White-Collar Crime & Regulatory Enforcement Crime & Regulatory Enforcement 2009 | DIGITAL GUIDE...

White-Collar Crime & Regulatory Enforcement2 0 0 9 | D I G I T A L G U I D E

E X E C U T I V E V I E W M E D I A L I M I T E D

Edited by Oliver Hargreaves

shaping boardroom strategiese x e c u t i v e v i e w . c o m


w w w . e x e c u t i v e v i e w . c o m


A B O U T T H I S D I G I T A L G U I D E

This interactive Digital Guide has clickable hyperlinks throughout the document to improve your reading experience.

Internal hyperlinks are provided to help with navigation. On the Contents pages, you can click on a headline to jump directly to

that article. At the bottom of each page in the document is a ‘Return to Contents’ button, which takes you

back to the first Contents page.

You will also find external hyperlinks at the end of each article, which allow you to find out more information about an

author and their company. These hyperlinks will automatically open a window in your internet browser, and take you to the

corresponding profile on www.executiveview.com.

NOTE: To get the most from this document, please download the PDF to your desktop and open it with Acrobat Reader. Some

functions may not operate as intended if you view the PDF within an internet browser.

http://www.executiveview.com

http://www.adobe.com/products/reader/

E X E C U T I V E V I E W M E D I A L I M I T E Dw w w . e x e c u t i v e v i e w . c o m

White-Collar Crime & Regulatory Enforcement

2 0 0 9 | D I G I T A L G U I D E

Editor | Oliver HargreavesPublished in the United Kingdomby Executive View Media Limited

29th Floor, 1 Canada Square, Canary Wharf London, E14 5DY, United Kingdom

Tel: +44 (0) 207 712 1779

© 2009 Executive View Media LimitedISBN: 978-1-907420-00-9

© Contributors to this Digital Guide retain copyright of their works, herein published under licence.

The information provided in this publication represents the opinions of the authors and not necessarily their firms. Information should not be considered as legal or financial advice, which should always be sought

independently. The publishers accept no responsibility for any acts or omissions contained herein.

Unauthorised reproduction of this publication, in whole or in part, is strictly prohibited.Requests for reprint material should be

sent to [email protected]

1

C O N T R I B U T I N G F I R M S

AFSCHRIFT Law Firm

Asset Based Lending Consultants Inc.

Astolfo Di Amato e Associati Avvocati

Bell Dewar

Borenius & Kemppinen

Clayton Utz

Collas Day

Cremades & Calvo Sotelo

Daylight Forensic & Advisory LLC

Demarest e Almeida Advogados

Deneys Reitz

DLA Piper

Ernst & Young

Eversheds Schmid Mangeat LLP

FTI Consulting

FTI International Risk

Gernandt & Danielsson Advokatbyra

Grant Thornton

Groia & Company

Kroll

Legance Studio Legale Associato

Makarim & Taira S.

Nater Dallafior Rechtsanwälte

Nixon Peabody LLP

Oppenheim

Orrick Herrington & Sutcliffe LLP

Tilleke & Gibbins International

UHY Advisors

Vischer

Wardynski & Partners

Contents | www.executiveview.com

2

1 | A M E R I C A S

United States __________________________________________________________________________ 06

Internal Control Failures Lead to Parent Liability for a Subsidiary’s FCPA Violations ________________06

Compliance Programs are Not Enough _______________________________________________09

Internal Investigations Don’t Have to Break the Bank _____________________________________ 12

Seeing Your Business Through The Eyes of a Fraud Investigator ______________________________ 14

Watching Your Back: Conducting Investigations with an Eye Toward US Regulators ________________ 16

White Collar Crime in America ____________________________________________________ 18

Areas of Risk: Internal Investigations and More _________________________________________ 21

How Victims of Fraud are Compensated ______________________________________________24

Fraud Enforcement and Recovery Act ________________________________________________26

Canada _______________________________________________________________________________ 30

An Introduction to Securities Investigations in Ontario ____________________________________30

Brazil ________________________________________________________________________________ 33

White-Collar Crime in Brazil ______________________________________________________33

2 | E U R O P E

Europe _______________________________________________________________________________ 36

Anti-Money Laundering Measures and Tax Fraud Inquiries _________________________________36

Conducting Internal Investigations – the External Counsel’s Perspective ________________________39

Anti-Corruption and Competition Legislation in Small Countries – the Examples of

Switzerland and Hungary ______________________________________________________ 41

United Kingdom _______________________________________________________________________ 44

Civil Recovery: a New Tool for Recovering the Proceeds of Crime _____________________________44

Avoiding Common Pitfalls During an Internal Investigation _________________________________46

Regulatory Enforcement in UK Financial Services: No More Mr Nice Guy? _______________________49

What Secrets are Hidden in Your Systems? ____________________________________________ 51

Electronic Evidence: a Primer for White-Collar Crime Investigations ___________________________ 53

The United Kingdom’s New Anti-Bribery Legislation ______________________________________ 56

Fraud on the Rise: Understanding the Motivation and Reducing the Risk ________________________ 57

Agents and Their Intermediaries ___________________________________________________58


www.executiveview.com | Contents

3

Guernsey _____________________________________________________________________________ 61

Breaking Out the Arsenal – Dealing with Offshore Regulatory Investigations _____________________ 61

When Good Funds Go Bad: Re-Fund to Sender _________________________________________63

Italy __________________________________________________________________________________ 66

Ethical Code and Disciplinary System ________________________________________________66

General Overview on Legislative Decree 231/2001 _______________________________________68

Organisational Models Pursuant to Legislative Decree 231/2001 and Appointment of the

Compliance Body ___________________________________________________________ 71

White Collar Crimes Under Italian Law _______________________________________________ 73

Designing and Implementing Compliance Programs ______________________________________ 76

How to Avoid the Substantial Risks of Government Investigations and Criminal Proceedings __________ 79

How to Avoid the Committing of Fraud and Corruption and to Mitigate the Relative Risks ____________80

How to Carry Out an Internal Investigation ____________________________________________82

Spain ________________________________________________________________________________ 85

Economic Decline and White Collar Crime ____________________________________________85

Prosecuting White Collar Crime ____________________________________________________87

Switzerland ___________________________________________________________________________ 90

Some Aspects of Data Protection Law in Switzerland: Monitoring Employees and Being Monitored as an

Employer _________________________________________________________________90

Criminal Liabilities in the Course of Swiss Bankruptcies ___________________________________92

Administrative Assistance in Tax Matters – Present and Future Challenges for Switzerland ____________94

Sweden ______________________________________________________________________________ 96

Money Laundering Reports Increase in Sweden _________________________________________96

Implementation of the EC Money Laundering Directive in Sweden – an Overview __________________98

Regulatory Enforcements in Sweden – an Overview _____________________________________ 100

Finland _____________________________________________________________________________ 103

Conducting Investigations in Finland when a Company or its Employees are Suspected

of Committing a Crime ____________________________________________________103

Finnish Provisions Against Economic and Political Corruption ______________________________ 105

New White Collar Crimes in Finland – Securities Market Offences ___________________________ 107

Poland ______________________________________________________________________________ 110

Prevention, Detection and Prosecution of Business Crime in Poland __________________________ 110

Public Entities – Internal Audit and Tender Mechanisms __________________________________ 112


Contents | www.executiveview.com

4

3 | A S I A P A C I F I C

Asia Pacific ___________________________________________________________________________ 115

Dealing With Government Raids __________________________________________________ 115

Designing and Implementing Compliance and Anti-Corruption Programs for Operations in Asia _______ 117

The ABCs of Internal Investigations ________________________________________________ 119

Forensic Accountants in the Modern and Digital Age _____________________________________ 121

Detecting Corporate Fraud ______________________________________________________ 123

Crisis Containment – Dealing with the Unforeseen ______________________________________ 126

Mitigating Corporate Risk in Asia – an Overview _______________________________________ 128

Mitigating Against Corporate Fraud in Asia ___________________________________________ 132

Australia _____________________________________________________________________________ 137

Bad Medicine – the Application of the Foreign Corrupt Practices Act to the Pharmaceutical Drug and Device

Industry in Australia ________________________________________________________ 137

Australia’s Response to the OECD Convention on Combating Bribery _________________________ 140

Preventing Corporate Fraud _____________________________________________________ 143

India ________________________________________________________________________________ 146

Designing and Implementing a Compliance and Anti-Corruption Program ______________________ 146

Indonesia ____________________________________________________________________________ 149

Indonesia’s White-Collar Crime Regulatory Framework ___________________________________ 149

Employment Aspects of Corruption in Indonesia _______________________________________ 152

Thailand _____________________________________________________________________________ 156

Criminal Liability and the Thai Customs Act __________________________________________ 156

4 | A F R I C A

South Africa __________________________________________________________________________ 159

The Insider Trading Regime in South Africa __________________________________________ 159

Statutory Measures Relating to Combating White Collar Crime in South Africa ___________________ 161

White Collar Crime, Creditors and Costs _____________________________________________ 163


5

1A M E R I C A S

United States | www.executiveview.com

6

Internal Control Failures Lead to Parent Liability for a Subsidiary’s FCPA Violations

BY PHILIP UROFSKY | SHEARMAN & STERLING LLP

In a recent enforcement action, the US Securities & Exchange Commission relied on numerous internal controls

failures to hold a parent corporation liable for bribes allegedly paid to Egyptian Air Force officers by one of its

subsidiaries through an agent. The internal controls failures included: inadequate financial controls that allowed

a senior executive of the subsidiary to make large payments to the agent without sufficient oversight; inadequate

documentation of the services allegedly provided by the agent; lack of due diligence on the agent; and lack of audit

rights in the contract with the agent. Significantly, however, the SEC went beyond the normal books-and-records

and internal controls charges against the parent and charged it also with violation of the FCPA’s anti-bribery

provisions, providing insight into what extent the SEC will impute culpable knowledge or wilful blindness to a

parent corporation based on such internal control failures.

Background

Beginning as early as 1996, ACL Technologies, Inc., a California-based subsidiary of United Industrial Corporation

(UIC), a Maryland-based issuer since acquired by another issuer, sought contracts through the United State’s

Foreign Military Sales (FMS) program to build an F-16 combat aircraft depot for the Egyptian Air Force (EAF). In

1999, the EAF requested that the US Air Force (USAF) issue a sole source contract to ACL to construct the F-16

depot, which the USAF subsequently awarded to ACL. In subsequent years, ACL sought and won add-on contracts

related to additional construction and training. All together, the contracts generated $64 million in revenue and

$8.6 million in net profit for ACL between 1999 and 2004.

To help it persuade the EAF to go forward with the project, ACL retained the services of a retired EAF General

(the “EAF Agent”), knowing that he had connections with current EAF officers who would benefit from the depot

program. Over the years, ACL paid the EAF Agent monthly stipends that grew from $4,000/month to $20,000/

month to as much as $40,000 month. Through various agreements, it agreed to pay him for consulting work, to

provide local labour related to the depot project, and for unspecified “marketing services”.

The SEC’s allegations focus on payments related to a specific contract, awarded in April 2002, related to

training Egyptian military personnel to operate the F-16 depot. This contract generated revenues of $5.3 million

and net profits of $267,000. The SEC detailed a series of communications between the EAF Agent and Thomas

Wurzel, the president of ACL, beginning in December 2001 that described efforts to raise funds to “start giving

motivation”, to “secure our team loyalty”, to “satisfy our people”, and to “motivate people and secure our business”.

U N I T E D S T A T E S


www.executiveview.com | United States

7

It further detailed how ACL concealed payments within invoices related to the labour subcontract and otherwise

inaccurately recorded payments on ACL’s books, which were, consolidated into those of UIC.

On 29 May 2009, the SEC announced that it had filed a settled enforcement action with Wurzel in which

he neither admitted nor denied the allegations but agreed to an order enjoining him from future violations

and requiring him to pay a $35,000 civil penalty. At the same time, the SEC instituted a settled administrative

proceeding against UIC, by now no longer an issuer in its own right, alleging violations of the anti-bribery,

books-and-records, and internal controls provisions of the FCPA. Without admitting or denying the allegations,

UIC agreed to a Commission order requiring it to cease and desist from future violations and requiring it to pay

$337,679.42 in disgorgement and prejudgment interest. The SEC explicitly stated that all of the relevant conduct

occurred before UIC’s acquisition by another company in December 2007.

Internal Controls Failures

In the Commission’s administrative order, it concluded that “UIC lacked meaningful controls to prevent or detect

the ACL President’s authorization of illicit payments to the agent”. To support this conclusion, the Commission

identified a series of internal controls failures on UIC’s part.

Front-end accounting controls: Accounting 101 requires a “separation of duties” to prevent any single

employee from authorising a payment without sufficient internal transparency. The SEC, however, alleged that

UIC permitted Wurzel, as head of a significant subsidiary, “to authorize large payments to the EAF Agent . . .

without meaningful substantiation or supporting documents”. Further, the SEC identified one occasion in which

a UIC official did review a payment – an unusual $100,000 “advance” to the EAF Agent -- but noted that the UIC

employee approved the payment “without inquiring into the purpose or justification for the payment.”

Back-end accounting controls: Accounting 101 also requires that all payments be supported by documentation

that demonstrates that payments are for verifiable and bona fide goods or services. In this case, however, the

SEC alleged that ACL had paid the EAF agent approximately $564,000 for various “consulting” and “marketing”

services for which it had no meaningful records documenting the services the EAF Agent had allegedly provided.

Moreover, the SEC noted that ACL had paid the EAF Agent for six months without even a written contract.

Due diligence on agents: Compliance 101 requires that companies conduct due diligence on foreign consultants

and agents, indeed, on any consultant or agent, domestic or foreign. To be meaningful, the due diligence must be

more than a “check-the-box” filing exercise but, instead, an independent judgment of the bona fides of consultant

or agent. Here, according to the SEC, UIC’s policy required “any employee wishing to engage the services of a

foreign agent to submit due diligence forms for the agent to corporate counsel prior to retaining such agent”. In

the case of the EAF Agent, however, ACL first began paying the EAF Agent in September 1997 without having

executed a contract, executed a contract in March 1998 without having conducted any due diligence, and obtained

corporate legal’s approval of the contact in 1999 even though it did not submit evidence of having conducted

any due diligence. Further, the SEC states (and is impliedly critical) that when ACL did submit the required due

diligence forms – in 2002 – it conducted no independent due diligence or exercise of independent judgment but

simply forwarded forms filled out by the EAF Agent himself.

Contractual rights: Compliance 101 also requires that, once engaged, companies must supervise and monitor

their agent’s activities. Representations and warranties and periodic certifications of compliance with the FCPA’s

requirements are helpful but not sufficient in and of themselves. Instead, an agency contract must provide for



8

meaningful supervision and monitoring. On paper, UIC recognized this and required that agency contracts

include, in addition to the standard FCPA representations, warranties, and certifications, that “UIC’s auditors and

accountants would be granted access to the consultant’s books and records”. The SEC noted, however, that, in

practice, UIC’s corporate legal agreement approved various contracts with the EAF Agent beginning in 1999 even

though they did not include even FCPA representations until 2003 (five years after the first contract) and never

included audit rights.

Whence Parent Liability?

The SEC’s jurisdiction under the FCPA is narrower than that of the Department of Justice. Although the DOJ may

bring civil and criminal enforcement actions against a wide range of US and foreign companies and individuals,

the SEC may bring civil enforcement actions only if it can demonstrate some connection to a violation of these

provisions by an issuer.

When bribes are paid by an issuer’s subsidiary, this limited jurisdiction may play out in a number of ways. The

issuer itself has virtually strict liability for any false entries in its subsidiary’s books and records, on the theory that

any inaccuracies in those books are incorporated into its own thorough consolidation. Further, the FCPA imposes

the duty to implement internal controls directly on the parent-issuer, allowing the SEC to hold it responsible for

any inadequate internal controls at a subsidiary that, inter alia., failed to prevent and detect improper payments

by the subsidiary. In addition, the SEC may hold certain third parties, including subsidiaries, responsible for such

books-and-records and internal controls violations by alleging that their actions caused the issuer’s books and

records to be inaccurate or that they deliberately evaded the issuer’s internal controls. Thus, the SEC’s allegations,

if accurate, more than justify holding UIC and Wurzel responsible for ACL’s false books and records, which were,

of course, incorporated into UIC’s own financial statements. They also support holding UIC responsible for failing

to implement adequate internal controls (and Wurzel with evading such controls).

With respect to the anti-bribery provisions, however, the SEC must show direct involvement by the issuer (or

one of its officers, directors, employees, agents, or shareholders) in directing and controlling the subsidiary’s

unlawful payments. In effect, it must allege (and prove if challenged) that the subsidiary was acting as the issuer’s

agent in making the payments. In other words, to hold an issuer liable for a subsidiary’s actions, the SEC must

allege a degree of knowledge and participation by the issuer equivalent to it having made the payment itself.

The SEC sets out in great detail the evidence that supports its conclusion that Wurzel, as president of ACL,

“knew, or consciously disregarded the high probability, that the EAF Agent would offer, provide or promise the

payments he had authorized (or a portion thereof) to EAF officials...” This evidence includes emails suggesting

that the EAF Agent was making improper payments and false invoices to conceal certain payments to the

EAF Agent. This evidence would appear to support the SEC holding Wurzel and ACL liable under the FCPA’s

knowledge requirement if their violations related to an issuer (otherwise it falls to the DOJ to bring a civil or

criminal action).

ACL, however, is not an issuer, and Wurzel was not on paper an officer, director, or employee of an issuer.

The contract with the EAF Agent was with ACL, not with UIC. The payments to the EAF Agent appear to have

been made by ACL, not UIC. How then did the SEC reach the conclusion that UIC was liable under the FCPA’s

anti-bribery provisions?

The SEC appears to rely on three facts in imposing anti-bribery liability on UIC. First, Wurzel, as CEO of ACL,



9

the subsidiary, had a “direct reporting line to the CEO of UIC” and was identified by UIC in its SEC filings “as a

member of UIC’s ‘senior management’.” Second, in 1999, before any of the alleged improper payments began,

UIC’s corporate legal department approved the retention of the EAF Agent despite the lack of due diligence

and required contractual terms. Third, a UIC corporate official approved the unusual $100,000 advance to the

EAF agent without inquiring into its purpose.

It is possible, of course, that there are more facts than alleged that justify the SEC’s approach. The SEC,

however, carefully did not allege that Wurzel was an officer or employee of UIC and, on its face, the suggestion

that the CEO of a major subsidiary is deemed an officer or director of the parent is problematic and contrary

to black-letter corporate law. Indeed, UIC, which first disclosed its internal investigation in its Form 10k for

2004 (filed on March 15, 2005) and its voluntary disclosure to the government authorities the following year,

consistently stated, through its last 10Q filed in November 2007, one month before its acquisition, that its

external counsel’s investigation “has thus far not revealed any prior involvement or knowledge regarding the

allegations by any officer or director of United Industrial”. Further, although the approval by UIC employees

of a contract or a payment would be sufficient to establish anti-bribery liability if there was evidence of

knowledge, in fact, the SEC fails to allege at any point that any UIC employee knew of the alleged unlawful

payments by the EAF Agent and these facts are a slim reed indeed on which to hang a finding of “conscious

disregard” or wilful blindness by UIC as a corporate entity.

In the end, as in many cases, technical niceties tend to get papered over due to the parties’ desire to settle.

Here, UIC’s decision to settle the anti-bribery charges – particularly since it could do so by “neither admitting

nor denying” the allegations – is most likely the result of desire of its new corporate parent to move forward with

clean books and without the distraction of an ongoing investigation. Under the circumstances, disgorgement

of approximately $340,000 in profits of a single contract in a project with net profits of almost $9 million

apparently no independent compliance monitor, and a cease-and-desist order requiring it only to do what the

law requires anyway, most likely seemed a reasonable decision.

Philip Urofsky is a Partner at Shearman & Sterling LLP.

Click here to view COMPANY profile

Compliance Programs are Not Enough

BY JEFFREY HARFENIST | UHY ADVISORS FLVS, INC.

Fraud and corruption have been a part of business for millennia. However, in recent years, governments

around the world began aggressively cracking down on fraud and corruption to create a strong, interactive

global marketplace. During this same timeframe, companies invested considerable resources hiring

consultants to design bullet-proof compliance policies to address the requirements of Sarbanes-Oxley and

the Foreign Corrupt Practices Act. Controls were evaluated, compliance programs were instituted, C-level

compliance officers were hired, and targeted training programs designed to mitigate fraud were rolled out


http://www.executiveview.com/member_profile.php?id=2463

http://www.executiveview.com/company.php?id=1182


10

to the global workforce.

Historically, compliance was viewed as some esoteric program to prevent illegal and/or unethical events

from occurring. In addition, compliance departments were viewed as a cost centre with no measurable

benefit. Companies exist on the strength of their cash flows. When the current recession accelerated, positive

cash flow was no longer just something that pleased investors and led to lucrative bonuses; it was a matter

of corporate survival. In today’s business climate, when adherence to one’s compliance program is critical,

budgetary pressures increase the prospect of drastic cuts in this important watchdog function.

Increased government pressure. Governments around the world are striving for meaningful reductions in

corruption and fraud. If a country wants to benefit from corporate investments, it must dramatically reduce

the risks of doing business within its borders. That means complying with World Trade Organization rules,

adopting international ethics and customs, and enforcing stronger anti-corruption and fraud laws. Since

1997, virtually every country has signed one or more international treaties dedicating itself to cleaning up the

way business is done within and across its borders.

Economic decline. Over the past year, the global economy experienced the worst decline since the

Depression. As a result, management is under considerable pressure to maintain revenues while eliminating

any expenditure that is viewed as discretionary. Compliance is often on the chopping block. The result

is a severely understaffed, resource constrained compliance function with initiatives being postponed or

eliminated.

In addition to managing costs, companies are re-invigorating their drive for revenues. Sales personnel and

agents are typically paid based upon results: no sale – no compensation. As a result, a “close it any way you

can” attitude emerges within the company. If that means paying bribes by skimming from the deal through

bogus vendors, or re-routing some payments to the person who awards the contact, then so be it.

At the same time, good numbers translate to job security for senior management. There is little incentive

to uncover the source of a sudden increase in fortune in that Southeast Asian country, or the frequency at

which the company is winning new transportation contracts with that Latin American country. Good numbers

make everyone happy.

This combination creates the perfect recipe for increased fraud and corruption.

Compliance Policies are Not Enough

While companies that committed the time and resources to developing robust fraud and anti-corruption

policies should be commended, that is only half the battle. Without a sustained effort to regularly test the

level of adherence to these policies and gauge their overall effectiveness, companies will be left with a false

sense of security.Douglas Jacobson, a partner at Sandler, Travis & Rosenberg, P.A. believes “a perfectly

drafted corporate compliance policy manual does absolutely no good if simply left on the shelf”.

Companies should evaluate the effectiveness of their compliance policies on a periodic basis. This can be

accomplished by reviewing a number of key functions, some of which include:

• Training – are employees subject to fraud and corruption risk enrolling in required training, and is

management effectively monitoring this process to determine compliance?

• Fraud Hotlines – review the complaints received through this reporting mechanism and evaluate the

adequacy of managements’ responses.



11

• Specific Fraud Controls – based upon the anti-corruption controls in place, evaluate compliance with

key provisions, including travel and entertainment, approval of third party contracts, agent diligence

and other high-risk areas.

• Books & Records – review cash disbursement records and general ledger detail to determine the accuracy

of the underlying accounting.

• Vendor Procedures – review this critical component to determine whether controls around the

establishment of new vendors are functioning as proscribed and that red flags surrounding vendor

payments are being identified and investigated in a timely fashion.

Protect Your Company

Even in organisations with quality controls and a proper “tone at the top”, for some employees the lure of

engaging in illegal behaviour is overpowering, and there is no program that can consistently stop them. Today,

those under pressure who would otherwise be easily dissuaded from fraud find increased opportunities to

better themselves. Sometimes their scheme is at the company’s expense, while at other times it benefits the

company, albeit accompanied by extraordinary risk. To mitigate risk, companies should periodically evaluate

the effectiveness of its compliance efforts and identify any “red flags” that indicate the presence of fraud or

corruption. Compliance staff should be provided adequate resources to effectively monitor the company’s

operations.

With fraud risk at an all time high, the time to evaluate your organisation’s fraud and anti-corruption

compliance policies is now. The last thing your company needs is an expensive government investigation, the

results of which can cripple your company. However, there are additional benefits to an effective compliance

program according to Robert Becerra, a white collar defence lawyer at Sandler, Travis & Rosenberg, P.A. “Having

an effective compliance program, one that really deters and prevents violations, is vital, if a corporation wants

to mitigate any criminal culpability. The Federal Sentencing Guidelines for Organizations specifically describe

what constitutes an effective compliance program and how the presence of an effective program will lower a

company’s potential punishment.”

Many years ago, only the company was at risk. Governments around the world realised that to get the C-

Suite’s attention they had to put their freedoms at peril. Those who controlled any portion of the operations

or compliance programs, and those made aware of potential problems in some obscure e-mail, are susceptible

to criminal liability, including imprisonment. Are your corporate officers willing to assume the risks of an

ineffective compliance program?

Jeffrey Harfenist is a Managing Director and the National Fraud and Forensic Service Line Leader at UHY Advisors

FLVS, Inc.






12

Internal Investigations Don’t Have to Break the Bank


Every CEO faces complex and difficult questions that significantly affect the health of the companies they run. One

such issue relates to the handling of potential fraud and corruption matters. What are the appropriate actions required

today to protect against potential exposure in the future and minimise cost should problems arise?

There are times when an independent internal investigation of the company’s policies and activities are advisable

or required. The most obvious situation is when the government serves notice that it believes there is a problem. These

reactive investigations are by necessity extremely comprehensive, highly accelerated and quite costly. As a result, it is

advisable to take proactive steps to identify potential problems long before a government agency gets involved.

Every corporation, especially those with international operations should periodically test their performance against

its established fraud and anti-corruption policies. A combination of random testing, coupled with a focus on high-risk

areas, should provide critical insights into the effectiveness of their compliance efforts.

Proactive vs. Reactive Investigations

When a government agency is involved, a reactive investigation is typically initiated requiring a thorough investigation

of a wide swathe of the business. This is necessary in order to:

• uncover other possible violations, over and above that which caused the inquiry to be initiated; and

• establish that the problem is not systemic – that the offending act was isolated to a particular division/

country.

This type of “deep dive” needs to be extensive for the reasons outlined above, and as a result, is quite costly. As will

be discussed throughout the remainder of this article, an ongoing proactive program that tests targeted, high-risk

transactions, as well as evaluates and improves the effectiveness of compliance programs will likely detect problems

before they spin out of control.

The first step in a proactive investigation is to identify the areas of risk so that a targeted approach can be taken in

the analytical process. For example, analyse business units that are consistently outperforming their peer group and

those that have had a recent launch of a new product line. For example, in the case of an operating division within the

company that launched a new product line within the past 18 months – were bribes paid to ensure a quick start for

this new business?

Next, policies and procedures will be reviewed to determine whether proper internal controls are functioning

throughout the organisation, and identify where any weaknesses exist. A compliance audit may be conducted to both

(i) verify whether the policies are actually being followed, and (ii) institute corrective measures to further mitigate

risk.

Once an understanding of the high-risk areas is developed, use forensic tools to mine the company’s electronic

data to identify any anomalies that require additional follow up and analysis. Attributes of potentially anomalous

transactions include, but are not limited to: (i) those in round dollars, (ii) payments on sequentially numbered

invoices, and (iii) payments and/or journal entries initiated on a holiday or weekend.

Vendors will be evaluated to determine whether any stand out as suspicious. When and how did they come



13

into existence? Are they located offshore or share an address with an employee? Do they share a name that is very

similar to a vendor on the approved master list (e.g., Express Courier Service [an approved vendor] vs. Express

Courier Services [a bogus vendor])?

Other high-level analyses will be run to reveal possible areas of concern. Most of the company’s transactions

will come through clean and there will be no need for further review. The investigator should evaluate the data and

report any questionable areas before further action is taken.

Only those areas where the data indicates that significant issues may exist will be addressed by investigative

professionals. A detailed investigation, akin to that required in response to a government inquiry, may be warranted

due to the high probability that something is amiss. An experienced investigative team will have some good ideas

as to what they will be looking for, though they must go in without blinders so as not to miss more subtle issues.

The company should collaborate with its investigative team to prioritise areas where a deeper review is

warranted. As to “clean” areas, a reiteration of the importance of following the policies and procedures is likely

all that is required. For those areas where minor issues have been uncovered, the corporation may choose to

enlist people from human resources, compliance or other parts of the company to check out the discrepancies.

Sometimes these investigations will uncover issues that require deeper review, but most will turn out to be honest

errors that are easily remedied or petty thefts that internal resources can easily handle.

It is much more cost effective to perform a thorough evaluation of only those areas where significant concerns

exist, than to have those situations blow up into a full-scale, company-wide, government-driven investigation.

