© 2015 Association of Certified Fraud Examiners, Inc.
Fraud-Related Compliance
R. A. (Andy) Wilson, CFE, CPP
VP Fraud & Compliance
Sedgwick Claims Management Services, Inc.
Introduction: Why Compliance Is Essential
© 2015 Association of Certified Fraud Examiners, Inc. 2 of 27
Compliance Defined
A program or a set of policies in an organization
designed to ensure compliance with laws and
regulations on a variety of issues
© 2015 Association of Certified Fraud Examiners, Inc. 3 of 27
Evolution of Compliance Field
Relatively new field
• Mid-20th century: Civil Rights Act, OSHA, and other
laws targeting businesses
• Early 1990s: Federal Sentencing Guidelines for
Organizations
• Early 2000s: Corporate scandals and resulting
regulations
© 2015 Association of Certified Fraud Examiners, Inc. 4 of 27
Evolution of Compliance Field
Growing focus on formal compliance efforts
• Compliance efforts being moved out of the legal
department and into dedicated ethics and compliance
functions
• The rise of the corporate Ethics and Compliance
Officer
• Professional associations, training, and guidance
specifically for ethics and compliance professionals
© 2015 Association of Certified Fraud Examiners, Inc. 5 of 27
The Cost of Fraud—
2014 Report to the Nations
The typical organization loses 5 percent of
annual revenue to fraud.
Anti-fraud controls appear to help reduce the
cost and duration of fraud schemes.
Small organizations are particularly vulnerable
to occupational fraud.
© 2015 Association of Certified Fraud Examiners, Inc. 6 of 27
The Cost of Fraud—
2014 Report to the Nations
In organizations that had fraud hotlines, 51
percent of frauds were detected by tips, while in
organizations without hotlines, only 33 percent
of cases were detected by tips.
Internal controls alone are insufficient to fully
prevent occupational fraud.
© 2015 Association of Certified Fraud Examiners, Inc. 7 of 27
2014 Report to the Nations
© 2015 Association of Certified Fraud Examiners, Inc. 8 of 27
2014 Report to the Nations
© 2015 Association of Certified Fraud Examiners, Inc. 9 of 27
Federal Sentencing Guidelines
for Organizations
A formula for federal
courts to determine
fines/punishments for
organizations that
violate the law
The purpose: to
promote consistent
penalties for violators
© 2015 Association of Certified Fraud Examiners, Inc. 10 of 27
Federal Sentencing Guidelines
for Organizations
For sentencing, the guidelines suggest the court
should consider the defendant’s compliance
program.
Effective compliance program is defined as one
that is reasonably designed, implemented, and
enforced so that it generally will be effective in
preventing and detecting criminal conduct.
© 2015 Association of Certified Fraud Examiners, Inc. 11 of 27
Why Are the Guidelines Important?
Even where liability cannot be avoided, the
presence of a compliance program may
mitigate or avoid penalties.
Organization’s culpability is a measure of its
actions taken that either mitigated or
aggravated the situation.
Minimum sentencing can be reduced by as
much as 95 percent or increased by up to 400
percent.
© 2015 Association of Certified Fraud Examiners, Inc. 12 of 27
Why Are the Guidelines Important?
In 2009, Pfizer made a $2.3 billion settlement.
DOJ found that Pfizer acted with indifference to
the laws in place.
Largest fraud-related fine from DOJ:
GlaxoSmithKline paid $3 billion settlement for
fraudulent promotion of prescription drugs and
hiding safety data.
© 2015 Association of Certified Fraud Examiners, Inc. 13 of 27
Why Are the Guidelines Important?
Eli Lilly, for defrauding the government: $1.4 billion
qui tam settlement in 2009
Siemens, for FCPA violations: $800 million
settlement in 2008
KBR/Halliburton, for FCPA violations: $580 million
settlement in 2009
LG, for antitrust violations: $400 million settlement
in 2011
SAIC, for defrauding NYC government: $500 million
settlement in 2012
© 2015 Association of Certified Fraud Examiners, Inc. 14 of 27
Are the Guidelines Mandatory?
In 2005, the U.S.
Supreme Court ruled that
the guidelines are
advisory, rather than
mandatory.
While not binding, courts
continue to use the
guidelines when
determining sentences.
