Fraud-Related Compliance

Fraud-Related Compliance Areas of Compliance, Part 1: FCPA, SOX, PCAOB, Dodd-Frank 2015 Association of Certified Fraud Examiners, Inc.

Foreign Corrupt Practices Act (FCPA) Enacted to prohibit corrupt payments to foreign officials and political organizations Enforced by the Department of Justice (DOJ) and the Securities Exchange Commission (SEC) Two principle components of the FCPA Anti-bribery provisions Accounting provisions 2015 Association of Certified Fraud Examiners, Inc. 2 of 27

FCPA Anti-Bribery Provisions Provisions make it illegal to bribe foreign government officials to obtain or retain business. Violations can result in fines and imprisonment. 2015 Association of Certified Fraud Examiners, Inc. 3 of 27

Elements of an FCPA Bribery Violation A regulated party Makes a payment or offer To a foreign official or political organization With a corrupt motive For the purpose of influencing an official The payment relates to a specific business purpose 2015 Association of Certified Fraud Examiners, Inc. 4 of 27

FCPA Regulated Parties Issuer corporations, including foreign entities, that must file reports under the Exchange Act (publicly traded companies) Domestic concern includes U.S. citizens, nationals, residents, and businesses organized in or with their principal place of business in the United States Foreign nationals/businesses that take any act in furtherance of a corrupt payment in the United States 2015 Association of Certified Fraud Examiners, Inc. 5 of 27

FCPA Payment or Offer to a Foreign Official Payments and offers include anything of value. Foreign official any officer or employee of a foreign government or public international organization Includes executives and elected officials May include managers of state-owned institutions 2015 Association of Certified Fraud Examiners, Inc. 6 of 27

FCPA Corrupt Intent The person authorizing the payment must have corrupt intent. Constructive knowledge or willful blindness satisfies this element. 2015 Association of Certified Fraud Examiners, Inc. 7 of 27

FCPA Purpose For the purpose of influencing an official The payment s purpose must be to influence an official s actions, decisions, or lack thereof that violate the official s duties. Business purpose Includes payments to obtain/retain business, gain special treatment under the law, or to obtain permits/licenses. 2015 Association of Certified Fraud Examiners, Inc. 8 of 27

Exceptions/Defenses to FCPA Routine governmental actions (grease payments) Focus on the underlying purpose of the payment. Higher payment(s) will draw regulator s attention. Affirmative defenses It is lawful payment in the foreign country (most bribes are not lawful anywhere). Payment was reasonable and bona fide expenditure related to product promotion or performance of contract. 2015 Association of Certified Fraud Examiners, Inc. 9 of 27

FCPA Accounting Provisions Apply to publicly traded companies and subsidiaries Recordkeeping Internal controls Penalties for entities Civil: up to $500,000 Criminal: up to $25 million 2015 Association of Certified Fraud Examiners, Inc. 10 of 27

FCPA Recordkeeping Provision Rule 13b2-1 unlawful to falsify any book, record, or account Rule 13b2-2 unlawful to supply false information to auditors Even if records are quantitatively correct, they must not fail to specify qualitative aspects that reveal the true purpose of a payment (e.g., mischaracterizing a grease payment). 2015 Association of Certified Fraud Examiners, Inc. 11 of 27

FCPA Internal Controls Provision Internal control provisions written to prevent unauthorized or unrecorded transactions Companies must: Maintain robust compliance policies. Take reasonable action to ensure affiliate compliance. 2015 Association of Certified Fraud Examiners, Inc. 12 of 27

FCPA Internal Controls Provision Factors considered by SEC to evaluate internal controls: Role of board of directors Communication of policies and procedures Assignment of authority Competence and integrity of personnel Accountability for compliance Objectivity and effectiveness of internal audit function 2015 Association of Certified Fraud Examiners, Inc. 13 of 27

Other FCPA Considerations Certain factors make a business more vulnerable to FCPA regulatory actions. High-risk industries: pharmaceuticals, mining, telecommunications, energy, infrastructure High-risk locations: country s Corruption Perception Index (CPI) High-risk activities: gift-giving, which is allowed modestly in some situations 2015 Association of Certified Fraud Examiners, Inc. 14 of 27

FCPA Guidance SEC and DOJ Guidance on FCPA compliance: Anti-corruption policy from the top Policies and procedures Oversight, autonomy, and resources Risk assessment Training and continuing advice 2015 Association of Certified Fraud Examiners, Inc. 15 of 27

FCPA Guidance SEC and DOJ Guidance on FCPA compliance: Incentives and disciplinary measures Third-party due diligence Confidential reporting and internal investigation Periodic testing and review of program 2015 Association of Certified Fraud Examiners, Inc. 16 of 27

2014 Corruption Perception Index 2015 Association of Certified Fraud Examiners, Inc. 17 of 27

Sarbanes-Oxley Act (SOX) Legislative response to accounting scandals (WorldCom, Enron) Sweeping legislation, affecting many industries Fraud-related rules on corporate governance, reporting, and accounting 2015 Association of Certified Fraud Examiners, Inc. 18 of 27

SOX Audit Committee Provisions Audit committee s fraud prevention duties Outside audits Internal reporting mechanisms Establishing procedures for receiving anonymous complaints Under Section 204, outside auditors must report to the audit committee Critical accounting policies and practices used Report GAAP alternatives and the auditor s suggestions 2015 Association of Certified Fraud Examiners, Inc. 19 of 27

