integrating anti-bribery & corruption analytics into your ... · integrating anti-bribery &...

Integrating Anti-Bribery & Corruption Analytics Into Your FCPA Compliance Program

ACFE 2011 Annual Conference – San Diego

Discussion topics

► Key trends with the FCPA and global anti-corruption enforcement

► Framework for Anti-Bribery & Corruption (“ABC”) Analytics

► Not your traditional accounting tests or mind set

► Integrating anti-bribery analytics using financial accounting data► Expense, payables & customer analysis► Case examples► Predictive modeling

► Integrating anti-bribery analytics using email and user documents► Communications with government or high-risk parties► Fraud Triangle analysis► Advanced text mining techniques to identify the who, what, when and why

► Components of an effective 3rd party vendor due diligence process

Current environmentThe perfect storm for fraud & business corruption

Internal Controls

Internal and External Pressure

Layoffs, unemployment

and unease continue

Personal retirement plans

and market levels remain low

Opportunity to Commit Fraud

Anti-bribery regulatory focus

increased globally

Budgets are decreasing.

Companies and organizations are doing more with

less.

Companies are decentralized which has an

immediate effect on internal

controls

Stressed and disaffected

employees may have greater

ability to rationalize

improper actions

Pressure

Opportunity

Rationalization

Large government

contracts

Employees are working in countries with perception of bribery

Lack of infrastructure and controls in many foreign countries

FCPA and UK Anti-Bribery Act compared

► FCPA► Concerns foreign bribery of public

officials only

► Concerns the briber payer only

► Based on business nexus for bribery i.e. award/retention/terms of business

► “Adequate procedures” requirement for publicly traded entities only

► Explicit exceptions for facilitating payments and reasonable marketing expenses

► UK Anti-Bribery Act► Concerns domestic and foreign bribery

of public officials and the private sector

► Concerns the bribe payer and recipient

► Reflects a broader basis for bribery of breach of good faith, impartiality or trust

► “adequate procedures” requirements for all businesses within scope

► No exceptions – it will depend on prosecutorial discretion and the facts of the case

► Effective July 1, 2011

Five Key Trends for FCPA enforcement

1.Expect steady uptick in FCPA enforcementPer Assistant Attorney General Lanny Breuer:US Attorney’s office will be teaming with IRS’s Criminal Investigations Unit.

SEC is also increasing: In Aug. 2009, the director of SEC’s enforcement division, Robert Khuzami, announced the creation of a new FCPA Unit.


2. Greater focus on individuals (not just the corporation)

“Put simply, the prospect of significant prison sentences for individuals should make clear to every corporate executive, every board member, and every sales agent that we will hold you personally accountable for FCPA violations”

-Assistant Attorney General for Criminal Division Lanny Breuer, Feb. 2010


3. Rise in Industry-Wide Investigations Industry-wide investigations started in 2007 and will continue.

Top industries targeted by DOJ and SEC currently are:

Aerospace and DefenseOil and Gas and Oil & Gas Service IndustriesOrthopedic Medical Device MakersFreight forwarding and customsEnergy industryPharmaceutical


4. Increasing severity of sanctions The hidden costs: Everybody reads about the fines in the news papers, but just as equally expensive are the:

Cost of the investigation (e.g., Siemens had 1.5 million billable hours with $850 million in professional fees and over$100 million e-discovery costs)

Threat of debarment from government contracts if convicted

Remediation expenses – settlement and monitoringagreements after the conviction


5. Growing cooperation between U.S. and Non U.S. Authorities

“Its fair to say we have a …very active partnership with an unprecedented level of cooperation with our foreign counterparts”

-Asst. Attorney General Lanny Breuer (Feb. 17, 2010 speech)

Because of Siemens (US fine was $800 million + Germany’s fine was $800 million), governments realize that teaming with the U.S. makes good business sense

