P rotivodeystvie corporate fraud becomes only one part of the national anti-corruption. Companies and corporations are no less vulnerable to it than the public service. The head of state instructs relevant departments and public organizations to monitor and identify how business is responding to the challenges of the time and what measures it takes to combat internal crimes committed by company employees, to counter fraud that can harm the interests of the company itself, society and the state.
Corporate fraud concept
The signs of corporate fraud are actions based on one or another corpus delicti. They should be aimed at causing harm to the interests of the commercial sector of the economy, subjects of business turnover, their shareholders and investors. Experts identify the main types of actions that can be qualified in this way:
- commercial corruption, bribery or bribery aimed at improperly presenting preferences to certain counterparties, reducing or raising prices;
- falsification of financial statements, the purpose of which is to mislead the company's management, shareholders and investors, organizers of public procurement tenders, tax and law enforcement agencies, and other regulators of certain sectors of the economy;
- all types of theft - from appropriation to theft;
- all types of fraud - from deception to breach of trust;
- misuse of assets, for example, renting them out at low prices or selling them on conditions that are unfavorable for the company;
- taking actions aimed at bringing the company to a controlled bankruptcy.
The subjects of corporate fraud are employees of various levels - from performers to top managers. In some cases, corporate fraud involves shareholders in the company who wish to harm the commercial interests of other shareholders.
In most cases, such crimes are committed in collusion with the security services and even law enforcement agencies. Anti-fraud should in such situations start at the level of the company's shareholders and special committees created within the board of directors.
Anti-corruption commitments of Russian companies and their implementation
Based on the logic of business responsibility to society, Russian companies undertake obligations to combat corporate fraud. Thus, in 2014-2015, the National Anti-Corruption Plan was adopted. Its implementation was attended by:
- commissioners for the protection of the rights of entrepreneurs at the regional and federal levels;
- Chambers of commerce and industry at all regional levels;
- the prosecutor's office;
- public organizations - "Support" and "Business Russia".
Based on the results of interaction and the implementation of measures to combat corporate fraud, a report was prepared and submitted to the Government of the Russian Federation for consideration.
Measures that companies can take to combat corporate fraud
Economic security specialists were able to develop a system of measures to counter corporate fraud. It was supported by the Federal Law of December 25, 2008 No. 273-FZ "On Combating Corruption", as well as existing Russian and international standards for combating corporate fraud.
All measures are divided into three standard groups: preventive measures; detection measures; response measures. The development and implementation of each of them are at different levels of the corporate hierarchy - from shareholders to the internal control system.
For effective work related to ensuring economic security, you need to start building your own system of counteraction with the development of a corporate structure that would exclude or complicate the work of fraudsters. The risk of fraud is significantly reduced if the organizational structure of the company includes:
- security services;
- internal audit services;
- internal control services.
The actions of all these divisions should be regulated, and any business transaction that is questionable, outside the authority of the authorities or ordinary economic activity, even without external signs of fraud, should be consistently and independently checked by these divisions.
Shareholders or the head of a company are far from always ready to actively introduce such a complication of the corporate structure and work regulations into practice. This can be expensive, hands may not reach this in the course of normal business activities, management may be afraid to increase the degree of suspicion in the team, which will interfere with the formation of team spirit and well-coordinated work. But, as a professional risk assessment shows, for every ruble of costs not invested in the formation of a system of preventive measures, there is a 10 ruble loss resulting from corporate fraud. The very fact of the formation of such a system not only contributes to the transparency of the company, and hence its capitalization, but also increases the degree of trust of counterparties in it.
If corporate fraud protection standards are disclosed, it will increase its value in mergers and acquisitions. The market will also know that every official and every employee of the company is involved in the fight against internal corruption.