Action

Upon completion of the investigation, swift action must be taken should any problems be uncovered. Anyone

involved in fraud or corruption must be terminated and upon advice of counsel, turned over with all supporting

data to the authorities. Managers responsible for the division must be dealt with, either by termination or

extensive retraining in the proper execution of the policies designed to prevent such behaviour. E-mails and

other communications must be thoroughly reviewed to determine whether there was any warning that this was

occurring. Was someone higher up notified and did they elect to ignore or even affirmatively direct that the activity

be ignored? Remedial procedures should be communicated to other managers to ensure that no one else ignores

fraud or corruption within the company.

Conclusion

Someone once said that an ounce of prevention is worth a pound of cure. In this case the costs associated with

a properly designed, step-by-step investigation to uncover problems internally, before governments become

involved, could save many millions of dollars, the corporation’s reputation, and perhaps most important, the

personal freedom of the CEO and other executives.


FLVS, Inc.






14

Seeing Your Business Through The Eyes of a Fraud Investigator


According to the 2008 Report to the Nation on Occupational Fraud & Abuse, released by the Association of

Certified Fraud Examiners, your business will lose 7% of its revenues to fraud this year – an astounding cost.

Putting the dollar loss aside, to further complicate matters “a business which discovers internal fraud is often

faced with both criminal and civil legal issues”, according to Curt Langley, a partner with Jackson Walker. As you

can clearly see, the problems stemming from fraud are both diverse and very costly.

Whether through embezzlements, kick-back schemes or corruption, the incidents of fraud are increasing and

the schemes are becoming more intricate. As a member of management responsible for financial oversight and

safeguarding corporate assets, you should look at your business with a sceptical eye, and a keen awareness of

the factors that drive fraud and the opportunities employees have to commit illegal acts. The remainder of this

article discusses an approach to isolating areas of heightened risk, as well as a process for identifying potentially

anomalous transactions requiring further inquiry.

The Fraud Triangle

To understand how fraud occurs, and be equipped to detect and identify areas where fraud may be occurring

within your company, senior management should begin their analysis using the framework employed by the Fraud

Triangle; the three legs of the triangle are “pressure”, “opportunity” and “rationalisation”. A brief discussion of

each follows.

Pressure

Most frauds start with pressure – whether it’s associated with an employee who is living outside their means,

a sales manager looking to meet aggressive goals, or the head of a division that is launching a new product line

hoping to “turn things around” – each is subject to pressures that might cause them to take advantage of an

opportunity to commit fraud. Being aware of these pressure points is the first step towards effectively identifying

areas requiring further inquiry.

As such, consider those factors impacting a company’s earnings ability, including a steady reduction in

customer demand, increasing market saturation, or erosion of pricing power. Each places pressure on company

management.

Other sources of pressure include aggressive revenue and profit targets and competitors paying bribes to secure

contracts. One must also understand the behavioural impact of incentive compensation plans. Individuals subject

to performance-based plans feel substantial pressure to exceed goals to generate bonuses.

The presence of one or more of these pressure points should be sufficient to raise your level of scrutiny. Once

you understand the particular pressures facing your company, begin identifying the opportunities for alleviating

such pressure – how might the fraud take place.

Opportunity

Opportunity presents itself in numerous forms. Special attention should be applied to related parties transactions



15

and accounting methodologies that rely on the uses of estimates for measuring revenues and expenses. Other

opportunistic situations that management should be wary of, include companies that: (i) have significant

operations in remote overseas locations, (ii) employ agents in countries with a high corruption risk, and (iii) have

ineffective systems and controls. If your company is not periodically testing the effectiveness of your controls and

anti-corruption procedures, the opportunity for fraud increases substantially.

Rationalisation

The last leg of the triangle involves the rationalisations employees use to defend their actions. Be aware of

employees who feel they have been wronged by the company – either by being passed over for promotions or those

who complain about not being adequately paid. These employees feel that the company “owes them” and will be

more apt to cross ethical lines. Finally, there exists a pervasive feeling of entitlement amongst employees today. In

fact, one only need look at the investment banking community to find executives who believe they are entitled to

their bonuses notwithstanding their company’s billion dollar losses.

Searching for Anomalous Transactions

Once you’ve identified the pressure and opportunity, you should turn your attention to finding the fraudulent

transactions. Anomalous transactions are rare events relative to the total transactions a company enters into.

In addition, they fail to reveal that they lack a legitimate business purpose, or were consummated for less than

equivalent value. More than 99.9% of the transactions a company records are for legitimate business purposes –

disbursements for payroll, cash receipts from a customer, or journal entries to reverse prior accruals. Accordingly,

it is the less than one-tenth of one percent of all transactions that require further review. So how does one find the

proverbial needle in the haystack? Data analytics can help point the way.

Every company should use data analytics to uncover transactions with questionable attributes. Some of the

types of potentially anomalous transactions range from those that are fictitious (i.e., paying a bogus vendor for

goods or services never received) to transactions consummated for less than equivalent value (i.e., paying $400

per unit for product that should cost $350 per unit). These types of transactions are designed to mirror legitimate

transactions and are “hiding” in plain sight. To find them, one must identify patterns and attributes that are

consistent with fraudulent transactions, including:

• Round dollar invoices and payments

• One-off names of vendors

• Sequential invoices from the same vendor

• Payments to vendors not listed in the master vendor file

• Recurring payments

• Weekend and holiday transactions

• Non-balancing and manual journal entries

• Same vendor name different vendor numbers and addresses

• Payments to inactive vendors

• Gap detection

This partial list of high-risk attributes provides you with some insights on where to begin your analytical review.



16

Seeing Your Business Through a New Lens

Finding fraud is difficult – it takes management’s commitment, a methodical process, and at times, the cooperation

of a tipster. However, when data mining techniques are coupled with an understanding of the pressures facing

a company and its employees and the myriad of opportunities to alleviate such pressure, uncovering the fraud

schemes that infect your company becomes easier. You just have to know where to look.


FLVS, Inc.


Watching Your Back: Conducting Investigations with an Eye Toward US Regulators

BY DEBORAH R. MESHULAM AND SHARIE A. BROWN | DLA PIPER

Recently, US law enforcement actions against non-US companies have dramatically increased, and show no

signs of slowing down. US regulators now seek harsh sanctions, including large penalties, on non-US companies

that violate US laws and regulations. Companies can reduce the risk of severe sanctions from a serious US

regulatory issue by conducting a robust investigation into possible wrongdoing promptly after it is discovered.

When conducted properly, investigations can substantially improve a company’s position when it tries to resolve

enforcement issues with regulators.

Simply put, a company is more likely to receive favourable treatment from US regulators if the company

conducts a thorough and transparent investigation, and implements appropriate corrective measures in response

to that investigation, as discussed below.

Use the Right Investigators

US regulators do not expect a company to send a fox to guard the henhouse. The investigative team must be

independent of those with possible involvement in the alleged misconduct. Otherwise, the regulators will be more

inclined to impose tougher sanctions because they do not view the investigation as credible.

US laws do not mandate a specific type of investigator. When an issue involves a possible violation of law,

however, companies are best served by using outside counsel as investigators. US law enforcers are often sceptical of a

company’s reported results of its own investigation, especially where those results are favourable for the company.

When US law enforcers agree that an investigator is independent, outside counsel may receive more time to

conduct the investigation. Companies may then be able to avoid disruption caused by an onslaught of government

subpoenas for testimony and documents.

Outside counsel also serve as an important buffer between the company and the regulators. The company

relies on outside counsel’s investigative expertise; but if investigative missteps occur, regulators will not attribute

that misstep to the company.





17

Define the Scope of the Investigation Appropriately

A company must look at all relevant issues in order to benefit from an investigation. Setting the investigation’s

scope too narrowly leads regulators view the company as not truly committed to addressing its issues. US law

enforcement regularly asks company representatives whether the potential violation is isolated to a certain part

of the company, and whether any steps were taken to detect if similar wrongdoing has or is occurring elsewhere.

Law enforcement will have more confidence that a company undertaking an expanded investigation, defined by

operational relevance, is committed to addressing all company wrongdoing wherever it may be found.

Preserve and Collect the Right Documents

A company’s preservation of potentially relevant evidence is crucial. Companies must act urgently to ensure that

electronic and hard copy documents relevant to the investigation are secured and preserved, by suspending normal

document retention policies, and ensuring that employees know what must be preserved. Even if there is no other

violation, a company can face sanctions, including criminal charges, if evidence is destroyed. Companies should

preserve more documents than necessary rather than risk a conclusion that the company destroyed evidence.

Once preserved, the company should ensure that the documents are fully accessible to investigators.

Presentation of key documents to US law enforcement officials will validate the conclusions of the investigators

and the company’s response to the investigation. Before concluding a matter, US regulators request a voluntary

production of all documents collected during the investigation, not just those deemed relevant. Before entering

into a final resolution with the company, US government personnel will review these materials to confirm the

completeness and accuracy of the facts previously presented, and that no meaningful investigative leads were

ignored by the company.

Interview the Right Witnesses in the Right Way

Interviews are one of the primary sources of information gathered during an investigation. The US government will

have confidence in the integrity of the investigation if, among other things, people with possible knowledge of the

relevant transaction or alleged misconduct are interviewed, including former employees, as practicable. Investigators

should conduct interviews with documents related to each witness, including those documents of likely special interest

to the government. Take interview notes as a record of evidence provided by the witness.

The credibility of the investigation turns not only on who is interviewed, but also on how thoroughly the witness is

questioned. Investigators should ask both basic and follow-up questions, and allow a witness the opportunity to identify

issues that he or she may perceive to exist. Investigators should conduct follow-ups, and re-interview a witness as facts

emerge. Regulators will question whether the investigators were thorough, and if large gaps exist, the company will

not benefit from conducting the investigation. If the government perceives that the investigation was not conducted

aggressively, the likelihood that the government may take over the investigation is substantially increased.

Companies must recognise that different jurisdictions have various rules on information gathering from

employees that may create roadblocks to needed information. Failure to develop an investigative strategy that

assures compliance with these rules could create new legal issues.

Report the Results of the Investigation

A company is required to apprise its governing body (e.g., the Board of Directors) about the investigation and



18

White Collar Crime in America

BY DONALD F CLARKE | ASSET BASED LENDING CONSULTANTS, INC.

The Bernard Madoff story which unravelled in early 2009 has become one of the most cited white collar crimes

in American history, where one man’s criminal behaviour ruined the lives of hundreds of thousands not only

in America but globally. Like all white collar crimes committed in America, there was no bloodshed or physical

trauma left on the victims but rather endless emotional distress and devastating financial losses that can have

even greater effect on those victimised by such crimes.

While Madoff has become the poster boy of all white collar criminals because of the sheer enormity of the reach

any findings regarding potential wrongdoing. The company is also expected to provide its auditors with an

investigative report. Importantly, if the investigation involves an issue about which US law enforcement is aware,

or which the company should report, regulators will expect to receive periodic reports on the progress and results

of the investigation. Companies must make such reports in order to receive recognition for the effectiveness of

their investigation.

Key issues related to investigation reports include: preserving attorney client or work product privilege attached

to the investigation/results; preserving confidentiality of reported information and the format of any presentation.

Careful strategic planning by investigators and the company’s governing body is required, even though the initial

strategy may change as facts emerge.

Take Appropriate Corrective Action

The US government expects a company to take necessary corrective measures and use investigative results to help

prevent, detect and stop future wrongdoing, to the extent possible. Company corrective measures should include

revising policies and procedures as necessary, and disciplining the actual wrongdoers, as well as supervisors, who

may have failed to properly supervise the wrongdoer.

US regulators expect companies to base corrective action on the gravity of the offense, without concern for

the financial impact on the company. Companies that place economic interests above legal compliance receive

harsher treatment from regulators.

Conclusion

A properly conducted investigation followed by appropriate corrective steps can help a non-US company avoid

prosecution by US law enforcement, and severe sanctions. Thus, sound business practice mandates prompt,

aggressive company action, even for non-US companies, when a US regulatory issue arises.

Deborah R. Meshulam and Sharie A. Brown are Partners at DLA Piper. The authors thank Brian Chilton, DLA counsel,

for his assistance.







19

of his effect, there are countless other individuals operating in this field of endeavour in America today. In this

article, the author cites some examples of such crimes in three areas:

• Money laundering

• Cash diversion

• Document falsification

Money Laundering

In the case of Calma (name modified for this article), it was discovered that senior management engaged in two

types of white collar crimes, namely, loan kiting and money laundering. Money laundering is when criminals

use legitimate businesses to disguise the proceeds of criminal enterprise operations. For example, a group of

individuals involved in the illicit drugs/narcotic trade will find a way to funnel the funds through a legitimate

business so that they can then recover the funds without attracting the attention of the authorities. The following

are excerpts from the Calma report presented to the authorities.

Bank Activity

Calma has disclosed fourteen checking accounts. These accounts are with the members of the Bank Group that

retained consultants to perform this forensic accounting exercise. Calma provided the consultants with bank

statements on these accounts for the eighteen-month period ended March 31, 2003.

In reviewing the bank activity the Consultants noted unusual activity that required further scrutiny. There

appeared to be an established pattern of using loan advances from one bank to pay off a loan at another. The

following is a summary of Calma’s cash activity over the latest 15 months.

Cash Summary

($000’s)

Period Deposits Disbursed

Oct 01 – Sep 02 $161,079 $160,488

Nov 02 – Mar 03 $23,805 $24,161

Total $184,884 $184,649

Sales FYE 2002 $ 24,038

In the foregoing real example, the individuals involved here did what is called loan kiting, which is borrowing from

another lender using the same collateral to pay off a loan due another lender. The proceeds of this cash “churn” was

then used as “seed” money to then buy illegal substances which were then sold at a profit and the run through the

legitimate company.

The telltale evidence is that the total deposits and disbursements for the period October 2001 through September

2002 totalled $161 million when the sales from the legitimate business for that period was only $24 million. How could

the company possibly deposit and withdraw more funds (in this case a 6.8 multiple) than sales for the period?

In this case, the perpetrators were all convicted and given relatively stiff prison sentences and the banks lost in

excess of $30 million when the loan kiting ceased and the company was closed down.



20

Cash Diversion

In the Kenyon Furniture case, the white collar crime involved a diversion of cash from the secured lender Bankers

Trust to the owners of the borrowing company for personal criminal enterprise. Below are excerpts from the

report submitted to a potential lender, Bank of New York Commercial Lending.

“Consultants reviewed cash deposits and paid checks for the most recent 6 months, the results of which were

troubling are summarized as follows:

1. Firstly, the company sold inventories as cash on the following dates:

• $972.7K in late February 1989

• $529.3K on 03/08/89

• $402.0K on 02/02/89

The cash proceeds totaling $1,904.0K were deposited into Kenyon’s operating account at American Bank & Trust,

High Point, North Carolina account #1000611 and used for “operating purposes”. These proceeds should have

been remitted to Bankers Trust who had a lien on these assets and used to reduce the loan.

Mr. Pearce explained that these were done erroneously but displayed no remorse that this occurred. Mr. Pearce

also advised Consultants that he made the people at Schroder Bank aware of this situation prior to Consultants

being retained to do this review.

2. Secondly, Consultants, in reviewing paid checks, found the following hand written, hand endorsed and

cashed at Wachovia Bank in Thomasville, North Carolina:

• Nine (9) checks totaling $278.6K payable to MODA-Italy which were hand endorsed and signed by “ROGER

CATES.”

• Eleven (11) checks totaling $518.3K payable to Induscuer in Argentina which were hand endorsed and

signed by “KURT FREEMAN.” Consultants’ office contacted Induscuer in Argentina at telephone #011-

54-1-207-9336 and several people had no knowledge of “KURT FREEMAN” and said he did not work for

Induscuer.

• Nine (9) checks totaling $405.8K payable to Pinheiros-Brazil which were hand endorsed and signed by

“BRYAN JEROME.”

• These transactions totaled $1,202.7K all between the dates of March 01st and March 03rd, 1989. It is a

remarkable coincidence that these transactions happened shortly after the aforementioned inventory cash

sales”.

It was revealed in court that the aforementioned checks were actually cashed by the endorsers with the help of an

insider in Wachovia Bank and the proceeds were then used for criminal enterprise by the individuals involved.

This crime was cleverly disguised by writing the swindled checks to actual vendors and then enlisting a cohort

inside the bank to procure the funds in return for a cut of the proceeds. The main players were sentenced to prison

terms of 10 and 8 years and Bankers Trust suffered a $33 million loss as a result of this crime.

Document Falsification

Document falsification or creating fraudulent documents with the intent of using such documents to borrow

money from lenders is a common white collar crime.



21

In the specific case of First Factors in the late 1990s, a disingenuous client firstly created phony invoices from

phantom customers which it would then submit to the factor. The factor would then purchase those invoices at as

much as 95% of face value from this client. Because the factor required delivery evidence and shipping documentation

to support the invoices before they were purchased, the client got a hold of delivery tickets of their major shipping

companies and then fabricated these documents and presented them to the factor. The scheme became unglued when

on a field visit it was discovered that the same person was signing for several shipping companies at the same time.

This white collar crime caused the factor an unspecified amount of loss and the factor subsequently went out of

business.

In the case of the infamous Barry Minkow and The ZZZ Best case, Minkow’s accomplices utilised a copy

machine to manufacture phony invoices for jobs that did not exist. These invoices were then booked as accounts

receivable and then submitted to the banks of record as actual receivables. When Minkow’s scheme was ultimately

unravelled, he had swindled in excess of $150 million from banks and investors and made the cover of Time

Magazine under the heading “Faking It in America”.

Figures can’t lie but liars can figure.

Donald F Clarke is President of Asset Based Lending Consultants, Inc.


Areas of Risk: Internal Investigations and More

BY ELLEN ZIMILES AND SCOTT MORITZ | DAYLIGHT FORENSIC & ADVISORY LLC

Companies alleged to be involved in fraud or misconduct will most certainly continue to be obligated to conduct an

internal investigation. It has become clear, however, from the investigative concerns at Deutsche Bank, Deutsche

Telecom and Hewlett-Packard, to name a few, that an investigation can be at least as damaging to a company’s

reputation as the initial allegation.

Whether an investigation is carried out by an internal group or an outside investigative firm, the company in

question must seriously consider the methods used to conduct the investigation. First and foremost, the company

must ensure that the investigative techniques are within legal boundaries. Secondly, the company must consider

any investigative methods in light of its own stated code of conduct, which sets out the rules of behaviour, the

ethical code that should govern the entire organisation from the top down.

Impermissible Tactics

Pretexting, the act of assuming a false identity to gain access to data, can not be used to obtain financial data or

confidential phone records. The federal government has outlawed pretexting for both of these purposes. It is also

not permissible to impersonate law enforcement, government officials or journalists. Even the law enforcement

community, which has much wider latitude in the conduct of investigations than the private sector, has traditionally

observed strict constraints in regard to its dealing with journalists and their sources.





22

Permissible Tactics

The telephone, computer networks and email system belonging to a company are that company’s property. As

such, phone records, e-mails and files stored on local hard drives and network servers can be analysed by the

company or third parties acting at its direction without the consent of the users. The company can also freely

scrutinise mobile phones and handheld devices paid for by the company as well as home and mobile telephone

bills submitted for expense reimbursement, without the user’s permission.

Other Considerations

In addition to legal boundaries, a company considering an internal investigation should look at ethical standards

and possible public perception. A good rule of thumb would be to consider whether the company would be

embarrassed to read about its internal investigation techniques in a newspaper or have those techniques examined

in a court room. One example of a legal investigative technique that might raise these questions is the use of “trash

covers” or “dumpster diving”, which refers to sifting through a person or company’s trash. Removing household

trash after it has been placed at the curb is usually lawful but may be thought of as unseemly and cause a company

embarrassment. On the other hand, paying a custodian to gain access to the trash of office receptacles or a dumpster

on private property is generally an illegal activity.

Safeguards

Board members and senior executives, who can be held accountable for any misdeeds, must understand the

methods employed by investigators and outside counsel retained to perform internal investigations. Board

members and senior executives should know the identity of the investigative firm and any subcontractors they

may use. They must ensure that those vendors have indicated in writing that they have familiarised themselves

with and agreed to abide by the company’s code of conduct. In addition, it is good practice to request a detailed

work plan from the investigative firm and then subject the work plan to thorough review, prior to authorising the

start of the investigation. Any investigative steps the board may have concerns about should be discussed with

legal counsel. Indeed, the vast majority of internal investigations should be undertaken at the direction of outside

counsel to allow the company the protections afforded by the Attorney Client Privilege and the Attorney Work

Product Doctrine.

Fortunately, the vast majority of investigators adhere to a strict ethical code and are well versed in the legal

and ethical boundaries guiding investigations. Their insights can be invaluable in providing guidance to board

members and senior executives as to the risks inherent in the investigative process. A good investigator will

caution clients and their counsel against using questionable investigative techniques or resources.

Other Areas of Risk

While pretexting has received notoriety as an unethical investigative technique, there are other areas of risk that

should be examined in the light of a company’s code of conduct and compliance programs. These issues are not

confined to internal investigations but also include operational issues, such as executive compensation or foreign

investment. There is no question that the Department of Justice’s increased enforcement of the Foreign Corrupt

Practices Act (FCPA) and the government’s recent scrutiny of executive compensation packages, particularly in

regard to financial institutions, are areas of increased vulnerability for companies and their boards.



23

Most risk in these areas comes from some combination of four elements: (i) employees and officers; (ii)

vendors and agents; (iii) customers; and (iv) business partners. Understanding the unique risks presented

by each in a given transaction is central to mitigating risk. For example, as US companies invest abroad, US

officials seek viable solutions against potential violations of the FCPA. The design and implementation of an

effective FCPA compliance program and corporate code of conduct, coupled with financial internal controls,

can substantially minimise a company’s risk. When considering entering overseas markets, seeking to win

contracts with foreign governments, or entering into joint ventures outside the US, senior management and

directors need to have a keen understanding of the nexus between these transactions and any foreign public

figure.

Do’s and Don’ts for Internal Investigations

At the end of the day, the tone at the top is a critical measure of a company’s commitment to ethical corporate

governance. Legal compliance, the code of conduct, and reputational considerations should guide every major

decision undertaken by a company and its board of directors. Below is a list of simple practices that will help

prevent corporate scandals.

Do:

• review your code of conduct and apply your own “ethical litmus test”;

• insist on the investigator’s adherence to the code of conduct;

• request a detailed work plan;

• challenge the work plan on any areas of concern;

• consider how it will read on the front page;

• identify the risks.

Don’t:

• be uninformed;

• let emotions dictate decision-making;

• be bullied by other senior management or board members;

• assume that it must be okay because it’s what was recommended;

• forget that you may be accountable.

Ellen Zimiles is Chairman and CEO and Scott Moritz is an Executive Director at Daylight Forensic & Advisory

LLC.







24

How Victims of Fraud are Compensated

BY ELLEN ZIMILES AND JEFFREY LOCKE | DAYLIGHT FORENSIC & ADVISORY LLC

As prosecutors and regulators have brought more fraud cases to light, victims are still grappling with how to

receive compensation for their losses. Victim compensation can depend, in large part, on how the government

and the courts treat the fraud. The government and the courts have different potential methods to confiscate

funds from perpetrators to compensate victims. This article will focus on: (i) useful steps that victims of fraud

should take and (ii) two government strategies that can help in compensating victims of fraud, namely, the

appointment of a Securities Investor Protection Corporation (SIPC) Trustee and asset forfeiture.

Steps to Take for Fraud Victims

Victims of fraud should speak to the government, either on their own or through an attorney, to determine

what the government needs from the victim to help it successfully prosecute the case. Victims should gather all

relevant documentation, including proof of all losses, all monetary transactions with the perpetrators, proof of

money going to and from the victim to the perpetrator and any communications with the perpetrator.

The victim should also communicate his/her needs in terms of compensation. In special cases of hardship

the government may speed up the process of compensating victims to give relief to those victims whose needs

are greatest. For example, in U.S. v. Madoff, the SIPC Trustee processed hardship claims before other claims

from other victims. As of June 30, 2009, the SIPC Trustee approved 152 hardship claims; the hardship claims

were decided within 20 days after receipt unless more information was needed. Only individuals could make a

hardship claim and the Trustee considered the following types of hardship: “the inability to pay for necessary

living expenses (food, housing, utilities and transportation); inability to pay for necessary medical expenses;

necessity to return to work, at the age of 65 or older, after having previously retired from former employment;

declaring personal bankruptcy; and inability to pay for the care of dependents” (Trustees First Interim Report

filed July 9, 2009).

The Role of the SIPC Trustee

In its brochure on its website, SIPC states that it “is the first line of defense in the event a brokerage firm fails

owing customer’s cash and securities that are missing from customer accounts”. SIPC helps individuals whose

money, stocks and other securities are stolen by a broker or put at risk when a brokerage fails for other reasons.

From its creation by Congress in 1970 through December 2007, the SIPC advanced $508 million in order to

make possible the recovery of $15.7 billion in assets for an estimated 625,000 victims.

SIPC “acts as trustee or works with an independent court-appointed trustee in a missing asset case to recover

funds”. SIPC guarantees that all “customers of a failed brokerage firm receive all non-negotiable securities” that

are registered or in the process of being registered in their names. SIPC also has a reserve “available to satisfy

the remaining claims of each customer up to a maximum of $500,000” for invested securities and a $100,000

maximum on claims for cash.

A case in point is that of the SEC v. Bernard L. Madoff. The court appointed an SIPC Trustee, Irving Picard,

and also froze the assets of individuals and entities involved in the criminal activity including Bernard Madoff



25

and his company, Bernard L. Madoff Investment Securities LLC, and empowered the SIPC trustee to search

and seize other assets involved in the criminal activity. The court ordered the Trustee to monitor the assets seized,

to try and find more assets and to distribute the assets seized to victims. Between December 1995 and December

2008, when Madoff was arrested, it is estimated that the victims’ net losses were $13.2 billion dollar, according to

the Wall Street Journal.

Asset Forfeiture

The goal of asset forfeiture, according to the Department of Justice, is “to enhance public safety and security ... by

removing the proceeds of crime and other assets relied upon by criminals and their associates to perpetuate their

criminal activity against our society”. When assets are forfeited, title of the assets passes to the government and

can then be transferred to fraud victims. Although compensating victims is not the overall goal of asset forfeiture,

it is important and an often used mechanism to compensate victims. In doing so, the government must follow

certain regulations and procedures, namely, remission and restoration.

Remission

After assets have been judicially forfeited, the authority to distribute the assets to victims rests with the US Attorney

General. The US Attorney’s office notifies the victim that they can file a petition for remission either by mail or, for

unknown victims, through publication.

According to 28 C.F.R. Part 9, a victim is “a person who has incurred a pecuniary loss as a direct result of the

commission of the offense underlying a forfeiture”. A victim can be “an individual, partnership, corporation, joint

business enterprise, estate, or other legal entity capable of owning property”.

To be considered for remission, a victim must show:

• a pecuniary loss of a specific amount has been directly caused by a criminal offense;

• the pecuniary loss is the direct result of the illegal acts;

• the victim did not knowingly contribute to, participate in, benefit from, or act in a wilfully blind manner

towards the commission of the offense;

• the victim has not in fact already been compensated for the wrongful loss; and

• the victim does not have recourse reasonably available to other assets from which to obtain compensation

for the wrongful loss of the property (28 C.F.R. Part 9.8(a).

The pecuniary loss is determined by the “fair value” of the property (28. C.F.R. Part 9.8(b)). Fair value is not

defined in the regulation.

Restoration

To accelerate the return of property to victims, the Criminal Division created alternative procedures to return

forfeited funds to victims. The procedures apply where: (i) both restitution to compensate victims and a related

forfeiture have been ordered; (ii) the victims and amounts in the restitution order virtually conform to the

amounts that would have been paid in the remission process; and (ii) other property is not available to satisfy

the restitution order. Restoration allows some victims of fraud to receive fair compensation in a more efficient

manner.



26

Recent Cases in Asset Forfeiture

Two recent cases in which the government has forfeited assets of defendants are U.S. v. Dreier and U.S. v.

McDowall. In U.S. v. Dreier, Drier sold $700 million worth of fictitious promissory notes. Dreier directed

victims to wire funds into his own account, which he then used for his own benefit and to keep the fraud

ongoing. The court ordered $746 million forfeited and sentenced Dreier to 20 years in prison. In Dreier, the

court-appointed receiver is trying to recover Mr. Dreier’s assets on behalf of his victims. As of July 2009, the

receiver had seized a $39 million art collection, an $18 million yacht and several expensive cars.

In U.S. v. McDowall, McDowall led a mortgage fraud scheme that defrauded homeowners out of their

properties or equity in their property. Many of the victims of the crime were elderly and immigrants. The

court ordered $2.5 million forfeited and sentenced him to 10 years in prison.

In both cases, based on the forfeiture orders, victims of fraud who are known to the government can

expect to be compensated for a portion of their losses.

Conclusion

Prosecutors and regulators can assist the victims of fraud with compensation for a portion of their losses.