FCPA monetary penalties

► Increased penalties► Siemens $ 1.6 Billion► Halliburton/KBR $579 Million► BAE Systems $400 Million► Snamprogetti $365 Million► Technip $338 Million► Daimler AG $185 Million► Panalpina $ 82 Million► ABB Ltd $ 58 Million► Pride $ 56 Million► Shell $ 48 Million

► Panalpina settlements► Panalpina $ 82 Million► Pride International $ 56 Million► Shell $ 48 Million► Transocean $ 21 million► Tidewater $ 16 Million► Noble $ 8 Million► Global Santa Fe $ 5 Million

Who’s currently being investigated?Recently disclosed open DOJ investigations:Accenture plc ERHC Energy Inc Pfizer IncAlcoa Furmanite Corporation Raytheon CompanyAllianz SE GlaxoSmithKline plc RINO International CorporationAllied Defense Group Global Crossing Limited Rockwell Automation IncAllison Transmission Golden Minerals Company SchlumbergerAon GSI Group Sciclone Pharmaceuticals IncAstraZeneca Hewlett Packard Sensata TechnologiesAvon Ingersoll-Rand plc Smartmatic CorporationBall Corporation International Business Machines Smith & Nephew plcBHP Billiton Ltd JGC Corporation Smith & WessonBio-Rad Laboratories Inc Johnson & Johnson SojitzBiomet Inc. Layne Christensen StatoilHydro ASABJ Services Company LyondellBasell Industries STR Holdings IncBridgestone Corporation Magyar Telekom Telecommunications plc Stryker CorporationBristol-Meyers Squibb Marathon Oil Corporation Sun Microsystems IncCameron International Corporation Maxwell Technologies, Inc. Talecris Biotherapeutics Holdings CorpCB Richard Ellis Medtronic Inc Tata Communications LimitedChina Northeast Petroleum Corporation Merck Team Inc.Covidien plc Millipore Corporation Tenaris SADiageo plc Morgan Stanley Tyco Electronics LTDDiebold Incorporated Nabors Industries Ltd Watts Water Technologies IncDynCorp International LLC Orthofix International N.V. WeatherfordEli Lilly Parker Drilling Company Wright Medical Group IncENSCO International Inc PBSJ Corporation Zimmer Holdings

Framework for ABC Analytics

2010 Corruption Perceptions Index – An International Perspective

DOJ’s five elements of an FCPA violation The FCPA potentially applies to any individual, firm, officer, director, employee, or

agent of a firm and any stockholder acting on behalf of a firm.

The person making or authorizing the

payment must have a corrupt intent, and the

payment must be intended to induce the

recipient to misuse his official position to

direct business wrongfully to the payer or to

any other person.

Prohibits paying, offering, promising to pay (or

authorizing to pay or offer) money or anything of

value.

Extends only to corrupt payments to a

foreign official, a foreign political party or

party official, or any candidate for

foreign political office.

Prohibits payments made

in order to assist the firm

in obtaining or retaining business for or with, or

directing business to, any

person.

Source: http://www.justice.gov/criminal/fraud/fcpa/docs/lay-persons-guide.pdf

Anti-Bribery & Corruption Analytics (ABC Analytics) Work PlanElements of an FCPA Violation Sample analytical tests

Who(vendor & agent analysis)

-Stratify agent payments by time period and currency amount

-Stratify agent payments by contract or project code

-Identify large, round sum payments by agent and frequency

-Identify top ten agents with highest expense to fee ratio

-Analysis of agent commissions, recurring commissions, large/round dollars, etc.

dollars, etc.