Thus, after building a “structure in a fist”, efforts must be made to form standards and regulations to which every business operation must be subordinated. Among them:
- regulations for the prevention and identification of conflicts of interest, defining the procedure for actions in the course of their occurrence;
- development of the Code of Corporate Ethics and its implementation in the company, regular training of employees on the principles of its application;
- development of information security standards - from the establishment of a commercial secret regime to the adoption of regulations for the protection of information and personal data at all levels;
- optimization of document flow, implementation of electronic document flow programs, which will make it possible to establish the involvement of each person in the editing of any document;
- restriction of the regime of access to financial and accounting documents, electronic databases.
After the warning system has been built, it is necessary to implement a mechanism for detecting corporate fraud.
Fraud detection measures
Any control work that allows you to identify areas of risk of committing fraudulent actions or already committed offenses must be systematic. In some cases, it makes sense to carry out it with the involvement of law enforcement agencies.
It is extremely important to regularly, not only on our own, but also with the invitation of experts from the investigation and inquiry bodies or organizations working in the field of combating corporate fraud, to check the performance of internal documents (methods, regulations, orders). It is permissible to organize business games, knowingly committing an action, a transaction, information leakage, any act similar in signs to a fraudulent one, and to check whether, relying on internal methods, it was possible to identify its commission. If not, the documents should be revised taking into account the recommendations of the experts.
The most important part of detecting an offense is working with personnel. Not all companies are ready to use lie detector testing of employees in their work, but written testing with specially selected questions will be able to point out areas of risk. Periodic redistribution of personnel responsibilities and staff rotation will become important factors in increasing security.
It is also necessary to make extensive use of the capabilities of modern information perimeter control systems, DLP and SIEM systems, which, by signaling information security incidents, will help draw attention to individual employees who may be involved in corrupt transactions and develop recommendations to limit their ability to influence the company. generally.
Curiously, companies are not alone in dealing with information to prevent corporate fraud. For example, in the Volgograd Region, at the request of the prosecutor's office, a website was blocked, which posted information on how to safely carry out commercial bribery and how to evade responsibility.
Working in all areas, it should be borne in mind that corporate fraud can be initiated not only from within, but also from outside the company. It may be in the best interest of competitors to create one or more fraudulent incidents in order to undermine the organization's reputation, for example, prior to taking part in a key tender. It is possible to partially protect the company from fraud by an unscrupulous partner or from being involved in illegal frauds by introducing a system of counteracting them, including specialized mechanisms for selecting and monitoring partners, including:
- checking a new contractor through specialized databases and by security forces;
- request from the counterparty copies of the main documents of title;
- due diligence of partners (legal audit conducted in order to identify possible risks of a particular transaction);
- the use of so-called anti-corruption clauses in contracts.
This approximate set of measures should be closely linked with the determination of the objective need for a particular purchase or another transaction. In this case, the company must set price “forks”. In the event that the purchase or sale price approaches the lower or upper limit of the price range, control measures should be taken.
All of these measures should be constantly checked for effectiveness, and based on the results of such checks, they may be changed. An important role can be played by a helpline through which each employee, customer or counterparty will have the opportunity to report a suspected case of corporate fraud. Sometimes such messages are the result of internal corporate strife, but often they help to identify and suppress corporate fraud.
Speaking about measures to prevent corporate fraud, we must not forget for a second that it is impossible to go beyond the limits established by law. Surveillance of employees and invasion of their privacy will not help to obtain evidence that the court considers appropriate, but they will negatively affect the reputation of the company itself.
But an adequate and prompt practice of responding to any fact of corporate fraud can create a sustainable incentive to refuse to commit it. Responding to minimal incidents of bribery, theft, withholding information, or manipulation of reporting should become a practice. If possible, it cannot be limited only to disciplinary measures and even dismissal, the company must bring to court and verdict any crime committed by an employee of any level, including the CEO. Only this practice will help secure the business from serious losses.
If the company has a reasonable suspicion that one of its employees is planning to commit a crime, it would be advisable to involve the investigating authorities to monitor his actions and collect operational information, which will subsequently help to expose the criminal and bring the case to court. Often, large companies, in the event of difficult situations related to government contracts, tenders, participation in public-private partnerships, involve the FSB authorities in identifying corporate fraud, which allows them to protect the reputation of the legal entity itself. For example, it was the employees of the federal security service who investigated the cases related to the theft of funds from the United Grain Company, which were withdrawn from it by one of the leaders under fictitious contracts.
