“How do you measure the [ethical] strength of [a] corporate culture?” – Eric Feldman

You can go back on this blog for more than 10 years now. As of this writing, there are 1,326 individual blog articles. Some are short and pithy; others long-winded. In any case, that’s a lot of words. Conservatively estimated, it’s more than a million words.

Did they matter? That’s not for us to say.

But if you look at all the articles on procurement fraud and bribery and product substitution and timekeeping fraud and small business misrepresentation, you might get the sense that there is a hell of a lot of corruption in this world of public procurement. It’s always puzzled us that there are so many people and so many companies that think they are going to get away with something; obviously, some do, but so many others do not.

If there is one theme that permeates all the fraud-related articles it is this: companies that invest in internal controls designed to detect and/or prevent employee wrong-doing are making smart investments that have quantifiable returns, in terms of reduced litigation expenses.

We were reminded of this theme once again as we wrapped-up our annual compliance and ethics training, courtesy of the Society of Corporate Compliance & Ethics (SCCE).

In that training we were exposed to the 2020 Report to the Nations, recently published by the Association of Certified Fraud Examiners. It covered more than 2,500 instances of occupational fraud reported globally in 2018 and 2019. The Report supported what we have been long saying.

• Across the globe, corruption (which includes offenses such as bribery, conflicts of interest, and extortion) was the most common fraud scheme, other than asset misappropriation (theft)

• 43% of fraud was detected via tip; 33% of fraud was reported via hotline email or telephone account

• The presence of anti-fraud controls is associated with lower losses and quicker detection

• Median fraud losses at companies that had did not have hotlines were nearly double the median losses at those companies that did

As was explained during the training, the conclusions from the AFCE report are clear:

• Internal controls pay for themselves

• Hotlines work

• Use of hotlines is a sign of an ethically healthy company

We also learned that Artificial Intelligence (AI) has advanced to the point where anybody who is not using it in anti-fraud activities is really missing a cheap and effective means of detecting anomalies. At this point, one can use AI to “risk-score” every single accounting transaction in an entity. Every expense report and every Accounts Payable transaction can be risk scored. Employee addresses in a vendor master file can be detected; indeed, employee addresses adjacent to a vendor’s address can be identified. Vendors can be compared to one another: all suppliers of the same commodity can be compared to see if any stick out in terms of average payment size or frequency of payments. If a supplier sticks out, that supplier can be correlated with the buyer to see what’s going on. At this point, there is really no excuse for failing to deploy AI in anti-fraud activities.

This article is not the first time we’ve mentioned some of these ideas, but it’s the first time the return on investment of internal controls has been so clearly shown.

And it’s becoming more important than ever to be focused on detecting instances of corruption. The Association of Certified Fraud Examiners also recently published another benchmarking report: “Fraud in the Wake of COVID-19.” The ACFE received 1,851 survey responses. According to that report:

• As of May, 2020, 68% of respondents “had already experienced or observed an increase in fraud levels, with one-quarter saying the observed increase had been significant.”

• “Frauds perpetrated by vendors and sellers … are also a top risk … 86% of respondents expect to see more of this type of fraud over the coming year, and 68% have already seen an increase in these schemes.”

• Ten percent of respondents “expected a reduction in their anti-fraud staffing over the next year” and eight percent “anticipate budget cuts to affect their anti-fraud programs and initiatives.”

It seems that one impact from the COVID-19 crisis is an increased in perceived fraud risk and a potential decrease in corporate resources used to detect/prevent fraud. That’s not good.

At a macro level, the U.S. Government is gearing up to fight COVID-19 related fraud. At a recent webinar presented by Ernst & Young, we learned that the CARES Act created three separate oversight bodies: (1) The Pandemic Response Accountability Committee (PRAC), (2) the Congressional Oversight Commission, and (3) The Special Inspector General for Pandemic Recovery (SIGPR). At least two of those three oversight bodies have both civil and criminal referral authority to the Department of Justice. According to EY, “SIGPR has entered into Memorandums of Understanding with the U.S. Attorney’s Offices of Massachusetts and Eastern Virginia to investigate and prosecute fraud related to CARES Act funds such as loans, loan guarantees and other investments.”

EY also reported that, at a June 2020 speech, the Principal Deputy Assistant U.S. Attorney General told the audience that—

• The DOJ’s Civil Division will energetically use every enforcement tool available to prevent wrongdoers from exploiting the COVID-19 crisis.

• The division will use the False Claims Act to prosecute fraud related to the Paycheck Protection Program (PPP), the Main Street Lending Program and other programs.

Let’s wrap this up: the corruption risk environment is increasing, anti-fraud resources may be at risk, and the U.S. Government is gearing up for intense scrutiny. We know that anti-fraud internal controls pay for themselves. In particular, we know that hotlines work, and that companies that have healthy avenues for employee referrals should expect to have reduced losses and reduced legal settlements.

Given all that, we have to ask you to reflect upon your company’s dedication to fighting corruption. Is it a priority? If not, should it be?