-Identify payments to vendors that not listed in the vendor master

-Cluster bottom ten agent payments & frequency

Corrupt Intent(text analytics)

Concept analysis of free text fields of selected GL data:

-Cash Disbursements

-Travel & Entertainment

-Consultant / Agent payments

-Marketing expenditures

-Charitable expenditures

-Customs clearance account

-Cost of Sales

Anti-Bribery & Corruption Analytics Work Plan (continued)Elements of an FCPA Violation Sample analytical tests

Payment(Cash disbursements analysis)

-Cash disbursement analysis, by country

-Petty cash account analysis in selected countries

-Payments made w/o a P.O. or not in Vendor Master

-Compare payment activity to Transparency

International’s CPI index (generate heat map)

-Analysis of travel and entertainment, by country

-Analysis of payments to charity, by country

-Analysis of payments made to customs agents, by country

-Vendor background checks / 3rd party due diligence

Recipient(Customer / buyer analysis)

-Customer segmentation by country

-Government customer segmentation by country

-Transparency International’s CPI index

-Sale price and margin analysis across customers, by product

-Free goods or credits as a percentage of sales

Business Purpose Test(Revenue analysis)

-Trending analysis of revenue by country

-Stratification of revenue by country

-Trending analysis of revenue by customer

-Stratification of revenue by customer

-Calculation of effective commission rate paid to agents

Not your traditional accounting tests or mind set

Who was monitoring FCPA/corruption risks?

Fraud tree

Cash larceny

Theft of other assets – inventory/

AR/fixed assets

Revenuerecognition

Nonfinancial

Conflicts of

interest

Bribery andcorruption/

FCPAIllegal

gratuitiesBid-rigging/procurement

Corruption Fraudulent statements

Asset misappropriation

Fake vendor

Payroll fraud

T&E fraud

Theft of data

GAAP Reserves

General focus of external auditors

General focus of internal auditors

Until recently, internal and external audit did not consider corruption in their monitoring efforts since it was immaterial to the financial statements. Not anymore.

New tools and methodologies are required to effectively prevent and detect bribery & corruption!These are not your traditional accounting tests and controls.

Focus on the payment text descriptionsWhat if you saw these terms used as justification for payments to third parties?

Facilitation pay

Help fee

Pay on behalf of

Handover fee

Special payment

Volume contract facilitation

One time payment

Special commission

Incentive payment

Pay per management

Friend fee

Nobody calls it “bribe expense”

Commission to the customer

► Perform Text Analytics on free text fields

► Conduct “term frequency” analysis for most occurring or unusual transaction descriptions

► Capture “concepts”

Text mining in the cash disbursements journalIdentify potentially improper payments

“Volume contract facilitation”“release expense”

ABC Analytics: Text mining dash board interface linked to cash disbursements

ABC Analytics: Disbursements AnalysisWho paid what, when, when and why?

FCPA Analytics: expense reviewWho, what, where, why, how…

How is bribery and corruption detected?

Source: ACFE 2010 Report to the Nations On Occupational Fraud

48.5% by tipor accident

Forensic analytics maturity modelBeyond traditional “rules-based” queries and analytics

Detection RateLow High

False Positive RateHigh Low

Stru

ctur

edD

ata

Uns

truc

ture

dD

ata

Traditional Rules-BasedQueries and Analytics

Traditional Keyword Searching

Predictive Modeling, Statistical Analysis &

Data Visualization

Text Analytics

Fraud Triangle Analytics

Integrating anti-bribery analytics using financial accounting data

Travel & expense analytics

Analytics include:► Where are expenses occurring

(country, state, city) by category?► What is the expense for?► How much?► Who is submitting?► Duplicate expenses► Text mining & keyword search

Questions to ask:► Are there patterns with respect to who executives entertained (state

owned entities, PEPs and other government officials)?► Are there patterns of inappropriate expenses (nightclubs, gift giving, etc.)?► Are there bogus reimbursements to fund improper cash to executives so

they could to entertain public officials?