As demonstrated by the SIPC trustee in Madoff and remission and restoration procedures, to maximise

compensation through the government, fraud victims must be proactive with the government and determine

what types of procedures the government is using to seize the perpetrators assets to maximise the compensation

available.

Ellen Zimiles is Chairman and CEO and Jeffrey Locke is a Senior Manager at Daylight Forensic & Advisory LLC.


Fraud Enforcement and Recovery Act

BY DAVID A. FELDMAN, D. GRAYSON YEARGIN, AND BRIAN M. CHILDS | NIXON PEABODY LLP

In May 2009, President Barack Obama signed into law the Fraud Enforcement and Recovery Act (“FERA”). FERA,

which passed with overwhelming support in both chambers of Congress, is aimed at reducing fraud, especially

– but not exclusively – fraud involving Federal money and property. Supporters of the legislation contend that it is

necessary based on reports indicating that mortgage and corporate fraud are at all-time highs and on projections

by enforcement officials that the vast amounts of Government dollars directed to economic recovery efforts brings

an unavoidable increase in risks of further increases in fraud.

FERA strengthens and expands the ability to prosecute and punish fraud in three main areas. First, FERA

amends and augments various statutes relating to financial fraud. Second, FERA significantly increases funding to

the agencies charged with enforcing those statutes. Third, FERA establishes a commission to examine the causes

and ramifications of the current financial crisis.






27

Expanding the Tools of Enforcement

FERA makes major changes to several fraud laws and explicitly expands certain civil and criminal fraud statutes

to include mortgage businesses and fraud aimed at the Government’s economic recovery efforts. FERA also

effectively overturns several recent judicial decisions that had limited the scope of certain antifraud laws.

The False Claims Act

FERA expands the grounds for liability under the False Claims Act (FCA), 31 U.S.C. §§ 3729 - 3733. It does so by

“clarifying” that the FCA covers false claims for Government money or property: (i) whether or not the claim was

presented to a Government employee or official; (ii) whether or not the Government has custody of the money or

property; and (iii) whether or not the person or entity specifically intended to defraud the Government.

FERA accomplishes the above by amending the grounds for liability and altering (and adding) key definitions

to the statute. After the amendments, the FCA may be enforced against any person or entity that “knowingly

makes, uses, or causes to be made or used, a false record or statement material to a false or fraudulent claim.” The

statute’s definition of “claim” makes clear that this includes false records or claims made to the Government or to

contractors or other recipients of Federal funds. Further, the new definition of “material” includes statements or

records “having a natural tendency to influence, or be capable of influencing, the payment or receipt of money or

property.”

These changes effectively overturn Allison Engine v. United States ex rel. Sanders, 128 S. Ct. 2123 (2008).

There, the Supreme Court explained that a subcontractor violates the FCA if it submits a false statement to the

prime contractor intending for the statement to be used by the prime contractor to get the Government to pay its

claim. Liability would not exist when a subcontractor makes a false statement to the prime contractor and did not

intend that the Government rely on that false statement as a condition of payment. Under the new provisions,

liability would exist if the subcontractor’s statement has a natural tendency or is capable of influencing payment

or receipt of money – a much lower standard.

FERA also repudiates United States ex rel. Totten v. Bombardier Corp., 380 F.3d 488 (D.C. Cir. 2004), and

United States ex rel. DRC, Inc. v. Custer Battles, LLC, 376 F. Supp. 2d 617 (E.D. Va. 2005), rev’d, 562 F.3d 295

(4th Cir. 2009). The D.C. Circuit held in Totten that a claim must be “‘presented to an officer or employee of the

Government before liability can attach.’” Custer Battles established that liability under the FCA does not reach

claims for payment of funds over which the United States has neither title nor control.

FERA revises “claim” to include “any request or demand, whether under a contract or otherwise, for money

or property and whether or not the United States has title to the money or property.” This definition of “claim”

includes any request or demand presented to the United States or “made to a contractor, grantee, or other recipient”

if “the money or property is to be spent or used on the Government’s behalf or to advance a Government program

or interest” and the United States provides or reimburses any portion of the money or property.

FERA also restricts statute of limitations defenses in cases where the Government intervenes. FERA includes

direction that any Government intervention “shall relate back to the filing date of the [relator’s] complaint . . .

to the extent that the claim of the Government arises out of the conduct, transactions, or occurrences set forth,

or attempted to be set forth, in the [relator’s] complaint . . . .” This effectively overturns certain Circuit Court

decisions that held that a defendant may have a statute of limitations defense when the delay between the original



28

qui tam complaint and the Government’s intervention becomes drawn out.

FERA reduces obstacles to issuing Civil Investigative Demands pursuant to the FCA. FERA amends the

provisions relating to these Demands to allow designees of the Attorney General to issue them. It further amends

the FCA to allow greater sharing of information retrieved in FCA investigations.

FERA potentially expands grounds for retaliation claims. FERA amends the retaliation clause in the FCA.

Although the wording of the new language is not entirely clear, it appears that the language may prohibit a broader

range of actions against so-called “whistleblowers.” Retaliation may also exist for actions taken against an employee

as a result of “associat[ing] with others in furtherance of other efforts to stop 1 or more violations” of the FCA.

The Major Fraud Act

FERA amends the Major Fraud Act, with its enhanced penalties, to include fraud committed in connection with

the Emergency Economic Stabilization Act of 2008 and the Troubled Asset Relief Program (TARP).

General Changes under Title 18, Crimes and Criminal Procedure

FERA expands the definition of “financial institution” in Title 18 of the United States Code to include “mortgage

lending business.” It also extends the prohibition against making false statements in a mortgage application

to employees and agents of a mortgage lending business. FERA defines a “mortgage lending business” as “an

organization which finances or refinances any debt secured by an interest in real estate, including private mortgage

companies and any subsidiaries of such organizations, and whose activities affect interstate or foreign commerce.”

FERA adds this definition - as well as “any person or entity that makes in whole or in part a federally related

mortgage loan as defined in section 3 of the Real Estate Settlement Procedures Act of 1974 - to the definition of

“financial institution” in 18 U.S.C.§ 20.

FERA also proscribes false statements in mortgage applications made by employees and agents of mortgage

lending businesses.

Securities Laws

Section 1348 of Title 18 previously proscribed fraud only in the context of certain securities. FERA adds prohibitions

against fraud involving options and futures in commodities.

Money Laundering

FERA addressed the recent Supreme Court decisions in United States v. Santos, 553 U.S. __ (2008), by expanding

the reach of the money laundering statute. FERA clarifies that the “proceeds” of money laundering include all

gross proceeds, and are not limited to net proceeds.

Increasing Funding for Enforcement

FERA provides significant funding for antifraud enforcement. In total, the bill authorises hundreds of millions of

dollars per year over the next two years to hire hundreds of Federal agents, prosecutors, and forensic analysts and

support staff.

The Attorney General alone is awarded $330 million in funding for 2010-2011 “investigations and prosecutions

and civil and administrative proceedings involving Federal assistance programs and financial institutions.” Of this



29

amount, the Federal Bureau of Investigation is allocated $130 million for 2010-2011, “an appropriate percentage

of which shall be used to investigate mortgage fraud.” The offices of the United States Attorneys ($50 million for

each of the next two fiscal years) and the criminal, civil, and tax divisions of the Department of Justice ($40 million

total for each of the next two fiscal years) are allocated significant funding. And the Securities and Exchange

Commission was extended $20 million in 2010-2011 for “investigations and enforcement proceedings involving

financial institutions.”

Creation of a “Financial Markets Inquiry Commission”

FERA also establishes a Financial Market Inquiry Commission to examine the causes, both domestic and global,

of the financial crisis. The Commission will be empowered to hold hearings and to issue subpoenas either for

witness testimony or for documents and will report its findings and conclusions to Congress and the public by

December 15, 2010.

Among the Commission’s functions will be to examine the roles of the following in the current financial and

economic crisis:

• fraud and abuse in the financial sector, including fraud and abuse towards consumers in the mortgage

sector;

• accounting practices, including mark-to-market and fair value rules, and treatment of off-balance sheet

vehicles;

• tax treatment of financial products and investments; and

• capital requirements and regulations on leverage and liquidity, including the capital structures of regulated

and non-regulated financial entities.

David A. Feldman is a Partner and D. Grayson Yeargin and Brian M. Childs are Associates at Nixon Peabody LLP.







Canada | www.executiveview.com

30

An Introduction to Securities Investigations in Ontario

BY DAVID SISCHY | GROIA & COMPANY PROFESSIONAL CORPORATION

This article provides an overview of some significant features of securities investigations in Canada, and more

specifically in Ontario. The discussion focuses on three topics: investigations initiated by the Ontario Securities

Commission (OSC) under the powers conferred upon it by the Ontario Securities Act (R.S.O. 1990, c. S.5) (the

“OSA”); investigations carried out by Integrated Market Enforcement Teams (IMETs) which have been introduced

by the federal government as a response to criminal offences in the capital markets; and, the role of special

committees in responding to corporate wrongdoings and protecting directors against liability.

Investigations under the Ontario Securities Act

Section 11 of the OSA equips the OSC with a powerful investigative tool. Under section 11, the OSC may order an

investigation:

• for the due administration of Ontario securities law or the regulation of the capital markets in Ontario; or

• to assist in the due administration of the securities laws or the regulation of the capital markets in another

jurisdiction.

Pursuant to a section 11 order, one or more persons may be appointed to conduct the investigation and the matter

to be investigated must be set out.

Section 13 of the OSA provides the investigator(s) with broad powers in conducting their investigation including

the power to compel testimony, enter business premises, and inspect and seize documents upon application to a

judge.

A person or company compelled to testify may be represented by counsel, may claim any privilege to which

the person or company is entitled, and any such testimony may not be admitted in evidence against the person

from whom the testimony was obtained in a prosecution under the OSA or any other proceeding governed by the

Provincial Offences Act (R.S.O. 1990, c. P.33).

Section 16 of the OSA provides further statutory protections restricting the disclosure of information relating

to the investigation, including any information obtained under a section 13 order compelling testimony.

Generally, the disclosure of the existence and nature of an investigation either by OSC staff or the issuer itself

is prohibited. In the OSC Staff Notice 15-703 “Guidelines for Staff Disclosure of Investigations”, five general

circumstances, or exceptions to the general policy of non-disclosure, are provided for that lead to compelled

disclosure of the existence of an investigation. While such exceptions ostensibly exist for the protection of the

C A N A D A


www.executiveview.com | Canada

31

investing public and maintaining confidence in the public markets, they have been criticised for contributing to

potential prejudice to those under investigation if no proceedings are ultimately taken.

In addition to these exceptions, issuers must continue to conform to disclosure obligations under securities law

and exchange requirements and therefore, disclosure may be necessary if the issuer determines that the fact of an

investigation is a “material fact” or “material change”.

The person or company that is the subject of the investigation does not have any right to participate in the

process of the investigation. The Supreme Court of Canada, in British Columbia Securities Commission v. Branch

([1995] 2 S.C.R. 3, 1995 CarswellBC 171 at para. 83) stated: “Although those conducting an investigation are

always under a duty to act fairly, this court has held that fairness in the context of such hearings does not require

that the persons who are the ‘subjects’ of the investigation participate in the examination of other witnesses, or

that they be provided with an opportunity to adduce evidence or make submissions to the investigator.”

The rights of persons or companies who are the subjects of government investigations are further limited in

the context of informal investigations. In Barry v. Alberta (Securities Commission) ([1989] 1 S.C.R. 301), the

Supreme Court of Canada determined that the Alberta Securities Commission has an implied authority to conduct

informal investigations without the formality of issuing an investigative order. The Court reasoned that requiring

the Commission to issue an order before commencing an investigation may stifle necessary fact-finding activities

and paralyse the operations of the Commission. As these informal investigations do not carry with them the

same procedural safeguards that attach to formal investigations, they have been heavily criticised by the legal

community.

Compounding this criticism is the OSC’s Credit for Cooperation policy (OSC Staff Notice 15-702 “Credit for

Cooperation”) which is intended to encourage self-reporting behaviour and allow market participants to benefit,

in the form of more favourable consequences for potential violations, from cooperating with OSC Staff during

an investigation. Critics suggest that such a policy is coercive in nature given the possible repercussions of a

refusal to cooperate. Possible repercussions of non-cooperation include a loss of status under the OSA and the

removal of available exemptions. In considering whether to cooperate, a person or company must be aware of the

numerous disadvantages such cooperation may entail, including the absence of procedural safeguards relating to

confidentiality and self-incrimination, as well as the uncertainty that cooperation will lead to a more favourable

outcome.

Integrated Market Enforcement Teams

The federal government of Canada created Integrated Market Enforcement Teams (IMETs) to investigate,

prosecute and deter major capital markets fraud and other market-related crimes that constitute offences under

the Criminal Code of Canada.

IMETs are RCMP (federal police) led units that may include a combination of other federal enforcement

agencies, securities regulators, law enforcement agencies of local jurisdiction, forensic accountants and other

investigative experts. IMETs only target offences of regional or national significance and generally involve actions

by publicly-traded companies with enough market clout to potentially pose a threat to investor confidence in

Canada’s capital markets.

The OSC will refer cases they believe are substantially criminal in nature to IMETs and will share investigative

resources and expertise.


Canada | www.executiveview.com

32

For those who are the subject of an IMET investigation in Ontario, it should be noted that OSC investigators

are prohibited from disclosing compelled testimony that was compelled pursuant to subsection 17(7) of the OSA

to law enforcement officials without the consent of the person from whom the testimony was compelled. However,

there are no such restrictions on passing information that is voluntarily provided.

The subject of an IMET investigation should also be aware of their rights under the Canadian Charter of Rights

and Freedoms. While it is beyond the scope of this paper to explore the full range of Charter rights that might

be engaged in an IMET or OSC investigation, it is important to note the Supreme Court of Canada’s ruling in R.

v. Jarvis ([2002] 3 S.C.R. 757, 2002 CarswellAlta 1441 at para. 96) that “when the predominant purpose of a

question or inquiry is the determination of penal liability, the ‘full panoply’ of Charter rights are engaged.”

The Role of Special Committees

The appointment of an independent special committee to pursue corporate wrongdoings exists as an effective

option to rectify and ameliorate stakeholder harm. A special committee is normally established by a resolution of

the board of directors and that resolution should set out the committee’s mandate and scope of authority.

The timely appointment of an independent special committee in response to shareholder allegations of

corporate misconduct and the implementation of suggested reforms may enable the company to avoid more

serious litigation in the future.

The appointment of an independent special committee has also been recognised by Canadian courts as a key

criterion to be satisfied in order to rely on the indoor management rule. The indoor management rule provides

that as long as the board of a company acts within a range of reasonableness in their decision-making, a court

should avoid interfering in its business decisions (Brant Investments Ltd. v. KeepRite Inc., (1987) 60 O.R. (2d)

737). Acting on the advice of an independent special committee contributes significantly to the appearance of

reasonableness of a decision and therefore serves to insulate directors from potential liability and judicial second-

guessing (Pente Investment Management Ltd. v. Schneider Corp., 42 O.R. (3d) 177).

Conclusion

Securities investigations in Canada can take various forms, ranging from police-led criminal investigations to

formal or informal regulatory investigations (including investigations by the Investment Dealers Association

and the Mutual Fund Dealers Association, whose powers were not addressed in this paper) to internal corporate

investigations. Companies subjected to external investigations are advised to be aware of the full range of rights

and procedural safeguards available to them or, in the case of informal OSC investigations, the lack thereof.

In order to prevent becoming the subject of such external investigations, companies, if faced with stakeholder

concerns, are urged to be proactively responsive through the establishment of independent special committees

and the implementation of suggested committee reforms in a timely fashion.

David Sischy is an Associate at Groia & Company Professional Corporation.





www.executiveview.com | Brazil

33

White-Collar Crime in Brazil

BY ISABEL C. FRANCO | DEMAREST E ALMEIDA ADVOGADOS

The Brazilian Penal Code has been in force since 1941 and defines the principles of the legislation in Brazil

criminalising certain types of actions and conducts that may involve not only natural persons, but officers,

directors, agents and employees of companies established in Brazil.

The Code does not specifically cover the concept of “white collar crime” as the term is defined worldwide. In

other words, in Brazil there is no concrete and complete definition of what is considered a white collar crime.

However, other laws provide for the subject in addition to the Penal Code. Among them, Law 7,492 of 1986

contains a concept of white collar crime that is closer to what appears to be the global concept of white-collar

crimes as “crimes of economic or financial order, committed by people with respectability and high social status

in the course of their occupations”.

Prior to Law 7,492, there were a few attempts by the Brazilian Congress to cover the subject of white-collar

crimes such as Bill# 6,024 of 1974, which dealt with the procedures involving the intervention of the Brazilian

authorities in the winding down of a company or financial institution. But the lack of criminal norms that might

protect Brazilian society from economic or financial crimes led the Brazilian Congress to approve a reformulation

of the Penal Code to reinforce the laws on crimes against the economic order and the financial system.

After a long reformulation of the Brazilian criminal legislation, Bill 7,492 was finally approved by the Brazilian

Congress and enacted in June 1986 and it is now known as “the white-collar statute”.

Despite the existence of this statute, the fact that the Brazilian Penal Code does not have any specific chapter

on white collar crimes creates an unfortunate normative dispersion, which hinders a better understanding of the

juridical institute that regulates this type of crime.

In addition, the conducts to which the denomination of white collar crime applies are extremely complex,

involving a series of meticulously planned practices, which makes it even harder to obtain a clear legal definition

of a white-collar crime in Brazil.

Law 7,492 covers, among others, crimes against the national financial system and crimes that damage the

economic order of the country. Under this concept of economic order, there should be highlighted the market

organisation (the manner in which transactions take place in a market), the regularity of its instruments, the

confidence required from them and the safety of the business performed.

In this article we briefly analyse the main concepts and provisions introduced by Law 7,492.

Article 1 of the statute provides a definition of the persons that may be classified under the concept of perpetrators

of crimes against the financial system showing that any person, whether an individual or a legal entity, performing

B R A Z I L


Brazil | www.executiveview.com

34

activities in the economic market, is subject to be considered as a perpetrator under the statute.

Article 2 through article 24 relates to which actions may be considered “crimes against the financial system”.

Among these definitions are fraudulent management, the publishing of false information to the financial market,

fraud regarding inspections (revenue inspection, for example) and the improper issuance of shares.

Penalties applicable to these actions are as follows: for cases of fraudulent management, the punishment can

vary from three to twelve years of reclusion; in cases of publishing false information to the financial market, the

punishment can vary from one to five years of reclusion; in cases of fraud regarding inspections, the punishment

can range from one to five years of reclusion and in cases of irregular issuance of shares, the punishment can vary

from two to eight years of reclusion.

Article 25 and subsequent ones address the criminal procedures that are applicable to those who have practiced

crimes against the “monetary system”. These procedures establish that the actions regarding crimes under the law

shall be promoted by the Federal Public Prosecutor Office before the Federal Courts. In certain cases there is a

possibility of intervention of the Brazilian Securities Exchange Commission in the promotion of this action, but

only if the case in question involves matters related to the responsibility of this agency. The Brazilian Central Bank

could also intercede, but only if the issue involves matters related to the responsibility of the Central Bank.

Other statutes complement Law 7,492 or are somewhat related to the white collar crimes dealt with by that

statute. For example, Law 8,137 of 1990 provides for crimes against the tax, economic and consumer relations;

Law 9,279 of 1996 addresses crimes against trademarks, patents and unfair competition and Law 9,613 of 1998

provides for other specific financial crimes and is known as the “Money Laundering Crimes Act”.

Under the auspices of the above mentioned statutes, white-collar criminal investigations in Brazil have

improved over the years. The Federal Police has led several notorious investigations worth a mention, such as the

one that led to the imprisonment of the Italian banker, Salvatore Cacciola.

Another noteworthy case is the Satiagraha Operation (2004-2008), led by the Federal Police together with the

public prosecution service; this investigation led to the imprisonment of several well known bankers and bank

officers in Brazil.

As a final consideration, it is important to note that in Brazil, criminal liability is personal, which means that

only a natural person who is directly involved with the crime may be liable for an illicit act. This principle is

defined by article 29 of the Brazilian Penal Code. In other words, a legal entity cannot be held criminally liable for

acts committed by its employees, managers, officers and representatives, for example – except in the sphere of

environmental law. Persons committing the acts are singularly responsible for their acts and only these persons

will be subject to punishment, even if the offender acted on behalf of the company.

In conclusion, despite the lack of a specific statute or law expressly governing white collar crimes, Brazil has

statutory regulations to combat this kind of crime. Brazilian officials have been earnestly combating white collar

crimes and addressing investigations in a more direct and profound way in order to ban this type of crime in Brazil.

Isabel C. Franco is a Senior Partner at Demarest e Almeida. The author would like to acknowledge the invaluable

assistance of Rodrigo Salem and Day Bezerra, legal students of the firm.





35

2E U R O P E

Europe | www.executiveview.com

36

Anti-Money Laundering Measures and Tax Fraud Inquiries

BY THIERRY AFSCHRIFT | AFSCHRIFT LAW FIRM

Secrecy and Ethics

To invoke ethics in order to blame banks for not making accusations against their clients on suspicion of money

laundering or tax fraud is unfounded. A correct understanding of the individual and collective ethics involved in

the banking relationship shows that secrecy is justified.

Many countries were forced to sign agreements related to tax information exchange agreements “on demand”

with high taxation countries. Within limits, they give up the principle of banking secrecy, which already knew

other exceptions, perhaps more justified, such as judicial assistance with regard to money laundering.

These countries have acted under pressure, openly threatened with “sanctions”. But this is inappropriate

punishment for conduct that does not violate any rule: one cannot violate a rule or break a commitment that

never existed.

Switzerland is one country facing this situation. It is committed to provide, at the administrative level (between

tax authorities), “on demand” information to other countries. In substance, that information should be related

to specific persons whom foreign countries presume or suspect break the law and hold assets in a Swiss entity.

Banking secrecy and confidentiality of insurances and trustees are explicitly waived. Luxembourg, Austria,

Monaco, Liechtenstein and the Channel Islands are other European countries in this situation.

The breach of secrecy is even deeper in 25 of the 27 European Union countries which automatically exchange

banking data on the interest earned by their residents. Moreover, the Brussels Commission has not yet abandoned

the idea of extending automatic information exchange in Luxembourg and Austria, and the rest of Europe,

including Switzerland. The exchange of administrative data may have greater impact because of its interaction

with the anti-laundering rules.

Through the impetus given by GAFI and by the European Union, stringent obligations have been imposed on

almost all financial institutions and even certain liberal professions in order to combat money laundering. These

obligations include the compulsory denunciation of private parties in suspicious circumstances.

Justification for such obligations is based on the seriousness of the crimes that are supposedly targeted, such as

drug trafficking and terrorism. Little by little, however, these obligations have been extended, notably in Belgium,

to apply to other crimes such as tax fraud.

The cornerstone of the system is that individuals cannot hide behind companies, foundations or trusts, etc., and

avoid disclosure of their identity when they are the “beneficial owners”. However, intensification of the struggle

against tax havens in 2009 highlights certain difficulties.

E U R O P E


www.executiveview.com | Europe

37

Where “on demand” administrative information exchange agreements are concluded with States previously

regarded as tax havens, banks may have to reveal the identities of the “beneficial owners” of structures used for

tax purpose. Moreover, the notion of “beneficial owner” is not interpreted in the same way in all countries. Thus

States that adopt a real “economic” view of this concept could be required to produce more information than

others that adopt a narrow interpretation, such as seeing in the “beneficial owner” only the person having power

to appoint members of the board of directors.

The paradox is that the more virtuous countries in the struggle against crime, notably Switzerland, could be

penalised by having to reply to more foreign authorities on ordinary questions relating merely to the taxable

basis.

To exert pressure on tax havens, governments of heavily taxed countries (say nothing of “tax hell”) resorted to

two types of arguments. The result is that banks questioned on the basis of exchange agreements will not only have

to answer questions about the legal owners of the accounts, but also their economic beneficiaries.

The scope of exchange information through tax treaties will also increase because of the anti-laundering rules;

especially since the concept of “beneficial owner” in domestic law has a broad, vague outline.

One can legitimately wonder if the indirect use of legislation enacted to prevent and punish crimes for simple

administrative checks that do not a priori concern crimes, is justified.

The problem is thus the use of the compulsory denunciation recognised by the anti-laundering laws for serious

crimes are for the purposes of taxation and not in the framework of judicial activities. In this case, is the breach of

privacy still proportional to the defended value that is only the interest of the public treasury?

This rule could be understood if it was located exclusively at the judicial level, namely under the obligation to

testify. In this context, it would be the civic duty of citizens to help make justice. Thus, the obligation to testify

would apply both to the State and the taxpayer in equal parts before the judge.

This is however not the case. The compulsory assistance to the tax authorities, conceived in the tax codes,

consists of informing the State – and only the State – on request of its agents, without any judicial intervention. It

is almost always accompanied by sanctions, usually criminal in nature. Furthermore, the role of tax authorities is

to identify the taxes that contribute to the profit of the State, and no ethical rule must allow this “interest” - which

is not yet a “right” – to become more important than the engagement of secrecy.

The generalised obligation to inform the tax authorities “on request” is an obligation which occasionally

becomes “automatic”. Is such an obligation really related to “ethics”? If it is not a question here of testifying

before a court of law but of transmitting information to the administration, why should one, on the basis of moral

considerations, refuse to a third party the “right of neutrality”?

Why should a banker, because he is questioned by the tax authorities, provide information which does not

affect his own situation, but which exclusively relates to the interests of two other people: the taxpayer, who can

be close to him and towards whom he took an engagement of confidentiality, and the State, often distant?

The one who has committed not to reveal a secret, even to the State, is reasonably guilty on the moral level only

if he breaks an engagement towards his client.

Even if one admits that the obligation to pay the tax is related to a moral consideration, one hardly understands

that the same consideration can be developed in favour of helping the State to force another person to do it,

especially when the reason is not an ethical duty but the law of the strongest: the State, holder of the public

power.



38

However, this is precisely the situation of the banker, to whom funds and information were entrusted, in

return for the promise not to inform anybody without the authorisation of his customer; it is when the banker does

not respects his word that he is acting against ethics.

If the law forces him to prefer the interest of the State to the right to the secrecy of his customer, he could

certainly not be blamed for cooperating, but at the same time, he contravened ethics as he did not keep his promise

to remain silent.

What is true on a national level is even more obvious at the international level.

One can understand that a person may feel compelled by some obligation of good citizenship to help the

community to which he belongs to raise taxes. But this choice does not arise in the same manner when the banker

has to deal with a conflict between a foreign customer and a foreign State. In this case, (excluding the case of a

testimony in justice) he must remember that he made a commitment to his client and not the foreign State, or at

the very least, adopt neutrality in a case in which he has no personal interest.

Secrecy and Human Rights

Actually, the banker is not facing a simple conflict between two individuals, with equal powers, but a conflict

between an individual and a State. However, especially in relation to the State, the individual has, under the terms

of the European Convention of human rights, a right to the private life, to which only a law can derogate, and this

only if that is “necessary to the economic welfare of the country” (article 8).

Allowing the State to collect, on request and often automatically, information on the assets and operations

of all its residents and to integrate them in data banks, would give it a power which far exceeds what is really

“necessary” for the welfare of a country. Besides, people too often confuse the level of resources of a State with the

welfare of a country.

In international circles, there has been an attempt to promote the idea that it would be immoral not to take part

in the collection of information by States, even through methods that show contempt for the respect of the private

life – a human right enshrined by an international convention.

This idea can undoubtedly be justified when considering punishment of serious crimes but not when it goes

simply to the (often indirect) use of data obtained under the terms of a world legislation intended to fight against

the most serious crimes, in the interest of tax authorities.

This is not really the same thing…

Thierry Afschrift is Partner at AFSCHRIFT Law Firm, Ordinary Professor in the Free University of Brussels (Université

Libre de Bruxelles) – Solvay Brussels School of Management and Economics) and a lawyer at the bars of Brussels and

Madrid, as well as member of the bars of Luxembourg and Geneva.






39

Conducting Internal Investigations – the External Counsel’s Perspective

BY KLAUS NEFF AND ZOLTÁN MAROSI | VISCHER AG AND OPPENHEIM

Internal investigations are a common and recurring feature of today’s corporate landscape. Although they are often

performed by the management itself or by a specialised internal department (compliance, legal), for a number of

reasons companies retain an external counsel to undertake these tasks. Such outsourcing of investigations can

have various advantages for the company, including the involvement of an independent third party, the ease of

coordination in multinational jurisdictions and the conveying of attorney-client privilege to findings (although the

availability and extent of such privilege varies from jurisdiction to jurisdiction). Below, we will critically review

and assess the main types of such “outsourced” investigations and two especially common methods of searches.

Types of Internal Investigations

External counsel is retained in internal investigations for various reasons and on the basis of different triggering

events.