SOX Audit Committee Provisions Composition of the audit committee Every member must be on the board of directors. Public companies must report whether or not at least one audit committee member is a financial expert, and, if not, explain why. Committee must have sufficient authority and resources to carry out duties. 2015 Association of Certified Fraud Examiners, Inc. 20 of 27

SOX Management s Responsibility for Internal Controls Section 404 Annual internal control report States management s responsibility for controls Contains assessment of internal controls over financial reporting (ICOFR) This requirement no longer applies to companies with market capitalization below $75 million. 2015 Association of Certified Fraud Examiners, Inc. 21 of 27

SOX Code of Ethics for Management Effective compliance program requires an ethical tone at the top. Under SOX, companies must have a code of ethics for senior financial officers. Public companies must disclose whether they have adopted such a code of ethics. They must make an immediate disclosure if there is a change in the code or waiver for a financial officer. 2015 Association of Certified Fraud Examiners, Inc. 22 of 27

SOX Certification Requirements Publicly traded companies file annual and quarterly reports with the SEC. CEOs and CFOs must personally approve (certify) these reports. Two categories of certifications Section 906 (criminal certifications) Section 302 (civil certifications) 2015 Association of Certified Fraud Examiners, Inc. 23 of 27

SOX Criminal Certification All periodic filings with the SEC must be accompanied by CEO/CFO certification. States that the report fairly presents, in all material respects, the financial condition of the company Accurately states the results of the company s operations Violations of Section 902 may result in criminal penalties of up to $1 million and up to 10 years imprisonment. 2015 Association of Certified Fraud Examiners, Inc. 24 of 27

SOX Civil Certification CEOs and CFOs must certify that: 1. They have personally reviewed the report. 2. To their knowledge, the report contains no material misstatements. 3. The report presents, in all material respects, the company s financial condition, results of operation, and cash flow. 2015 Association of Certified Fraud Examiners, Inc. 25 of 27

SOX Civil Certification CEOs and CFOs must certify that: 4. They have designed and evaluated the effectiveness of controls. 5. They have disclosed weaknesses of controls to auditors. 6. They have reported any significant changes in internal controls. 2015 Association of Certified Fraud Examiners, Inc. 26 of 27

SOX Whistleblower Protection Section 801 mechanisms for receiving complaints about accounting/auditing methods Section 806 civil liability for retaliation against fraud whistleblowers Section 1107 criminal liability for retaliation against whistleblower of federal offense (covers all individuals, not just publicly traded companies) 2015 Association of Certified Fraud Examiners, Inc. 27 of 27

Public Company Accounting Oversight Board (PCAOB) PCAOB was created under SOX to oversee auditors of public companies. PCAOB rules provide further regulations and guidance for auditors (rules subject to approval by the SEC). 2015 Association of Certified Fraud Examiners, Inc. 28 of 27

PCAOB Auditing Rules Auditing Standard No. 5 governs audits of ICOFR. It requires specific evaluations of controls: Over significant, unusual transactions Over journal entries and adjustments made during the end of the reporting process Over related-party transactions Related to significant management estimates That mitigate motivations for management to engage in fraud 2015 Association of Certified Fraud Examiners, Inc. 29 of 27

Dodd-Frank Wall Street Reform and Consumer Protection Act Passed in response to the economic crisis beginning in 2007 Major reform for financial services industry Many of its provisions remain untested, making updates to compliance programs essential. 2015 Association of Certified Fraud Examiners, Inc. 30 of 27

Dodd-Frank Whistleblower Provisions In addition to SOX whistleblower protections, Dodd-Frank offers whistleblower incentives. Whistleblowers are entitled to a portion of a successful recovery against violators. Includes violations of the Exchange Act and the FCPA Must be original information Penalty must be at least $1 million 10 30 percent of the recovery (based on helpfulness) 2015 Association of Certified Fraud Examiners, Inc. 31 of 27

Dodd-Frank Whistleblower Provisions Internal reporting Many whistleblower laws require internal reporting. Dodd-Frank allows whistleblowers to go straight to the SEC with information, bypassing the employer. However, the whistleblower may report the fraud to the SEC within 120 days of reporting to employer and still be entitled to the reward. 2015 Association of Certified Fraud Examiners, Inc. 32 of 27

Dodd-Frank Lending Provisions Lenders must take steps to ensure borrower s ability to repay before issuing a loan. If the failure of a nonbank entity would risk national financial stability, it will be regulated by the Federal Reserve. It allows consumers free access to their credit scores if it is used to negatively affect them in a financial transaction or hiring decision. 2015 Association of Certified Fraud Examiners, Inc. 33 of 27

Discussion Questions Suppose that a company contacts you, requesting that you assist it in designing a compliance policy. All you know so far is that the company is a large multinational operation with its headquarters in the United States. 2015 Association of Certified Fraud Examiners, Inc. 34 of 27

Discussion Question #1 Regarding Foreign Corrupt Practices Act compliance: What kind of questions do you need to ask to begin designing the policy? What content do you need to include in the policy? What will the company need to do to remain in compliance once the policy is created? Do you have any ideas as to how the company can enforce the policy? 2015 Association of Certified Fraud Examiners, Inc. 35 of 27

Discussion Question #2 Regarding Sarbanes-Oxley Act compliance: List a few preliminary questions you need to ask to help design the policy. What are some procedures that need to be included in the policy? After implementing the procedures you came up with, what does the company need to do to remain in compliance once the policies are created? How should the company enforce these policies? 2015 Association of Certified Fraud Examiners, Inc. 36 of 27

Discussion Question #3 What would you recommend the company do to encourage employees to report matters internally before reporting to government investigators first? 2015 Association of Certified Fraud Examiners, Inc. 37 of 27