Sunday, January 17, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Bolstering Compliance as Global COVID Fraud Enforcement Takes Shape

5 Ways to Measure and Mitigate Fraud Risk

by Toby Duthie, Matt Bedan and William Mui
July 16, 2020
in Featured, Fraud
Gavel Law Hammer with Coronavirus Covid-19 3D image

Governments worldwide are beginning to crack down on abuse of programs meant to protect businesses amid the COVID crisis. Forensic Risk Alliance’s Toby Duthie, Matt Bedan and William Mui offer five practical tips to aid organizations in managing this growing risk.

In response to COVID-19, governments across the globe have enacted substantial public sector stimulus programs to protect struggling businesses and employees. As countries begin to take steps to reopen to a post-COVID world, businesses are facing a new set of challenges: Enforcement agencies are preparing to aggressively crack down on abuse of those programs.

Most recently, furlough fraud has been top of mind in that respect, as new allegations in Europe point to extensive misappropriation within government furlough support programs. Recent studies in the U.K. and France indicate that as many as one in three furloughed employees have been asked to work during their furlough periods. As domestic agencies prepare to investigate, solicitors have anecdotally reported an “avalanche” of complaints that are likely to foretell significant public and private whistleblower activity.

Furlough fraud is just one example. In the coming months, the enforcement lens will widen significantly beyond furlough fraud and shift to larger businesses that received government bailouts. Although many of these direct-to-industry loan schemes have longer tails and have not yet made headlines with regard to fraud, they are no less risky for the organizations involved. Experience tells us that over time, these larger organizations will make for increasingly politically attractive and compelling targets, particularly if the perception arises that public stimulus funds were directed toward any use other than the preservation of rank-and-file jobs. For larger organizations, it will be critical to establish an unimpeachable “forensic” audit trail that demonstrates that all stimulus funds were used in accordance with their respective program’s obligations.

Given the changing landscape – economic, commercial and regulatory – this may not be as easy as it seems. In light of this, we offer five practical suggestions to help businesses measure and mitigate this risk exposure. It is worth considering how governments will enforce and how easy (or not) it will be for them to make their case. A lack of affirmative evidence can be very damaging, as companies will struggle to prove that any issues or clear abuse is not anomalous but systemic.

1. Understand Obligations and Prioritize Compliance

Organizations must carefully review eligibility requirements (which will likely evolve over time), certifications and use restrictions associated with every government loan or grant. Each program should have a carefully thought-out and documented end-to-end process, which includes checklists for regulatory/contractual obligations and maker/checker controls for payments utilizing government funds. As the obligations are determined, each should be translated into corresponding policies, standard operating procedures and trainings in order to facilitate compliance and prevent potential violations.

For example, companies should take proactive measures to ensure that furloughed employees are not asked or pressured to work and create and then maintain contemporaneous evidence to this effect. This includes promoting transparency around who is furloughed and when and what the protocols are for furloughed workers. Companies might additionally consider preventative IT controls, such as restricting network access to employees during their furlough periods.

HR training should be provided to managers and workers on their individual responsibilities to maintain compliance, and compliance teams should be thoroughly trained on the underlying obligations and corresponding rules to monitor compliance. They should understand:

  • What constitutes an issue?
  • What is a false positive?
  • And finally, how can this information be cycled back into the compliance process to make it not only more efficient, but more importantly, more accurate and effective at managing and mitigating risk?

Larger businesses that have taken part in direct treasury loan schemes will have more comprehensive and longer-term obligations to account for. This will likely include establishing payroll and disbursement controls to ensure that loan requirements regarding, for example, executive pay or stock buy-back plans are adhered to.

2. Harness and Organize Data and IT Systems

The U.S. Department of Justice’s (DOJ) recent update to its “Evaluation of Corporate Compliance Programs” guidance makes it clear that organizations are expected to leverage data, metrics and other objective evidence to test that their compliance program is working effectively. Particularly for larger multinational companies, this process should go beyond simply tracking traditional compliance data (such as training and audit metrics) and encompass all of the various sources of operational data that could potentially be put to use.

For some companies, this may mean setting up additional general ledger accounts or cost centers to track and account for every cent tied to government stimulus requirements. Financial tracking in this manner should demonstrate a clear correlation between regulatory/contractual obligations and the sources of data that could potentially indicate compliance, or noncompliance, for each.

