses paid to foreign representatives► Large/frequent fourth quarter adjustments► Lack of written agreement► Shell companies► Request for payments to third countries or third parties► Request for increase in compensation during sales campaign► Request for payments in cash or bearer instrument► Lack of experience or track record with product field or industry

Customer analytics

Analytics include:► Customer stratification and clustering by amount and over time► Free goods, credits and discount sales analysis/comparison to customers► Conflicts of interest – employee and customer master comparison

Questions to ask:A t tti f bl t t t f t i ti i

Page 30

► Are any customers getting favorable treatment from certain executives in terms of average sale price, discounts, credits, etc.?

► Are there customers related to certain executives that pose conflict of interest concerns? E.g., family members, same last name, same bank account, same address, etc.


Challenge: Analyze 400,000 transactions for suspected bribery payments per DOJ subpoena

1. Team reviewed 2,000 transactions from ledger data (text comments, amounts, dates, etc.)► Identified 400 suspicious and 1,600 non-suspicious entries

C t d t ti ti l d l “I S i i ” / “I N t S i i ”

Predictive modeling

Page 31

2. Created statistical model: “Is Suspicious” / “Is Not Suspicious”

3. Applied model to remaining 398,000 additional transactions

4. Identified 14,000 new suspicious transactions ► With confidence over 95% similar to “Is Suspicious”► Identified over $8 million in highly suspicious payments► Methodology accepted by the DOJ for this case

These variables were less important whenpredicting suspicious transactions. Client should focus resources on

Perform Variable Analysis

Predictive modelingFocus on the variables that matter most

Page 32

These three variableswere this highest drivers of suspicious transactions

p g pmonitoring efforts for the three leading drivers, which accounts for 80%of the predictive value.

Integrating anti-bribery analytics using email and user documents

Page 33


Email and document analysis – government & regulatory considerations

Analytics include:► Targeted keyword search around government projects & entertainment► Keyword search in local language► Domain name searches and review of “.gov” domain names

Page 34

Questions to ask:► Are there improper relationships with government officials / inspectors?► Are there discussions about improper entertainment?► Are there discussions asking for “special treatment”, “special payment”,

etc.?

Email and document analysis

Analytics include:► Targeted keyword search► Social network analysis

(who’s talking to whom)

► Date frequency analysis(who said what, when)

EY’s online review and issue tagging platform

Page 35

► Fraud Triangle Analytics(linking email to components ofthe Fraud Triangle)

Questions to ask:► Are there improper relationships with employees?► Are there improper relationships with government officials/inspectors?► Are there improper relationships with customers or vendors?

The Fraud Triangle¹Applying the theory to email communications

Page 36

1. Donald R. Cressey's “Fraud Triangle” ; Incentive/Pressure, Opportunity and Rationalization are present when fraud exists.


Interactive Email Analysis DashboardFraud Triangle Analytics to identify top individuals using words of “incentive/pressure”, “opportunity” and “rationalization”

Fraud Triangle Analytics – Interactive Dashboard

Page 37

Advanced E-mail Analytics – text mining

WHO WHAT WHEN WHY

Social Networking Concept Clustering Communication Over Time Sentiment Analysis

Page 38

• People-to-people analysis

• Entity-to-entity analysis

• Map communication linesto organization chart

• Top words mentioned

• Key concepts / topics

• Top or unusual dollar amounts

• Sensitive words / phrases

• When communications occur

• Communication spikes around key business events

• Positive vs. Negative Sentiment

• Top 10 angry or negative emails

•Customer survey analysis

• Employee survey analysis

“Who is talking to whom?

Social Networking Concept Clusteringand Keywords

Communication Over Time Sentiment Analysis

about what? over which time period? how do they feel?”

Integrating investigative skills with both email and financial accounting information (an example)

Email & DocumentAnalysis

2. That vendor nameis searched in the email communications to gather the full context.

Page 39

InterviewForensic Analysis

1. A suspicious vendor is identified in the payables data.

3. Email and transactional data is discussed with interviewee to support confession.


Components of an effective 3rd party vendor due diligence process

Page 40

Why is third party vendor due diligence important to you?

“Third party due diligence must be robust, thorough, impeccably documented and preserved.”-Former DOJ Fraud Section Deputy Chief Mark Mendelsohn (2005 – 2010), FCPA Conference

Page 41

“Consistency, intentionality, independence and reasonableness –these are the key attributes that characterize a robust, defensible third-party vetting program, regardless of industry sector, degree of workforce/operational distribution or geographic location.”

-EY White Paper

p y ( ),in November 2009

Four components of an effective 3rd party due diligence program

► Consistency — Automating the process of vetting third parties, especially overseas, drives consistency and transparency across the enterprise.