EY’s interactive T&E Expense Review Dashboard

Vendor cash disbursement, payment analytics

Analytics include:► Vendor stratification and clustering by amount and over time► Duplicative invoice testing ► Requestor / approver conflicts – fake invoices or ghost vendors► Conflicts of interest – employee and vendor master comparison► Text mining and keyword searching of suspicious payment descriptions► Identify government vendors or payments in unusual foreign currencies

Questions to ask:► Did executives have fake vendors on the vendor master linked to their

home, friends, or personal bank accounts?► Were there duplicative invoices being submitted to extract cash?► Were executives overriding controls to extract cash for bribes?► What are the nature of the vendors that certain executives approved?

FCPA Procurement Red Flags

► Family or business ties to non-U.S. officials/royal family► History of corruption in country or industry► Request for unusually high commission or other payment► Refusal to provide anti-bribery certification► Transactions recorded as “cash”► Over-invoicing, use of non-standard invoices► Unusual bonuses paid to foreign representatives► Large/frequent fourth quarter adjustments► Lack of written agreement► Shell companies► Request for payments to third countries or third parties► Request for increase in compensation during sales campaign► Request for payments in cash or bearer instrument► Lack of experience or track record with product field or industry

Customer analytics

Analytics include:► Customer stratification and clustering by amount and over time► Free goods, credits and discount sales analysis/comparison to customers► Conflicts of interest – employee and customer master comparison

Questions to ask:► Are any customers getting favorable treatment from certain executives in

terms of average sale price, discounts, credits, etc.?► Are there customers related to certain executives that pose conflict of

interest concerns? E.g., family members, same last name, same bank account, same address, etc.

Challenge: Analyze 400,000 transactions for suspected bribery payments per DOJ subpoena

1. Team reviewed 2,000 transactions from ledger data (text comments, amounts, dates, etc.)► Identified 400 suspicious and 1,600 non-suspicious entries

2. Created statistical model: “Is Suspicious” / “Is Not Suspicious”

3. Applied model to remaining 398,000 additional transactions

4. Identified 14,000 new suspicious transactions ► With confidence over 95% similar to “Is Suspicious”► Identified over $8 million in highly suspicious payments► Methodology accepted by the DOJ for this case

Predictive modeling

These three variableswere this highest drivers of suspicious transactions

These variables were less important whenpredicting suspicious transactions. Client should focus resources onmonitoring efforts for the three leading drivers, which accounts for 80%of the predictive value.

Perform Variable Analysis

Predictive modelingFocus on the variables that matter most

Integrating anti-bribery analytics using email and user documents

Email and document analysis – government & regulatory considerations

Analytics include:► Targeted keyword search around government projects & entertainment► Keyword search in local language► Domain name searches and review of “.gov” domain names

Questions to ask:► Are there improper relationships with government officials / inspectors?► Are there discussions about improper entertainment?► Are there discussions asking for “special treatment”, “special payment”,

etc.?

Email and document analysis

Analytics include:► Targeted keyword search► Social network analysis

(who’s talking to whom)

► Date frequency analysis(who said what, when)

► Fraud Triangle Analytics(linking email to components ofthe Fraud Triangle)

Questions to ask:► Are there improper relationships with employees?► Are there improper relationships with government officials/inspectors?► Are there improper relationships with customers or vendors?

EY’s online review and issue tagging platform

The Fraud Triangle¹Applying the theory to email communications

1. Donald R. Cressey's “Fraud Triangle” ; Incentive/Pressure, Opportunity and Rationalization are present when fraud exists.

Interactive Email Analysis DashboardFraud Triangle Analytics to identify top individuals using words of “incentive/pressure”, “opportunity” and “rationalization”

Fraud Triangle Analytics – Interactive Dashboard

Advanced E-mail Analytics – text mining

WHO WHAT WHEN WHY

• People-to-people analysis

• Entity-to-entity analysis

• Map communication linesto organization chart

• Top words mentioned

• Key concepts / topics

• Top or unusual dollar amounts

• Sensitive words / phrases

• When communications occur

• Communication spikes around key business events

• Positive vs. Negative Sentiment

• Top 10 angry or negative emails

•Customer survey analysis

• Employee survey analysis

“Who is talking to whom?

