In today’s edition of Daily Compliance News:
· Twitter-Musk trial set for October. (WSJ)
· Italian prosecutor drops ENI acquittal appeal. (MarketWatch)
· Layoffs hit crypto compliance personnel. (WSJ)
· DOJ puts Amazon and civil litigants in ‘Time Out’. (WaPo)
Tag: fraud
Categories
EY Fined $100 Million
In a stunning announcement, the SEC announced an enforcement action against the international auditing firm EY. The enforcement action could not have been more directly in the ethical wheelhouse, with significant compliance implications. In its Press Release the SEC stated, it had “charged Ernst & Young LLP (EY) for cheating by its audit professionals on exams required to obtain and maintain Certified Public Accountant (CPA) licenses, and for withholding evidence of this misconduct from the SEC’s Enforcement Division during the Division’s investigation of the matter.”
Gurbir S. Grewal, Director of the SEC’s Enforcement Division, said in the Press Release, “This action involves breaches of trust by gatekeepers within the gatekeeper entrusted to audit many of our Nation’s public companies. It’s simply outrageous that the very professionals responsible for catching cheating by clients cheated on ethics exams of all things. And it’s equally shocking that Ernst & Young hindered our investigation of this misconduct. This action should serve as a clear message that the SEC will not tolerate integrity failures by independent auditors who choose the easier wrong over the harder right.
In an agreed Order, EY admitted that “over multiple years, a significant number of EY audit professionals cheated on the ethics component of CPA exams and various continuing professional education courses required to maintain CPA licenses, including ones designed to ensure that accountants can properly evaluate whether clients’ financial statements comply with Generally Accepted Accounting Principles.” But EY’s conduct did not stop there as the accounting firm also admitted “during the Enforcement Division’s investigation of potential cheating at the firm, EY made a submission conveying to the Division that EY did not have current issues with cheating when, in fact, the firm had been informed of potential cheating on a CPA ethics exam. EY also admits that it did not correct its submission even after it launched an internal investigation into cheating on CPA ethics and other exams and confirmed there had been cheating, and even after its senior lawyers discussed the matter with members of the firm’s senior management. And as the Order finds, EY did not cooperate in the SEC’s investigation regarding its materially misleading submission.” For all of these actions, EY was fined $100 million.
Why does all this sound so familiar? It is because KPMG was caught engaging in similar conduct back in 2091. I wrote at the time, “How bad was KPMG’s conduct? … the conduct outlined in the Order is so egregious, detailing a culture which is completely unmoored from any ethical foundation, that any company using KPMG as an auditor must ask some very serious questions about not only the quality of the services they have received but also the very foundation of those services.” KPMG was fined $50 million.
Yet the EY fine was double the KPMG fine. Why? One clue comes from the Order which stated, “This case involves Ernst & Young’s failures to act with the integrity required of a public company auditor. Over multiple years, a significant number of EY audit professionals cheated on the ethics component of the Certified Public Accountant (CPA) exam, as well as on a variety of other examinations required to maintain their CPA licenses. As this was ongoing, EY withheld this misconduct from SEC staff conducting an investigation of potential cheating at the firm. EY audit professionals’ repeated cheating on exams and the firm’s misrepresentations to the SEC violated ethics and integrity standards and discredited the accounting profession.” In other words, as bad as cheating on exams is, withholding information from the SEC, while it is conducting an investigation on that issues is equally if not worse conduct.
Regarding this additional misconduct, the Order stated, “EY withheld this misconduct from the SEC during an investigation about cheating at the firm. In June 2019, the SEC’s Division of Enforcement sent EY a formal request for information about complaints the firm had received regarding cheating on training exams. On the same day EY received this request, the firm received a tip that an audit professional had shared an answer key to a CPA ethics exam. EY did not disclose this information to the SEC. To the contrary, its submission indicated that the firm did not have any current issues with cheating. In light of the tip it had received, EY’s June 20 submission was materially misleading. But EY never corrected its submission. Even after the firm began an internal investigation, confirmed there had been cheating, and the matter was discussed among senior lawyers at the firm and with members of the firm’s senior management, EY still did not correct its misleading submission.”
The SEC’s ire was reflected in the remedy which mandated not one but three oversight roles on an ongoing basis. The EY oversight requires EY to evaluate the sufficiency and adequacy of its quality controls, policies, and procedures relevant to ethics and integrity and to responding to Information Request to determine whether they are designed and implemented in a manner that provides reasonable assurance of compliance with all professional standards, including those relating to ethics and integrity applicable to accountants and attorneys, in the following areas:
- The adequacy and sufficiency of ethics and integrity training and guidance,
- Whether EY’s culture is supportive of ethical and compliant conduct and maintaining integrity,
- Whether EY has designed and implemented appropriate policies and procedures relating to responding to Information Requests, and
- Whether EY has designed and implemented appropriate policies and procedures and deploys proper resources and oversight to comply with all professional standards relating to (i) monitoring to detect non- compliance; (ii) having appropriate reporting lines, compensation, and rewards; (iii) assigning responsibility for overseeing compliance to senior executives and managers with access to relevant information and personnel; and (iv) ensuring consistent discipline.