© 2015 Association of Certified Fraud Examiners, Inc. 15 of 27
Elements of an Effective
Compliance Program
1. Establishing standards and procedures
2. Assigning responsibility
3. Due diligence in hiring
4. Communicating the policy
5. Achieving compliance
6. Disciplinary action
7. Appropriate responses
© 2015 Association of Certified Fraud Examiners, Inc. 16 of 27
Elements of a Compliance Program
Establish standards
and procedures.
• Design them to be
reasonably capable of
preventing fraud.
• Have an ethics policy.
© 2015 Association of Certified Fraud Examiners, Inc. 17 of 27
Elements of a Compliance Program
Assign responsibility to governing authority.
• Governing authority includes directors, officers, major
business managers, and individuals with substantial
ownership interests.
• Consider placing compliance program under control
of audit committee.
• Audit committee overseen by high-level personnel.
© 2015 Association of Certified Fraud Examiners, Inc. 18 of 27
Elements of a Compliance Program
Conduct due diligence in hiring/contracting.
• Make reasonable efforts to keep people who the
organization knew or should have known committed
illegal acts out of positions with substantial authority.
• Substantial authority personnel includes supervisors
(e.g., plant and sales managers) who are authorized
to exercise significant discretion.
• Screen applicants, run background checks, and
monitor current employee performance.
© 2015 Association of Certified Fraud Examiners, Inc. 19 of 27
Elements of a Compliance Program
Communicate the compliance policy.
• To anyone who can bind the organization
• Directors and officers
• Managers and supervisors
• Low-level employees and independent contractors
Include ethics policy, as well as what kinds of
acts and omissions are prohibited by law.
Train new employees.
Provide ongoing training for current employees.
© 2015 Association of Certified Fraud Examiners, Inc. 20 of 27
Elements of a Compliance Program
Take steps to achieve compliance.
• Audit and periodically evaluate program
effectiveness.
• Implement a reporting system (e.g., fraud hotline).
Disciplinary action
• Enforce compliance to assure employees that
violations will be punished.
• Determine range of punishment for various offenses.
• Probation, suspension, or demotion
• Termination
• Referral for criminal prosecution or civil action
© 2015 Association of Certified Fraud Examiners, Inc. 21 of 27
Elements of a Compliance Program
1. Correct the offense.
• Make restitution to victims.
• Self-report criminal conduct.
• Cooperate with authorities.
2. Prevent similar offenses.
• Modify compliance program.
• Identify and remediate internal control weaknesses.
• Conduct periodic risk assessments.
• Consider use of outside professional advisor.
Appropriate responses
© 2015 Association of Certified Fraud Examiners, Inc. 22 of 27
COMPONENTS COSO INTERNAL CONTROL—
INTEGRATED FRAMEWORK
SENTENCING GUIDELINES
Control
Environment
Ethical tone at the top
Organizational structure, including
key areas of authority and reporting
lines
Policies—both formal and
informal—to reward ethical conduct
and punish unethical actions
Mechanism and support for
employee reporting
HR policies to ensure hiring and
promotion of those who
demonstrate integrity
Consistent and appropriate
discipline
Code of conduct
Promote a culture that encourages ethical
conduct and compliance
Knowledgeable governing authority with
reasonable oversight
High-level personnel assigned overall
responsibility for the program
Incentives to promote proper conduct and
discourage improper conduct
Reporting mechanisms for employees and
agents
Prohibit retaliation against those who make
good faith reports of suspected violations
Due diligence to avoid delegation of authority
to those with criminal tendencies
Consistent and appropriate discipline
Risk
Assessment
Identification and analysis of risks
related to operations, financial
reporting, and compliance
A strategy to manage risks
Tailoring ethics and compliance
programs to specifics of
organization
Develop compliance standards and
procedures using risk assessment
Periodic assessments of compliance and
ethics risk
Incentives to maintain internal controls
Identification of industry-specific compliance
risks
© 2015 Association of Certified Fraud Examiners, Inc. 23 of 27
COMPONENTS COSO INTERNAL CONTROL—
INTEGRATED FRAMEWORK
SENTENCING GUIDELINES
Control
Activities
Policies and procedures to help
ensure that management’s
directives are followed
Activities to ensure fraud risks are
addressed
Standards and procedures capable of reducing
the prospect of criminal conduct
Determination of modifications needed to
prevent future problems
Information and
Communication
Methods used to identify, capture,
classify, and report pertinent
information in an appropriate
format and time frame
Communication of roles and
responsibilities pertaining to
internal control
Effective communication of standards and
procedures to all employees and other agents
Required participation in compliance and ethics
training programs
Compliance and ethics training and
communications that are ongoing, updated, and
appropriate to each group of employees
Monitoring Ongoing assessment of the
internal control system
Actions to correct and remediate
any deficiencies
Use of monitoring and auditing systems
designed to detect criminal conduct
Periodic evaluation of program effectiveness
After discovering misconduct, taking reasonable
steps to remedy the harm caused (e.g., provide
restitution to victims, and self-reporting and
cooperation with authorities)
Responding to identified offenses by assessing
the compliance program and making necessary
modifications to prevent future problems
© 2015 Association of Certified Fraud Examiners, Inc. 24 of 27
Periodic Assessment: Freescale Model
Present formal annual program review to Audit
and Legal Committee.