Social Networking Concept Clusteringand Keywords

Communication Over Time Sentiment Analysis

about what? over which time period? how do they feel?”

Integrating investigative skills with both email and financial accounting information (an example)

Email & DocumentAnalysis

InterviewForensic Analysis

1. A suspicious vendor is identified in the payables data.

2. That vendor nameis searched in the email communications to gather the full context.

3. Email and transactional data is discussed with interviewee to support confession.

Components of an effective 3rd party vendor due diligence process

Why is third party vendor due diligence important to you?

“Consistency, intentionality, independence and reasonableness –these are the key attributes that characterize a robust, defensible third-party vetting program, regardless of industry sector, degree of workforce/operational distribution or geographic location.”

-EY White Paper

“Third party due diligence must be robust, thorough, impeccably documented and preserved.”-Former DOJ Fraud Section Deputy Chief Mark Mendelsohn (2005 – 2010), FCPA Conference

in November 2009

Four components of an effective 3rd party due diligence program

► Consistency — Automating the process of vetting third parties, especially overseas, drives consistency and transparency across the enterprise.

► Management Intention — Does the program reflect management’s intent and actions to provide for a robust third-party due diligence process? Is management doing the best they can with limited resources?

► Independence — Are the decisions objective and performed separately from the requestor, which may contain inherent conflicts of interest?

► Reasonableness — Given limited resources, taking a risk-based, tiered approach to third-party due diligence helps management allocate resources accordingly. Reasonableness addresses the question “how much is enough?”

Selected guidance:Organization for Economic Co-Operation & Development (OECD)*

Ethics and compliance programs to include the following essential elements:

► A properly documented risk-based due diligence pertaining to the hiring, as well as the appropriate and regular oversight of business partners

► Informs business partners of the company’s commitment to abiding by laws on the prohibitions against foreign bribery, and of the company’s ethics and compliance program or measures for preventing and detecting such bribery, and

► Seeks a reciprocal commitment from business partners

*February 18, 2010 OCED adoption of “Good Practice Guidance on Internal Controls, Ethics and Compliance.”

The supplier vetting activities

Total supplier universe

Develop supplier categoryand geographic filtering criteria*

Develop detailed filtering criteria on supplierrelationship and nature of contract

Develop supplier vetting protocols to effectivelydocument legal, regulatory & reputational risks

Develop decision criteria for acceptance, denial or specific contract modifications, based on risk profile

Key

Del

iver

able

s:•S

uppl

ier D

ue D

iligen

ce Q

uest

ionn

aire

•Sup

plie

r Bus

ines

s Ju

stifi

catio

n Fo

rm•S

uppl

ier R

anki

ng D

ecis

ion

Mat

rix•P

roce

ss fo

r 3rd

Par

ty B

ackg

roun

d d

Che

cks

80,000 third parties

10,000 moderate risk

1,000 high risk

250negative hits

Approve

Regulatory & Legal Expectations on Supplier Due Diligence:► Consistently deployed► Reasonable due diligence efforts applied► Independent processes (e.g., minimal management override)► Demonstrated Management’s Involvement

DeniedApprove with restrictions

*Geographic filtering will include Transparency International's Global Corruption Perception’s Index, among other criteria.

150denied

Filtering Criteria Example:

Consistency –Management’s Intent –Independence -Reasonableness

Business Unit Risk Profile

Third Party

Extreme

Moderate

Low

High

StandardizedBusiness Risk Assessment

Integrated Due Diligence Program(insourced or outsourced)