Even more damning is the requirement for two external monitors (called Independent Consultants). The first is review EY Policies and Procedures and issue a detailed written report: (i) summarizing its work; (ii) making recommendations, as the Policies and Procedures IC deems appropriate, reasonably designed to ensure that EY’s Policies and Procedures are adequate and sufficient to provide reasonable assurance of compliance with all professional standards. The second Independent Consultant is to review EY’s conduct relating to the Commission staff’s June 2019 Information Request, including whether any member of EY’s executive team, General Counsel’s Office, compliance staff, or other EY employees contributed to the firm’s failure to correct its misleading submission. They are to recommend discipline. Does that sound like the SEC trust EY to follow through with its obligations about now?
EY, like KPMG before it, acted as gatekeepers in the eyes of the law and the SEC. To see this level of fraud and then hiding of it is extremely disconcerting. Perhaps it is no wonder EY is about to split into two different entities: auditing and consulting. I wonder how many EY audits will be reviewed through the eyes of this Order.
In today’s edition of Daily Compliance News:
- Sheryl Sandberg steps down from Meta. (NYT)
- Iranian ire at corruption intensifies. (FT)
- SPAC forecasting rules cause pullback. (Reuters)
- BMC awarded $1.6 bn for IBM fraud. (Houston Chronicle)
In the Episode, I am joined by John Warren Vice President and General Counsel at the Association of Certified Fraud Examiners. We discuss the 2022 ACFE Report to the Nations, which is the most comprehensive report on the global scourge of fraud. It is a fascinating look of how fraud occurs, where is occurs and the steps you can take to prevent it.
Some of the highlights include:
- What is the ACFE Report to the Nations? How often is it released? What are you trying to capture?
- What are some of the big picture findings of the Report?
- What is the annual cost of global fraud?
- Why are hotlines so critical to fraud detection?
- What is the fraud tree?
- What are the 5 critical areas of occupational fraud reviewed?
- What does the Report to the Nations tell us about corruption?
- What detection/prevention areas are the most effective for corruption?
You can download a copy of the ACFE 2022 Report to the Nations by clicking here.
Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.
Today’s episode is a joint episode of the “Great Women in Compliance” and “Great Women in Fraud” podcasts. Lisa speaks with Kelly Paxton, who is a Certified Fraud Examiner, investigator, teacher and a well-known expert on “pink collar crime.”
Lisa and Kelly discuss what makes a “Great Woman in” Compliance and Fraud, and is there a crossover between the two professions. They focus on the importance of mentors, removing barriers and what challenges are unique to our gender, professor, either or both.
The talk about how someone in an organization who is less senior, but very experienced employees can be very susceptible to the fraud triangle. They also discuss the human decisions that impact fraud and compliance, and what they wish they knew earlier and the reminder that #whistleblowersareheroes.
We hope that you enjoy this episode and you can hear it here and we hope you visit the Great Women in Fraud website at greatwomeninfraud.com.
The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to. If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it. You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast. Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).
Join the Great Women in Compliance community on LinkedIn here.
In today’s edition of Daily Compliance News:
- Fraud in licensing. (Bloomberg)
- SPACs sinking. (WSJ)
- The humble resume is still critical? (NYT)
- No mercy corruption crackdown in China. (YaHoo!News)
Welcome to this special podcast series, Integrity Matters sponsored by K2 Integrity. For this series, I visit with Koby Bambilia, Managing Director, and Olivia Allison, Senior Managing Director. Over the series, we look some issues and trends going forward into 2022. In Part 1, I am joined by Olivia Allison who looks at fraud trends going into 2022. Highlights include:
- WFH and RTO will continue to present evolving challenges for fraud prevention.
- Controls must be assessed and enhanced based upon changed working environments.
- Impact of the Great Resignation and workforce mobility.
- Multi-vector crisis and fraud prevention.
- Use of fraud dashboards.
For more information, check out K2 Integrity.
Categories
Fraud Trends for 2022
I recently had the chance to visit with Olivia Allison, Senior Managing Director at K2 Integrity. We looked at some key fraud trends in 2021 and how they might influence fraud investigation, prevention and enforcement going forward into 2022. We began with a discussion of general fraud trends from 2021, particularly around Covid-19 issues, such as personal protective equipment (PPE), and monies distributed by governments to bolster national economies, such as Paycheck Protection Program (PPP) in the United States. Allison added that supply chain issues were also a contributing factor to these issues. She found that during investigations related to COVID procurement and healthcare procurement specifically in relation to the pandemic there were supply chains issues regarding fraud.