For several companies (especially larger corporations) internal checks and reviews are part of regular routine

and company policies: they may be conducted covering various fields (antitrust, corruption, procurement policies,

ethics) and be complemented with recurring training programs on the relevant subjects to employees. In these

cases, the external counsel’s role is to diligently survey the fields provided in the mandate and to provide an

overview on the situation to the management. Although in such a case the scope of the audit usually covers a

very wide range of issues (e.g., in case of an antitrust audit it typically includes anti-competitive agreements

(horizontal and vertical), abuses of a dominant position, state aid issues), it is in practice important to identify at

the beginning of the investigation specific points, where the investigator is expected to “dig deeper” (for example,

in case there was a recent finding of dominance against the given company, the scrutiny of rebate systems clearly

needs to be more intense than at another company holding a share of less than 10% in all markets where it is

active). If the external lawyer already knows the background of the client quite well, this task will be relatively easy,

however, if the external lawyer is not well-versed with the workings of the company, a thorough prior research and

consultation with the responsible employees is inevitable.

Internal investigations may also occur if there is already a specific suspicion as to illegal activities ongoing

at the company. The suspicion may still be at a very early stage and only be known to very closed circles (e.g., in

case of a confidential internal complaint sent to management via a dedicated “whistleblower hotline”) or may be

already in the newspapers (e.g., in a case where proceedings were initiated against the company in the form of a

“dawn raid” by an authority at the premises). Clearly, in these cases the focus of the review is quite different from

the regular review: there will already be a clear indication by the authority as to the relevant areas that need to

covered (for example, in order to submit evidence to an authority in exchange for a potential reduction of fines).

Nevertheless, these could also present a good opportunity to undertake a wider review of the company’s activities

(especially if no regular review was performed recently).

Finally, internal investigations could also be one-off: for example, if there is a change in the management of

the company and if the new management wishes to receive a picture on compliance at the company in a specific



40

field. Similarly, such investigations may precede the sale of a company within the framework of a vendor’s due

diligence, particularly in circumstances where it is not sufficiently clear to the current owners whether the object

for sale has always been in compliance with applicable laws in the past.

Methods of Investigation – Two Typical Ways

If the decision has been made by the company to proceed with the investigation, it is inevitable to undertake a

careful planning of any steps intended to take. From these steps we will consider below two specific – and widely

used – methods of investigation: interviews and the search of e-mail correspondence.

The most direct method of an investigation is to orally question those people who may have been affected by

the alleged wrongdoing, including people who were directly involved in the matter (e.g., a head of a department

who is thought to have attended cartel meetings with a competitor), people who were indirectly assisting in the

planning or execution of the matter, people who may have mere knowledge of the possible wrongdoing and people

who were victims of the alleged wrongdoing (e.g., an employee, who suffered from sexual harassment). Clearly,

the tactic for the interviewer must be different for each of these categories.

The advantage of such questioning / interviews in all cases is their directness: it is possible to confront people,

discuss open issues and ask their views on uncovered pieces of evidence. Interviews, however, may also be less

effective in certain situations. However smart, prepared and confrontational the interviewer is, such interview is

never a testimony under oath: it is not certain that the answers given are “the truth, only the truth and nothing but

the truth”. Interviews may also be ineffective if the preparations for the investigations did not reveal any concrete

evidence of wrongdoing (e.g., handwritten notes on a cartel meeting, e-mails implying unethical conduct): in such

a case the interview may dwell into long speculations, with a clever interviewee simply choosing to consistently

deny any allegations.

The advance of e-mail overtaking the majority of corporate communications (both within the company and vis-

à-vis the outside world), appears to make the position of an external counsel investigating the affairs of a company

extremely easy and convenient. With the use of appropriate search programs, it is possible to quickly overview,

retrieve and review very large sets of data: no reference to a competitor’s name or to an expressed intention to

raise prices may remain hidden from the eyes of the investigator. Keyword searches, however, are in fact not as

omnipotent as they may seem: in most cases, due to the enormity of the databases (entire e-mail communications

of departments looking back to a number of years), the search results will produce an innumerable amount of

matches. For example: a competitor’s name can be mentioned in a number of clearly innocent documents like

market studies. Even if the name of a prominent manager who is supposed to have been involved in cartel meetings

is known to the investigators, a very common name (e.g., John Smith) may, when searched after, reveal a large

number of redundant results (e.g., at a multinational conglomerate employing thousands of people). Therefore,

modern search tools cannot replace diligent and sensible legal assessment by lawyers and should not be used

without an extensive preparation phase designed to sensibly limit the scope of the searches. A proper preparation

thus prevents both the company and the external lawyers to spend unnecessary time and resources.

Conclusions

The external counsel’s role is crucial in assisting companies to conduct their own internal investigation. Internal

investigations are extremely delicate matters: as set out above, their success depends very much on the way



41

preparations are made before the start of the investigation, the efficient cooperation between the company and

the external team as well as the appropriate choice of methods for the investigation.

Klaus Neff is a Senior Associate at VISCHER AG


Anti-Corruption and Competition Legislation in Small Countries – the Examples of Switzerland and Hungary

BY KLAUS NEFF AND ZOLTÁN MAROSI | VISCHER AG AND OPPENHEIM

Switzerland and Hungary are relatively small countries in Europe (both having a population below 10 million) and

interestingly both consider themselves to lie in the middle of Europe. Whatever the truth is in these similarities,

it is also clear that at the same time there are major differences: not only in terms of the respective countries GDP

per capita ratio but also, for example, in terms of their fight against international bribery: a recent Transparency

International report shows that while Switzerland is in the “active enforcement” category, Hungary was classified in

the “little or no enforcement” group, according to the “TI Progress Report”, OECD Anti-Bribery Convention, June

2009. The focus in both countries is therefore markedly different both in the fields of anti-corruption legislation

and competition law. Below, we will very briefly consider some of the main pillars of the relevant legislation and

practice in a comparative manner.

The Substantive Rules – a Quick Overview

Both in Switzerland and Hungary, there are detailed criminal provisions prohibiting (active and passive) bribery

of public officials as well as bribery relating to private companies. In both countries these are crimes that are

punishable by imprisonment or fines. In addition, there is a possibility under both regimes to levy a punishment

on business associations (companies) in case, for example, their managers were involved in bribery and if such

bribery resulted in an advantage for the given business association (e.g., fines or the termination of the business

association).

As to competition law, the applicable legal provisions in the field of antitrust (cartel prohibition, the prohibition

on the abuse of dominance and merger control) as well as unfair competition, are strikingly similar. Therefore, the

set of rules companies need to take into consideration – whether they are active on the Swiss or on the Hungarian

market – are in some cases almost identical. They adhere very much to the current European law regime applied

by the European Commission, either based on a legal obligation to harmonise national law with European law

(being an EU Member State) or based on an enlightened understanding of the importance of strong competition

Zoltán Marosi is a Principal Associate of the Antitrust, Competition and Trade practice group at Oppenheim.








42

both on a national and an international level (as in the case of Switzerland). There are, however, interesting

differences: part of these stem from the fact that curiously, Hungary already had a relatively strong competition

regime since the 1990s (a strict cartel prohibition as well as a prohibition to abuse a dominant position being

in force basically from 1991), while in Switzerland an “EC-like” cartel prohibition was a product only of the late

1990s, and it took until 2003 that in the aftermath of the Vitamins case the country introduced direct sanctions

for hard-core offenses. Hungary therefore pretty closely follows the European model, while Switzerland – being

independent from the Community – appears to be much more cautious in taking over the European legal regime

that was established back in 1957 by the Treaty of Rome. The reason for such caution is most prominently a

different economic philosophy and also a desire to protect as much as possible its own rather unique economic

structure.

The Competent Authorities – a Quick Comparison

The general agencies that are responsible for the enforcement of corruption related legislation (typically:

criminal law) are highly similar: in both countries it is the task of the police to investigate an alleged breach of

the relevant crimes (e.g., bribery), using the assistance and oversight of state prosecutors. Then it will be for

the state prosecutor to bring an well-reasoned indictment in front of a professional judge or a panel of judges,

who will then decide on the criminal law responsibility of the individual (or, in exceptional cases: a business

association). Furthermore, in Hungary, there were also quite controversial attempts in early 2009 to advance

anti-corruption causes: the government’s proposals included a self-standing “Public Interest Protection

Office” having the power to investigate cases of alleged corruption by public servants and even to impose

fines on public bodies (in response to claims by civil organisations that it is law enforcement that would need

to be strengthened rather than a new bureaucratic office to be established, a further alternative included a

“lead prosecutor” to tackle such issues). A further task of these bodies would have been the protection of

complainants (such as employees) that notify corruption cases to authorities: the protection would have

included anonymity / witness protection and a 10% share of the fine finally levied (or, in cartel cases, 1% of the

fine levied on the companies that operated the cartel). For the time being, however, none of these proposals

were voted into law.

As to competition law enforcement specifically, both in Hungary and in Switzerland, there is similarly a state

agency primarily entrusted with this task: the Hungarian Competition Office (“Gazdasági Versenyhivatal”,

“HCO”) and the Competition Commission (“Wettbewerbskommission”, “Weko”). As in the case of the

substantive law, the general procedural powers of these authorities (on-the-spot inspections, imposition of

fines, etc.) are very similar. The application of the competition regime, again, appears somewhat stricter

in Hungary, especially in relation to cartel enforcement: Hungary is a member of the EU and therefore the

HCO is part of the European Competition Network, which provides a very strong background to the HCO to

conduct investigations and receive information on possible breaches relevant to the Hungarian market. By

now the HCO is also quite experienced in applying its “hard” procedural powers (on-the-spot investigations

were for example introduced back in 2001) as well as imposing spectacular fines (the largest overall cartel

fine in Hungary (motorway cartel – HUF 7 billion) is much higher than the largest cartel fine in Switzerland

(Berne Electric Installations – CHF 1.24 million)). An interesting similarity is, however, in the clear inefficiency

of a certain aspect of cartel enforcement in both jurisdictions, namely so-called “leniency applications” (i.e.,



43

application by a cartelist for an immunity from fines to the authority in exchange for information provided on

the particulars of the cartel). An educated guess for the main reason of such phenomenon should clearly include

the strong social networks existing in relatively smaller populations: for example, if managers of competing

companies were schoolmates or university friends, they would likely be more reluctant to “betray” each other than

if the managers have hardly met each other and come from different cultures and backgrounds.

Conclusions

As the above considerations show there are interesting similarities and differences between Switzerland and

Hungary, which are worth being taken into account when considering further legal steps in the relevant fields.

Klaus Neff is a Senior Associate at VISCHER AG.


Zoltán Marosi is a Principal Associate of the Antitrust, Competition and Trade practice group at Oppenheim.







United Kingdom | www.executiveview.com

44

Civil Recovery: a New Tool for Recovering the Proceeds of Crime

BY CHARLIE DICKIN AND IAN TRUMPER | FTI FORENSIC ACCOUNTING

The Serious Fraud Office (SFO) is taking many new initiatives under its Director, Richard Alderman. Its powers

now include civil recovery, which enables it to seize assets without a criminal conviction.

Civil recovery and other new powers are expected to be embraced by the SFO and used aggressively where

appropriate. This trend, together with the new Bribery Bill, presents a new set of risks for businesses.

Balfour Beatty: a New Approach from the SFO

Recently, the SFO announced a £2.25 million settlement with Balfour Beatty, relating to unlawful accounting

practices at its subsidiary on an Egyptian construction project during 1996-2001.

There are three interesting aspects to this case. The first is that Balfour Beatty promptly self-reported the

payment irregularities in April 2005 after performing a fully documented investigation. Self-reporting is something

the SFO is strongly encouraging businesses to do, in return for a more lenient approach. As Director Alderman

states in the SFO’s Annual Report 2008/09: “Where a new management team uncovers fraud and reports it to us,

we are able to treat them more sympathetically than if we uncover the fraud ourselves.” The SFO acknowledged

Balfour Beatty’s co-operation and desire to address the issues identified.

The second point is that the SFO did not bring any criminal proceedings against any individual or corporate

body, but ruled that accurate business records were not kept (in breach of S221 Companies Act 1985) regarding

these payments, and Balfour Beatty accepted this as a ruling of unlawful conduct.

The third aspect to note is the use of an external monitor to oversee changes, which Balfour Beatty will pay for.

As part of the civil settlement, Balfour Beatty has agreed to:

• Pay a sum of £2.25 million

• Implement certain compliance measures

• Appoint an external monitor to review Balfour Beatty's anti-corruption processes and their implementation

over the next three years.

Civil recovery: where did it come from?

Part 5 of the Proceeds of Crime Act 2002 (the Act) granted new powers of civil recovery to the Assets Recovery

Agency (ARA), to deal specifically with recoverable property obtained through unlawful conduct. In April 2008,

the Serious Crime Act 2007 transferred these powers to a number of other agencies (including the SFO) following

the merger of the ARA with the Serious Organised Crime Agency.

U N I T E D K I N G D O M


www.executiveview.com | United Kingdom

45

How it works

A civil recovery investigation is defined as an investigation into whether property is recoverable, who holds that

property and the extent of its whereabouts. It may be carried out in parallel to a criminal investigation but cannot

target the same property and careful consideration is therefore required in relation to any confiscation proceedings.

It can also begin as a criminal investigation and subsequently switch to the civil recovery route.

The Act sets out the investigator’s powers through a serious of orders that may be obtained with the authority

of a judge in the High Court. These orders consist of:

• A Production Order, requiring an individual or organisation to produce certain information, such as banking

records that are likely to be of substantial value to the investigation

• A Power of Entry, to allow an officer to obtain material that has been required to be produced under the

Order

• Search and Seizure Warrants, empowering officers to enter premises and seize material likely to be of

substantial value to the investigation

• Customer Information Orders, which require a financial institution covered by the Order to provide any

customer information it has in relation to the person specified in the Order, including any account names/

numbers, names of individuals, dates of birth and addresses

• Account Monitoring Orders, imposing a duty on a financial institution to provide information for up to a

period of 90 days

• Disclosure Order, which may require an individual to answer questions, to attend at a specified time and

place in order to answer those questions, to provide information specified in the notice and to produce

specified documents.

All of these orders may be obtained ex-parte or with a relevant authority. As such, it is unlikely a business or individual

would be made aware of their existence or indeed the fact that they were subject to a civil recovery investigation.

The point at which this may become evident is with the application of an Interim Receiving Order (IRO) or a

Property Freezing Order. An IRO is very much like a combined restraint and receivership order and appoints a

Receiver who may be authorised to take a number of steps for the purpose of identifying relevant property and

ensuring that it is preserved. The role combines that of a Management Receiver and Investigator as, at this point,

the investigation is handed over completely to this court-appointed official.

Most significantly, the order gives the official complete power to manage any property to which the Order

applies, including the sale or disposal of assets that are perishable or may diminish in value. It is an extremely

powerful and restrictive order.

Implications for business

Given the new direction that the SFO is taking, businesses that discover potential fraudulent or corrupt activity

will have important decisions to make: when or if to self-report to the SFO in the hope that they will be dealt with

sympathetically, or to seek to manage the process themselves together with the risk associated with failing to

make an earlier disclosure.

Companies must balance the risks of prosecution, civil recovery, hefty financial penalties and reputational

damage. This decision must be taken with a full understanding of the options available, which will be different for



46

each case and may require specialist advice.

If civil recovery powers are used, it’s likely that the organisation will be approached with a view to settling the

proceedings. Therefore, a willingness to engage in settlement talks will be crucial. And as early settlement will

reduce both time and costs, the more that can be done to make an informed decision on negotiations, the better.

Charlie Dickin is a Managing Director and Ian Trumper is a Senior Managing Director at FTI Forensic Accounting.


Avoiding Common Pitfalls During an Internal Investigation

BY BEN JOHNSON AND PAUL DOXEY | FTI CONSULTING

All fraud investigations raise serious legal, ethical and reputational issues. If these issues are handled incorrectly

the whole investigation can be compromised. There are some issues we come across repeatedly – and while some

can’t be avoided, many can.

The key to any successful investigation is proper planning, coupled with an experienced investigation team

with the right mix of skills. It may sound obvious, but there are a myriad of potential pitfalls and due consideration

needs to be given to the investigation methodology from the outset to ensure a successful outcome.

Below we outline three common pitfalls and provide some real-life case studies.

1. The First 24 Hours – Set Clear Objectives

The way an investigation is carried out, and its ultimate success, will flow from the strategic decisions taken in the

first 24 hours.

Often, there will merely be a suspicion of wrongdoing. The company must decide the scope of any investigation:

would a low-key review suffice, or should a formal investigation be launched to secure forensic evidence in line

with criminal standards? What needs to be done to protect electronic evidence?

The right decision will depend on the circumstances of each case, in particular the nature and seriousness of

the suspected offence (e.g., misappropriation, corruption etc) and the number and seniority of staff involved.

Decisions on prompt disclosure to regulatory authorities will also be an important consideration, particularly

where there are possible rule breaches or criminal offences, such as fraud or bribery. It may also be prudent to

seek public relations advice.

Case Study: Not Securing Evidence

An initial investigation found evidence of possible false accounting and improper recognition of revenue by certain

executive directors at an AIM listed company. The company launched a formal investigation, but failed to take

steps to secure evidence. This gave those implicated the opportunity to destroy electronic evidence and emails. In

the event, the directors were able to leave the company with a clean record due to a lack of retained documentary

evidence against them.






47

Case Study: Not Quantifying Losses

An employee perpetrated a multi-million pound theft from a major retail company over many years. The employee

was eventually caught ‘red-handed’ and criminal proceedings resulted in a seven-year prison sentence. However,

in its desire to pursue the criminal case, the company neglected to quantify the extent of funds misappropriated.

The employee refused to co-operate and the company spent years trying to determine the quantum of loss and

negotiating with insurers. Eventually, the company had to settle for a pay-out that was significantly lower than its

loss estimates.

2. Follow the Letter of the Law

There are many legal implications which must be considered when planning an internal investigation. Failure

to take account of these can lead to evidence gathered being unusable or even legal action against the company.

Potential issues include:

• Data protection legislation

• Employment law

• Privacy and human rights law

• Money laundering and suspicious activity reporting

• Legal privilege and disclosure

Of these, compliance with data protection and privacy law is becoming increasingly critical, particularly in the

European Union. This legislation affects how personal data can be gathered and processed in the course of an

investigation. Employee rights over their personal data are broadly defined and may include the results of an

internal investigation.

For example, when electronic information is obtained from employees’ work computers, their personal data

must be safeguarded. A transparent process for collecting and processing employee data must be followed, e.g., by

agreeing with employees the methodology for processing their data.

Case Study: Employer Abandons Investigation After Data Privacy Enquiry

An employee was suspected of setting up a business in competition with the employer and stealing trade secrets,

and a covert investigation was instigated. However, the employee became aware of the investigation and within a

week submitted a written request to the investigating firm to provide details of all data collected and how it was

being used. Where there is evidence of possible criminal or professionally negligent conduct, an employer may not

have to reveal this information. However, in this instance the request came so swiftly that the employer did not

feel it had sufficient evidence to support such a claim – so it backed down and abandoned the investigation.

3. Protect Employees, Particularly Whistleblowers

In company investigations there is often a balance to be struck between a company’s right to protect its assets and

safeguard shareholders’ interests and the rights of its employees. The most effective way for companies to deal

with this is to have policies and procedures setting out the processes to be followed when malpractice is suspected

and defining the rights of both employer and employee.

The consequences for whistleblowers, for example, often cause the company problems. The Public Interest



48

Disclosure Act of 1998 protects employees making disclosures in good faith from harassment or disciplinary

action.

Although most companies have whistleblowing policies in place, protecting a whistleblower is difficult for

several reasons. First, there is a conflict between a whistleblower’s desire for anonymity and gathering information

to substantiate allegations. Second, there is invariably an element of “no one likes a snitch”, no matter how strong

the company’s culture. Third, for genuine whistleblowers, perceived lack of action can lead to frustration and

unwanted disclosures outside the company.

In our experience, the best protection for whistleblowers is proper vetting of all allegations and, where

appropriate, an investigation. A quick assessment and follow up is vital. Even where allegations are fully

investigated, whistleblowers may still require HR support especially if their identity has become known to staff.

Case Study: Blowing the Whistle Results in Staff Bullying

A whistleblower alleged possible accounting malpractice at a major UK bank. The allegations were fully investigated

and action was taken against some individuals, but the identity of the whistleblower became known and their

position in the firm untenable. The bank recognised this and worked with the whistleblower to secure alternative

employment. The outcome in this case can be contrasted to the many examples in the press of a lack of action and

staff bullying of whistleblowers resulting in constructive dismissal claims and public relations fallout.

Conclusion

Careful preparation and swift, purposeful action are crucial to any investigation. Flawed execution can prove

costly in wasted resources, the loss of key evidence, adverse publicity or legal action.

We have outlined a few of the common pitfalls. For executives facing these issues for the first time, the

experience of expert advisers can be invaluable. This usually means involving investigators, forensic accountants,

electronic evidence specialists and lawyers early on to ensure the investigation achieves its objectives.

Ben Johnson is a Managing Director and Paul Doxey is a Senior Managing Director at FTI Consulting.







49

Regulatory Enforcement in UK Financial Services: No More Mr Nice Guy?

BY JULIAN GLASS AND PAUL DOXEY | FTI FORENSIC ACCOUNTING

Baroness Scotland, the Attorney General, recently threw down the gauntlet by suggesting that domestic

investigation agencies would soon be giving their US counterparts a “real run for their money”. Whilst it could be

argued that the UK is a long way from doing that, there is plenty of activity behind the tough talk. The UK financial

sector is facing record fines, new criminal legislation, groundbreaking prosecutions and fresh regulatory powers.

The fact is, the authorities have an increased desire to tackle transgressions and financial services firms must

prepare themselves.

Light Touch Regulation a Thing of the Past

The Financial Services Authority (FSA) and the Serious Fraud Office (SFO) have received their share of criticism

in recent years, with the Conservative party indicating it would consider disbanding them if it gains power in the

next general election.

In response, the FSA is shedding its “Mr Nice Guy” image and has been actively recruiting for its enforcement

division. It has hired lawyers from leading City firms to strengthen the team’s commercial expertise. The SFO has

had a radical shake up under its new Director and is looking to dramatically speed up prosecutions.

A number of other developments also point to a change of tack, including:

• Focus on inadequate systems and controls. Recently, the FSA imposed record fines on an insurance broker

for weak controls that allowed potentially corrupt payments to be made over a number of years to overseas

third parties. The FSA didn’t opine on whether or not these payments were bribes, just whether the systems

and controls sufficiently addressed the risks. Similarly, a well known banking group was fined £3 million

for information security failings after three of its subsidiaries sent large amounts of unencrypted customer

details (including dates of birth and National Insurance numbers) through the post and by courier, which

were subsequently lost.

• Growing use of S166 skilled person reports. The FSA is increasingly making use of these reports from

outside experts to gain an independent view of activities that concern them, such as corporate governance,

the adequacy of systems and controls and market abuse. Findings are sent directly to the FSA, but the

individual or organisation under investigation must bear the cost. The number of S166 reports nearly

doubled in the last year, from 29 in 2007/08 (at a total cost of £5.8 million) to 56 in 2008/09 (£12.8

million) (Appendix 8, FSA Annual Report 2008/2009).

• Increasing criminal actions. The number of civil and criminal proceedings brought by the FSA against

firms and individuals more than tripled in the last year, from 10 in 2007/08 to 36 in 2008/09. Similarly,

the number of new enforcement cases nearly doubled from 130 in 2007/08 to 218 in 2008/09 (Appendix

8, FSA Annual Report 2008/2009).

• New ways of reporting. The SFO is emphasising self-reporting and the risks of not doing so as soon as an

issue is discovered, which could include increased penalties. It has also set up a whistleblowing hotline

with a focus on reporting by employees of City institutions.



50

• Greater deterrence. The FSA has made proposals to increase fines and link them more closely to the

income earned from any breach, while the SFO has used civil recovery powers for the first time.

• Increased co-ordination. The SFO, the FSA and the City of London Police are seeking to co-ordinate

more, at an earlier stage in investigations of financial institutions. Together they are making more

imaginative use of the range of criminal and civil weapons in their armoury. They are encouraging

firms to co-operate in a civil or regulatory settlement to avoid the threat of criminal action.

• New legislation. There are hopes that the Bribery Bill will receive Royal Assent before the next general

election. If so, it is likely companies involved in bribery cases will have to show that their systems and

controls were adequate, to avoid committing an offence. Separately, the FSA has requested power to

grant statutory immunity for criminal cases and this is currently in Parliament.

On the Regulator’s Radar

It is highly likely that the FSA and the SFO will be seeking quick prosecutions. In the coming months, we

expect the regulators to pay particular attention to:

• Internal controls and monitoring. From money laundering and sanction breaches to bribery and

corruption, inadequate controls will make companies an easy target for regulators. Some financial

services firms appear to lack a detailed knowledge of how all the relevant legislation affects their

business. In July the SFO announced the first successful prosecution of a UK company for overseas

corruption.

• Corporate governance. The FSA is encouraging more shareholder activism, and is even showing up at

board meetings.

• Risk management. In our experience, the climate in the UK is similar to that in the US, where a

survey of directors and general counsel revealed that understanding operational risk was the area

that companies needed to work on the most (Buckle Up, results of the Corporate Board Member/FTI

Consulting 2009 Legal Study. FTI Consulting, 2009).

• Executive remuneration. Regulators will be asking whether companies are linking bonuses

and compensation to the long-term interests of the business rather than short-term financial

performance.

• Insider trading. The FSA has increased the size of its insider trading team. Bigger fines can be expected

in order to make an example of offenders, with proposals for a minimum £100,000 fine for market

abuse by individuals.

A Dilemma – Self Reporting?

One of the most significant challenges facing companies will be how to respond when suspicions of wrongdoing

arise. Issues that will need to be weighed include:

• Is there an obligation to report?

• If not, what are the chances of a regulator discovering the matter through other means?

• Could a ban on government contracts result?

• Is there a risk of prosecution by regulators in other jurisdictions?

• If the US is involved, are directors exposed to personal liability and potential extradition?



51

Conclusion

What impact will the increase in regulation and enforcement have on your business? In general, companies need

to ensure they fully understand their obligations and they should test whether their policies, systems and controls

are in order, especially with respect to financial crime risks.

If you discover a potential issue in your firm, you should consider early on whether and when to self-report,

who to report to (particularly if the issue involves more than one country) and what prior information-gathering

is needed. A well-documented and properly scoped internal investigation will often provide the facts on which to

base decisions and disclosure of information to the authorities.

Julian Glass is a Managing Director and Paul Doxey is a Senior Managing Director at FTI Forensic Accounting.


What Secrets are Hidden in Your Systems?

BY JIM VINT AND RICHARD CHALK| FTI CONSULTING

Until recently, electronic discovery, or e-discovery, primarily focused on finding the “smoking gun” email

or document to reveal guilt or innocence. Yet there is another body of important evidence that exists within

companies: their financial, transactional and operational systems.

Previously disregarded as “too difficult” to delve into for litigation purposes, new technology and tools have

turned the tables and brought the value of structured data to light.

These new aspects of e-discovery are becoming so important that the US, UK and Australia have amended

their rules of civil procedure to modify definitions of “document” and to provide greater guidance for the speedy

recovery of electronic data.

Impact on Investigations and Litigation

What most forensic investigators have done to date – searching for “correspondence” on hard drives, emails and

messaging, e-files and images – is a bit like solving only the top and bottom of a Rubik’s cube. Structured data

represents the other four sides of the cube. By searching through sales reports, invoices, payroll and other relevant

systems, information that confirms or refutes damages and gets to the question of “how” is revealed. You need

both types of information to see the full picture.

For example, on an investigation into price manipulation, correspondence can tell you “Did Trader A intend

to manipulate commodity prices,” while financial data will tell you “Did Trader A’s trades have the effect of

manipulating prices, and to what degree?”

This type of data is already proving of vital importance on the Madoff investigations, where we are collecting

and analysing investment and personal information to determine what happened, whether anyone helped Madoff,

how much money the 7000 plus investors put in and withdrew from Madoff funds over the course of its 30-year

history, and how much money is left. As part of this investigation, the team is collecting and reviewing thousands






52

and thousands of pieces of structured data from a decades-old AS/400 mainframe and other sources.

On another case, we worked with a major credit card company that was facing a large class action lawsuit

involving a time span of nearly a decade. We helped to analyse billions of airline transactions charged to its credit

cards, while meeting regulatory stipulations that required the company to host, analyse and produce over 40

transactional databases from six countries within a court-imposed deadline of just three months.

It is cases such as these that are redefining the expectations about what can reasonably be expected from

businesses during discovery and used in litigation.

What Do I Need To Know About Structured Data?

First of all, structured data represents a sizeable proportion of the data within an organisation. According to Data

Warehousing Institute, structured data accounts for 69% of corporate data. It’s called structured data because

regardless of the application used, the data is stored in an organised, relational manner. (On the opposite end of

the spectrum are e-mail and text documents, which are known as unstructured data and stored as loose files.) The

sources for structured data include accounts, sales, Customer Relationship Management, stock control, logistics,

Human Resource and trading systems.

