by Alex Movchan
2020 was a year full of unexpected and unknown, when countries and businesses had to deal with new risks and adjust their business strategies and operations to be successful in the new environment. But while leaders around the world were trying to find ways to keep businesses profitable and prevent people from losing their jobs, corrupt government officials and fraudsters were actively exploring new vulnerabilities and using those for their personal, illegal gain. In these circumstances, the work of risk management and fraud prevention professionals to secure their organisations became even more important than ever before.
The increased corruption and fraud risks are also outlined in a number of reports from reputable international organisations that were recently published. In Q1 2021, Transparency International has issued an updated “Corruption Perception Index” report for 2020, highlighting in the report that: “While most countries have made little to no progress in tackling corruption in almost a decade, more than two-thirds of countries score below 50. Our research shows corruption not only undermines the global health response to COVID-19, but also contributes to a continuing crisis of democracy.
Focusing on the region of my core expertise – Central and Eastern Europe – the fact that stands out straight away is the visible connection between the countries that have made the largest decline in CPI index points, and the number of corruption scandals that became well-known to the public during the last years in these countries.
Poland has reached its new minimum score since 2012, which might not come as a surprise given the latest scandals, the recent one involving a top official in a government owned Group of companies in the oil sector, and around a year before, another one involving the highest government agency in the financial sector. What is also worth mentioning is of course the case with political pressure that most probably was exercised over the Supreme Court of Justice that may significantly have undermined its independence.
On the other hand, in the business environment things are looking different – many international business groups have moved their operations to Poland due to various reasons, such as: cost effectiveness, Brexit and related changes in the regulatory environment, switching to Shared service model of its operations and benefiting from experienced, and well educated personnel continuing to be cost beneficial compared with professionals from Western Europe, US, etc. These changes brought about global best practices in doing business, as well as the highest standards in ethical and risk management performance to Poland.
“How could Poland make its way towards EU and global best practices, building on the success of the private sector? And what risk management and ethical practices used by the private sector might also help companies in the public sector to succeed in matching global standards of transparency?” – I’d like to address these questions to Joanna Grynfelder (Compliance Manager at the Polish Branch of CMC Markets Germany GmbH).
Joanna Grynfelder: ”A range of anti-corruption legislation covering the public and private sectors has been introduced in the last 20 years in Poland. The legal framework for combating corruption seems to be strong now, and a key priority for authorities. The compliance, risk management and ethical standards utilised by the private sector are gradually extending to the public sphere, the best example of which was implementing ‘guidelines for the development and implementation of effective compliance programs in the public sector’ and ‘anti- corruption guidelines for the public administration for common institutional solutions and rules of conduct for public officials and people belonging to the PTEF group’ issued by the Central Anti-Corruption Bureau.
New corporate governance rules for companies listed on the Warsaw Stock Exchange Main Market – ‘Best Practices of WSE Listed Companies 2021’ adopted in March 2021 is another set of corporate governance rules applicable to companies listed on the WSE Main Market, including these companies with the majority of treasury shareholdings. The new Best Practices reflect current trends and follow European regulations in the area of corporate governance, including transparency, risk management and compliance matters. All the new guidelines and regulations needs to be supported by education-wide activity and a ‘zero tolerance’ policy approach by prosecutors and responsible authorities.
By December 2021 public administration, including local government units, should implement the EU Whistleblower Protection Directive. As there are a number of sector-specific regulations in Poland providing for the obligations of business entities to introduce reporting channels for whistleblowers, this may be an impulse for the public sector to transfer and use solutions and organisational models already used and developed by the private sector.”
Of course, there are some EU countries that showed significant progress in fighting against corruption during the last years, and those were duly noticed in the CPI report.
Greece showed the greatest progress among any country in the EU, gaining around 30% of CPI points within the last decade. That’s indeed a breathtaking result! And I do believe that one of the most significant factors of this success is the knowledge and education of risk management and fraud prevention professionals in Greece, that is continuously growing year after year due to the proactive approach of ACFE Greece chapter, combined with effective anti-corruption reforms. A good example of those would be the creation and effective functioning of the National Transparency Authority in Greece that has a wide responsibility over a number of anti-corruption areas, such as doing audits of government organisations at various levels, overseeing procurement activities and tenders arranged by government agencies and state owned companies, reviewing data protection mechanisms inside government organisations, etc.
