Integrating Anti-Bribery & Corruption Analytics Into Your ... · Integrating Anti-Bribery &...
Transcript of Integrating Anti-Bribery & Corruption Analytics Into Your ... · Integrating Anti-Bribery &...
Integrating Anti-Bribery & Corruption Analytics Into Your FCPA Compliance Program
ACFE 2011 Annual Conference – San Diego
Page 2
Discussion topics
► Key trends with the FCPA and global anti-corruption enforcement
► Framework for Anti-Bribery & Corruption (“ABC”) Analytics
► Not your traditional accounting tests or mind set
► Integrating anti-bribery analytics using financial accounting data► Expense, payables & customer analysis► Case examples► Predictive modeling
► Integrating anti-bribery analytics using email and user documents► Communications with government or high-risk parties► Fraud Triangle analysis► Advanced text mining techniques to identify the who, what, when and why
► Components of an effective 3rd party vendor due diligence process
Page 3
Current environmentThe perfect storm for fraud & business corruption
Internal Controls
Internal and External Pressure
Layoffs, unemployment
and unease continue
Personal retirement plans
and market levels remain low
Opportunity to Commit Fraud
Anti-bribery regulatory focus
increased globally
Budgets are decreasing.
Companies and organizations are doing more with
less.
Companies are decentralized which has an
immediate effect on internal
controls
Stressed and disaffected
employees may have greater
ability to rationalize
improper actions
Pressure
Opportunity
Rationalization
Large government
contracts
Employees are working in countries with perception of bribery
Lack of infrastructure and controls in many foreign countries
Page 4
FCPA and UK Anti-Bribery Act compared
► FCPA► Concerns foreign bribery of public
officials only
► Concerns the briber payer only
► Based on business nexus for bribery i.e. award/retention/terms of business
► “Adequate procedures” requirement for publicly traded entities only
► Explicit exceptions for facilitating payments and reasonable marketing expenses
► UK Anti-Bribery Act► Concerns domestic and foreign bribery
of public officials and the private sector
► Concerns the bribe payer and recipient
► Reflects a broader basis for bribery of breach of good faith, impartiality or trust
► “adequate procedures” requirements for all businesses within scope
► No exceptions – it will depend on prosecutorial discretion and the facts of the case
► Effective July 1, 2011
Page 5
Five Key Trends for FCPA enforcement
1.Expect steady uptick in FCPA enforcementPer Assistant Attorney General Lanny Breuer:US Attorney’s office will be teaming with IRS’s Criminal Investigations Unit.
SEC is also increasing: In Aug. 2009, the director of SEC’s enforcement division, Robert Khuzami, announced the creation of a new FCPA Unit.
Page 6
Five Key Trends for FCPA enforcement
2. Greater focus on individuals (not just the corporation)
“Put simply, the prospect of significant prison sentences for individuals should make clear to every corporate executive, every board member, and every sales agent that we will hold you personally accountable for FCPA violations”
-Assistant Attorney General for Criminal Division Lanny Breuer, Feb. 2010
Page 7
Five Key Trends for FCPA enforcement
3. Rise in Industry-Wide Investigations Industry-wide investigations started in 2007 and will continue.
Top industries targeted by DOJ and SEC currently are:
Aerospace and DefenseOil and Gas and Oil & Gas Service IndustriesOrthopedic Medical Device MakersFreight forwarding and customsEnergy industryPharmaceutical
Page 8
Five Key Trends for FCPA enforcement
4. Increasing severity of sanctions The hidden costs: Everybody reads about the fines in the news papers, but just as equally expensive are the:
Cost of the investigation (e.g., Siemens had 1.5 million billable hours with $850 million in professional fees and over$100 million e-discovery costs)
Threat of debarment from government contracts if convicted
Remediation expenses – settlement and monitoringagreements after the conviction
Page 9
Five Key Trends for FCPA enforcement
5. Growing cooperation between U.S. and Non U.S. Authorities
“Its fair to say we have a …very active partnership with an unprecedented level of cooperation with our foreign counterparts”
-Asst. Attorney General Lanny Breuer (Feb. 17, 2010 speech)
Because of Siemens (US fine was $800 million + Germany’s fine was $800 million), governments realize that teaming with the U.S. makes good business sense
Page 10
FCPA monetary penalties
► Increased penalties► Siemens $ 1.6 Billion► Halliburton/KBR $579 Million► BAE Systems $400 Million► Snamprogetti $365 Million► Technip $338 Million► Daimler AG $185 Million► Panalpina $ 82 Million► ABB Ltd $ 58 Million► Pride $ 56 Million► Shell $ 48 Million
► Panalpina settlements► Panalpina $ 82 Million► Pride International $ 56 Million► Shell $ 48 Million► Transocean $ 21 million► Tidewater $ 16 Million► Noble $ 8 Million► Global Santa Fe $ 5 Million
Page 11
Who’s currently being investigated?Recently disclosed open DOJ investigations:Accenture plc ERHC Energy Inc Pfizer IncAlcoa Furmanite Corporation Raytheon CompanyAllianz SE GlaxoSmithKline plc RINO International CorporationAllied Defense Group Global Crossing Limited Rockwell Automation IncAllison Transmission Golden Minerals Company SchlumbergerAon GSI Group Sciclone Pharmaceuticals IncAstraZeneca Hewlett Packard Sensata TechnologiesAvon Ingersoll-Rand plc Smartmatic CorporationBall Corporation International Business Machines Smith & Nephew plcBHP Billiton Ltd JGC Corporation Smith & WessonBio-Rad Laboratories Inc Johnson & Johnson SojitzBiomet Inc. Layne Christensen StatoilHydro ASABJ Services Company LyondellBasell Industries STR Holdings IncBridgestone Corporation Magyar Telekom Telecommunications plc Stryker CorporationBristol-Meyers Squibb Marathon Oil Corporation Sun Microsystems IncCameron International Corporation Maxwell Technologies, Inc. Talecris Biotherapeutics Holdings CorpCB Richard Ellis Medtronic Inc Tata Communications LimitedChina Northeast Petroleum Corporation Merck Team Inc.Covidien plc Millipore Corporation Tenaris SADiageo plc Morgan Stanley Tyco Electronics LTDDiebold Incorporated Nabors Industries Ltd Watts Water Technologies IncDynCorp International LLC Orthofix International N.V. WeatherfordEli Lilly Parker Drilling Company Wright Medical Group IncENSCO International Inc PBSJ Corporation Zimmer Holdings
Page 12
Framework for ABC Analytics
Page 13
2010 Corruption Perceptions Index – An International Perspective
Page 14
DOJ’s five elements of an FCPA violation The FCPA potentially applies to any individual, firm, officer, director, employee, or
agent of a firm and any stockholder acting on behalf of a firm.
The person making or authorizing the
payment must have a corrupt intent, and the
payment must be intended to induce the
recipient to misuse his official position to
direct business wrongfully to the payer or to
any other person.
Prohibits paying, offering, promising to pay (or
authorizing to pay or offer) money or anything of
value.
Extends only to corrupt payments to a
foreign official, a foreign political party or
party official, or any candidate for
foreign political office.
Prohibits payments made
in order to assist the firm
in obtaining or retaining business for or with, or
directing business to, any
person.
Source: http://www.justice.gov/criminal/fraud/fcpa/docs/lay-persons-guide.pdf
Page 15
Anti-Bribery & Corruption Analytics (ABC Analytics) Work PlanElements of an FCPA Violation Sample analytical tests
Who(vendor & agent analysis)
-Stratify agent payments by time period and currency amount
-Stratify agent payments by contract or project code
-Identify large, round sum payments by agent and frequency
-Identify top ten agents with highest expense to fee ratio
-Analysis of agent commissions, recurring commissions, large/round dollars, etc.
dollars, etc.
-Identify payments to vendors that not listed in the vendor master
-Cluster bottom ten agent payments & frequency
Corrupt Intent(text analytics)
Concept analysis of free text fields of selected GL data:
-Cash Disbursements
-Travel & Entertainment
-Consultant / Agent payments
-Marketing expenditures
-Charitable expenditures
-Customs clearance account
-Cost of Sales
Page 16
Anti-Bribery & Corruption Analytics Work Plan (continued)Elements of an FCPA Violation Sample analytical tests
Payment(Cash disbursements analysis)
-Cash disbursement analysis, by country
-Petty cash account analysis in selected countries
-Payments made w/o a P.O. or not in Vendor Master
-Compare payment activity to Transparency
International’s CPI index (generate heat map)
-Analysis of travel and entertainment, by country
-Analysis of payments to charity, by country
-Analysis of payments made to customs agents, by country
-Vendor background checks / 3rd party due diligence
Recipient(Customer / buyer analysis)
-Customer segmentation by country
-Government customer segmentation by country
-Transparency International’s CPI index
-Sale price and margin analysis across customers, by product
-Free goods or credits as a percentage of sales
Business Purpose Test(Revenue analysis)
-Trending analysis of revenue by country
-Stratification of revenue by country
-Trending analysis of revenue by customer
-Stratification of revenue by customer
-Calculation of effective commission rate paid to agents
Page 17
Not your traditional accounting tests or mind set
Page 18
Who was monitoring FCPA/corruption risks?
Fraud tree
Cash larceny
Theft of other assets – inventory/
AR/fixed assets
Revenuerecognition
Nonfinancial
Conflicts of
interest
Bribery andcorruption/
FCPAIllegal
gratuitiesBid-rigging/procurement
Corruption Fraudulent statements
Asset misappropriation
Fake vendor
Payroll fraud
T&E fraud
Theft of data
GAAP Reserves
General focus of external auditors
General focus of internal auditors
Until recently, internal and external audit did not consider corruption in their monitoring efforts since it was immaterial to the financial statements. Not anymore.
New tools and methodologies are required to effectively prevent and detect bribery & corruption!These are not your traditional accounting tests and controls.
Page 19
Focus on the payment text descriptionsWhat if you saw these terms used as justification for payments to third parties?
Facilitation pay
Help fee
Pay on behalf of
Handover fee
Special payment
Volume contract facilitation
One time payment
Special commission
Incentive payment
Pay per management
Friend fee
Nobody calls it “bribe expense”
Commission to the customer
Page 20
► Perform Text Analytics on free text fields
► Conduct “term frequency” analysis for most occurring or unusual transaction descriptions
► Capture “concepts”
Text mining in the cash disbursements journalIdentify potentially improper payments
“Volume contract facilitation”“release expense”
Page 21
ABC Analytics: Text mining dash board interface linked to cash disbursements
Page 22
ABC Analytics: Disbursements AnalysisWho paid what, when, when and why?
Page 23
FCPA Analytics: expense reviewWho, what, where, why, how…
Page 24
How is bribery and corruption detected?
Source: ACFE 2010 Report to the Nations On Occupational Fraud
48.5% by tipor accident
Page 25
Forensic analytics maturity modelBeyond traditional “rules-based” queries and analytics
Detection RateLow High
False Positive RateHigh Low
Stru
ctur
edD
ata
Uns
truc
ture
dD
ata
Traditional Rules-BasedQueries and Analytics
Traditional Keyword Searching
Predictive Modeling, Statistical Analysis &
Data Visualization
Text Analytics
Fraud Triangle Analytics
Page 26
Integrating anti-bribery analytics using financial accounting data
Page 27
Travel & expense analytics
Analytics include:► Where are expenses occurring
(country, state, city) by category?► What is the expense for?► How much?► Who is submitting?► Duplicate expenses► Text mining & keyword search
Questions to ask:► Are there patterns with respect to who executives entertained (state
owned entities, PEPs and other government officials)?► Are there patterns of inappropriate expenses (nightclubs, gift giving, etc.)?► Are there bogus reimbursements to fund improper cash to executives so
they could to entertain public officials?
EY’s interactive T&E Expense Review Dashboard
Page 28
Vendor cash disbursement, payment analytics
Analytics include:► Vendor stratification and clustering by amount and over time► Duplicative invoice testing ► Requestor / approver conflicts – fake invoices or ghost vendors► Conflicts of interest – employee and vendor master comparison► Text mining and keyword searching of suspicious payment descriptions► Identify government vendors or payments in unusual foreign currencies
Questions to ask:► Did executives have fake vendors on the vendor master linked to their
home, friends, or personal bank accounts?► Were there duplicative invoices being submitted to extract cash?► Were executives overriding controls to extract cash for bribes?► What are the nature of the vendors that certain executives approved?
Page 29
FCPA Procurement Red Flags
► Family or business ties to non-U.S. officials/royal family► History of corruption in country or industry► Request for unusually high commission or other payment► Refusal to provide anti-bribery certification► Transactions recorded as “cash”► Over-invoicing, use of non-standard invoices► Unusual bonuses paid to foreign representatives► Large/frequent fourth quarter adjustments► Lack of written agreement► Shell companies► Request for payments to third countries or third parties► Request for increase in compensation during sales campaign► Request for payments in cash or bearer instrument► Lack of experience or track record with product field or industry
Page 30
Customer analytics
Analytics include:► Customer stratification and clustering by amount and over time► Free goods, credits and discount sales analysis/comparison to customers► Conflicts of interest – employee and customer master comparison
Questions to ask:► Are any customers getting favorable treatment from certain executives in
terms of average sale price, discounts, credits, etc.?► Are there customers related to certain executives that pose conflict of
interest concerns? E.g., family members, same last name, same bank account, same address, etc.
Page 31
Challenge: Analyze 400,000 transactions for suspected bribery payments per DOJ subpoena
1. Team reviewed 2,000 transactions from ledger data (text comments, amounts, dates, etc.)► Identified 400 suspicious and 1,600 non-suspicious entries
2. Created statistical model: “Is Suspicious” / “Is Not Suspicious”
3. Applied model to remaining 398,000 additional transactions
4. Identified 14,000 new suspicious transactions ► With confidence over 95% similar to “Is Suspicious”► Identified over $8 million in highly suspicious payments► Methodology accepted by the DOJ for this case
Predictive modeling
Page 32
These three variableswere this highest drivers of suspicious transactions
These variables were less important whenpredicting suspicious transactions. Client should focus resources onmonitoring efforts for the three leading drivers, which accounts for 80%of the predictive value.
Perform Variable Analysis
Predictive modelingFocus on the variables that matter most
Page 33
Integrating anti-bribery analytics using email and user documents
Page 34
Email and document analysis – government & regulatory considerations
Analytics include:► Targeted keyword search around government projects & entertainment► Keyword search in local language► Domain name searches and review of “.gov” domain names
Questions to ask:► Are there improper relationships with government officials / inspectors?► Are there discussions about improper entertainment?► Are there discussions asking for “special treatment”, “special payment”,
etc.?
Page 35
Email and document analysis
Analytics include:► Targeted keyword search► Social network analysis
(who’s talking to whom)
► Date frequency analysis(who said what, when)
► Fraud Triangle Analytics(linking email to components ofthe Fraud Triangle)
Questions to ask:► Are there improper relationships with employees?► Are there improper relationships with government officials/inspectors?► Are there improper relationships with customers or vendors?
EY’s online review and issue tagging platform
Page 36
The Fraud Triangle¹Applying the theory to email communications
1. Donald R. Cressey's “Fraud Triangle” ; Incentive/Pressure, Opportunity and Rationalization are present when fraud exists.
Page 37
Interactive Email Analysis DashboardFraud Triangle Analytics to identify top individuals using words of “incentive/pressure”, “opportunity” and “rationalization”
Fraud Triangle Analytics – Interactive Dashboard
Page 38
Advanced E-mail Analytics – text mining
WHO WHAT WHEN WHY
• People-to-people analysis
• Entity-to-entity analysis
• Map communication linesto organization chart
• Top words mentioned
• Key concepts / topics
• Top or unusual dollar amounts
• Sensitive words / phrases
• When communications occur
• Communication spikes around key business events
• Positive vs. Negative Sentiment
• Top 10 angry or negative emails
•Customer survey analysis
• Employee survey analysis
“Who is talking to whom?
Social Networking Concept Clusteringand Keywords
Communication Over Time Sentiment Analysis
about what? over which time period? how do they feel?”
Page 39
Integrating investigative skills with both email and financial accounting information (an example)
Email & DocumentAnalysis
InterviewForensic Analysis
1. A suspicious vendor is identified in the payables data.
2. That vendor nameis searched in the email communications to gather the full context.
3. Email and transactional data is discussed with interviewee to support confession.
Page 40
Components of an effective 3rd party vendor due diligence process
Page 41
Why is third party vendor due diligence important to you?
“Consistency, intentionality, independence and reasonableness –these are the key attributes that characterize a robust, defensible third-party vetting program, regardless of industry sector, degree of workforce/operational distribution or geographic location.”
-EY White Paper
“Third party due diligence must be robust, thorough, impeccably documented and preserved.”-Former DOJ Fraud Section Deputy Chief Mark Mendelsohn (2005 – 2010), FCPA Conference
in November 2009
Page 42
Four components of an effective 3rd party due diligence program
► Consistency — Automating the process of vetting third parties, especially overseas, drives consistency and transparency across the enterprise.
► Management Intention — Does the program reflect management’s intent and actions to provide for a robust third-party due diligence process? Is management doing the best they can with limited resources?
► Independence — Are the decisions objective and performed separately from the requestor, which may contain inherent conflicts of interest?
► Reasonableness — Given limited resources, taking a risk-based, tiered approach to third-party due diligence helps management allocate resources accordingly. Reasonableness addresses the question “how much is enough?”
Page 43
Selected guidance:Organization for Economic Co-Operation & Development (OECD)*
Ethics and compliance programs to include the following essential elements:
► A properly documented risk-based due diligence pertaining to the hiring, as well as the appropriate and regular oversight of business partners
► Informs business partners of the company’s commitment to abiding by laws on the prohibitions against foreign bribery, and of the company’s ethics and compliance program or measures for preventing and detecting such bribery, and
► Seeks a reciprocal commitment from business partners
*February 18, 2010 OCED adoption of “Good Practice Guidance on Internal Controls, Ethics and Compliance.”
Page 44
The supplier vetting activities
Total supplier universe
Develop supplier categoryand geographic filtering criteria*
Develop detailed filtering criteria on supplierrelationship and nature of contract
Develop supplier vetting protocols to effectivelydocument legal, regulatory & reputational risks
Develop decision criteria for acceptance, denial or specific contract modifications, based on risk profile
Key
Del
iver
able
s:•S
uppl
ier D
ue D
iligen
ce Q
uest
ionn
aire
•Sup
plie
r Bus
ines
s Ju
stifi
catio
n Fo
rm•S
uppl
ier R
anki
ng D
ecis
ion
Mat
rix•P
roce
ss fo
r 3rd
Par
ty B
ackg
roun
d d
Che
cks
80,000 third parties
10,000 moderate risk
1,000 high risk
250negative hits
Approve
Regulatory & Legal Expectations on Supplier Due Diligence:► Consistently deployed► Reasonable due diligence efforts applied► Independent processes (e.g., minimal management override)► Demonstrated Management’s Involvement
DeniedApprove with restrictions
*Geographic filtering will include Transparency International's Global Corruption Perception’s Index, among other criteria.
150denied
Filtering Criteria Example:
Page 45
Consistency –Management’s Intent –Independence -Reasonableness
Business Unit Risk Profile
Third Party
Extreme
Moderate
Low
High
StandardizedBusiness Risk Assessment
Integrated Due Diligence Program(insourced or outsourced)
Vendors, Agents& Consultants
Joint Ventures
Customers
Acquisition Targets
Robust Open Source Databases
Displays negative coverage
Possibly displaysnegative coverage
Political affiliations indentified
Level I Entity Analysis
No negativecoverage
Cleared Unrestricted Business
Restricted Business
Denied Business
BusinessUnit
Level II EntityAnalysis
Unclear
ManagementDecision
Entity cannotbe identified
Localized, Targeted Databases
SpecialContract
or
or
Level IIIEntity Analysis
or
or
Process & methodology example:Open Source Third-Party Due Diligence Methodology
Page 46
Research Information gathered from multiple sources
Compliance database
Business
database
Country specific
database*
Media search
Internet
► World Check and World Compliance databases
► Dow Jones Compliance database
*if available online in public domain and identified by EY
► OneSource Global Business Browser
► Company InfoGator
► Company Registry
► Local watch lists
► Keyword specific research on English language news aggregation sites – Dow Jones
Factiva , ISI, Datamonitor
► Obtain other relevant details on the entity, such as business address, key personnel,
other business at same address,
Page 47
AnalysisIndicative ratings and criterions
► Direct record of the business (its directors or shareholders) on the compliance database
► Issues identified against associated business ( parents, subsidiary, affiliated business)
► Identified personnel is politically exposed individual
► Adverse media search results on the business or its two personnel
► No relevant matching found
► No details of the business could be identified during the research
Risk Rating Criterion
Rating and criterions will be co-developed with the Client
Page 48
Reporting examplesSummarized ratings with detailed findings
Report for each request received from the Client,
comprising of
► Summary of findings
► Risk ratings
► Detailed findings
► Background details
► Compliance database search results
► Country specific database search results
► Media search results
Page 49
Reporting examplesMonthly dashboards for management information
Questions & Discussions
Vincent Walden, CFE, [email protected]