Fraud in Hard Times

Many of the measures a company should take to prevent fraud in tough times should already be in place.

The incidence of fraud or, more broadly, noncompliance increases during times of economic stress for many reasons. Individuals under duress are more likely to do things they would not do during normal times, from outright theft of company assets—such as cash, fixed assets, and intellectual property (IP)—to fraudulent acts to enhance job security. Disgruntled ex-employees may seek revenge. Distributors and vendors are more likely to seek unfair advantage to boost their businesses and may conspire with procurement or sales departments. Though such activities occur everywhere, one must be especially vigilant in China, for the reasons laid out below.

Fraud and noncompliance are also more likely to come to light in tough times. When business is good, companies tend to focus on revenue generation, and many types of fraud, especially those involving marketing, advertising, travel, entertainment, and procurement, are easy to conceal. During challenging times, management focuses more on the expense side of the income statement and on operations, uncovering fraud and noncompliance as a result. In addition, as people are laid off or transferred, day-to-day operational frauds that require the sustained attention of the fraudster are more likely to be exposed.

Motivations for fraud

Compliance officers and law enforcement say that crime requires three components: motive, opportunity, and self-rationalization, or the ability to convince oneself that the fraud is somehow legitimate or acceptable. In the case of fraud, motives often include greed, revenge, and pressure to hide poor performance, while opportunity depends on the victim. People under severe stress seem to find it easier to rationalize their misdeeds.

When times are good and people can satisfy their needs simply by following the rules, the vast majority do precisely that. But when times are difficult, and stresses build, normally rule-abiding people are tempted to stray. Individuals bent on preserving lavish lifestyles, or simply maintaining a decent standard of living for their families, are tempted to break the rules. Senior executives, motivated by altruistic urges to save the company and preserve jobs, may be tempted to cook the books, which can have serious financial, legal, and reputational consequences.

Forms of fraud

Fraud takes different forms depending on where in the business it occurs.

  • Sales and marketing  The simplest and most common instances of fraud are kickbacks or illegal commissions, parallel non-approved sales channels, and theft of customer information. On a grander scale, a company may inflate its sales by creating a separate “trading” business that books sales to shell companies established by connected parties. The enhanced performance of the company leads to increased financing (“additional” receivables, payables, and inventories have to be financed), some of which can be siphoned off. These actions defraud the company by falsely expanding it.
  • Procurement  In addition to theft of product and supplier information, supplier “commissions” paid to purchasing staff are the most common instances of fraud. These commissions can take the form of cash or, just as frequently, non-cash inducements. More enterprising fraudsters establish dummy companies that provide dummy products or services or buy real products and services through unnecessary agents, who are usually related to the procurement officer.
  • Product development and research and development  The greatest danger here is the theft of IP. Often it is not the IP itself that provides an advantage to a company but rather the speed with which IP can be converted to a marketable product or service. Being the first mover can be critical, especially in China. IP leakage can easily destroy this advantage.
  • Warehousing  Outright theft and sale of products are frequently the result of poor warehouse supervision.
  • Finance and accounting  Falsification of documentation, often to abet fraud elsewhere in the organization, tax fraud (especially related to value-added tax), and embezzlement may occur in this area.
  • Top executives  Because of the power they hold, senior executives are best situated to perpetrate the most damaging frauds, yet it is their very position that makes them resistant to monitoring and detection. To be effective, antifraud efforts, whether preventive or investigative, must also cover a company’s top officers.
  • Information technology (IT)  The “IT guys,” much like senior executives, form a society that can be difficult to penetrate and monitor because their skills differ from those used elsewhere in the company. Yet by virtue of their jobs they have access to almost every nook and cranny of the firm. As more IP and other confidential information is stored in digital format and communicated over the web, the risk of theft and leakage via the IT system grows.