Secondly, technological advances mean that structured data can now be used in court and in testimony. Until

recently, it was considered too expensive and time-consuming to extract this type of data for use in investigations

or litigation. There were also considerable technical challenges associated with the dynamic nature of transactional

systems – in these live tracking systems, data changes constantly and interacts with other systems within the

organisation.

However, more sophisticated tools and technology – such as visualisation technology that removes the need to

look at raw data by identifying trends and patterns – have emerged, making the process much more efficient.

There is now a tried and tested forensic e-discovery methodology for using structured data in litigation. Now

that regulators and the courts know that it is possible to bring this information into the discovery process, there

is only one way forward.

Using Structured Data To Your Benefit

The role that structured data will play in future investigations and cases is something no legal or business

professional can afford to ignore.

Solicitors and barristers will want to understand what additional insights structured data sources can provide.

In a major investigation or litigation, in-house or outside counsel will need to team with relevant specialists and

client IT personnel to gain a working knowledge of the relevant IT systems and how the data will be protected for

litigation. By using this type of analysis in the early case assessment, the team can quickly review various scenarios

and expedite settlement negotiations.

Businesses will need to put an e-discovery strategy in place, if they haven’t already done so. This strategy

should include structured data and specify who will coordinate the company’s response when an investigation

or litigation is undertaken, as well as properly document the systems currently in use, where data resides, what

applications have been used in the past and where the data from those systems is located (archived or migrated

into current system).



53

In our experience, this information is often not known and proper documentation of systems do not exist,

costing an organisation valuable time and money at a critical time. One trend we have seen, particularly in the

highly regulated industries such as telecommunications in the US, is the creation of a Chief Data Officer (CDO).

While the Chief Information Officer (CIO) is responsible for system performance, networks, etc., the CDO heads

a cross-functional team responsible for understanding the systems from the IT, end user and data management

perspectives. This creates clear responsibility for the e-discovery strategy and system documentation, thus

eliminating the risk of losing institutional knowledge when key employees leave.

Given the importance that structured data is likely to play in future investigations and litigation, it is a development

that solicitors (no matter how technology-shy) and businesses will need to be aware of and plan for.

Jim Vint is a Managing Director and Richard Chalk is a Senior Consultant at FTI Consulting, Inc.


Electronic Evidence: a Primer for White-Collar Crime Investigations

BY CRAIG EARNSHAW | FTI CONSULTING

For almost every office-based employee, the use of a computer, a BlackBerry or an accounting system is a fact of

daily life: almost nothing happens within a company that doesn’t involve some aspect of technology. It follows

that if the actions of those individuals need to be reviewed, one of the richest sources of information will be the

systems and devices they use.

You do not need to understand the technical ins and outs of “nibbles”, “bytes” or “gigabytes” to recognise the

benefits of these sources of information. However you should understand the basics of how to handle sources

of electronic evidence to avoid compromising the integrity of any evidence on the computer and rendering it

inadmissible in court.

If you take one message from here, let it be “Do not turn on a computer and attempt to search it yourself”.

Whenever you start up a computer it could be regarded as the electronic equivalent of walking over a cream carpet

with big muddy boots: hundreds, if not thousands, of files on the computer are accessed and modified.

Below we cover three main areas of electronic evidence as it relates to investigations and white-collar crime:

identification, preservation and review.

Identification

Don’t expend time and resources trying to look through every file or email. Initially consider key questions such

as “What are we looking for?”, “What did the people have access to?” and “How far back do we need to look?”.

Within a corporate environment, employees typically have access to some, or all, of the following:

• Desktop and/or laptop computer

• Company e-mail account






54

• BlackBerry handset or mobile telephone

• Shared and personal areas on the company network

• Removable media such as memory sticks

• Structured data systems, such as corporate accounts systems

• Other e-mail accounts, either accessed via webmail or by an e-mail application

• Backup tapes and systems for all of the above

Depending on the nature of the investigation, different sources may hold relevant information: PCs, BlackBerry

handsets and e-mail accounts will have e-mail messages; Blackberry handsets and mobile phones will have

text messages (commonly requested by regulators and in litigation); and PCs and personal and shared areas on

the corporate network and removable media all may be used to store documents. While an individual’s home

computer may contain relevant information, legal issues such as data privacy legislation mean that caution must

be exercised when gaining access to data stored beyond company assets.

It is usually prudent to include a pre-vetted person from the IT team on the investigating team, to provide

details on what systems are used within the company and which systems the individuals had access to.

Information stored within database systems, such as accounts systems, or bank trading platforms may also be

relevant to an investigation. For example, in fraud investigations the information contained within the trading

systems may be just as significant as the e-mail accounts and electronic documents.

Backup tapes and other archive systems are often critical in retrieving evidence of historical events, so

you’ll need to understand where data from relevant sources is backed up to and for how long is it kept. Many

organisations have reuse policies for backup tapes; these should be suspended for relevant systems to prevent the

unintentional loss of evidence.

Preservation

Identify does not mean investigate. Before any of the identified sources are reviewed, appropriate steps should be

taken to preserve the data to avoid challenges at a later date as to the authenticity of any identified material.

Electronic evidence is inherently fragile. Making modifications to printed documents is usually straightforward

to identify, however modifications to electronic documents can be much harder to detect. The act of opening,

printing or copying a document may make inadvertent changes to key aspects of the document, such as the

documents date and time information: changes that may lead to questions about a document’s provenance.

To reduce the risk of allegations of modifying evidence and to capture all relevant data, appropriate forensic

preservation techniques should be used. Typically, this will mean that PCs and removable media should be

“imaged” and similar techniques applied to obtain forensic copies of other sources.

An important distinction here is the difference between an “image” and a “copy”. An “image”, short for “mirror

image”, consists of all of the 1s and 0s present on the media, irrespective of whether they are part of an e-mail,

a fragment of a deleted spreadsheet, part of the operating system or an unused part of the media. For example,

if a laptop has an 80GB hard drive, the image will contain 80GB of data. However a “copy” only includes those

files that are accessible to the user of the media, so if the laptop contains 30GB of files, a copy would only contain

30GB of data, and would exclude any deleted files and potentially important data fragments that are still resident

on the hard drive.



55

In fraud and white-collar crime investigations, it is vital to preserve the identified data sources in a forensic

manner, including the date and time stamps associated with the documents. Regulatory bodies and government

agencies such as the Office of Fair Trading, the European Commission, and the US Department of Justice expect

to see evidence that appropriate preservation techniques and chain of custody procedures have been used during

the harvesting of electronic documents.

Review

Once the investigation has started, and the electronic documents have been identified and preserved, you may

find yourself faced with the proverbial search for a needle in a considerable information haystack, consisting

of thousands or possibly millions of documents. To do this, and to make the most efficient use of the time and

resources available, advanced technologies can be applied – for example, to remove duplicate documents, eliminate

all but the last e-mail in a chain, identify documents in foreign languages and bring together documents referring

to similar themes. These help to minimise costs whilst appropriately managing risk.

Forensic technology experts can also uncover much more from computer media that has been preserved,

such as accessing deleted and password protected documents, recovering trails of web sites visited, identifying

whether documents have been copied onto flash drives or e-mailed out of the company, and determining whether

documents have been backdated in an attempt to rewrite history.

Conclusion

Electronic evidence comes in many forms and from many sources. Regardless of the type of investigation, be it

a review of the activities of a single individual within a small company, or a BCCI-style liquidation of a multi-

national bank, it will be a significant source of important information. Although the technology that pervades

daily business life brings a new dimension to investigations, it can also provide many of the answers that your

investigation is seeking.

Craig Earnshaw is a Managing Director at FTI Consulting, Inc.






56

The United Kingdom’s New Anti-Bribery Legislation

BY RICHARD ABBEY | KROLL

Corruption remains a major risk issue for international businesses. Companies may face pressure to engage in

unethical or corrupt practices in many emerging markets – and some developed ones – but they are also seeing

increased scrutiny from regulators and governments who are making a priority of stamping out corruption within

the global economy.

In the past, the United Kingdom has been criticised for its attitude toward the prosecution of companies

and individuals responsible for corrupt acts within its borders and abroad. British corporations, their directors,

and overseas entities doing business in the country, however, will soon see a major change in attitude from the

authorities. Richard Alderman, head of the Serious Fraud Office (SFO), has clearly indicated his office’s commitment

and determination to investigate and punish entities found guilty of bribery. Several United Kingdom companies

and individuals have been prosecuted or fined in the past year, and the SFO is actively encouraging whistleblowers

to provide evidence. More important, the SFO is taking great steps to persuade companies aware of involvement in

corrupt acts to “self report” – a model already used by authorities in the United States. In return for self-reporting,

businesses receive more lenient treatment than if the SFO becomes aware of the offense through other means. How

successful this approach will be remains to be seen. Therefore, some organisations appear willing to take the risk of

the issue not being uncovered. As the SFO makes examples of more firms, however, this attitude might change.

The government has also published details of a draft Bribery Bill, which, if passed, will come into force in 2010.

The bill currently sets out the following general offenses:

• to offer, promise, give, or request an advantage;

• to agree to receive or accept an advantage;

• a specific offense of bribery of a foreign public official;

• negligent failure by a commercial organisation to prevent bribery.

The maximum penalty in the first three offenses listed above is ten years imprisonment. In the last offense, the

penalty in the imposition of an unlimited fine. The bill also contains an extra-territorial jurisdiction clause to

enable the prosecution of bribery committed abroad by United Kingdom residents, nationals, and companies.

The Bribery Bill sets out that the fourth will take place when:

• a person performing services for the commercial organisation bribes another person;

• the bribe is in connection with the commercial organisation’s business; and

• another person connected within the organisation with responsibility to prevent bribery negligently failed

to do so.

The person offering the bribe need not be an employee, as the law also applies to consultants or agents.

Corporate directors will need to put in place adequate controls and procedures in order to demonstrate that all

reasonable steps have been taken to prevent or minimise the opportunities for corrupt payments by employees or

agents. Advisable steps may include, but not be restricted to:

• implementing a robust compliance program which states the company’s attitude and policy toward corrupt



57

payments, and communicating this to all staff, agents, consultants, and contractors globally;

• regularly training staff in the relevant national regulatory acts and internal compliance policies;

• demonstrably maintaining adequate books, records, and internal controls at all subsidiaries to minimise

the risk of corrupt payments;

• maintaining a clear trail of due diligence and vetting of agents and consultants used to win business; and

• conducting regular risk audits of sales departments dealing with high risk business opportunities or

operating in high risk jurisdictions.

The United Kingdom is tightening up its anti-bribery regime. Companies need to take note.

Richard Abbey is Head of Financial Investigations at Kroll.


Fraud on the Rise: Understanding the Motivation and Reducing the Risk


Major fraud cases have hit the headlines since the beginning of the year. Increasingly, institutional and private

investors alike have been genuinely surprised to find out that the perpetrators have been trusted, professional

advisers with strong track records of managing vast investment funds.

The financial crisis has left some investors with money but unable to make new deals, while many fund

managers are now closely analysing their portfolios. Concern over fraud is rising, and with this comes greater

demand for fraud risk services. We expect to see this continue amid the uncertainties of the current economy.

Protecting and maintaining revenue are key when the business environment becomes hostile – there is an

increasing trend for self-styled ‘corporate saviours’, misguidedly protecting the company or their department to

safeguard their own or their colleagues’ jobs. This kind of fraud will be identified more often when companies

are under financial pressure and scrutinising their profit and loss accounts closer than ever.

At the other end of the spectrum, there are ‘seekers of personal gain’ – those who have personally come

under financial strain. Often accustomed to living beyond their means, these individuals may find that bonuses

are no longer at the level they had become used to, or the company is making job cuts. A very small number will

resort to theft or fraud to continue financing their existing way of living.

The key to dealing with these threats from within is to understand that prevention is better than restitution.

Looking at the aftermath of the Madoff case, there were clear red flags – a fund that offers much higher than

average returns is always attractive, but should be viewed with caution. The investor must ensure they truly

understand the products a fund is investing in and why they appear to be outperforming the market.

The role that regulation can play in the face of people’s eternal willingness to believe what is too good to be

true is unclear. However, there is a way forward; as ever, due diligence and compliance best practice as well as





58

applying the correct tools to tackle fraudsters are all part of addressing this threat.

Ultimately, fraud involves human beings, both as perpetrators and victims. Even before the downturn, greed

was always a match for ethics and common sense among supposedly sophisticated investors. Understanding

the effect of the downturn on people’s emotions is essential to seeing where fraud is heading and what might

be done about it.

In boom times, the worst in human nature engenders fraud: in a recession, we must be careful that the best

does not do the same.



Agents and Their Intermediaries


The increasing globalisation of business means companies are frequently entering new markets and doing

business in countries in which they have little or no business experience. As a result they are often reliant

on third party consultants or agents assisting them with obtaining the necessary business and governmental

introductions. In addition, they may engage third party agents to assist in the winning of new contracts. These

consultants or agents can be people who have lived or operated in the target market for some time, who will

be well versed on how to do business there and, consequently, may be used to conduct business transactions

in a manner which may be normal business practice in that country, but may fall foul of international business

standards and ethics.

For many years, companies that have sought to participate in bribery or corruption have attempted to hide

behind these third party advisors and use them as a vehicle to facilitate corrupt payments. Specifically, local

management, who are aware of the true purpose of the agent in a business transaction, use the agent to conceal

the existence of the corrupt payment from regional or head office management.

The amount of money channelled through agents can be staggering. The recent investigation into alleged

bribes paid by Siemens AG revealed that (according to a press release) Siemens Venezuela paid directly or

indirectly over US$18.7 million to various third party agents and consultants, concealing their true purpose

with “the creation of sham agreements for ‘studies’, ‘consulting’, ‘workshop equipment’ and ‘supplies’” . Siemens

Argentina, meanwhile, “paid over US$85 million to certain third party consultants or entities which performed

no legitimate business function but which helped to facilitate payments”.

Existing anti-corruption legislation, however, does not pardon a company if a corrupt act has been executed

through a third party, particularly if there is evidence to show the management were aware of such an act. In

the draft UK Bribery Bill published this year, there is a specific offence relating to corporates negligently failing

to prevent acts of bribery taking place within its organisation. The offence will take place when:

• a person performing services for the commercial organisation bribes another person,





59

• the bribe is in connection with the commercial organisation's business, and

• another person connected with the organisation, who has the responsibility of preventing bribery,

negligently fails to prevent the bribe.

The reference to “performing services for the commercial organisation” will undoubtedly capture third parties

representing the company in a transaction.

Therefore it is imperative that companies demonstrate a robust policy for the vetting and monitoring of

third party agents and consultants who represent them in any country around the world. This should include

a substantial due diligence on the agent prior to their engagement. Such due diligence should encompass

more than a cursory or public records check. The company should understand the individual’s background,

his connections to government, other entities he has worked for and an insight into his business practices.

Furthermore, each and every assignment he is tasked with should be governed by a clear contract with specific

definitions of the services to be provided and how they are to be remunerated.

Companies should also consider conducting retrospective due diligence on their existing agents and

contractors. Many may have been engaged several years ago and been active for the company for a long period

of time. They may have established a way of conducting business on the company’s behalf that they consider to

be still acceptable even in today’s tightly regulated market, but may well be in breach of the company’s current

ethical standards.

When conducting retrospective due diligence on agents and consultants, companies may wish to prioritise

those agents who have some common red flag indicators attached to them. For example:

• Agents involved in the awarding of Government Contracts

• Agents paid in cash

• Agents paid to offshore bank accounts

• Agents who provide vague or limited information on their invoices, i.e., “For consulting services”

• Agents used in high risk countries, such as those identified by the Transparency International Risk

Index

For many businesses this may seem like a daunting and expensive task. However, the failure to address the

issue of corruption can be hugely costly to an organisation, in terms of fines, reputation and, in some cases, the

personal freedom of its executives.

In the United States, more cases have been initiated under the Foreign Corrupt Practices Act (FCPA) since

January 2006 than in the prior 28 years combined. At the end of 2008, following more than two years of

investigations by the German and US authorities, as well as an internal investigation, Siemens Aktiengesellschaft

agreed to the highest regulatory settlement in the history of the US Foreign Corrupt Practices Act amounting to

US$800 million, including an SEC settlement of US$350 million and a DOJ settlement of US$450 million. On

top of this, Siemens AG also agreed a settlement amounting to €395 million with the German authorities.

In the UK the SFO have publicly set out their determination to investigate and prosecute companies and

individuals responsible for conducting or failing to prevent corrupt acts.

Companies that decide to turn a blind eye to the actions of their consultants in the hope of not being caught,

or who decide that proactive prevention of corrupt acts by their agents is too expensive in a time when global



60

economies are suffering, in the long term may end up paying a very heavy price. The regulator, after all, is

recession proof.






www.executiveview.com | Guernsey

61

Breaking Out the Arsenal – Dealing with Offshore Regulatory Investigations

BY MICHAEL ADKINS | COLLAS DAY

The international political pressure on offshore regulators to start baring their teeth a little is mounting in the

context of the global financial crisis and particularly a conservative shift in the public’s (and therefore politicians’)

expectations and tolerance of financial risk taking. This is understandable. When taxpayers are called upon to

underwrite the ‘entrepreneurship’ of the high flyers, they need to have faith that there are rules and that these

rules will be enforced. This shift in expectations makes for an interesting time in the world of specialist financial

centres, where there is significant pressure, perhaps for the first time, on regulatory institutions to step back

from their nurturing role and start policing their constituents. What this will almost certainly mean is that the

regulators’ powers of investigation will be deployed and tested in ways that have not been contemplated before.

This article discusses the process of a typical regulatory investigation, focusing specifically on the powers

available to the Guernsey Financial Services Commission (GFSC), and suggests practical ways in which the targets

of those investigations might best handle them.

Getting to the Starting Line

Before we even hit the investigation stage of a matter, it is important to understand that, particularly in offshore

jurisdictions, there is likely to be significant scope to nip a matter in the bud in the preliminary stages. In doing so,

not only does the business avoid risking the direct consequences of a formal penalty being imposed, but also saves

the cost, distraction and potentially the negative publicity of a regulatory investigation.

Most financial regulators are charged with a range of broad objectives. Often one of these objectives will

generally be something like “promoting trust and confidence” in the jurisdiction’s finance industry or financial

markets. The difference in offshore jurisdictions such as Guernsey, is the way in which the regulator seeks to

implement this objective. Rather than furiously investigating everything that crosses their desk and shooting out

a media release the minute they start an investigation, the GFSC is likely to be more accustomed to raising any

concerns privately and relatively informally.

This approach provides the smart financial service business with the opportunity to understand and respond

to the regulator’s concerns in a discrete, low cost manner. Such a process is of benefit to the regulator, because

when used effectively, it allows them to be confident that its constituents are sound and safe businesses, without

risking the jurisdiction’s reputation by highlighting the few transgressors. The key is to convince the regulator that

your business is squarely in the right camp. This can be achieved by being cooperative and responsive, rather than

G U E R N S E Y


Guernsey | www.executiveview.com

62

adversarial, listening to any concerns and preparing thoughtful and detailed justifications for your position; while

being mindful that ultimately the regulator needs to have confidence in the people that are running the business.

On Target?

Inevitably though, some of these informal approaches will fail and an investigation will be launched. The GFSC’s

powers to investigate misconduct are drawn from two distinct sources. First, the GFSC has investigation powers

under the regulatory laws that it is responsible for administering. Second, the GFSC also has certain powers

under its foundation legislation. Importantly, each of these powers of investigation can only be exercised in the

specific terms, or for the specific purposes, specified in the empowering legislation. Any step taken beyond those

circumstances is ultra vires, literally, beyond power and therefore invalid. Accordingly, licensees and their lawyers

should look closely at the legislation that the regulator purports to rely upon and consider whether it actually

allows the regulator to do what they are trying to do – where these powers are being exercised by staff for perhaps

the first time, it would not be surprising for there to be a few innocent mistakes along the way.

A note of caution about being too sharp here though. It always pays to think strategically in all aspects of

business, including when thinking about how to deploy what can amount to ‘technical’ legal arguments. In most

cases, the regulator can simply re-exercise a particular power in accordance with the law. So if you take the point,

substantively there might be no real difference in what you are required to do, or what information the regulator

might obtain from you, but there is likely to be a big difference in the attitude of the regulator. If someone has the

power to take your licence away (or at least make life difficult and expensive trying to do so), do you really want to

be showing them up? Only you, together with your lawyer, can advise what to do in any given set of circumstances,

but it is worth keeping in mind that sometimes it isn’t necessary to fight every battle.

The Shotgun Approach

Like most regulators, the GFSC’s powers fall into three broad categories:

• Obtaining documents;

• Obtaining information (or interviews); and

• Conducting site visits.

Dealing with a requirement to produce documents and information can be the most expensive and distracting

part of any regulatory investigation. The extent of the pain usually comes down to the skill of the draftsmen of

the notice or the questioners in interviews and visits. A tight, well defined notice to produce documents will be

easy to comply with, and shouldn’t take hundreds of hours to satisfy. More commonly, notices to produce are

(understandably) widely drafted so as to ensure that nothing is left out. There are two ways to respond to such a

notice, each with their pro and cons.

Often the tendency is to construe the notice as narrowly as possible in an attempt to limit the amount of

material produced. Unfortunately, the time spent doing this (and the fees inevitably paid to lawyers to advise on

your approach) can outweigh any benefit. You also run the risk of appearing evasive, and even committing an

offence if the ‘smoking gun’, which should have been produced but wasn’t, turns up later.

The other way is the ‘kitchen sink’ approach, where the notice is given the fullest interpretation and box loads

of material is produced. This can be an effective way of encouraging the regulator to be a bit more direct in asking



63

for what they want and probably doesn’t take as long, or cost as much, as the narrow approach. The risk is if

something slips through that shouldn’t have been there – privileged legal advice for instance.

Providing information on oath, during an interview or a site visit, can be a more personally stressful experience

for the staff or managers involved because aside from some general hint in the notice, you don’t really know what

questions are going to be asked. There really are no shortcuts in preparing for these; the amount of time spent

knowing your business, or the particular matter under investigation, is directly reflected in your comfort level

under fire. The best that probably can be done is to have an informal chat with the regulator beforehand, or get

your lawyer to do it. As far as the GFSC is concerned, in most cases they will be more than happy to at least enter

into a discussion about the general direction of their enquires – because it saves everyone time and money.

Happy Endings

Finally, it’s important to remember that at the end of the day, every regulator has a range of remedies available.

These can range from an informal stern word, to licensing action, civil penalties and other civil remedies, to

criminal offences against the company and the individuals concerned. It is important to think about where you

want to end up from the very start – and, if it’s clear that the regulator has a case, pitch something appropriate to

them. Remember, particularly in the offshore world, regulators can be as headline averse as the businesses they

regulate.

Even better, in the right circumstances, proactively applying the likely remedy (such as tightening up your

compliance process or compensation affected clients) can literally leave the regulator with nowhere to go, no

matter how blatant the breaches. As well as the trust built up with the regulator, it can also be turned into some

positive all important spin.

Michael Adkins is an Associate at Collas Day.


When Good Funds Go Bad: Re-Fund to Sender

BY PAUL WILKES | COLLAS DAY

In the first half of this year the number of hedge fund launches in Europe fell to its lowest level since 2000. New

funds which were launched raised only $2.1bn, the lowest total since HedgeFund Intelligence began conducting

surveys of the industry in 2000, and less than the $2.5bn raised by a single fund – Brevan Howard Multi-Strategy

– a year earlier.

Given these factors, the focus of investors has suddenly shifted from the search for the next big investment

opportunity to paranoia about the next big write-off.

Following cases such as the Bernard Madoff scandal, the possibility of legal claims being made following the

failure of a fund has been at the forefront of the minds of many in the industry. To pre-empt criticism and/or claims

from investors, directors of funds facing these difficulties should now be considering what claims those funds can




Guernsey | www.executiveview.com

64

and/or should be making against service providers to whom they have delegated certain responsibilities.

Possible Claims by the Fund

The primary causes of action which a fund may have against its service providers following failure due to fraud

or mismanagement (other than claims against the alleged fraudulent party) fall into two broad categories: breach

of contract and negligence. For example, if the service providers had taken all reasonable steps expected of them

(or such steps as they were contractually obliged to take), would the fraud or mismanagement have been detected

earlier and given the directors an opportunity to avoid or minimise losses that the fund may now face?

The Custodian

The custodian of a fund has, among other things, the duty to take into its custody or under its control all of the

property of the fund. A custodian may also be obliged to take reasonable care to ensure that the fund is managed

in accordance with the prospectus and the rules governing it.

The custodian is therefore at risk of a claim being made against them in contract or negligence where the fund

has failed, particularly where this is due to fraud or mismanagement, and it is alleged that the custodian did not

take the steps a reasonable custodian should have taken to protect and supervise the assets of the fund.

The Manager

Similar to the custodian, the manager may face a claim in contract negligence by the fund where they have failed

to take all reasonable steps to supervise and manage its assets. In addition, a contractual claim may be brought

against the manager in accordance with the terms of the management agreement where these terms are shown to

have been breached.

The manager may also face further legal claims relating to the fund’s prospectus. These may arise either where

the manager has breached its statutory duty to make decisions concerning fund assets, or has failed to invest

within the investment parameters in accordance with its prospectus, or where the prospectus contains false or

misleading disclosures or omissions in relation to the fund. For example, in relation to the risk factors associated

with the fund, conflicts of interest or proposed investment strategy. Of course, directors themselves may also be

exposed to such claims.

The Auditors and Legal and Tax Advisors

Contractual claims may be available against the auditors and legal and tax advisors in accordance with the relevant

terms of engagement applicable to them. These service providers may also face a negligence claim where they have

not acted with due care and skill in relation to the fund. In the context of fraudulent schemes invested into by

funds the role of the funds auditor has come under particularly close scrutiny.

Claw Back of Fees

Often service providers to a fund are paid fees based on the net asset value of the fund. Where it is subsequently

revealed that this value was in fact significantly less than believed, or even zero, the fund may be able to claim that

part or all of these payments be refunded under principles of unjust enrichment.

Recent Caribbean cases relating to the issue of “clawing back” flawed payments made by funds have ruled



65

against unravelling past transactions and reversing payments made to or by investors which were based on a

mistaken net asset value.

However, it is likely that reversing payments to service providers would be a far less complex task and it may be

that the courts are more willing to allow fees paid to service providers to be “clawed back” in certain circumstances.

This may particularly be the case where this error is attributable to either fraud or mismanagement on the part of

the service provider.

Conflicts of Laws

It is the nature of the global fund industry that funds invest across various jurisdictions; consequently claims

made by or against funds may arise in multiple jurisdictions. In these circumstances the board of the fund needs

to consider carefully whether judgements made by or against the fund in a foreign jurisdiction are enforceable.

Advice should be sought on this issue and it should not be assumed that any foreign judgement against the

fund is enforceable. Equally, if the fund is intending to take action against a foreign party the board should seek

advice, as there are various steps that need to be taken to ensure that such a judgement would be enforceable by

the fund.

Future Challenges

In these times, the challenge for directors of failed or failing funds is to seek and action advice in relation to the

availability of claims against service providers, the possibility of “clawing back” fees and the enforceability of

foreign judgements by and against the fund. One expects these challenging times to be with us for some time yet

and plenty more will be written on the subject.

Paul Wilkes is a senior associate at Collas Day.





Italy | www.executiveview.com

66

Ethical Code and Disciplinary System

BY ANDREA FEDI AND MARIANGELA ANTONELLI | LEGANCE STUDIO LEGALE ASSOCIATO

Legislative Decree no. 231, dated June 8, 2001, introduced in Italy the administrative liability which applies to

legal entities, companies and associations with or without legal personality, in relation with crimes committed,

in the interest or on behalf of the entity concerned, by the individuals listed in Article 5 of the Decree (e.g.,

members of Board of Directors, auditors, executives, representatives as well as individuals supervised by or

under the surveillance of executives).

The administrative liability under Article 6 of the Decree does not apply in the case of crimes committed by

the abovementioned individuals if the entity concerned is able to prove, among other things, that it has adopted

and effectively implemented, prior to the committing of the crime/s, adequate organisational models/rules

aimed at preventing crimes having the same nature as those which have been committed.

The Ethical Code and related Disciplinary System are deemed an essential part of these models/rules. The

Ethical Code is a set of principles of conduct, establishing guidelines which must be adopted in business decision-

making and behaviour (such as rules regarding business relations with customers and suppliers, relations

with competitors and trade practices, guarantee of equal opportunity at work, prevention of accidents in the

workplace, and so on). Thus, the purpose of the Ethical Code is to provide employees, executives, members

of Board of Directors and any other parties carrying out activities in the interest or on behalf of the entity

with specific instructions and guidelines to make their choices and decisions in compliance with principles of

integrity and fairness. The respect and enforcement of the provisions contained in the Ethical Code are assured

by a Disciplinary System, which shall impose specific sanctions in case of breach of the ethical principles and

rules established in the Ethical Code.