► Management Intention — Does the program reflect management’s intent and actions to provide for a robust third-party due diligence process? Is management doing the best they can with limited resources?

► Independence — Are the decisions objective and performed separately from the

Page 42

► Independence Are the decisions objective and performed separately from the requestor, which may contain inherent conflicts of interest?

► Reasonableness — Given limited resources, taking a risk-based, tiered approach to third-party due diligence helps management allocate resources accordingly. Reasonableness addresses the question “how much is enough?”


Selected guidance:Organization for Economic Co-Operation & Development (OECD)*

Ethics and compliance programs to include the following essential elements:

► A properly documented risk-based due diligence pertaining to the hiring, as well as the appropriate and regular oversight of business partners

I f b i t f th ’ it t t bidi b

Page 43

► Informs business partners of the company’s commitment to abiding by laws on the prohibitions against foreign bribery, and of the company’s ethics and compliance program or measures for preventing and detecting such bribery, and

► Seeks a reciprocal commitment from business partners

*February 18, 2010 OCED adoption of “Good Practice Guidance on Internal Controls, Ethics and Compliance.”

The supplier vetting activities

Total supplier universe

ire m Che

cks

80,000 third parties

Regulatory & Legal Expectations on Supplier Due Diligence:► Consistently deployed► Reasonable due diligence efforts applied► Independent processes (e.g., minimal management override)► Demonstrated Management’s Involvement

Filtering Criteria Example:

Page 44

Develop supplier categoryand geographic filtering criteria*

Develop detailed filtering criteria on supplierrelationship and nature of contract

Develop supplier vetting protocols to effectivelydocument legal, regulatory & reputational risks

Develop decision criteria for acceptance, denial or specific contract modifications, based on risk profile

Key

Del

iver

able

s:•S

uppl

ier D

ue D

ilige

nce

Que

stio

nna

•Sup

plie

r Bus

ines

s Ju

stifi

catio

n Fo

r m•S

uppl

ier R

anki

ng D

ecis

ion

Mat

rix•P

roce

ss fo

r 3rd

Party

Bac

kgro

und

d

10,000 moderate risk

1,000 high risk

250negative hits

Approve DeniedApprove with restrictions

*Geographic filtering will include Transparency International's Global Corruption Perception’s Index, among other criteria.

150denied

Risk Profile

Third Party

Moderate

Low

StandardizedBusiness Risk Assessment

Integrated Due Diligence Program(insourced or outsourced)

Vendors, Agents& Consultants

Joint Ventures

ce Databases

Political affiliations indentified

Level I Entity Analysis

No negativecoverage

Cleared Unrestricted Business

BusinessUnit

Level II EntityAnalysis

abases

Special

orLevel III

Entity Analysis

Process & methodology example:Open Source Third-Party Due Diligence Methodology

Page 45

Consistency –Management’s Intent –Independence -Reasonableness

Business Unit R

Extreme

HighCustomers

Acquisition Targets

Robust Open Sourc

Displays negative coverage

Possibly displaysnegative coverage

Restricted Business

Denied Business

Unclear

ManagementDecision

Entity cannotbe identified

Localized, Targeted Data Contract

or

or

or


Research Information gathered from multiple sources

Compliance database

Business database

► World Check and World Compliance databases► Dow Jones Compliance database

► OneSource Global Business Browser► Company InfoGator

Page 46

Country specific database*

Media search

Internet

*if available online in public domain and identified by EY

► Company Registry► Local watch lists

► Keyword specific research on English language news aggregation sites – Dow Jones Factiva , ISI, Datamonitor

► Obtain other relevant details on the entity, such as business address, key personnel, other business at same address,

AnalysisIndicative ratings and criterions

► Direct record of the business (its directors or shareholders) on the compliance database

► Issues identified against associated business ( parents, subsidiary, affiliated business)

► Identified personnel is politically exposed individualAd di h lt th b i it t l

Risk Rating Criterion

Page 47

► Adverse media search results on the business or its two personnel

► No relevant matching found

► No details of the business could be identified during the research

Rating and criterions will be co-developed with the Client

Reporting examplesSummarized ratings with detailed findings

Report for each request received from the Client, comprising of► Summary of findings► Risk ratings► Detailed findings

► Background details► Compliance database search

Page 48

results► Country specific database

search results► Media search results


Reporting examplesMonthly dashboards for management information

Page 49

Questions & DiscussionsQuestions & Discussions

Vincent Walden, CFE, [email protected]

WHO’S DOING WHAT, WHERE: BEST PRACTICES INTEGRATING … · WHO’S DOING WHAT, WHERE: BEST PRACTICES INTEGRATING ANTI-BRIBERY AND CORRUPTION ANALYTICS INTO YOUR FCPA COMPLIANCE

Documents