Eight steps to avoid fraud

The second element of the fraud equation is opportunity. What should companies do to reduce the opportunities for fraud and noncompliance during stressful times? Interestingly, they are pretty much the same things companies should have been doing during normal times but were de-emphasized as everyone focused on booking revenue.

  • Make it clear that senior management takes compliance seriously  In kinship societies such as China, the patriarch (or in a modern company, the boss) sets the tone (see Bureaucrat vs. Kinship Societies). If the boss delegates something, it is perceived as being less important than issues he or she deals with directly. In bureaucratic societies such as the United States, people are used to seeing things delegated. When the boss delegates compliance to the “compliance guys,” Americans still tend to take compliance seriously. In China, when the boss delegates compliance to the “compliance guys,” Chinese employees may interpret this as “compliance isn’t very important to me” and act accordingly. The boss must take compliance seriously—and be seen doing so.
  • Encourage a small-company atmosphere within the organization’s China operations  No matter how large the organization is, department and group heads should be allowed to develop a personal management style that engenders loyalty. This style tends to rub many Westerners the wrong way, but it is important to gain the allegiance of Chinese employees. The challenge is to hire managers who excel at inspiring loyalty among employees but still deserve the trust of upper management in all respects. To gain the loyalty of Chinese employees, managers must take an interest in their co-workers’ personal lives and be knowledgeable and concerned about their families. They should organize recreational activities outside of work and recognize that, generally speaking, Chinese employees do not differentiate between work time and non-work time as clearly as most Westerners do.
  • Create a culture of compliance  It is not enough to translate the compliance manuals used at the head office into Chinese, hold seminars, and have Chinese employees sign a few forms. Compliance requires constant monitoring, communication, and reminders about its importance and the consequences of noncompliance. Activities such as role-playing, offsite exercises, and real-world examples of the damage wrought by poor IP protection can help employees understand its impact on their lives—in a worst case scenario, the company could go under and they could lose their jobs.
  • Correctly identify IP  Companies should define IP broadly to include not only the technical aspects of producing a given product or service but also privileged business information and trade secrets, such as vendor and customer lists, the loss of which can be seriously damaging.
  • Protect IP, even internally  In the West, it is generally accepted that the sharing of information within an organization contributes greatly to innovation. Indeed, many companies point to this openness as key to their innovative corporate cultures. But the success of openness rests firmly on an assumption of employee loyalty to the company. In China, creating a sense of loyalty to the company is often a challenge. Companies must therefore radically rethink how they treat their IP when they bring it to China. Though erecting barriers and safeguards goes against the grain of innovative corporate cultures, many companies are gradually realizing that such measures are necessary.
  • Conduct due diligence on new hires  The more access new hires will have to proprietary information, the more detailed the due diligence should be. Companies should establish a background screening program with different levels of due diligence for different types of employees.
  • Review employment contracts  It is especially important to ensure that noncompete and confidentiality terms meet corporate requirements and conform to PRC law. Companies should review these regularly and whenever there is a substantive change in the controlling law.
  • Establish a corporation-wide whistle-blower program and take it seriously  According to an Association of Certified Fraud Examiners (ACFE) report, tips from internal and external sources are the most important source of information regarding noncompliance. Whistle-blower programs, however, are a double-edged sword. On one hand, they are excellent for ferreting out misconduct deep within the organization. On the other hand, employees sometimes take advantage of them to make anonymous accusations and advance personal agendas. Therefore, the first step in any instance of whistle-blowing is to determine the credibility of the charges. Only then can the investigation move on to the accusations themselves. Because of the sensitivity of accusations made by whistle-blowers, objective outside investigators are often brought in to evaluate the evidence.

