This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.
Some things go together. Chocolate chip cookies and milk, Hepburn and Tracy, Lewis and Martin (I know, I am showing my age) and many other favorite combinations. So, you get the point – in the world of anti-bribery compliance, and another in my series of profound grasps of the obvious – fraud and bribery go hand-in-hand.
One of the critical questions in assessing your company’s anti-corruption financial controls is fairly basic: what are the company’s risks of fraud? You have to obtain unauthorized access to money to fund a bribery scheme. Looking across the company, and assuming the Chief Compliance Officer is willing to get his or her hands dirty in the financial controls area, the company has to assess the overall risks of access to money for bribery.
A CCO has to look and identify potential risks of fraud, keyed to the level of risk. For example, if the company operates in China, the company should assess its internal controls in China to make sure there is adequate segregation of duties, delegations of authority, vendor on-boarding procedures and controls over payments of invoices and other payable accounts.
This inquiry grows out of a critical function in anti-corruption compliance: CCOs have to ensure that financial controls are adequately tailored to risks in geographic areas and functions. Of course, as a theoretical matter, it would be great for CCOs to ensure that financial controls are tailored to specific country or operational risks. In the ideal world, financial controls may vary across different risk areas. Unfortunately, CCOs have to be realistic about the ability of the company to tailor its financial controls to corruption risks; in most cases, such tailoring on the front end may be difficult to implement.
CCOs have to embrace an alternative strategy from a proactive design of financial controls and institute robust monitoring and auditing practices to ensure that all of the key risks of fraud are adequately mitigated.
A CCO who learns of segregation-of-duty conflicts in China has to be vigilant in monitoring such activities, pushing for remediation to eliminate the conflict and ensuring that such remediation is accomplished. CCOs have to work with internal audit and other financial managers to make sure the risk of fraud and the corresponding risk of corruption is eliminated.
If an employee has an ability to steal money from the company, the employee has the ability to steal money and use it to bribe foreign officials. Bribery cannot occur without unauthorized access to funds – in many respects theft is only the first step in a bribery scheme.
Companies have to attend to potential fraud risks. Theft is a bad thing, and it is a prerequisite for bribery. In monitoring such activities, CCOs have to partner with internal auditors and other financial managers to make sure everyone is vigilant in preventing theft and possible bribery.
Bad actors are becoming more creative in developing schemes to commit fraud. As they seek out new and more complex schemes, CCOs and financial managers have to be aware of such risks and take a moment to identify potential risks. The traditional indications are all well and good, but bad actors are enlisting other actors in a company to assist in carrying out theft.
CCOs have to educate themselves and avoid complacency. Bad actors are motivated, and CCOs have to respond accordingly.