Vendors, Agents& Consultants

Joint Ventures

Customers

Acquisition Targets

Robust Open Source Databases

Displays negative coverage

Possibly displaysnegative coverage

Political affiliations indentified

Level I Entity Analysis

No negativecoverage

Cleared Unrestricted Business

Restricted Business

Denied Business

BusinessUnit

Level II EntityAnalysis

Unclear

ManagementDecision

Entity cannotbe identified

Localized, Targeted Databases

SpecialContract

or

or

Level IIIEntity Analysis

or

or

Process & methodology example:Open Source Third-Party Due Diligence Methodology

http://www.google.com/imgres?imgurl=http://greatresumesfast.files.wordpress.com/2009/11/hand_shake1.jpg&imgrefurl=http://greatresumesfast.wordpress.com/2009/11/09/is-it-your-resume-or-the-economy/&usg=__AxkOmHvkODRkWAJw3iwVfug6QHA=&h=693&w=693&sz=473&hl=en&start=6&itbs=1&tbnid=OCIxdmFYOOlR5M:&tbnh=139&tbnw=139&prev=/images?q=hand+shake&hl=en&gbv=2&tbs=isch:1

http://www.google.com/imgres?imgurl=http://upload.wikimedia.org/wikipedia/commons/thumb/f/f1/Diamond-caution.svg/520px-Diamond-caution.svg.png&imgrefurl=http://commons.wikimedia.org/wiki/File:Diamond-caution.svg&usg=__fLnuCq_Z8TQwdo5YuWB0EwusNa0=&h=520&w=520&sz=13&hl=en&start=5&itbs=1&tbnid=xuQyqaQPm1jKGM:&tbnh=131&tbnw=131&prev=/images?q=caution&hl=en&gbv=2&tbs=isch:1

http://www.google.com/imgres?imgurl=http://static.tvtropes.org/pmwiki/pub/images/ApplicationDenied_227.jpg&imgrefurl=http://tvtropes.org/pmwiki/pmwiki.php/Main/ObstructiveBureaucrat&usg=__U2LFFoD3O88W0CH_foAl-hMlp_o=&h=227&w=227&sz=16&hl=en&start=3&itbs=1&tbnid=tQO4gZxaTUzdlM:&tbnh=108&tbnw=108&prev=/images?q=denied&hl=en&gbv=2&tbs=isch:1

http://www.google.com/imgres?imgurl=http://www.iconarchive.com/icons/deleket/scrap/256/Magnifying-Glass-icon.png&imgrefurl=http://www.iconarchive.com/show/scrap-icons-by-deleket/Magnifying-Glass-icon.html&usg=__HXULFsGOAVRKimlxG4eA5QDV7FI=&h=256&w=256&sz=47&hl=en&start=1&itbs=1&tbnid=mP_UgV0mA_ETqM:&tbnh=111&tbnw=111&prev=/images?q=magnifying+glass+icon&hl=en&gbv=2&tbs=isch:1

Research Information gathered from multiple sources

Compliance database

Business

database

Country specific

database*

Media search

Internet

► World Check and World Compliance databases

► Dow Jones Compliance database

*if available online in public domain and identified by EY

► OneSource Global Business Browser

► Company InfoGator

► Company Registry

► Local watch lists

► Keyword specific research on English language news aggregation sites – Dow Jones

Factiva , ISI, Datamonitor

► Obtain other relevant details on the entity, such as business address, key personnel,

other business at same address,

AnalysisIndicative ratings and criterions

► Direct record of the business (its directors or shareholders) on the compliance database

► Issues identified against associated business ( parents, subsidiary, affiliated business)

► Identified personnel is politically exposed individual

► Adverse media search results on the business or its two personnel

► No relevant matching found

► No details of the business could be identified during the research

Risk Rating Criterion

Rating and criterions will be co-developed with the Client

Reporting examplesSummarized ratings with detailed findings

Report for each request received from the Client,

comprising of

► Summary of findings

► Risk ratings

► Detailed findings

► Background details

► Compliance database search results

► Country specific database search results

► Media search results

Reporting examplesMonthly dashboards for management information

Questions & Discussions

Vincent Walden, CFE, [email protected]

integrating anti-bribery & corruption analytics into your ... · integrating anti-bribery &...

Documents