Implementation of the Ethical Code: Labour Law Aspects

Before validly implementing the Ethical Code an entity must take into account certain requirements and

limitations set forth by the Italian labour law.

From a substantial point of view, the rules contained in the Ethical Code must first of all comply with the

employees’ fundamental rights, as set forth by the Constitutional Chart, by specific labour legislation (including

in particular Law no. 300 of May 20, 1970, the so-called “Workers’ Statute”), and collective bargaining

agreements that can provide further rights or wider rights than those established by the law.

As a matter of fact, the above rights, either established by the Constitutional Chart, the labour legislation

and the collective bargaining agreements, may not be limited or breached by the employer when exercising its

I T A L Y


www.executiveview.com | Italy

67

disciplinary power.

From a formal perspective, the law requires that the employees are made aware of the rules established

by the employer in the Ethical Code, as well as of the sanctions applicable in case of breach of such rules.

The applicable disciplinary sanctions shall be only those established by the law or by the national collective

agreements.

To this purpose, the rules contained in the Ethical Code (as well as any future updates or supplements) shall

only be valid and enforceable if certain formal requirements are satisfied.

In particular, the Ethical Code shall be adopted in compliance with the requirements set forth by Article 7

of the Workers’ Statute. According to this provision of law, the disciplinary code of a company (of which the

Ethical Code constitutes an addendum) must: (i) be notified to all employees by affixing a copy of this document

in each production unit of the entity in a place accessible to everybody; and (ii) mention in detail the graded

disciplinary sanctions related to each breach of its provisions.

For the purposes under point (ii) above, the sanctions must be measured based on the seriousness of the

breach, in a range going from the simple verbal warning for a slight violation, up to dismissal without notice for

a very serious breach.

In the absence of the two requirements under (i) and (ii) above, any disciplinary sanctions taken by the

employer against the employees due to the breach of the rules contained in the disciplinary code would be null

and void.

Finally, if a works council exists, it is generally advisable to inform and discuss with them in advance about

the implementation of the Ethical Code. Additional and more specific information obligations may be provided

by national collective bargaining agreements applied by the entity.

The Case of the Multinationals: Implementation in Italy of the Ethical Code Adopted by the Foreign

Parent Company

In order to make the Ethical Code adopted by the foreign parent company binding towards the employees

belonging to an Italian subsidiary and make it enforceable from a disciplinary point of view, particular attention

must be paid to the correct implementation/transposition of such code.

For such purposes, it is generally necessary to proceed as follows:

• amend the Ethical Code in order to eliminate or modify the provisions which are in conflict with Italian

labour law principles and/or the employees’ rights established therein and/or Italian public policy

provisions or rules of mandatory application. In addition, any reference to the management of the

parent company shall have to be replaced, or at least integrated, by a reference to managers of the Italian

subsidiary;

• the Ethical Code must be communicated to the employees by affixing it in an accessible place at the

Italian subsidiary’s premises; and

• the Ethical Code must be integrated with a reference to the specific disciplinary sanctions which will be

applicable in case of breach of its rules.

Finally, for the purpose of facilitating the discussion with the works councils, and also in order to avoid any



68

possible claim on the actual understanding of the Ethical Code by the employees, it would be strongly advisable

to have the Ethical Code translated into Italian.

Andrea Fedi is a Partner and Mariangela Antonelli is an Associate at Legance Studio Legale Associato.


General Overview on Legislative Decree 231/2001

BY ANDREA FEDI AND MATTEO POLLI | LEGANCE STUDIO LEGALE ASSOCIATO

Legislative Decree no. 231, dated June 8, 2001, introduced in Italy the administrative liability which applies

to legal entities, companies and associations with or without legal personality in case of crimes committed by

their representatives or employees. It is worth noting that the decree applies to a wide range of crimes and

also to certain administrative violations.

The Decree does not apply only to the Italian State, governmental and local entities, other non-economic

publicly owned entities and entities carrying out duties of constitutional importance. The broad category

of addressees also extends to private legal entities, all types of companies (i.e., partnerships, companies,

cooperatives), unincorporated associations and even publicly-owned entities if they carry out economic

business.

Under the provisions of article 5 of the Decree, an entity is liable under the following conditions:

• the relevant crimes have been committed in the interests or for the benefit of the entity;

• the relevant crimes have been committed by: (i) executives (“soggetti in posizione apicale”) who carry

out representative, administrative or managerial functions within the entity or one of its branches

having financial and organisational autonomy, or alternatively any other person who is involved, even

only factually (i.e., without a formal appointment), in the management and control of the entity or its

branch; or (ii) individuals supervised by or under the surveillance of executives (“soggetti in posizione

subordinata”);

• the above persons have not committed the crimes in their own exclusive interests or in the exclusive

interests of any third party.

The Decree provides for that an entity is not liable for crimes committed by the aforementioned executives and

subordinates if it proves that: (i) it has adopted and effectively implemented, prior to the commission of the

crimes, adequate organisational models, rules and procedures to prevent crimes of the same nature as those

which have been committed; (ii) it has entrusted an internal, but independent Compliance Body, granted with

autonomous powers of initiative and control, to oversee the implementation and the updating of the above

models, rules and procedures; (iii) the person who has committed the crimes has fraudulently circumvented

the application of the internal rules of business conduct and procedures; and (iv) the Compliance Body has

duly controlled and supervised the implementation and adequacy of the models, rules and procedures.






69

Crimes Which May Imply the Entity’s Liability and Relevant Sanctions

The Decree provides that an entity may be liable, inter alia, for the following crimes: (i) frauds against the State or

other governmental or local entities; (ii) extortion, embezzlement, bribery and incitement to bribery; (iii) forging

currency, public credit cards or revenue stamps; (iv) corporate crimes; (v) terrorism or subversion of democracy;

(vi) market abuses; (vii) labour crimes concerning health and safety; (viii) money-laundering; (ix) transnational

organised crimes; (x) cyber crimes and illegal data processing; (xi) crimes against industry and commerce; and

(xii) crimes against intellectual property rights.

The sanctions set forth by the decree for the entity are as follows.

Monetary Penalties

The Decree sets forth that monetary penalties shall always be applied. The judge determines the amount of the

penalty on the basis of the seriousness of the fact, the level of responsibility of the entity and its interventions to

remove or mitigate the consequences of the crime and prevent the commission of further violations. The judge

also considers the status of the Entity with a view to making the penalty effective. The penalty is reduced (i)

to one half if the person who has committed the crime has acted in the prevailing interest of third parties and

the entity has taken a minimal benefit or (ii) from one third to one half if the entity, prior to the beginning of

the trial of first instance, carried out or tried in good faith to perform specific reparatory conducts such as full

compensation for damage and removal of the crime’s harmful or dangerous consequences and has adopted and

implemented an adequate set of internal rules and programs to prevent future crimes similar to those which have

been committed.

Should both circumstances have occurred, the penalty may be reduced from one half to two thirds.

Disqualifications

The disqualifications are:

• disqualification from exercise of the whole activity (i.e., suspension or revocation of licences or authorisations

necessary for the performance of the activity). This sanction is applied only if the application of other

sanctions proves inadequate;

• suspension or revocation of authorisations, licences or concessions relating to the activity specifically

concerned by offence committed;

• prohibition to negotiate with the Public Administration except for obtaining a public service. The

prohibition can be limited to particular types of contracts or to certain departments or branches of the

Public Administration;

• exclusion from grants, loans, contributions or subsidies and possible revocation of any of them already

granted;

• prohibition of advertisement of goods or services.

The disqualifications have a duration ranging from three months to two years. While the monetary penalties apply

in any case, the disqualifications apply only for crimes for which it is specifically contemplated.

The entity may avoid the application of the disqualifications if, before the beginning of the trial of first instance,

it has: (i) fully compensated third parties for the suffered damages and eliminated all harmful and dangerous



70

consequences of the crime or has committed itself to do so; (ii) eliminated the organisational deficiencies which

have permitted the committing of the crime through the adoption and implementation of adequate internal

rules and programs to prevent future crimes similar to those which have been committed; and (iii) voluntarily

surrendered all profits deriving from the crime.

The disqualification from the exercise of the whole activity can be definitively decided if the entity has made a

considerable profit from the crime and it has already been condemned, at least three times in the last seven years,

to temporary disqualifications from exercise of the activity.

Confiscation

The Judge always orders the confiscation of the price or profit of the crime, except for the part that can be returned

to the damaged party and save for the rights acquired by third parties in good faith.

Should it prove impossible to execute the confiscation on the price or on the profit of the crime, the confiscation

can be made on other goods, utilities or money of equal value.

Publication of the Judicial Decision

The Judge can provide for the publication of the decision when a disqualification has been imposed on the entity.

The publication must be made in one or more newspapers at the entity’s expense as well through posting it in the

town hall of the place where the entity has its registered office.

Entity Modification Issues

The Decree also contains some provisions aimed at avoiding extraordinary transactions being used as a way to

elude the liability.

The Decree provides thus that in the case of:

• transformation of the corporate type, the entity shall continue to be liable for the crimes committed prior

to the date when the transformation became effective;

• merger, even by incorporation, the surviving entity is liable for the crimes chargeable to the merged

entities;

• demerger, the demerged entity is liable for the crimes committed prior to the date on which the demerger

became effective. The beneficiaries of the demerger are also liable for the payment of monetary penalties due

by the demerged entity with respect to the crimes committed before the date on which the demerger became

effective;

• transfer or contribution of the going concern concerned with the committed crime, the transferee is jointly liable

with the transferor for the payment of the monetary penalties within the perimeter of the transferred business.

The liability of the transferee is limited to the penalties resulting from the mandatory accounting books and

accounts or however known by the transferee. The disqualifications do not apply to the transferee.

Andrea Fedi is a Partner and Matteo Polli is an Associate at Legance Studio Legale Associato.







71

Organisational Models Pursuant to Legislative Decree 231/2001 and Appointment of the Compliance Body

BY ANDREA FEDI AND MATTEO POLLI | LEGANCE STUDIO LEGALE ASSOCIATO

Legislative Decree no. 231, dated June 8, 2001, introduced in Italy the administrative liability which applies to

legal entities, companies and associations with or without legal personality.

The Decree provides for an entity not being liable for crimes committed by its representatives if it proves that:

• it has adopted and effectively implemented, prior to the commission of the crime/s, adequate organisational

models, rules and procedures to prevent crimes of the same nature as those which have been committed;

• it has entrusted an internal, but independent Compliance Body, granted with autonomous powers of

initiative and control, to oversee the implementation and the updating of the aforesaid models, rules and

procedures;

• the person who has committed the crime/s has fraudulently circumvented the models, rules and

procedures;

• the Compliance Body has duly controlled and supervised the implementation and adequacy of the models,

rules and procedures.

Article 6 of the Decree also provides that the above mentioned models, rules and procedures shall:

• identify the activities of the entity in the context of which crimes might be committed;

• envisage specific protocols (i.e., procedures) for the planning and implementation of the entity’s decisions

with regard to the prevention of the crimes;

• identify adequate methods for the management of appropriate financial resources to prevent the perpetration

of the crimes;

• establish information duties towards the Compliance Body, who is charged with the supervision of the

functioning and enforcement of the internal models, rules and procedures;

• introduce a disciplinary system setting sanctions for failures to comply with the provisions of the internal

models, rules and procedures.

The aim of the Decree is the creation of an organisation within any entity which is oriented towards the avoidance

of the crimes listed in the Decree.

The adoption of the internal models, rules and procedures is not compulsory, per se, although the management

board of the entity may be considered liable for damages, in the event that the non-adoption causes a prejudice

to the entity.

The Decree does not provide a general and standard version of the models, rules and procedures to be

adopted. Nevertheless, the Decree provides that they can be implemented according to the guidelines drawn up

by certain associations (among which the association of Italian banks and associations of entrepreneurs) which

contain recommendations and measures considered suitable in principle to meet the Decree’s requirements. The

Guidelines, therefore, represent a sort of starting point for the creation of the internal organisational models, rules

and procedures and the appointment of the Compliance Body. However, an entity may well choose to depart from



72

the Guidelines without being considered to have breached any provisions set forth in the Decree: the only crucial

point is that the internal rules may actually prevent the commission of crimes. In fact, a mere literal incorporation

by reference to the Guidelines, without considering the actual business and organisation of the entity, shall not

ensure at all that an adequate set of internal rules has been adopted.

Finally, it is worth bearing in mind that the mere adoption of internal rules is not considered sufficient.

Continuous monitoring and inspections must be carried out in order to ensure the actual effectiveness and

application of such rules.

Compliance Body

The Decree does not provide any indications in relation to the composition of the Compliance Body or the

qualifications of its members.

As to the activities that the Compliance Body is required to carry out under the Decree, the guidelines of many

associations set forth that the Compliance Body shall:

• supervise the effectiveness of the models, rules and procedures and more specifically ensure the conformity

to the internal provisions;

• assess the adequacy of the internal rules in relation to the entity’s business and its organisation and thus

evaluate the capability to prevent the committing of the crimes listed in the Decree;

• check that the requirements of solidity and functionality of the internal rules are preserved;

• update the models, rules and procedures by means of a preventive analysis of the situation and/or

any occurred violations, proposals for the implementation of the internal rules and verifications of the

implementation and the effectiveness of the proposed modifications.

The requisites of the Compliance Body pursuant to the Decree are:

• autonomy and independence, in order to warrant impartiality;

• professionalism and reputation, in order to warrant the effectiveness of the monitoring activity in a context

which requires not only competence in evaluating and managing risks, but also competence in terms of the

analysis of procedures, company organisation, finance, auditing and management, civil and criminal law

and professional practice;

• continuity of action, in order to warrant continuous monitoring and updating of the internal models, rules

and procedures.

Composition of the Compliance Body

The guidelines of certain associations set forth that the duties of the Compliance Body can be vested to certain

control committees existing within the entity (e.g., Internal Control Committee, Internal Auditing or other internal

committees). In fact, such internal control committees have certain characteristics which make them suitable

to carry out the duties requested to the Compliance Body by the Decree, since they are generally autonomous

and independent (for instance, the Internal Control Committee has to be composed of non-executive directors

of which the majority shall be independent, while the Internal Auditing is often placed in a top position in the

organisation of an entity and works supporting the executive top management by monitoring the system of internal

controls, also through a communication/reporting line between the Internal Auditing and the management board



73

or the Internal Control Committee), as well as correctly placed within the entity’s organisation and provided with

adequate resources. Such resources allow such committees, inter alia, to avail themselves of external advisors in

the event of activities which require qualifications not internally owned by the same committees (in such a case

the external advisors shall report to the Compliance Body on the outcome of their activity).

A further alternative for an entity is the implementation of an ad hoc Compliance Body, which may consist of

a single individual person or a committee. In case of appointment of a committee, most guidelines and scholars

retain that such solution should provide a mix of internal and external members (e.g., independent directors,

statutory auditors and external experts). On the other hand, most of the guidelines and the majority of the scholars

retain that a one-member Compliance Body is suitable only for small size entities.

Andrea Fedi is a Partner and Matteo Polli is an Associate at Legance Studio Legale Associato.


White Collar Crimes Under Italian Law

BY ALESSANDRO DE NICOLA | ORRICK, HERRINGTON & SUTCLIFFE LLP

As per the definition coined by the American Criminologist Edwin H. Sutherland “white collar crime” means

“a crime committed by a person of respectability and high social status in the course of his occupation”. Those

looking for the same definition or for a specific regulation of white collar crime under Italian law will have a

fruitless search.

Italian criminal law is based on the so called “theory of the juridical good” (this is a literal translation of the

Italian: teoria del bene giuridico) which establishes that human behaviours shall be punished only in case of

harm of goods covered by legal protection. Following the above-mentioned theory, the Italian Criminal Code

provides for a catalogue of crimes which are grouped according to the specific characteristics of the goods

protected: for example, sections 314-356 punish crimes “against the Public Administration”; sections 575-623-

bis provide for punishment of behaviours “against individuals”; sections 624-649 punish behaviours “against

property”, etc. (in this sense “Public Administration”, “individuals” and “Property” are to be considered as

“juridical goods”).

Although the Italian Criminal Code is the main regulation that provides for an organic system of rules, it does

not regulate all kind of crimes and many of them can be found in special laws (i.e., the Italian Civil Code provides

for corporate crimes, Legislative Decree 196/2003 provides for punishment of crimes related to data protection

and privacy, and Legislative Decree 81/2008 provides for crimes in violation of health and safety rules).

In light of the above, it is clear that “white collar crimes” cannot be considered as a category within the Italian

criminal law system, as the latter is based on different elements of the crime: while the category of “white collar

crimes” is focused on “persons”, and more precisely on persons that can commit a crime due to their position held

in a company, the Italian criminal law system is focused on “goods covered by juridical protection” damaged by

people’s behaviours (actions or omissions).






74

Even if white collar crimes are not specifically regulated by the Italian Criminal Code or by special laws,

they could be generally compared to “corporate crimes”, crimes against the Government and the Public

Administration (corruption, bribery, fraud against the State or Public Entities, fraud in order to obtain public

loans, etc.) and financial crimes (i.e., insider trading and market manipulation). Nevertheless the list of illegal

behaviours that may be committed by persons of “high social status” during their job activity could be extended

to several other crimes punished by special Italian laws, such as crimes connected with violation of workplace

health and safety regulations and intellectual property crimes.

Most of all, the traditional meaning of “white collar crime” is close to the Italian category of “corporate

crimes” as they may be committed only by people who hold high positions inside the company. Corporate crimes

in most cases are “proper crimes” (in Italian: reati propri) which require specific subjective qualifications which

consist of covering top managerial or auditing positions inside the company, in opposition to “common crimes”

which may be committed by anyone without any subjective requirement. Corporate crimes, set forth by sections

2621-2642 of the Italian Civil Code, consist of false information and unlawful distribution of profits, violation of

duties incumbent on managers and directors, omission of compulsory information, obstructing internal audits

and other illegal transactions on a company’s capital or shares that may be committed either by directors,

managers and statutory auditors or, in some cases, only by people who carry out specific functions, such as

directors.

Also “financial crimes”, as insider trading and market manipulation, may be associated with the idea of

white collar crimes as sections 184 - 185 of the Legislative Decree 24 February 1998, n. 58 (“Consolidated

Law on Finance”) punish illegal behaviours like misuse of confidential (privileged) information relating to

issuers of financial instruments that are generally committed by top managers or, in any case, by people that

are supervised by the latter.

In any case, with regard to insider trading the first paragraph of section 184 of the above-mentioned

Legislative Decree punishes “any person who, possessing inside information by being a member of the

administrative, management or supervisory bodies of an issuer, a shareholder or in virtue of his employment,

profession, duties, including public duties” carries out transactions involving financial instruments using such

information or discloses such information to others. The second paragraph of the same section 184, establishes

that sanctions are inflicted on “any person who, possessing inside information by virtue of the preparation or

execution of criminal activities, carries out any of the actions referred to in paragraph 1”.

With regard to market manipulation, section 185 of the same Decree punishes “any person who disseminates

false information or sets up sham transactions or employs other devices concretely likely to produce a significant

alteration in the price of financial instruments”.

As a consequence of business scandals of the last few decades of the last century (known as tangentopoli),

which involved Italian top managers, politicians, public officials and judges, the crimes against Public

Administration, are also associated with the idea of white collar crimes. Although crimes like corruption and

bribery are to be considered “common crimes” (as under section 318 and ff. of the Italian Criminal Code)

which may be committed either by top managers or by common people case law has shown how these kinds of

crimes have been frequently committed by entrepreneurs and managers who corrupted (or were obliged to pay)

politicians and public officers in order to obtain contracts or authorisations.

Even if the above-mentioned crimes are only an exemplification of a more extended and complex list of



75

provisions, the most important Italian legal cases have shown peculiarities on committing crimes related to

business. First of all it should be pointed out that the absence of physical violence and high social status of white

collars helped them not to appear socially dangerous and made them “invisible” in the eyes of Public Prosecutors.

On the other hand, difficulties have been highlighted in identifying the persons who committed crimes and their

responsibilities. This is caused by the complex structures which characterise modern companies, inside which

decisional processes are often fragmented and involve more people: the company becomes a kind of wall that

hides and protects illegal behaviours of managers, directors or other people involved in their activities.

As a consequence of these remarks, the nature of white collar crimes itself could impede detection and render

their prosecution rather difficult.

In order to knock down the above-mentioned wall and deter people from committing crimes or illegal behaviours

related to business, the Italian Parliament introduced, by means of Legislative Decree 6 June 2001, n. 231, such

a kind of criminal liability of companies and other entities (except for public entities). The above-mentioned

Legislative Decree makes companies liable for such crimes that may be committed in their interest or to their

own advantage by “individual persons having a representative, administrative or managerial position within

the company” as well as by “individual persons subject to the management or supervision of one of the above-

mentioned subjects”. From this point of view, white collar crimes may be a vehicle to impute a sort of criminal

liability to the company: it being understood that such responsibility is in addition to the personal responsibility

of the person who actually committed the crime.

The Decree provides for pecuniary penalties that could be up to € 1,549,370.70 and, in most serious cases,

for disqualifications penalties which may consist of: (i) restrictions on running the business; (ii) suspension

or withdrawal of licences and permits; (iii) debarring from contracting with the State or with Governmental

agencies; (iv) non-eligibility for, or revocation of public subsidies; (v) prohibition to advertise goods and

services; and; (vi) total ban on conducting business.

As regards the company’s liability, white collar crimes that are taken into consideration are the following: (i)

crimes committed against the Public Administration (e.g., bribery, corruption and fraud); (ii) certain company

crimes (e.g., false company communications, accounting/financial fraud, fictitious formation of capital, stock

manipulations); (iii) forgery of banknotes and revenue stamps; (iv) terrorism (such as subversive associations,

assisting their members, terrorist training activities, financing terrorists etc.); (v) crimes against individuals

(such as forcing into slavery; tourist initiative aimed at exploiting child prostitution, possession of pornographic

materials etc.); (vi) insider trading and market manipulation; (vii) transnational crimes; (viii) manslaughter,

serious accidental injuries occurred as a consequence of a violation of rules for health and safety in the workplace;

(ix) money laundering; and (x) cyber crimes.

The list of crimes provided by Decree Legislative 231/2001 has been increasing with new crimes:

recently the Law of 15 July 2009, n. 94 introduced company liability for “criminal conspiracy”, while crimes

connected with intellectual properties rights entered into such list with the Law of 23 July 2009, n. 99 and the

introduction of many other crimes related to tax and environmental crimes are going to be discussed by the

Italian Legislator.

In light of the above, even if under the Italian criminal law system it is not easy to find a specific category

of white collar crimes, it seems clear that Italian law and regulations punish some crimes that are typically

committed by people who occupy high level positions within a company. In any case, the punishment for



76

the above-mentioned crimes is not limited to the person who acts unlawfully but it is also extended to the

companies on the interest or advantage of which they have committed such crime.

Alessandro De Nicola is the Italy Managing partner at Orrick, Herrington & Sutcliffe.


Designing and Implementing Compliance Programs

BY ALESSANDRO DE NICOLA | ORRICK, HERRINGTON & SUTCLIFFE LLP

Until approximately eight years ago, the Italian criminal law system applied the general principle of societas

delinquere non potest, meaning that criminal liability could only be imputed to individuals and not to legal entities.

On June 8, 2001, Legislative Decree 231/2001 introduced the new concept of “administrative responsibility of

corporations, companies and associations” (Decree 231).

Decree 231 aimed at amending the existing Italian regulations concerning corporate responsibility following

the entry by Italy into several international agreements, such as the Brussels Convention dated July 26, 1995 on

the protection of the European Community’s economic interests, the Anti-Bribery Convention dated May 26, 1997

signed in Brussels and the OECD Anti-Bribery Convention dated December 17, 1997 on Combating Bribery of

Foreign Public Officials in International Business Transactions.

Decree 231 introduced into Italian law a separate system of “administrative responsibility” for legal entities

(directly comparable to criminal responsibility under Italian law), for crimes committed by them in their own

interests or to their advantage by:

• individuals having a representative, administrative or managerial position within the legal entity or its

branches (even if such branches are financially and functionally independent), as well as by individuals

managing such legal entity in a de facto manner;

• individuals subject to the management or supervision of any individual described in the previous point.

Any liability for administrative responsibility is in addition to any personal liability incurred by the individual

him/herself.

Certain criminal offences specified under the new regime only aim to sanction those legal entities that have

benefited from the offence. The most serious of the penalties set out in Decree 231 include disqualifying measures

being imposed on the legal entity such as: the suspension or revocation of relevant licences and authorisations,

the debarring of the legal entity from entering into any agreements with government and public bodies, the

disqualification of such entity from performing its activity, the exclusion or revocation of public subsidiaries or

contributions received from public institutions, and prohibitions being placed on the legal entity from advertising

certain goods and services.

Liability can also be incurred under Decree 231 for crimes committed abroad, if the foreign country where the

crime has been committed does not take any action against the person or the company who committed the crime.





77

Sections 24 – 25 novies of Decree 231 provide for a list of crimes which, if committed by one of the above-

mentioned persons, will make the related legal entity liable to punishment. Although sections 24 and 25 of Decree

231 originally provided only for “crimes against the Public Administration”, over the years the list of crimes has

been expanded such that nowadays it consists of:

• section 24: fraud against the State or other public bodies, and computer fraud against the State or other

public bodies;

• section 24 bis: cyber crimes;

• section 24 ter: organized crime (e.g. conspiracy and Mafia crimes.);

• section 25: bribery and corruption;

• section 25 bis: forgery of coins, banknotes, public credit cards, duty stamps and company marks and

signs;

• section 25 bis. 1: crimes against industry and commerce (e.g., raiding the right to do business with violence

or fraud; illegal competition by means of threat or violence; fraud against national industries; fraud on doing

business; sale of non-genuine food as genuine; sale of industrial products with counterfeit trademarks;

manufacture and commerce of goods produced encroaching on someone else’s intellectual property right;

forgery of geographical marks or denomination of controlled origins, in Italian the so-called denominazione

di origine controllata.);

• section 25 ter: corporate crimes (e.g., false information and unlawful distribution of profits, disclosure of

confidential information concerning the company; violation of duties incumbent on managers, directors

and liquidators, omission of compulsory information, fraudulent acts affecting securities of the company

etc.);

• section 25 quater: crimes of terrorism or subversion of democracy;

• section 25 quarter. 1: mutilation of female genitals;

• section 25 quinquies: crimes against individual persons (e.g., forcing into slavery, child prostitution; child

pornography; possession of pornographic material; tourist initiatives aimed at exploiting child prostitution,

slave trade and purchase and alienation of slaves);

• section 25 sexies: insider trading and market manipulation;

• section 25 septies: crimes related to health and safety at workplaces;

• section 25 octies: receiving of stolen goods (fencing) and money laundering;

• section 25 novies: crimes against intellectual property rights (e.g., copying, transmitting or releasing

intellectual properties intended for cinema or television; copying, transmitting or releasing literary,

dramatic, scientific and musical works; unauthorized downloading of files etc.);

As part of the introduction of the above-mentioned administrative liability system, section 6 of Decree 231 provides

a specific exemption in case the legal entity is able to prove that:

• prior to the offence being committed, the board of directors of the company adopted – and effectively

implemented – compliance programs (the so-called “Model of Organization and Control”) suitable for

preventing offences similar to those committed;

• the task of supervising the Model’s operation, implementation and updating, was entrusted to an

independent body that had sufficient powers of intervention and control (the “Vigilance Body”);



78

• the persons who committed the offence had wilfully and fraudulently circumvented the Model of Organization

and Control; and

• the Vigilance Body did not fail in its duty to properly exercise its powers of control.

In order for the exclusion to apply so as to prevent the crimes and related penalties, Decree 231 states that the

above-mentioned Model of Organization and Control must comply with the following requirements:

• identify those activities that could result in an offence being committed under Decree 231;

• set out specific protocols aimed at preventing the company’s decision-making process from committing the

offences;

• identify management procedures in respect of the company’s financial resources that will prevent such

offences from being committed;

• place information obligations on the committee in charge of supervising the Model’s operation and

compliance;

• introduce an internal disciplinary system to punish non-compliance with the Model of Organization and

Control.

Compliance Programs are usually made up of a “General Section” and of several “Special Sections” which are

drawn up on the basis of the different types of crimes provided for by Decree 231. The number of Special Sections

depends on the sectors and kinds of activities which are specifically carried out by the company (the so-called “At-

Risk Areas”).

As a consequence of the increase in crime over the years, Models of Organization and Control need to be

updated regularly and implemented such that their procedures effectively and continually protect the company

against the risk of any crime being committed.

As regards the Vigilance Body, Decree 231 provides that such body shall supervise the proper operation and

update the Model of Organization and Control; the Vigilance Body is an essential element of the company structure

which must be maintained in compliance with Decree 231.