She believes going forward there will continue to be fraud investigations as more allegations are put forward about fraud in both COVID procurement and public procurement. Of course, the government is interested in these categories because fraudsters are trying to defraud the government out of funds. Interestingly, she found issues around fraud and data security, particularly in the heyday of working from home (WFH). This may well change in 2022 when we have a Return to the Office (RTO) but with the surge of the Omicron variant many companies are shelving RTO plans until the spring 2022.
WFH led to wider fraud inside of companies because employees were “bypassing controls, sometimes maliciously, sometimes it’s not fraudulent, but they just think that the controls are inconvenient.” This was coupled with the troubling phenomenon that Allison has seen reported recently that millennials “just think that some controls are inconvenient and they just try to work around them.” This obviously puts organizations at risk and from a culture perspective can be very damaging.
Allison noted that another risk factor for fraud she is following in 2022 are two related phenomena. They are the mobility of the work force coupled with the Great Resignation. These have led to people moving around a lot more in the labor market. With folks changing jobs and working remotely; it is very difficult to have the same level of connection with your employer. Companies must work much harder to build some kind of consistent culture. One of the prongs of the Fraud Triangle is Rationalization, that “the company owes me a bit more or something like that and if you do not have that level of loyalty, there is a kind of widespread risk that people may be justifying certain actions to themselves.” Allison believes that there are “a lot of things brewing that are difficult for companies, whether it’s supply chain or data, or employee loyalty, that may cause problems in the future.”
We then turned to what Allison characterized as “multi-vector crisis” which is when multiple crises coming from many different directions. As a compliance officer or fraud examiner, you are not simply responding to one threat or even one threat vector but several at the same time. Allison believes are some steps an organization can take to manage such risks. The first is “you need to make sure that your protocols, data security, policies and procedures are clear and manageable. Then train when onboarding your staff so employee understand your procedures and monitor that they are actually following them.” Finally, ensure “what is written on paper is also what happens in practice.” I would also add Document Document Document.
Additionally, companies are building dashboards of different fraud indicators. But that is only a starting point as they then must use the data to prevent fraud. She added, “I think that is a trend and also something that companies need to be looking at as they are using data. It is more than just gathering data, its actually using the data to drive decisions.” Finally, if you have not done so since the pandemic shut down the country in March 2020, you should “refresh your training.” From the training perspective, Allison believes that more frequent, yet shorter messaging is better. You can certainly have a longer annual targeted training but here she agrees with Tina Rampino that an “espresso shot” of training can be more effective.
From the controls perspective, you need to determine if different types of frauds are happening within your organization or if the situation is simply that controls are being bypassed. If there is a control bypass or override, this needs to be closed off or the bypass needs to be approved by senior management with an appropriate business justification. Of course, controls issues need to be considered when thinking about different working practices and where your employees work; whether that is WFH, RTO, work outside the physical office or a hybrid situation.
We concluded by looking at whistleblowers and the recently implemented EU Whistleblower Directive, which came into force in December 2021. In at least the last four or five ACFE Reports to the Nations, one of the consistent themes is that fraud is almost always detected internally and either reported internally or picked up through internal audit or internal controls or some other mechanism. With the EU Whistleblower Directive and the governmental monies being poured into the economies to rebuild infrastructure and other projects, Allison expects to see an increase in whistleblowers reporting fraud. This includes internal reporting and reporting to the government where a potential bounty is in play. But Allison also cautioned that the “media is a sort of third line of whistleblowing” which we saw in 2021 with the Facebook whistleblower, Francis Haugen.
All of these factors lead Allison to believe that the risk of fraud and fraud reporting will increase in 2022. Companies need to train their front-line employees to prevent fraud before it happens. Controls need to be assessed in light of the evolving work locations. Of course, the government is very interested in both fraud prevention but also fraud detection and prosecution so 2022 could well be a more significant year than 2021.
Welcome to a special five-part K2 Integrity sponsored podcast, series Business and Financial Fraud: Yesterday, Today, and Tomorrow. Over the course of this series I have been joined by Joanne Taylor, a Managing Director at K2 Integrity. She has 20 years of legal, investigations and financial crime compliance experience, working within the financial and legal services industries. I am also joined by Ray Dookhie, a Managing Director in K2 Integrity’s Investigations and Risk Advisory practice, with more than 25 years of experience in compliance, integrity risk monitoring and management, and investigations. Over the series, we have considered the top fraud trends you might expect to see in 2021, what the regulatory landscape may well look like in 2021, best practices in fraud prevention, how to detect fraud and responding to fraud once it is uncovered. In our concluding episode, Part 5, Ray Dookhie joins me to discuss what a company should do after allegations of fraud arise.
