As if things werenÆt risky enough

Sharon McCarthy from risk consulting firm Kroll suggests that, in troubled times, it's not only market risk that companies need to be vigilant about.
When times are good and the money is rolling in, banks can be lax about scrutinising their operations. When the profits turn into losses, banks become more introspective, and a whole can of non-compliance worms spills out, says Sharon McCarthy, Hong Kong-based associate managing director at risk consulting company Kroll.

One of the things that can emerge is fraudulent activities. In a recent report, McCarthy shares examples of recent cases she has seen. After the hasty acquisition of a failed financial institution, one party in the transaction discovered that a $7 million loan for an emerging market project had in fact only required $5 million, with the remaining $2 billion going into the pockets of some unscrupulous bankers. In another case, the senior management of a bank aggressively wrote down the value of its structured debt before it filed for bankruptcy. Soon afterwards, the liquidator received a strong offer from a 'newly established' hedge fund to buy the debt.

McCarthy talks about the issues currently worrying financial institutions, including fraud.

How has the current crisis affected the level of risk relating to fraud and other non-compliance issues?

I don't think the risk has increased, but it has uncovered fraud and bad practice. When companies are facing billion-dollar losses, sloppy procedures are noticed an awful lot more and people ask ôhow did the deal go wrong?ö What we're finding is that, in parts of the process, compliance was not as stringent as it should have been. We're also seeing situations where contractual agreements aren't as robust as they could have been.

Have you been getting more inquiries recently from companies that suspect something might have gone wrong?

We've been getting more inquiries from financial institutions, and itÆs because they're facing huge losses. Most of our calls at the moment come from law firms who have a client that is in a large contractual arrangement with counterparties and they need to understand whether or not these companies will meet their contractual obligations or if they will be able to pay their accounts receivable. These are asset searches, financial worth and litigation support cases.

Do you think that companies sometimes put due diligence on the back seat in bullish markets?

I think that before August last year, some deals were rushed û there were so many deals out there, firms didn't want the competition getting them. And I think they were just churning things out. It became like a production line.

Institutions were conducting ætick in the boxÆ due diligence: they were getting material, but not clearing/comprehending it or assessing the risks properly. The fallout of the rush is that companies have made huge losses and perhaps if they had taken more time at the front end, they would have not found themselves in the situation they are in now, where they are looking at suing parties or writing off the losses.

How would you describe the risks of fraud that a company might face?

Fraud can happen in many ways, for a host of reasons and any amount of money. It can be someone in the accounts department pilfering from petty cash to investment bankers who structure a deal which has a conflict of interest, such as they partly own the company involved. So there are a lot of risks there.

The three components of a fraud are opportunity, motive, and rationalisation. Opportunity û where there is a system weakness or gap. Motive û perhaps the perpetrator has a gambling habit, mental problem, drug problem, large debt through a divorce or financial market losses. Rationalisation û this is the factor the perpetrator uses to justify the fraud: ômy pay is inadequateö, ômy boss makes me work too hardö, ôthe company makes a lot of money and won't miss itö, ôthe system was open to a breech û the money was there for the takingö or ôIÆll pay it backö.

Given that the opportunity is there in a bank, you just have to add in the two other factors and you've got ground ripe for fraud.

With regards to warning signs, what kind of things should management be looking for?

It depends on the kind of fraud. You often hear people say that you better watch out for the person who comes in earliest and leaves last, because heÆs toiling away at his own scheme. That theory can be applied, but the person in question could also just be hard-working.

I'm a big believer that if an organisation receives a whistle blower letter they should take it seriously. I've seen it time and time again, organisations [getting a letter] and saying that this is not possible. I've been an investigator for 22 years and every whistle blower situation I've dealt with, there's always an element of truth to the allegations. There's a reason people send these and it's rarely pure revenge against an individual or a company.

Another problem area is the lack of understanding of how departments work within an organisation. If I managed the accounts department and I didn't know every step of its processes, thatÆs a problem. If a general manager sits down with his section heads, he should be able to ask each of them: ôWhat does your section do, and how exactly does it get executed?ö A big concern to me as a manager would be if any of my section heads didn't know how things work in their area. I think the devil is in the detail û if they don't understand the system and its weaknesses, that's a situation where fraud could occur.

Another potential area for fraud is where there is no segregation of duties û where one person has the ability to influence every part of a process. I had one case where an accountant had full access to SAP and was able to create a vendor, approve a vendor, create a requisition order, input an invoice, approve an invoice and, to make matters worse, was also responsible for the system audit. Unfortunately the individual had manic depressive disorder and created false vendors and invoices then paid the money into her own account. Her rationalisation was that she had planned to pay everything back.

Do you sometimes get the feeling companies think that fraud could never happen to them?

Definitely. Financial institutions are interesting because they expect to be the victim of fraud. Of all the industries we work with, they are probably the one that know the risks of the industry they operate in. What I see though, is companies that go into a joint venture or make an acquisition, these guys don't think they're going to be made a victim by their partner because they have a personal connection with the people who run the business. But they don't know really know them. It becomes this complacent situation where people think they'll never be a victim.
¬ Haymarket Media Limited. All rights reserved.
Share our publication on social media
Share our publication on social media