The Vigilance Body must be endowed with the power to initiate and control the necessary corporate actions,

and must be self-governing and independent. These structural and functional elements of the Vigilance Body

could be granted by appointing – as members of such Vigilance Body – persons that satisfy the requirements of:

• “autonomy” (it is necessary to grant the Vigilance Body with effective powers of inspection and control,

with the possibility to have access to all of the Company’s information and to adequate resources in order

to perform its monitoring activity);

• “independence” (the Vigilance Body shall not have any executive power, nor any conflict of interest with the

company); and

• “professionalism” (it is necessary to grant that the Vigilance Body is composed by members with specific

risk management and juridical expertise and skills).

In order to appoint a Vigilance Body with all the above-mentioned requirements it is advisable – if not mandatory

– for the Vigilance Body to operate by way of collective body.

Furthermore, to satisfy these requirements, the board of directors must – at the time of the appointment of



79

the Vigilance Body – annex all information relating to the professional qualifications of its members and a copy of

each such member’s curriculum vitae to the relevant appointment resolution.

Even though the Vigilance Body is independent, it shall coordinate its activities with the other company

departments to permit the proper monitoring of operations in the At-Risk Areas. For this purpose, the Vigilance

Body must be constantly informed of the progress of any activities in the At-Risk Areas and must have clear access

to all relevant company documentation, including updates. Furthermore, it must be informed by the management

of any possible cases related to company management that might place the company at risk of offence.

For these reasons, an efficient information flow must be implemented within the company as follows:

• from the employees/head of each company’s department towards the Vigilance Body; and subsequently

• from the Vigilance Body towards the board of directors and the board of statutory auditors.

It should be highlighted that, in order to be efficient and to maintain respect by the targeted people, a proper

compliance program needs to supply suitable training and education to all people who carry out the company’s

activities in the At-Risk Areas and to provide for specific disciplinary measures in case of violation of the principles

and procedures set forth by the Model of Organization and Control.

Finally, even if designing and implementing compliance programs is not mandatory under Italian law, the

adoption of a proper Model of Organization and Control allows the company, on the one side, to reduce the

risk of crimes being committed, and on the other side, to avoid its administrative liability and the consequent

punishment.

Alessandro De Nicola is the Italy Managing partner at Orrick, Herrington & Sutcliffe.


How to Avoid the Substantial Risks of Government Investigations and Criminal Proceedings

BY PROF. AVV. ASTOLFO DI AMATO | ASTOLFO DI AMATO E ASSOCIATI

Preliminarily, it must be stated that in the Italian system, the Public Prosecutor is responsible for carrying out

investigations of companies with respect to crimes such as corruption and such investigations are done on the

basis of rules substantially similar to those of criminal proceedings.

Obviously, the first and most simple response to the question of how to avoid investigations and criminal

proceedings is not to commit the crime: if there is no offense, there are no risks. However, such response is too

simplistic, as often in the market, it is hard to distinguish clearly between black and white and the gray area in

which it is difficult to establish whether or not there has been illicit conduct.

This creates an extremely high risk that a company be subjected to an investigation by the Public Authority

as often in a country such as Italy – in which there is an abnormal amount of the use of wire tapping – there is a

substantial risk of finding implicating material in a wire tapping done for totally different purposes. In Italy, it is





80

absolutely the norm that from the wire tapping in an original investigation, there stems a proliferation of other

investigations. Thus, from a preventative standpoint, it is hard to anticipate who will be the subject of a future

investigation and what they can do to avoid it.

With regards to the measures to adopt in the event an investigation is opened, it should be noted that more

often than not the beginning is traumatic, as often the first notice of the investigation is the moment in which

the police begin searching the company headquarters and sequestering all documents that may be relevant. It

must be added that often such action is preceded by a significant period of wire tapping carried out to give the

investigators a clear picture of the situation. Frequently, the most significant results of investigations come from

analysis of the company server and the content of emails circulated in the company.

Consequently, with regards to the strategic choices to be made when an investigation begins, there is

no predetermined best practice as these can only be made on the basis of a clear picture of the elements the

investigators have acquired or may acquire. By far the best way to mitigate the impact of the investigation and

to set the stage for an agreement with the Judicial Authority is to “collaborate” with the investigators within the

limits in which it corresponds to the strategic vision and interests of the entity.

With regard to the possibility to avoid proceedings, the Italian criminal procedure system provides that at the

end of investigations, the Public Prosecutor must deposit all of the investigative acts and results and the entity

and its representatives have the right to have copies of all materials. This allows the results of the activity of the

accused to be analysed, to verify if there are documents useful for the defence to produce, and to present defensive

memoranda to the Public Prosecutor in an effort to have the proceeding archived instead of going forward.

Prof. Avv. Astolfo Di Amato is a Senior Partner at Astolfo Di Amato e Associati.


How to Avoid the Committing of Fraud and Corruption and to Mitigate the Relative Risks


Legislative Decree n. 231 of June 8, 2001, containing the “Regulations on the Administrative Responsibility of Legal

Persons, Companies, and Associations also those without Legal Status”, has introduced in Italy the responsibility

of entities for certain crimes committed by their administrators or employees.

At the heart of the discipline is the fact that entities must organise themselves in a manner so as to avoid that

certain crimes are not committed during the execution of the firm’s activities. Thus, the cited decree has introduced

a reversal of perspective into Italian law. Not only are certain crimes prohibited, but the entire corporate structure

must be organised in a manner so as to serve as a filter and means of preventing such crimes.

After all, the prevention of the determined crime is no longer merely a social obligation left to the good will of

those handling the accounts, but a precise legal obligation.

The violation of this legal obligation, resulting from the committing of crimes – including fraud and corruption





81

– can result in the application of severe sanctions against the entity, including pecuniary sanctions and expulsion

from the market (see Legislative Decree 231/2001, art. 9).

The existence of a legal obligation to be organised in a manner so as to avoid the crimes of fraud and corruption

and fulfilment of such obligation is evaluated on the basis of the precise parameters set forth in Legislative Decree

231/2001.

In particular, article 6 of the Decree fixes organisational rules that must be observed to avoid the committing of

the mentioned crimes and, in the event such crimes are committed, for the entity to avoid sanctions.

Specifically, it is necessary that:

• the entity adopts, before the committing of the crime, a model of organisation and management suitable to

prevent the crime subsequently committed;

• such model of organisation, once adopted, is effectively carried out and constantly supervised by an organ

with independent powers of initiative and control;

• the model is continuously updated in order to render it adequate to the evolution of the entity’s activities

and the execution of its affairs.

In any event, the law precisely prescribes how the model must be designed.

As set forth in the second paragraph of art. 6 of Legislative Decree 231/2001, the first step is to create a map

of risks. Thus, it is preliminarily necessary to identify all of those areas in which the relevant crimes could be

committed. For example, with regard to the crime of corruption, particularly relevant are those areas in which

cash is handled and where payments are made, areas involving promotion and marketing, and areas relating to

the stipulation of new contracts and the supply of goods or services to the Public Administration, etc.

Once the areas at risk to the committing of the determined crimes are identified, appropriate protocols must

be designed which allow a formalisation of the corporate decision making and implementation processes in the

aforementioned areas.

The independent supervisory organ must check that such protocols are effectively respected and verify that the

same are suitable to prevent the committing of the identified crime or if it is necessary to adjust the protocols to

make the preventive system more strict and effective.

For this purpose, not only is it necessary that the supervisory organ be given the appropriate powers, but also

those who operate in the areas at risk must be required to provide information to the supervisory organ so that it

is constantly informed on the activity of the interested area.

Finally, so as to guarantee the efficiency and effectiveness of the organisational model and to ensure compliance

by those who operate in the interested area, it is also necessary that an appropriate disciplinary system be put into

place which allows for the application of sanctions against those who fail to respect the behavioural protocols

established in the organisational model.

Obviously the organisational model must consider the risks of the specific enterprise; it can not be an abstract

model generically appropriate for all entities, but must be articulated taking into consideration the specific

operations of the interested entity.

However, this does not mean that as a basis for the development of the model, it is not possible to use those

models set forth in the codes generally prepared by the various industry associations. Such models, prepared by

industry associations, must be submitted to the Ministry of Justice, which has 30 days to issue its observations,



82

otherwise the model is considered generically suitable, subject to what was previously stated – namely that such

model must then be concretely adapted to the specific needs of the interested enterprise to render it suitable to

avoid the committing of crimes.

It must be added for sake of completeness, that the adoption of an adequate organisational model may also be

relevant subsequently to the committing of a relevant crime.

In fact, art.12 of Legislative Decree 231/2001 considers as a basis for the reduction of pecuniary sanctions

and for the exclusion of interdictive sanctions, such as expulsion from the market, the premise of adopting an

organisational model suitable to prevent crimes of the type as the one in question.

In other words, the legislator considers it worthy to reward the actions of the entity, which following the

committing of the crime, has indicated its repentance through the adoption of an organisational system to prevent

future committing of the crimes such as those already committed.



How to Carry Out an Internal Investigation


Determining when internal investigations are suitable is a particularly delicate subject, because if not carried

out so as to respect determined precautions, they can implicate rather than exclude the responsibility of the

entity.

In this regard, it is opportune to consider the three distinct types of internal investigations:

• investigations conducted by the top managers and therefore by the Administrative Organs of the

company;

• investigations conducted by the autonomous supervisory organ;

• defence investigations carried out by counsel to the company.

Investigations conducted by the top managers or Administrative Organs pose a double risk. Firstly, in the event

of a future investigation by the Judicial Authority, the investigation can be used to confirm that the entity and

its top managers were fully aware of the crimes committed and thus necessarily responsible. To this it must

be added that the investigative activity of the top managers has no limits of an organisational character, thus

it would be difficult to assert subsequently to the Judicial Authority there was no awareness of the committing

of the crime. Secondly, documentation produced during an investigation by an Administrative Organ is not

protected by privilege and therefore it is subject to discovery in the event of an investigation by the Judicial

Authority and can be used as proof both of the committing of the crime and participation by the entity and its

top managers.

The one area in which an investigation by the Administrative Organ or top managers of a company is useful is





83

when there is a clear and determined will to catch the perpetrator; where it emerges crimes have been committed

and there are unequivocal sanctioning measures, such as the firing of the guilty managers or reporting them to

the Judicial Authority.

If such will is missing, the internal investigation would result in the accumulation of material evidence against

the same entity and would reinforce the proof that, with knowledge that crimes had been committed, adequate

provisions were not adopted.

With regards to investigations conducted by the supervisory organ, these are useful as proof of effective

realisation of the adopted organisation model.

In fact, one of the requirements for an organisational model to be effective justification for the entity is that

the same is both effectively applied and that such application is the subject of control. Investigation by the

entity’s autonomous supervisory organ is suitable to confirm the effect as such application, and thus, reinforce the

effectiveness of the adoption of the organisational model.

Obviously, if the supervisory organ discovers the committing of crimes, there must be immediately adopted

adequate disciplinary measures against those who have violated the code of conduct. Additionally, the organisational

model must be modified to avoid the future committing of the crimes ascertained.

After all, investigations by the autonomous supervisors are fully in line with an organisational system designed

to avoid the committing of crimes. It must also be noted that investigations conducted by the supervisory organ

are not protected by privilege, thus the same are subject to discovery by the Judicial Authority in the event of an

investigation. Additionally, the members of the supervisory organ may be called to testify on the content and the

results of the investigations conducted and may not refuse to testify.

Finally, the third type of internal investigation must be mentioned: defence investigations carried out by the

counsel to the company. In this regard, it is necessary to recall that art. 327 bis of the Italian Code of Criminal

Procedure gives defence counsel the power to carry out investigations. It is well settled that such power is not

limited to those situations in which there is an investigation underway, but it is enough that the interested subject

maintains there is the risk of being the subject of a criminal proceeding in the future.

In this case, it is sufficient to nominate counsel in a written document, which remains with the attorney, without

the necessity of informing the Judicial Authority (see Italian Code of Civil Procedure art. 391 nonies).

Once the assignment is received, counsel has ample power to carry out investigations both directly and with

the assistance of substitutes or consultants. In particular, counsel may listen to testimony both freely and by

recording the declarations, arrange the carrying out of technical experiments, request documents, and create a file

containing all of the investigative activity carried out on behalf of their client.

Nevertheless, in the event of an eventual investigation by the Judicial Authority, the documentation must be

deposited with the same; however, counsel is free to chose – based on the defensive strategy – whether or not to

deposit the results of their investigations.

In any case, an investigation conducted by an attorney allows the acquisition of certain elements needed in

order to put together the facts, but avoids the risk of constructing a documentation system that would be used as

company proof in the event of a Judicial Authority investigation.

To this discussion must be added a further point of significant importance: counsel is protected by privilege.

Thus, according to Italian Criminal Procedure, counsel can not be called as a witness and has the right to abstain

from responding. Moreover, the acts prepared by the attorney and, therefore, the documentation relating to the



84

interviews, experiments, etc. are not subject to search and seizure. Only other documents counsel has acquired

from the entity or third parties may be seized.

Lastly, it must be mentioned that counsel may not be object of wire tapping with respect to conversations with

clients.






www.executiveview.com | Spain

85

Economic Decline and White Collar Crime

BY LUIS VERICAT ROGER AND RAMÓN SEOANE LACAYO | CREMADES & CALVO-SOTELO, SLP

Although it is widely accepted that the harmful effects of white collar crime have contributed to the current

economic crisis, a spike in this kind of illicit activity does not necessarily have to occur as a result of financial

decay. White collar crime schemes are not simply gains oriented. Among other motivations, white collar crime

perpetrators, as respectful individuals who are successfully integrated in society, may operate out of covet, a

competitive personality, or merely corporate obedience.

In accordance with rational choice theory, apart from a motivating force, criminal actions demand suitable

means and an appropriate opportunity. Thus, on one hand, expertise and specialisation are the common resources

of the sophisticated offender committing a complex crime. The chance to commit such crimes often emerges from

the privileged position held by the wrongdoer.

Regardless of the economic situation, as long as the European Union maintains its intricate economic aid

systems regarding the Common Agriculture Policy, and as long as its members apply different VAT rates, chances

are that white collar crime rates will remain the same.

A wide range of offences are included in the vague concept of white collar crime, and we find no reason to

expect a sharp increase in the occurrence of certain offences not directly linked to the malefactor’s purchasing

power. For instance, amid the so called white collar offences scattered throughout the Spanish Criminal Code,

corporate frauds typically committed by insiders are unlikely to rise as they have not experienced any prejudice

as a consequence of the crisis.

Studies by the General Council of the Spanish Judiciary have shown that the criminal effects resulting from

particular economic conditions emerge later than civil or labour controversies. Data from the judiciary’s governing

body show that, although bankruptcy procedures are expected to double in 2009 and labour dismissal procedures

are expected to experience a 64% increase, criminal procedures are predicted to rise a mere 10%. However, these

are general figures, which take into account various kinds of criminal procedures, so they can only be considered

indicative of trends in white collar crime.

That said, every company’s goal is revenues maximisation so that it can be reasonably inferred that unlawful

activity increases when gains supplying legitimate means are blocked. As stated in the Updating of the Tax

Fraud Prevention Plan, elaborated in November 2008 by the Spanish fiscal regulatory enforcement body, the

Tax Administration Agency (Agencia Estatatal de Administración Tributaria), the current economic climate

demands that legal compliance bodies should be extremely cautious when fighting tax evasion. Special attention

is placed on the dealing of products over which the Spanish state exerts a market monopoly, such as cigarettes.

S P A I N


Spain | www.executiveview.com

86

Smuggling is regulated out of the Criminal Code on the Organic Law 12/1995.

Failure to comply with tax obligations not only damages public funds but also the market, as law abiding

companies are competing with companies that have not paid due taxes. Criminal Code Title XIV is devoted

to crimes against the Treasury and the Social Security. Generally speaking, for a misconduct to be criminally

prosecuted, the fraud has to surpass €120,000, unless the crime had been committed against the EU where the

threshold is €50,000. Lower evasions are considered administrative violations without provision for prison

penalties.

Due to the present reluctance of credit institutions to issue credit unless a potential debtor manages to

guarantee its solvency, special focus should be placed on offences conducted to reach those resources denied as

a consequence of the current financial distrust.

Before discussing credit institutions embezzlement, it is worth mentioning what is known as timo del

nazareno, or suppliers embezzlement. According to Spanish Supreme Court Judgment 37/2007, the archetypal

misbehaviour involves the creation of an apparently real company that places progressively larger orders to

suppliers which are not intended to be paid. The delivered goods or the rendered services are paid through deferred

methods or payment (bill of exchange) to be immediately sold at low prices. The company then disappears, having

not met due payments.

In terms of banking embezzlement, the most common variations include credit fraud consisting of the

submission of fake data for the company to appear to be solvent and so be granted a credit. Despite the potential

for documents falsification offences, criminal courts are applying the “auto-protection duty doctrine” which

requires the bank to be diligent when assessing a candidate’s solvency (public registers checking).

White collar criminals are also expected to resort to other methods, including bank discount of commercial

documents and bills of exchange lacking real underlying transactions. By virtue of a discount contract, a credit or

a security is assigned by its possessor to a bank that pays it in advance, applying certain deductions or discounts.

The prejudice emerges when the credit institution fails to make the credit effective because the discount does not

correspond to any commercial or financial operation whatsoever. Falsification is commonly alleged regarding the

document’s signature.

We will devote our final reasoning to crimes whose rate of occurrence is likely to decrease rather than escalate

in the current economic framework. We refer to misconducts typically performed by investment firms that

unlawfully benefit from both their clients’ saving capacity and confidence.

A recent survey carried out by a European bank to assess the impact of the crisis on household finances revealed

that 32% of Spanish people had lost saving capacity in the last six months. Additionally, 52% of Spanish investors

now choose deposits offered by consolidated credit institutions as their favoured financial instruments. This lack

of liquidity and risk aversion can lead to cuts in misbehaviours usually committed by investment companies,

such as Spanish investment firm Gescartera, whose directors were convicted of falsification and misappropriation

charges last year.

Another landmark case, still at pre-trial proceedings stage, involves two of the apparently most solvent

companies in the tangible goods investment sector Afinsa and Forum Filatélico. The Anti-Corruption and

Organised Crime Prosecution Service has promoted an investigation that has already resulted in the indictment

of several officers and directors of both firms. They have been charged with fiscal fraud, money laundering,

misappropriation and falsification. The supposedly pyramid scheme fraud was based on the use of the most



87

recent investments to satisfy former investors’ interests. The 200,000 small investors affected were attracted

by the promise of an interest rate of the 6% and the revaluation of their products. The operations never took

place and new clients did not receive any stamp.

Luis Vericat is a Partner and Ramon Seoane is a Junior Associate at Cremades & Calvo-Sotelo, SLP.


Prosecuting White Collar Crime

BY LUIS VERICAT ROGER AND RAMÓN SEOANE LACAYO | CREMADES & CALVO-SOTELO, SLP

The recent development of Spain’s economy, notwithstanding the relentless financial crisis, has created suitable

conditions for white collar crime to proliferate, especially within certain businesses like housing and banking. At

the same time as a large number of Spanish citizens found they could own a house and invest in the securities and

commodities markets, white collar schemes were conceived to take advantage of all that wealth.

Effectiveness and efficiency are more likely to be achieved through specialisation. This not only applies to

industrial procedures or managerial strategies but also to deceitful and illegal practices carried out by those who

make the most of their privileged position and expertise within corporations.

Along with other non-criminal measures like the prompt transposition of the MiFID Directive, which aims to

strengthen investor protection, the Spanish Administration has considered certain initiatives where necessary to

successfully prosecute white collar or commercial offences in the criminal arena.

Taking into account the scarce resources of the Spanish judicial system, the Spanish Administration has

considered specialisation as the wisest choice to counteract complex and resourceful criminal strategies committed

by white collar criminals.

As asserted on the preamble of Law 24/2007, amending Law 50/1981, regulating the Organic Statute of the

Prosecution Service, the new crime varieties are to be tackled through a higher degree of specialisation on the part

of prosecuting bodies. Since the entry into force of this law, the concept of a Special Prosecution Service is used

to refer to the Anti-Corruption and Organised Crime Prosecution Service (Fiscalía Anticorrupción y contra la

Delincuencia Organizada).

Apart from coining the Special Prosecution Service terminology, Law 24/2007 carries out a necessary

accounting task outlining and detailing the scope of activity of the Anti-Corruption and Organised Crime Special

Prosecution Service.

Pursuant to article 19.4 of Law 50/1981, the Anti-Corruption and Organised Crime Special Prosecution

Service will undertake legal proceedings in criminal actions, provided they are considered to be serious enough,

dealing with, among others: (i) tax, social security offences and smuggling; (ii) breach of official duty; (iii) insider

trading; (iv) public funds misappropriation; (vi) fraud; (vii) undue influence; … (x) bankruptcy involving criminal

negligence or malpractice; … (xii) industrial and intellectual property offences; (xiii) corporate fraud; and (xiv)

money laundering.





Spain | www.executiveview.com

88

The Anti-Corruption and Organised Crime Special Prosecution Service does not fight on its own. It is aided

by several Supporting Units whose personnel are being gradually increased. It is worth mentioning here the role

played by the Tax Administration Agency Supporting Unit (Unidad de Apoyo de la Agencia Estatal Tributaria),

the Spanish Administration General Intervention Unit, and the National Police and Civil Guard Supporting Units.

Law 50/1981 also provides a time extension for investigations pursued by this Special Prosecution Service, up to

12 months unless extra time is granted by the Chief State Prosecutor.

In 2007, the Environmental Sections of the Prosecution Service were formed to enagage in issues related

to environmental and urban development crime. The Environmental Prosecution Service has entered into

several collaborative agreements with other public bodies, such as the Registrars Association and the Architects

Associations.

Authorities are also aware of the amount of money generated by white collar crime operations, and are focused

on the revenues resulting from this misbehaviour. An effective response to commercial crime should not be

limited to chasing perpetrators. On the contrary, the prosecution of offenders should involve proven asset forfeiture

policies. It is essential that violators are deprived of ill-gotten gains to prevent organised crime to avail of the huge

resources that would eventually enable them to pursue infringements in a more sophisticated fashion.

In accordance with this reasoning, article 367 of Criminal Procedure Rules – based on the wording of Law

18/2006 on the effectiveness of freezing and evidence securing resolutions in criminal procedures within the

European Union – entitles Prosecutors to ask the Court, before a sentence is passed, to realise those forfeited goods

whose maintenance or preservation may be dangerous or whose value may decrease. Prosecutors will promote the

opening of separate proceedings to implement this realisation where those interested, generally the owner, will be

allowed to plead what he considers to be proper. The money resulting from the sale will be provisionally deposited

in the Court’s Deposits and Consignations Account so that it will only be definitely assigned to the Spanish State

in the event of final conviction beyond appeal.

The Criminal Code also contemplates the possibility of the goods being temporally used by Judicial Police

fighting illegal drug dealing, provided that the effects had been seized as consequence of a drug dealing criminal

procedure.

Finally, allusion should be made to several significant cases that were thoroughly analysed by the Spanish

media due as they affected collective and diffuse rights. The so called Caso Gescartera sentence was passed by

Audiencia Nacional on the 25 March 2008. Eight people were convicted of misappropriation and falsification.

It was proved that dishonest administration and diversion of customers’ funds had been undertaken by the

investment firm. The managing director and three other directors were found guilty of these counts. The tax

adviser, the chairwoman and two other people from a bank were considered accomplices.

The offence is especially serious due to the huge amount diverted and the fact that the indicted people abused

their professional credibility. Fixed income products lacking underlying assets were sold and massive share trading

was performed assigning losses to a straw man.

It was also proved that the inspection task carried out by the Spanish Securities and Exchange Commission

was willingly obstructed by the accused, who also used fake foreign documents to certify guarantees, deposits,

balances and investments. Subsidiary civil responsibility was assigned to the mother company and the other

companies of the Group. The investment guarantee fund was also present in the case, claiming the amounts that

had been anticipated to the fraud victims.



89

The so called Caso de las Cartas Nigerianas scam had cross-border implications, and was also known as the

Spanish National Lottery Fraud. The target receives a letter from the Spanish National Lottery claiming he or she

has won a huge prize in a special promotional lottery. The letter looks legitimate, complete with official logos and

contact information. It also includes a form from the bank where the money is supposedly being held. To receive

the money, all you recipient needs to do is pay Spanish taxes, between 0.5 percent and 2 percent of the winnings,

fax the completed claim forms with personal and banking information, and wire the money within a couple of

days. Recent Spanish Police activity resulted in 300 arrests, 150 searches, and the seizures of nearly 2000 cell

phones, hundreds of computers and fax machines and plenty of fake documents.

Luis Vericat is a Partner and Ramon Seoane is a Junior Associate at Cremades & Calvo-Sotelo, SLP.






Switzerland | www.executiveview.com

90

Some Aspects of Data Protection Law in Switzerland: Monitoring Employees and Being Monitored as an Employer

BY DR. CLAUDIUS TRIEBOLD AND MARCEL SCHAAD | EVERSHEDS SCHMID MANGEAT LLP

Monitoring employees

Emails and internet often increase the productivity and quality in the business environment, but when used

for private purposes at the work place, they can also bear the risk that the efficiency is reduced and the

business data flow endangered or even blocked. Further, visiting illegal webpages or disclosing business

secrets by employees can lead to a bad reputation or to legal and economic consequences for the employer.

What if the employer, who has the instruction right and must monitor his business and the employees for

operational and security purposes, has the suspicion that an employee acts illegally at work? Can he get

access to the employee’s personal data to get evidence? Or is he supposed to immediately initiate criminal

proceeding? His need for clarification regarding illegal practices can collide with the employee’s interests for

privacy and secrecy.

The law says that the employer is obliged to protect the employee’s individuality (art. 328 Swiss Code

of Obligations “CO”) and to uphold the employee’s secrecy and privacy. If the employer suspects that an

employee acts illegally (e.g. discloses business secrets), he can only get lawful access to the personal data, if

two requirements are fulfilled: (i) the existence of a justification (art. 13 Swiss Data Protection Law); and (ii)

concrete suspicion elements of an offence. The justification can either be an explicit consent or the employer’s

or public predominant interests. In case those requirements are not sufficiently fulfilled, the employer risks

acting in a criminal way.

In general, the Swiss Data Protection Law does not allow the employer to open and read incoming or outgoing

private or perceivably private emails. He is allowed to supervise the employee’s compliance by monitoring the

recipient’s addresses used, but a systematic monitoring of the contents of the correspondence of the emails

(for instance by way of a content scanner) is not allowed. In case of suspicion, the employer could safeguard

the emails and submit them to the criminal authorities. The Swiss Federal Data Protection Commissioner

recommends informing the employee and ask for consent and/or cooperation before submitting such emails.

The same regulations also apply in connection with the recording of private phone calls or with private letters.

Yet, according to the explanations by the Swiss Federal Data Protection Commissioner, it is for example not

enough to write the personal name in front of the company name to make a letter private. The address must

include “private” or “personal”, unless it is obvious that the letter is private due to its colour, size, etc.

In practice, three situations very often turn up:

S W I T Z E R L A N D


www.executiveview.com | Switzerland

91

• The employee is previously informed and has accepted the employer’s access to his private data;

• The employee does not accept the access to its private emails and the responsibility of the employer

is transferred to the criminal authority; the emails will then be accessed by forensic computing

scientists;

• The employer gets access to the private data without acceptance and without prior information of the

employee and without the necessary authorities. In this case, the employer is at risk of being subject to

criminal prosecution. Ultimately, the court will have to balance the various interests in accordance with

the principle of proportionality and will have to assess the facts on a case by case basis.

If the employer illegally monitors the employee, he may face criminal and/or civil charges (inter alia, art. 179

et seq. Swiss Penal Code and art. 15 and 25 Data Protection Law). Moreover, the dismissal based on such illegal

information gathered through illegal monitoring may be challenged as being abusive.

Being monitored as an employer (whistle blowing)

Whistle blowing means that an employee communicates unethical or illegal practices of another employee or of

the employer, either internally or externally towards the public, the media or specific authorities.

In the US, after the Enron case, the notion is enrooted that the individual employee can contribute

substantially to the fight against unethical and illegal practices. For instance, the Sarbanes-Oxley Act explicitly

provides for a whistle blowing system and the protection of the whistle blowers. Further, if a Swiss company

is listed at a US stock exchange, its audit committee is required by law to establish procedures for the receipt,

retention, and treatment of complaints received by the company regarding accounting, internal accounting

controls or auditing matters. It also has to establish procedures for the confidential, anonymous submission

of concerns regarding questionable accounting or auditing matters by employees of the company. Hence, most

such companies have initiated an anonymous whistle blowing hotline.

So far, there are no explicit provisions in Swiss law similar to the US whistle blowing schemes, although

this was taken into consideration by the Swiss Banking Commission for banks and brokers, but was ultimately

dropped.