3. Utilize Data Analytics

By utilizing advances in data analytics, organizations can enhance conduct detection and replace and/or enhance extensive manual controls and verification activities. To do this effectively, businesses must leverage the data of all relevant sources, including sales and product data, performance-management data and customer/patient records. An inclusive data analytics model can give a view of risk across activities, business units and geographies. Companies should also consider creating specific sets of compliance reports built directly around government claims or government compliance and embedding them directly into their executive reporting portfolio.

Finally, companies should approach data sources (particularly outside sources) critically and perform the due diligence necessary to understand where the data comes from and how it was created. This includes validating using “golden source” data sets and exercising audit rights for vendors that could potentially impact compliance with relevant programs. This work could have added benefits to a company’s wider compliance program; the better a company knows its data, the more effectively it can be leveraged in adjacent internal monitoring, investigations and compliance analysis.

4. Bolster Internal Whistleblower Programs

An effective internal reporting mechanism is not only a key part of the DOJ’s Guidance, but also an essential element of a strong compliance culture. Studies have shown that strong internal whistleblower programs help foster an atmosphere of trust and open communication, which in turn increases the odds that an employee with a compliance concern will report internally, instead of through the government. Ultimately, companies with higher usage of whistleblower programs have statistically fewer lawsuits and enforcement actions. Thus, it is critical that organizations take internal whistleblower reports very seriously and remediate accordingly.

Implement or maintain a system and create management information to ensure that these complaints are followed up on and closed out as appropriate.

5. Monitor, Audit and Remediate Comprehensively

Companies should adopt stringent compliance and risk management oversight, focusing particularly on data monitoring and documentation, and maintain a clear and comprehensive audit trail in accounting and enterprise resource planning (ERP) systems. This includes documenting all system reviews, upgrades or enhancements undertaken in response to new government obligations.

For example, companies with furlough fraud risk should utilize data within the ERP and IT systems to monitor and review timesheets, expenses, email traffic and usage of firm assets such as computers, messaging and phones to detect anomalies. Once the necessary tracking and rules are implemented, the associated reporting should be systematic, transparent and insightful. In short, if monitoring mechanisms do not give clear insight into possible issues and escalate red flags to the appropriate stakeholders, then they are not adequately serving their intended purpose.


Tags: Coronavirus/COVID-19data analyticswhistleblowing
Previous Post

The Psychology of Phishing Victims and How to Overcome it

Next Post

As CCPA Enters Enforcement, the Cost of Email Mistakes Becomes Clear

Toby Duthie, Matt Bedan and William Mui

Toby Duthie is a Founding Partner of Forensic Risk Alliance (FRA) and head of its U.K. and European offices. He has more than 20 years of experience in financial analysis, complex financial modeling, investigations and compliance reviews. Toby has worked on many complex financial frauds and bribery investigations, most notably leading the FRA team supporting Airbus in a multiyear, multinational investigation, resulting in a €3.6 billion settlement with four investigative authorities across France, the U.K. and the U.S.
Matt Bedan is an Associate Director in FRA’s Washington, D.C. office. He is a licensed attorney with over 11 years of public and private sector experience with complex investigations, regulatory compliance and anti-corruption matters. Matt specializes in the investigation, detection and prevention of potential statutory and regulatory violations. He also assists clients with anti-corruption and regulatory compliance reviews and assessment of internal controls.
William Mui is a data analytics and forensic services professional in FRA’s New York office, with extensive experience in designing and delivering end-to-end forensic analytics solutions. These include data management, data analytics and sciences and advanced analytics and modeling for investigative, dispute and compliance matters. He has over 12 years of experience leading cross-functional teams of compliance and technology professionals across a broad spectrum of industries.

Related Posts

illustration of ransomware and hand paying ransom

Ransomware: It’s Time to Stop Negotiating

January 15, 2021
wrench with 100 dollar bills

DOJ Launches 2 Criminal Prosecutions of Illegal No-Poach and Wage-Fixing Agreements

January 14, 2021
mobile health care app

Prioritizing Compliance Along Health Care’s Digital Transformation Journey

January 14, 2021
illustration of executive standing center stage with team in silhouette behind him

COVID-19: Navigating the “CEO Moment”

January 13, 2021
Next Post
woman at laptop writing emails

As CCPA Enters Enforcement, the Cost of Email Mistakes Becomes Clear

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management culture of ethics cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights