Developing an Integrated Anti-Fraud, Compliance, and ...

© 2020 Association of Certified Fraud Examiners, Inc.

Developing an Integrated

Anti-Fraud, Compliance, and

Ethics Program

Performing Due Diligence


Discussion Questions

1. How does your organization ensure that it is

hiring ethical employees?

2. What types of due diligence procedures does

your organization perform before doing business

with a third party?


Introduction

▪ Management should

perform thorough due

diligence in:

• Hiring employees

• Promoting employees

• Third-party relationships

• Mergers and acquisitions


Due Diligence in Hiring Employees

▪ Communicates the company’s ethical stance to

job applicants

▪ Helps ensure that known thieves do not enter

through the front door


Due Diligence in Hiring Employees

10%

(screen out)

10%

(attract to hire)

80%

(focus of anti-fraud,

compliance, and

ethics program)


Set Clear Expectations

▪ Ensure that the hiring team is unified in focus

on what makes an ideal candidate.

▪ Include ethics in the job posting.

▪ Have ethics resources and statements where

candidates will see them.


Watch for Ethical Indicators in Applications

• Volunteer positions

• Promotions to

increasing responsibilities

• Serving as a mentor

• Participation in ethics initiatives

• Job hopping

• Decreasing responsibilities between positions

• Demotions at previous employers

• Unexplained gaps in employment


Review Social Media Activity

▪ What are they saying

online?

▪ What are they

complaining about?

▪ Are they projecting a

sense of ethics?

▪ Are they presenting

the values of the

company?


Screen for Ethics During Interviews

▪ Ask questions to assess the job candidate’s

ethical values.

▪ Pose ethical dilemmas.

▪ Follow up on unclear or inconsistent answers.

▪ Involve ethics leaders from throughout the

organization in the interview process.


Administer an Ethics Assessment

▪ Consider having

candidates

participate in an

ethics or integrity

assessment.


Conduct Background Checks

▪ Work history

▪ Educational history

▪ Certification and license verification

▪ Criminal and civil records

▪ Credit checks

▪ Drug screening


Check References

▪ Ask candidate’s previous direct supervisors

about:

• Employment details (dates, title, duties)

• Disciplinary or performance issues

• Whether they would recommend this individual for this

position

• Whether they would hire this individual again


Due Diligence in Hiring

▪ Document reasons for

declining qualified

individuals.

▪ Consider applicable legal

requirements and

restrictions.


Due Diligence in Promotions

Ethical example

Supervisory/leadership

skills

Commitment to core values

Favoritism

Technical skills

Tenure


Due Diligence in Promotions

▪ Ask questions related to

real-life compliance and

ethics scenarios for new

position.

▪ Perform background

checks on employees

under consideration for

promotion to higher

levels of authority or

given increased access

to assets or data.


Due Diligence in Third-Party Relationships

▪ Many violations arise due to negligence on the

part of third-party agents, such as contractors,

vendors, or suppliers, rather than due to

internal misconduct.



▪ Review government watch lists.

▪ Review corporate registry records.

▪ Search PEP databases.

▪ Verify the third party’s key employees.

▪ Search the third party’s corporate records.

▪ Verify the third party’s insurance.

▪ Verify any professional licenses.

▪ Confirm the third party’s physical addresses.


▪ Perform site visits.

▪ Evaluate the reputation of the third party.

▪ Conduct a media analysis.

▪ Interview the third party’s employees.

▪ Review the entity’s policies and procedures.

▪ Review the third party’s financial data and

banking information.



Using Third-Party Questionnaires

Company profile and strategy

Owners’ or stakeholders’ names

Managers’ names

Number of employees

Bankers’ and lawyers’ names and contact information

Years in existence

Similar projects completed by the entity

Information about the entity’s customers

Any involvement with government officials

Any security or privacy audits performed internally


Assessing the Third Party’s

Commitment to Compliance and Ethics

▪ Require the third party to have its own effective

compliance and ethics program.

▪ Obtain and review the third party’s code of

conduct and other policies.

▪ Provide a copy of the organization’s code of

business ethics and conduct, and require the

third party’s agents to sign off on it.

▪ Ask if the third party has an internal audit

department and what types of audits it

undergoes.


Assessing the Third Party’s

Commitment to Compliance and Ethics

▪ Include a clause related to compliance and

ethics in contracts with the third party.

▪ Include in contracts the requirement for the third

party to report any misconduct that occurs in any

work performed.

▪ Provide information on how to report suspected

misconduct.

▪ Inform third parties that they will be liable for any

unethical activity on their end.


Third-Party Due Diligence Red Flags

Operations in a region with a

history of corruption

Inadequate financial

resources

Lack of qualifications or

experience

Lack of transparency in

accounting records

Poor record of performance

Decentralized operations

Recommendation by a government

official

Reputation for dishonesty

Refusal to certify compliance with anti-corruption

laws

Personal or business ties to a

foreign official

Involvement in prior complaints or legal actions

History of fraudulent conduct

Undisclosed outside business

interests

Family ties with an employee of the purchasing

entity

Business model that does not make sense


Due Diligence in Mergers and Acquisitions

▪ M&A transactions deal with the buying, selling,

dividing, and combining of different companies

and similar entities.

▪ An acquiring company can limit its liability by

conducting M&A due diligence, rectifying any

identified issues, and implementing compliance

programs.



▪ Conduct a risk assessment.

▪ Review the target company’s compliance and

ethics program.

▪ Assess the target company’s ethical culture.

▪ Review any past incidents and current risks.

▪ Conduct background checks on key executives.

▪ Conduct background checks on key employees.

▪ Interview key executives.

▪ Identify the target company’s jurisdictions.



▪ Review the target company’s business practices.

▪ Use data analytics to identify red flags.

▪ Review the target’s third-party agreements.

▪ Include compliance representations in the M&A

agreement.

▪ Monitor the target’s business activities until

merger or acquisition takes place.

▪ Take an appropriate response if risks or red

flags are identified.

Developing an Integrated Anti-Fraud, Compliance, and ...

Documents

Transcript of Developing an Integrated Anti-Fraud, Compliance, and ...