But sometimes the involvement of law enforcement agencies in the investigation of corporate fraud turns into a corruption crime in itself. So, the press reported that the head of the internal security department of the RF IC, Mikhail Maksimenko, in 2016 considered the issue of receiving funds from the co-owners of one of the banks to investigate the theft of this bank's funds. Later, this officer was prosecuted for other corrupt acts.
But companies are able to suppress corruption crimes committed by their employees, and without breaking the law. The main attention should be paid to the second side of the corrupt collusion, namely the counterparty. It will not be superfluous not only to inform the law enforcement agencies about his actions, but also to change the format of business relations with him, possibly by placing on him in court a part of the responsibility for causing damage.
Any prosecution of a perpetrator of corporate fraud must be based on a sound evidence base, and the evidence must be relevant and admissible. This means that their receipt must fully comply with the law. As evidence can be used:
- photographs and video recordings, if the participants in the criminal conspiracy knew that the room was equipped with special equipment, and that hidden tracking means and mortgage devices were not used;
- documents, software data, screenshots;
- expert opinions, both Russian and international;
- testimony of witnesses;
- data seized from smartphones and other media during the inquiry and preliminary investigation.
If the dispute goes beyond the limits of Russian jurisdiction and a claim for compensation for harm caused to the company is being conducted in an international court, it is permissible to use forensics methods, that is, a legally significant investigation of the compliance of personnel with standards and methods aimed at preventing corruption. This kind of investigation should be conducted by internationally certified auditors, appraisers, lawyers, auditors.
The decision to conduct an investigation should be made in the strictest confidence, and a minimum number of company employees, even among the security personnel, should have access to information about the suspect and the measures to be taken. Among the initial steps required during the investigation, it is required to organize:
- limiting the flow of information directed at and outgoing from the alleged culprit;
- restricting the access of a suspected employee to information bases containing information related to commercial secrets;
- limiting the powers of the alleged fraudster.
The secrecy surrounding these events will benefit both the company's reputation (no one is prepared to be accused of corporate fraud) and the most suspect if the suspicions turn out to be unfounded. It should never be forgotten that in the event of unwanted publicity, the company may receive a defamation claim from an employee with claims for compensation for non-pecuniary damage.
In addition to working with personnel, the investigation of theft of assets requires:
- collect all evidence of illegal actions, for example, to withdraw assets. Evidence should be selected not only from the point of view of Russian law, but also from the point of view of the jurisdiction into which assets or funds could be transferred;
- Conduct a full assessment of the damage caused, including the future costs of restoring the injured party and loss of profits. The appraisal should be carried out by certified appraisers in accordance with both RAS and IFRS;
- track the movement of assets and identify the final purchasers, even if they are bona fide, find all intermediaries and accomplices in the chain, especially paying attention to law firms, appraisers, insurers, notaries, who are often involved in such schemes.
If the scheme can continue to operate (for example, the asset is withdrawn in a dependent or subsidiary company, it is not possible to change the head of which without carrying out lengthy and expensive procedures), then in order to counter corporate fraud, it is necessary to take measures of judicial protection of assets, for example, by asking the arrest them or prohibit the executive body from making certain transactions with such property. By the way, even at the stage of counteracting corporate fraud, it is advisable to introduce into the charters of subsidiaries the restrictions on their powers to make transactions with assets. Next, you need to protect the company itself from possible claims of third parties by examining all vulnerabilities and developing protection measures. Sometimes, the timely filing of a lawsuit on a controversial issue can help create a prejudicial decision that will make it difficult for an opponent to implement his strategy.
Only a consistent and gradual implementation of actions provided for by regulations and security standards will help to fully protect the company from corporate fraud and prevent the occurrence of serious losses.