Indeed, to effectively prevent fraud and corruption, we need to understand it and learn from prior known cases. And the best source of such knowledge, in my opinion, would be the Report to the Nations on Occupational Fraud and Abuse, which are published on a bi-annual basis by the Association of Certified Fraud Examiners, and cover both global and regional landscapes. The regional version of this report on Eastern Europe was issued rather recently, in the first quarter of 2021. And I’d like to focus on some core facts and takeaways from those reports.
By analysing the report, we can clearly see that asset misappropriation and corruption are by far the most frequent problems in this region, which result in between USD 112k and USD 200k of a median loss per case accordingly.
So, what would be the most effective mechanisms to fight against fraud? Let’s analyse the most effective anti-fraud controls and how those helped the organisation to prevent fraud or to detect it as fast as possible to minimise its impact.
First of all, let’s acknowledge that most effective prevention and detection controls – are different ones. The top 3 prevention anti-fraud controls are:
- Management certification of Financial statements;
- Surprise audits;
- Hotline, Anti-fraud trainings for Management, and employees and Audits of internal controls.
Sharing my experience, I’d like to stress the attention on building the proper Control environment and, here, Hotline and Anti-fraud trainings would be of core importance; and also on creating the constant habit of being audited inside the organisation. The routine that your work is being checked by an independent, knowledgeable person builds the psychological habit of “doing the things right”. Of course, awarding and publicly encouraging colleagues that followed the best results in terms of implementing and performing of anti-fraud controls, would be the perfect “cherry on top of the cake” of best in class organisation in terms of risks management. This is supported by Skinner’s works on behavioural analysis, where it was proved that positive incentives in the long run work much better than any kind of punishment.
Speaking of the top 3 fraud detection controls, I’d like to highlight the following ones in particular:
- Job rotation and mandatory vacations;
- Dedicated fraud department \ team; and
- Fraud training for employees
Since tips are by far the most effective fraud detection method, we need to train our employees (and preferably also make the information available to customers and vendors) on where and how to report their suspicions regarding potential fraud.
Talking about Job rotation and mandatory vacations, those are directly linked to override of internal controls, being the core internal control weakness in accordance to the abovementioned Report to the Nations 2020 report. By rotating people, at least for a certain time period, one person does not have constant access to certain operations which makes it much harder for the person to hide his \ her fraudulent actions and results in fraud detection.
And last but not least, is the availability of a dedicated team of antifraud professionals. This team could be in-house or outsourced – both are fine – but what makes a big difference, is that this team is trained specifically in terms of fraud detection and the best case scenario if the team has Certified Fraud Examiners (CFEs) among its members. It is not enough to make accounting, controlling or legal team members responsible for the area of fraud prevention and\or detection. It is necessary to train those people accordingly for the organisation and its stakeholders to get real, not fake, assurance that organisations are indeed well covered from risks of fraud and corruption that might have a devastating impact on the organisation, especially in turbulent times, such as the COVID-19 pandemic.
To sum up, I do believe that there is a medicine against every disease. And while mankind is nowadays going through, probably, the largest and maybe toughest vaccination efforts in its history, organisations all over the world are going through one of the hardest periods of instability, when risks of fraud and\or corruption, being materialised, are simply killing the organisations, leaving thousands of people without means for leaving. And in this fight, properly designed and implemented internal controls, are the vaccines that prevent the virus of fraud and corruption from affecting the organisation. I do believe that sharing and promoting the ethical values of doing business and best practices in risk management and fraud prevention is of great importance, which have a major impact on organisations all around the world. Thus, I’d like to welcome you to implement those practices in your organisation, and to further share your success stories with the risk management and the anti-fraud professional community all over the world!
The author, Alex Movchan CIA CICA CFE is the President of the Institute for Internal Controls (Ukraine and Belarus chapter). He is also currently Head of Internal Controls in a global medical company. He is also a blogger for the English language website of the Risk & Compliance Platform Europe.