When preventive measures fail

Companies can take the steps above to discourage fraud and other instances of noncompliance. But if, despite taking such measures, a firm believes that one or more of its employees may have engaged in fraudulent behavior, it should consider hiring a third party to investigate and uncover the facts. A company’s internal audit function will rarely discover fraud and is not the appropriate place to conduct a fraud investigation. According to the same ACFE report, internal audits uncover fewer than 20 percent of instances of noncompliance. Furthermore, auditors generally are not trained to investigate specific allegations of fraud. Specialized risk consulting firms have experts in preventing, detecting, and investigating fraud. These specialists come from a wide variety of backgrounds, such as law enforcement, investigative journalism, forensic computing, legal services, forensic accounting, and financial services. They bring a multidisciplinary approach to the task of addressing fraud and other noncompliance issues.

One final word of advice—once a case of suspected fraud has been confirmed, “killing a chicken to frighten the monkeys” can help deter other would-be fraudsters. Companies should not be afraid to make an example of someone who has been caught cheating the company.

[box]

Planning for Layoffs and Closings

The recent economic downturn has forced many firms to reevaluate and adjust their global businesses and, in some cases, has led to a decision to lay off Chinese workers or close down entire plants in China. Companies considering such moves must think through and implement a security plan for the anticipated action. China has a legal process for closing down operations, and companies must adhere to it. In addition, they should develop a political strategy to go along with the legal strategy. This involves calling on authorities in the locale of the operation to be closed to explain the rationale for the closing and attempt to elicit their understanding. If the legal and political components of the strategy are carried out correctly and with sensitivity, the risk of fraud, noncompliance, and other security breaches should be much reduced.

Frank Hawke[/box]

[box]

Bureaucratic vs. Kinship Societies: Implications for Loyalty to the Company

Sociologists have long differentiated between two types of society. Bureaucratic societies have developed institutional structures outside the traditional family or lineage through which society transacts its business. These structures include rule of law (the law itself, honest institutions such as courts and police required for the law to function effectively, and a legal culture of compliance), bureaucracy, political institutions, and civil society. In these societies, trust is derived from adherence to a set of commonly accepted rules and faith in the impersonal institutions established to enforce those rules.

In kinship societies, transactions remain largely focused on the family, clan, or lineage, and non-kinship-related institutions play a smaller role in transacting society’s business. In these societies, trust is derived from one’s position in a kinship group, and the fear of being ostracized from that group for violating its trust keeps most people honest. The rules of membership in a kinship group can evolve over time. What remains unchanged is the preeminence of the relationships among group members over relationships between group members and people outside it. Most societies can be arrayed along a continuum with one of these two types at either end. The United States lies near the bureaucratic end of the continuum, while China lies near the kinship end.

For a US businessperson attempting to establish or operate a business in China, what does that mean when it comes to developing a culture of compliance? The answer is simple: In a kinship society such as China, where people generally tend to trust, and be loyal to, only people within their group, it is generally more difficult than in the West to develop loyalty to an impersonal corporate entity.

In a survey that was administered to large groups of US and Chinese university students, respondents were given five choices of how to handle a situation in which they discover that their good friend and colleague has embezzled corporate funds to pay for his ailing mother’s medical bills. The choices ranged from “do nothing” to “immediately report the situation to my supervisor.” Chinese respondents overwhelmingly (70-80 percent) chose the response wherein the embezzler returns the money but the company is not informed of the breach. Though a fair number of American students made the same choice (40-45 percent), an equal number chose a response wherein the money is returned and the company is informed that it has a major problem. In other words, to the vast majority of Chinese, the personal relationship easily trumped the corporate relationship, while Americans tended to balance the two more evenly.

This case features an instance of out-and-out fraud (the theft of the money) followed by a more nuanced case of noncompliance (making sure the money is returned but not informing the company). The theft itself would be considered wrong in virtually any culture, but the decision to inform the company is much less clear-cut. The compliance officer must be concerned with both. If companies want to ensure compliance, they must understand what makes people tick and adjust their approaches accordingly to achieve the desired results.

Frank Hawke[/box]

[author]Frank Hawke is senior advisor, Greater China, Consulting Services Group, Kroll, in Beijing.[/author]