Explain new policies established since last
program review.
Discuss one-on-one meetings between CCO
and senior leaders regarding tone at the top
and tone at the middle.
© 2015 Association of Certified Fraud Examiners, Inc. 25 of 27
Periodic Assessment: Freescale Model
Report on:
• Background check process for officers
• Content and effectiveness of employee training
• Investigations and disciplinary actions
• How the company may have responded to any
reported violations of law
• Periodic risk assessment training and updates on
completion of action items to address identified risks
© 2015 Association of Certified Fraud Examiners, Inc. 26 of 27
Periodic Assessment: List of Metrics
Total number of contacts rec’d from reporting
mechanisms
Total anonymous contacts
Total unsubstantiated contacts
Total employee terminations
Summary of discipline as a result of contact
Geographical distribution
Type of complaint (HR, ethics, legal violation)
How complaint was received
© 2015 Association of Certified Fraud Examiners, Inc. 27 of 27
Periodic Assessment: List of Metrics
Trend analysis of contacts
Cycle time to resolve contacts
Year-on-year comparison of all of the above
Employee ethics survey results
Year-on-year survey comparison
Training completions
© 2015 Association of Certified Fraud Examiners, Inc. 28 of 27
Importance of the Seven Elements
Adherence to the Guidelines is not required.
Then why are the seven elements important?
• Promotes a culture of ethical behavior
• Communicates organizational expectations and
commitment
• Prevents and identifies illegal and unethical behavior
• Limits liability and possibly avoids prosecution in
instances of wrongdoing
• Makes good business sense to minimize fraud
• Promotes a positive reputation
© 2015 Association of Certified Fraud Examiners, Inc. 29 of 27
Discussion Question #1
Establishing standards
• Do you think that the sample business conduct policy
meets the requirements?
• What, if any, standards or procedures would you add
to the policy?
© 2015 Association of Certified Fraud Examiners, Inc. 30 of 27
Discussion Question #2
Assigning responsibility
• Does the policy assign responsibility concerning the
content and operation of the policy, and, if so, to
whom?
• Would you add anyone to that list?
© 2015 Association of Certified Fraud Examiners, Inc. 31 of 27
Discussion Question #3
Due diligence in hiring and contracting
• Does the policy contain adequate measures to meet
the expectations of due diligence in hiring? What
about due diligence in contracting?
• What kind of policies are necessary to create due
diligence in hiring? Due diligence in contracting?
© 2015 Association of Certified Fraud Examiners, Inc. 32 of 27
Discussion Question #4
Communicating the policy
• Who needs to receive the policy?
• How should the company communicate the policy to
each of these groups?
© 2015 Association of Certified Fraud Examiners, Inc. 33 of 27
Discussion Question #5
Achieving compliance
• What steps not currently in the policy would you take
to achieve compliance?
© 2015 Association of Certified Fraud Examiners, Inc. 34 of 27
Discussion Question #6
Disciplinary action
• Does the policy provide for a proper range of
punishment?
• What should the company do to ensure consistent
enforcement?
© 2015 Association of Certified Fraud Examiners, Inc. 35 of 27
Discussion Question #7
Appropriate response
• Does the policy provide for adequate procedures to
respond to and correct an offense?
• Does the policy contain provisions that would work to
prevent future violations from occurring? What would
you add?
Top Related