However, since the requirements in connection with corporate compliance have very much increased in

the past few years, an efficient whistle blowing system can contribute to the compliance and help to improve

the internal control system to prevent fraud, corruption and other criminal offences. Moreover, this should be

considered, because, since March 2003, companies can be held criminally liable according to the Swiss Penal

Code. A felony or offence shall be attributed to the company if committed while it exercises a business activity

within its scope and if, due to the deficient organisation of the company, such act cannot be attributed to an

individual. For numerous severe offences, the company can even be held criminally liable independently of

and parallel to the criminal liability of the employees. Hence, the company has a true interest that employees

disclose unethical or illegal actions.

There are several data protection issues in connection with the setting up of such a whistle blowing system.

For instance, a company should not share personal data with another company within the same group.

Quite often, employees having disclosed unethical or illegal practices, face the risk of being mistreated or



92

even dismissed. Hence, it is currently being discussed in the Swiss parliament whether Swiss labour law should

set up better protection of whistle blowers.

Dr. Claudius Triebold is a Partner and Marcel Schaad is an Attorney at Law at Eversheds Schmid Mangeat LLP.


Criminal Liabilities in the Course of Swiss Bankruptcies

BY DR. CLAUDIUS TRIEBOLD AND MONIKA MCQUILLEN | EVERSHEDS SCHMID MANGEAT LLP

Bankruptcies are often accompanied by criminal prosecution of executive management. The following contribution

gives an overview of a selection of criminal liabilities that executive managers may face, sometimes unprepared.

Contrary to the often related civil charges such criminal liability cannot be insured, but constitutes a personal risk

to each executive manager involved.

The most relevant provisions in connection with white collar crime can be found in the Swiss Penal Code and

social security law, and are linked to bankruptcy and competition law as well as the Swiss Code of Obligations. The

overall intention of such legislation is to protect the assets of shareholders and creditors.

Typically the criminal offences at issue in this article are committed in the forefront of bankruptcies. Unless

bankruptcy is filed, such offences will not be prosecuted. In other words: Filing for bankruptcy is an objective

condition precedent to criminal liability.

Following are some examples for management decisions and acts that could reveal to be a crime.

Failure to rectify detected offences of employees. Once the company files for bankruptcy, the trustee of

the estate usually scrutinises management activities and decisions as to potential liabilities. In the event that

management had discovered irregularities of employees constituting a crime under bankruptcy law, and decided

to keep such offence confidential rather than to take measures of rectification, the responsible manager may be

charged with a personal criminal liability.

Misappropriation of social security contributions. Pursuant to the Swiss Pension Act, a Swiss employer is

subpoenally obliged to deduct social security contributions from the employees’ salaries and to transfer such

contributions to the Social Security Administration. The Swiss Federal Court ruled that a director of a company

who was aware of the company’s financial difficulties, and anyway continued to pay out full salaries to its employees

without making the legally required payments to the Social Security Administration, acted in gross negligence

(BGE H 29/04). As a consequence, the director was not only personally liable for redemption of all outstanding

social security payments, but also faced criminal charges.

Preferential payments to creditors despite illiquidity or over-indebtedness. Under the aspects of corporate

governance, payments to creditors should be particularly monitored in times of financial difficulties or reduced

cash flow. Pursuant to the Swiss Penal Code, the executive management and/or directors of a company will be

criminally liable if payments are effected to creditors in a preferential way, even though they knew of its illiquidity

or over-indebtedness. If the responsible manager or director cannot be identified, the company itself will be






93

convicted to a fine up to CHF 5 million. In addition, creditors who were discriminated against may file civil claims

against the executive management to recover any preferential payment to the extent of the entitlements.

Mismanagement. A great variety of acts or failures constitute criminal liability for mismanagement pursuant

to the Swiss Penal Code. Any delay of filing bankruptcy may lead to a further reduction of the company assets,

which the executive management, directors and auditors can be held responsible for. The Swiss Federal Court

found the sole director of a company guilty of mismanagement because timely filing of bankruptcy would have

prevented a total loss for the company’s creditors (BGE 127 IV 110). According to the court, the director should

have recognised that the plan for recapitalisation was indeed insufficient and did not justify the delayed filing for

bankruptcy. The director was found guilty of mismanagement.

As a consequence, it is recommended that executive management and directors carefully review any plans for

recapitalisation, search for professional help and if in doubt, file for a petition of bankruptcy combined with a

request of stay of bankruptcy proceedings to evaluate any potential for recapitalisation.

Inappropriate accounting systems. Any company and its management are obliged to be compliant with

appropriate accounting standards and to keep financial and other records. The applicable Swiss Regulation leaves

it to the company’s discretion, whether its accounting system incorporates supplemental accounting systems, e.g.,

for creditors/debtors. However, in case of bankruptcies the sufficiency of the bankrupt company’s accounting

systems will be carefully analysed by the trustee of the estate. If a supplemental accounting system would have

been required in view of the size and complexity of the company’s transactions, the management may be faced

with criminal charges under the Swiss Penal Code. It is worth noting that mere negligence is sufficient to constitute

criminal liability in this respect.

The aforementioned examples show that white collar crime is an omnipresent risk compromising the good

standing of companies, and its executive management and directors. Corporate Governance in accordance

with the “Swiss Code of Best Practice” should therefore provide for an internal risk management system. The

merits are not only risk reduction. If it comes to proceedings, Swiss courts tend to consider an appropriate Risk

Management System as an effort to prevent crime and are less adamant to assume that insufficient supervision

was an incriminating support factor of white collar crime.

Dr. Claudius Triebold is a Partner and Monika McQuillen is a Senior Associate at Eversheds Schmid Mangeat LLP.







94

Administrative Assistance in Tax Matters – Present and Future Challenges for Switzerland

BY SIMONE NADELHOFER | NATER DALLAFIOR

On August 19, 2009, Swiss bank UBS and the Internal Revenue Service (IRS) signed a settlement agreement regarding

the pending IRS/UBS case, thus putting an end to one of the biggest cross-border tax disputes in history. According

to a parallel agreement between the US and Switzerland, the IRS will submit a request for administrative assistance

based on the existing US-Swiss Double Taxation Treaty, seeking information relating to certain UBS accounts of US

persons. It is expected that approximately 4,450 accounts will be provided to the IRS in response to this request.

This contribution describes the main features of administrative assistance proceedings based on tax treaties from

a Swiss perspective.

Legal Instruments for the International Exchange of Information in case of Tax Offences

In its international relations, Switzerland has two ways of exchanging information in case of tax offences.

The information exchange can take place between justice authorities within the framework of mutual legal

assistance proceedings in criminal matters. Or information can be exchanged between tax authorities by way of

mutual administrative assistance on the basis of bilateral double taxation treaties (DTT), as will be the case in the

UBS/IRS deal.

For the foreign state, a request based on a DTT has a clear advantage over mutual legal assistance in criminal

matters: due to the so-called principle of specialty, information on tax offences transmitted via mutual legal

assistance may only be used for criminal tax proceedings. As opposed thereto, information obtained through mutual

administrative assistance may also be used by the foreign tax authorities for the administrative taxation procedure

giving rise to the criminal tax proceedings.

Principle of Double Criminality

Most of the DTTs signed by Switzerland are based on the OECD Model Tax Convention on Income and on Capital ,

which provides for the exchange of information between contracting States in its article 26. Years ago, Switzerland

made a strict reservation on this provision. However, the reservation was relaxed in 2005, such as to allow for the

exchange of information in cases of tax fraud subject to imprisonment as defined by both contracting States. This is

what we call the principle of double criminality.

This rule has important consequences in the framework of tax offences under Swiss law, since a distinction is

made between tax evasion and tax/duty fraud. Traditionally, Switzerland grants assistance in tax matters only when

the foreign procedure involves elements of an offence tantamount to tax/duty fraud in Switzerland. Pursuant to

Swiss law, duty and tax fraud are misdemeanors and involve the use of willful deceit for the purpose of evading

taxation (duty fraud) or the use of false or falsified documents or documents with untrue content such as account

books, balance sheets, profit and loss statements, or wage statements and other certifications by third parties (tax

fraud). It is important to note that a tax return is not itself considered a “document”.

As opposed thereto and in light of the lesser gravity of tax evasion from a Swiss point a least, all forms of mutual

legal and administrative assistance are excluded in case of tax evasion. This corresponds to the fact that under



95

domestic law, tax evasion is prosecuted by the cantonal administrative authorities without application of coercive

measures and without lifting of bank secrecy. Tax evasion occurs when a taxpayer willfully or negligently fails to

submit a tax return or submits an incomplete tax return, so that an assessment is improperly omitted or a final

assessment is incomplete.

Exception: Serious Tax Offences are also Covered in Case of DTT Requests from the US

According to the DTT in force between the US and Switzerland, the term “tax fraud or the like” is not restricted to

conventional forms of fraud involving falsified documents or schemes of lies. Information may also be obtained with

regard to serious tax offences, specifically the continued evasion of large sums of tax. Under the applicable DTT

between the two states and in light of the latest practice of the Swiss Federal Administrative Court in relation with

UBS accounts held by offshore corporations controlled by US-persons, account information may also be released even

if the IRS does not yet know the name of the bank client concerned when it submits its request (fishing expedition).

Procedure to be followed in case of DTT requests

Mutual administrative assistance in tax matters is the responsibility of the Swiss Federal Tax Administration (SFTA).

Based on a request from a foreign tax authority pursuant to a DTT, the SFTA will make a preliminary review of the

request. If sufficient probable cause has been shown for the suspicion of tax or duty fraud or, in the case of the US, of

serious tax offences, the SFTA gathers the necessary information to be transmitted to the foreign state. It may order

coercive measures such as seizure of records by the police. Bank secrecy is lifted in such cases.

The affected party has the possibility of contesting the decree issued by the FTA concerning the information to

be transmitted to the foreign authority by filing an appeal with the Swiss Federal Administrative Court. The Court

renders a final decision on the permissibility and scope of the information to be transmitted. The decision may not

be appealed to the Federal Supreme Court.

Administrative Assistance in Tax Matters in the Future

On 13 March 2009, the Swiss Government offered to adopt the OECD standard on administrative assistance in tax

matters (article 26 OECD Model Tax Convention) within the framework of DTTs. The decision followed pressure

on Switzerland from other OECD member countries to ease its strict banking secrecy laws. According thereto, the

distinction between tax evasion and tax fraud will be abolished in cases of assistance sought under a DTT. In return,

Switzerland will seek to enforce stricter requirements to avoid fishing expeditions, e.g., the requirement to identify

the name of the taxpayer will certainly be one of the key requirements.

However, the distinction between tax fraud and tax evasion will remain so long as the existing treaties have not

been renegotiated, and notwithstanding, it will cover only facts occurring after the revised DTT enters into force.

Up to now Switzerland has signed 11 amended DTT (Denmark, Luxembourg, France, Norway, Austria, Britain,

Mexico, Finland, Faeroe Islands, Spain and USA) and negotiated new treaties with other countries.

Simone Nadelhofer is an Attorney at Law in Zurich.





Sweden | www.executiveview.com

96

Money Laundering Reports Increase in Sweden

BY NICLAS ROCKBORN AND NILS UNCKEL | GERNANDT & DANIELSSON ADVOKATBYRÅ KB

The number of transaction reports in relation to suspected money laundering more than doubled in Sweden during

last year compared to 2007, according to a report from the Swedish Financial Intelligence Unit (Finanspolisen),

one of the intelligence units of the Swedish National Criminal Police (Kriminalpolisen) within the National

Police Board (Rikspolisstyrelsen). According to the report, the number of reported suspected transactions in

Sweden increased with 116% during 2008 which constitutes a total of 13,048 reported cases. In total, the reported

cases added up to approximately SEK 10 billion during 2008, to be compared with SEK 4 billion during 2007.

Investigators of the Swedish Financial Intelligence Unit attribute the rise to improved awareness and reporting

routines by the institutions covered by the Act on Measures Against Money Laundering and Terrorism Financing

(lagen (2009:62) om åtgärder mot penningtvätt och finansiering av terrorism), also known as the Money

Laundering Act.

Money laundering and terrorism financing is criminalised in Sweden through the Money Laundering Act which

contains regulations regarding customer identification as well as other obligations that apply to a wide range of

financial institutions, including credit institutions, insurance companies, investment firms, fund management

companies, money exchange and money transfer business. Sweden has recently implemented the third EU Money

Laundering Directive (Directive 2005/60/EC of the European Parliament and of the Council of 26 October 2005

on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing).

Sweden in general is considered to be a safe country and not a major money laundering or terrorist financing

centre. However, as for any developed financial centre, Sweden’s financial sector is vulnerable to money laundering

and terrorist financing.

Improved Numbers

The increase of reported transactions related to suspected money laundering can be explained by a number of

factors. Firstly, the increase can be explained by the fact that Swedish banks and other financial institutions have

improved their reporting routines related to money laundering. According to the report it is not likely that the

crimes related to money laundering have increased. However, the crimes relate to larger amounts of money and

the profits from such crimes are increasing. As a consequence, it is essential to prevent criminals from accessing

laundering money through, for example, financial institutions. Another explanation for the increase may also

relate to expanded rules on forfeiture which came into force during 2008 which improved the conditions for

the Swedish State Police (Polisen) in their work to seize criminal’s profits of crimes and other assets. Rules on

S W E D E N


www.executiveview.com | Sweden

97

forfeiture are found in the Swedish Penal Code (Brottsbalken) and in special penal laws. The provisions provide

for criminal confiscation of the proceeds of any crime with a penalty of at least one year (which covers money

laundering offences).

Reported transactions related to suspected money laundering from Swedish banks increased during 2008 –

7,232 transactions were reported compared with 1,310 reported transactions during 2007. Swedish banks have, for

several years, worked extensively on improving their routines in relation to money laundering, including routines

for discovering, reviewing and reporting suspected money laundering transactions. Several Swedish banks have,

for example, procured intelligent detection systems. As a consequence, the Swedish banks have improved their

ability to detect anonymous transactions – i.e., transactions without physical contact between the customer and

the bank – to a greater extent than before.

As stated above, the reported cases added up to approximately SEK 10 billion during 2008, to be compared

with SEK 4 billion during 2007. This increase could be explained in that the reported transactions comprehended

large amounts.

Reports from Cash-intensive Industries, etc.

In its report, the Swedish Financial Intelligence Unit points out that several institutions covered by the Money

Laundering Act have difficulties with their internal procedures and policies to prevent money laundering and

terrorist financing. Institutions subject to the Money Laundering Act are obligated to establish internal procedures

and policies to prevent money laundering and terrorist financing. These internal procedures should include,

inter alia, record retention, the detection of unusual and suspicious transactions and routines for the reporting

obligation. Approximately 15,000 institutions in Sweden are covered by the Money Laundering Act, however, only

1% of the institutions actively report suspected transactions related to money laundering. It is uncertain whether

the limited reported transactions are due to ignorance or lack of interest from institutions that are subject to the

Money Laundering Act. Either way, the Swedish Financial Intelligence Unit considers this to be an issue that

needs to be resolved in the future.

The Financial Police stress that cash-intensive industries do not fulfil their reporting obligations pursuant

to the Money Laundering Act. During 2008, Swedish casinos reported in total 145 suspected money laundering

transactions, car dealers reported 17 cases and auditors reported only two cases while real estate agents did not

file any reports during 2008. Indeed the use of cash is limited in these industries in order to reduce the risk

of money laundering as well as robbery. However, there are most likely more transactions related to suspected

money laundering in cash-intensive industries than reported. A new supervisory authority will be established

during 2010 for the purpose of changing this negative trend. This supervisory organisation will supervise and

monitor the cash-intensive industries.

Future improvements

The Financial Police’s report states that the Money Laundering Act has shortcomings that need to be improved

and that the institutions have to improve their compliance with the Money Laundering Act.

In order to promote full compliance with the existing regulations and to improve the knowledge about money

laundering and terrorist financing, supervisory authorities should engage with the institutions covered by the

Money Laundering Act. Co-operation between private and public authorities involved is necessary for an effective



98

control of money laundering and terrorism financing. To further facilitate the supervision of institutions, the

Financial Police intends to improve its technique regarding filing of cases. An internet based reporting system

is highly prioritised from the Financial Police’s point of view and is expected to be put to use during the fall of

2009.

Niclas Rockborn is a Partner and Nils Unckel is an Associate at Gernandt & Danielsson Advokatbyrå KB.


Implementation of the EC Money Laundering Directive in Sweden – an Overview


On March 15, 2009, a new anti-money laundering act came in to force in Sweden, the Act on Measures Against

Money Laundering and Financing of Terrorism (lagen (2009:62) om åtgärder mot penningtvätt och finansiering

av terrorism), implementing the third EU Money Laundering Directive in Sweden. The Money Laundering Act

replaces the former Act on Measures Against Money Laundering (lagen (1993:768) om åtgärder mot penningtvätt)

and the Act on Criminal Responsibility for particularly Serious Crimes in some cases (lag (2002:444) om staff

för finansiering av särskilt allvarlig brottslighet i vissa fall). The scope of the Money Laundering Act is wider

than its predecessor and also covers regulations regarding measures against financing of terrorism. In addition

to the Money Laundering Act, the Swedish Financial Supervisory Authority (Finansinspektionen) (FSA)

has issued regulations/guidance applicable for financial institutions. These regulations/guidance contains

elements (regulations) that are directly binding and enforceable, and other elements (general guidelines) that

are indirectly enforceable and subject to sanctions where the institutions is also failing to conduct its business

in a sound manner.

The Money Laundering Act, inter alia, introduces elements of a risk-based approach, addresses areas such

as beneficial ownership and enhanced and simplified due diligence and introduces new elements of enhance

reporting obligations and stricter observation rules. This overview outlines the main areas of the Money

Laundering Act.

Scope of Application

The former Act on Measures to Prevent Money Laundering was applicable, inter alia, to undertakings that

conducted banking and financing business, securities business, and other business subject to the supervision of

the FSA. The new Money Laundering Act widens the scope of application to businesses and professional persons

beyond the financial sector such as registered public accounting firms, real estate agents, casinos, notaries and

other independent legal professionals and other natural or legal persons trading in (all) goods, to the extent that

payments are made in cash in an amount of €15,000 or more.






99

Know Your Client

The Money Laundering Act increases the demands on institutions and persons to which the Money Laundering

Act is applicable.

It provides that undertakings must control the identity of any person who wishes to start a business relationship

with the undertaking. Such a control shall be performed by a risk based approach and the undertaking shall, in

order to get to know the client, apply due diligence measures: (i) when establishing a new business relationship;

(ii) when partaking in an occasional transaction over €15,000; (iii) where there is suspicion of money laundering,

or terrorist financing regardless of the threshold; or (iv) where there are doubts as to the adequacy of information

provided. The risk based approach implies that proportionate procedures should be designed based on assessed

risk. Higher risk areas shall be subject to enhanced measures, for example in relation to distance clients or for

transactions or business relationships which involves a politically exposed person. However, in instances where

risks are low, simplified or reduced controls may be applied. Examples of such situations are when the client is a

Swedish authority or a listed company within the EEA. If there is any doubt as to whether information received

regarding a client is correct or adequate, a new identification must be made.

In addition to the above, reasonable arrangements must be made to understand a company’s control structure

and the beneficial owners must be identified. Further, the client relationship must be monitored on an ongoing

basis, including keeping documentation and other information on the client updated. However, an undertaking

may, under certain conditions, use and rely on information regarding a client obtained by another undertaking

governed by the Money Laundering Act.

Institutions or persons covered by the Money Laundering Act shall keep the information obtained through

client due diligence for at least five years. Thus, an undertaking shall know its client, their business and the purpose

of the transaction when initiating a business relationship. This means that clients shall answer more questions

than was necessary under the former Swedish Act on Measures Against Money Laundering. To Swedish clients,

which are used to a more lenient treatment, this might seem a bit intrusive.

Reporting Obligations

The Money Laundering Act contains a requirement that institutions or persons covered by the act shall scrutinise

transactions in order to detect suspicious transactions related to money laundering or terrorist financing. If

suspicion remains after a closer analysis or investigation of the transaction, the undertaking has an obligation

to report all information of the transaction to the National Police Board (Rikspolisstyrelsen) without any delay,

and, if possible, the transaction shall not be executed. Should it be impossible to cancel a transaction, or should

cancellation obstruct further investigation of the money launderer, the transaction may be executed and the

National Police Board shall be informed immediately afterwards.

The institutions and persons covered by the Money Laundering Act shall not disclose to the client concerned or

to other third persons the fact that information has been transmitted in accordance with the reporting obligation.

Internal Procedures and Policies

Institutions or persons covered by the Money Laundering Act are obligated to establish internal procedures and

policies to prevent money laundering and terrorist financing. These internal procedures should include routines



100

regarding:

• client identification;

• reporting;

• filing registrations;

• internal control;

• risk assessment;

• risk management;

• management control and communication; and

• educational programmes for employees to prevent money laundering and terrorist financing.

Supervision

Institutions or persons covered by the Money Laundering Act are supervised by different supervisory authorities.

There are, inter alia, three county administrative boards in different geographical regions in Sweden and several

other specialised supervisory authorities.

The FSA authorises, supervises and monitors all companies operating in the Swedish financial market. As

regards supervision in relation to money laundering and terrorism financing, the FSA has established a special

coordination board to supervise the observance of the Money Laundering Act. This coordination board has a

superior responsibility as regards methods and regulations, evaluation and follow-up of the supervision performed

by the different supervisory authorities.



Regulatory Enforcements in Sweden – an Overview


The Swedish Financial Supervisory Authority (Finansinspektionen) (FSA) is the regulator and supervisory authority

for financial and insurance institutions in Sweden. The FSA issues regulations and supervises the operations of

financial institutions, inter alia, with regard to capital adequacy under the Basel 2 rules, accounting, governance

structures, risk control and procedures for the prevention of money laundering and terrorism financing. The

FSA is empowered with a range of tools to facilitate its supervision, including the right to do site visits and to

interview the employees of an institution under its supervision. Should the FSA consider that the operations of an

institution are not sound or that the institution otherwise is breaching laws or regulations, the FSA may impose

administrative sanctions on an institution, such as disciplinary reprimands, warnings, fines and revoking the

licence to operate.

Following the recent turbulence in the financial markets, the FSA has become increasingly tough in its role as a

supervisor. In 2008 and 2009, the FSA has, for example, issued sanctions towards banks in two cases. Deficiencies






101

in management and internal control was at least one of the grounds upon which the sanctions were issued in both

cases. This is an area where the FSA in recent years has focused its supervision, mostly in relation to dimension of

control functions and assessment of the internal process of financial institutions. This overview outlines the most

recent regulatory enforcements in Sweden decided by the FSA.

Leading Swedish Investment Bank

One particular enforcement issue came up in November 2008 when the FSA revoked a leading Swedish investment

bank’s licenses to conduct banking and securities operations. As a consequence of the FSA’s decisions to revoke

the licenses, the National Debt Office (Riksgälden) took over the shares of the investment bank posted as collateral

for a loan received by the investment bank from the National Debt Office. The loan was given to the investment

bank with support under the new Government Support to Credit Institutions Act (lag (2008:814) om statligt stöd

till kreditinstitut).

Considering that the National Debt Office took control over the investment bank, the FSA immediately decided

to give back the licence and instead issue a warning. The reasons for the sanctions towards the investment bank

were, among others, that the investment bank had taken exceptional risks for a long time by lending large amounts

to one individual client. Exposing operations to such extent was considered a violation of the Capital Adequacy and

Large Exposures Act (lagen (2006:1371) om kapitaltäckning och stora exponeringar). Further, the investment

bank was also considered to have deficiencies in internal control in violation of applicable securities regulations.

Nordic Growth Market

On October 1, 2008 the FSA announced that it withdraw Nordic Growth Market NGM Aktiebolag’s (NGM)

license to conduct exchange operations pursuant to the Swedish Securities Markets Act (lagen (2007:528) om

värdepappersmarknaden) with immediate effect. According to the decision by the FSA, NGM had obstructed

the FSA’s supervision of the operations in several ways, mainly by the owners, board members and the CEO.

Furthermore, NGM had not been able to maintain a functioning and independent market surveillance. NGM was

also accused of giving special treatment to its own parent company, which is detrimental to the confidence in

the securities market. Through its actions, NGM had squandered the FSA’s trust and confidence to operate as an

exchange.

NGM had six months to terminate its operations both as an exchange and multilateral trading facility (MTF).

Trading was allowed to continue in all financial instruments listed on the NGM exchange in the meantime. During

the winding-up period, the companies listed at the NGM exchange was considered to be listed companies until an

alternative solution was found.

NGM decided to appeal the decision by the FSA to the Stockholm County Administrative Court (Länsrätten

i Stockholms län). In December 2008, the Stockholm County Administrative Court did not uphold the FSA’s

decision but instead issued a warning and a financial penalty of SEK 4,500,000. NGM is today operating its

exchange and MTF.

Forex Bank

On the same day as the FSA revoked NGM’s license to operate as an exchange, the FSA issued a warning and

imposed the maximum financial penalty of SEK 50,000 million on FOREX Bank Aktiebolag. Forex Bank is a public



102

limited liability bank company and has been granted a licence from the FSA to conduct banking business under

the Swedish Banking and Financing Business Act (lagen (2004:297) om bank- och finansieringsrörelse). The

reasons for the sanction towards Forex Bank were related to deficiencies in Forex Bank’s anti-money laundering

routines, for example, reporting routines to the FSA and routines regarding due diligence measures in relation

to clients. According to the FSA, the deficiencies were so serious that there existed an obvious risk that the bank

could be utilised for money laundering. Furthermore, it could not be excluded that the bank, by failing to comply

with existing regulations regarding anti-money laundering, had knowingly participated in money laundering.

Acta

Acta Kapitalförvaltning, a branch to Acta ASA Norge, received a report from the FSA after onsite inspections

conducted during the fall of 2008. The inspection of the Swedish operations was partially conducted in parallel

with the Norwegian FSA’s (Finanstillsynet) ordinary inspection of the operations in Norway. The inspection in

Sweden was initiated when the US investment bank Lehman Brothers had to apply for bankruptcy protection.

Acta was a major distributor for investment products based on bonds issued by Lehman Brothers. During the

inspection and the following process the FSA pointed out several issues which they found to be of a serious nature.

The issues related to deficiencies in the investment advice given to investors and deficiencies in the information

to investors regarding the bonds. Finally, deficiencies were also found in the internal instructions used by the

investment advisors.

As stated above, Acta’s operations in Sweden are conducted from a branch to Acta ASA Norge which is a

regulated investment firm in Norway, supervised by the Norweigan FSA. As a consequence, Acta is under home

state supervision by the Norweigan FSA and the Swedish FSA has limited rights to take actions against Acta.

However, if Acta does not correct the identified deficiencies the FSA may prohibit Acta from entering into

transactions with investors in Sweden.







www.executiveview.com | Finland

103

Conducting Investigations in Finland when a Company or its Employees are Suspected of Committing a Crime

BY RISTO SIPILÄ | BORENIUS & KEMPPINEN LTD

A situation in which the company’s management or employees are suspected of committing a crime related to the

business of the company is usually a crisis to the company in question. The worst-case scenario is major publicity

which often is an inevitable consequence in these situations. It is important to bear in mind the basis of Finland’s

criminal system, the presumption of innocence, when it comes to the position of the suspect. However, it is of vital

importance to try to avoid the negative effects which result from the mere investigation of suspected crimes.

As an example of recent events in Finland, the management of a major state-owned company has been suspected

of attempting to bribe the representatives of a foreign government regarding certain deals between that government

and the company in question. This widely published case, among other factors, has raised the issue of a company’s

legal position in these situations to public discussion.

It goes without saying that there usually are a labour law angle and a service contract angle to these issues: the

position of the management or employees is in jeopardy. The labour law and labour law related questions – such as

whether the employment contract or other contracts of the persons in question can or should be terminated and if yes,

at what stage of the investigation proceedings this might be possible – are not, however, discussed in this article.

It is up to the company in question to decide whether the company should at this point to conduct internal

surveys, etc. However, it can be stated that the officials investigate the possible criminal aspects of the issues in

question. Thus, the focus of the company’s internal procedures is often recommended to be on so-called damage

control as well as on preventive measures aimed at avoiding of similar series of events occurring again.

The investigation phase of a suspected crime is mainly based on two laws in Finland: the Criminal Investigations

Act (in Finnish “esitutkintalaki”) and the Coercive Measures Act (“pakkokeinolaki”). This legislation gives certain

competence to investigative authorities (i.e., police authorities) to conduct, for instance, arrests, confiscation

of physical objects and documents as well as search of premises. Also, police authorities often use various remote

surveillance methods (mostly telephone listening) to conduct the investigation.

A committee appointed by the Ministry of Justice is currently drafting a proposition to renew the above-mentioned

legislation. It is not known at this point when the new act on Criminal Investigations and Coercive Measures are to

come into force.

In company surroundings, the search of premises (“kotietsintä”) is bound to take place in most of the cases where

the management or the employees of the company is suspected of a crime. Based on the Act on Coercive Measures,

the search can take place when the maximum penalty of the suspected crime is at least six months’ imprisonment or

F I N L A N D


Finland | www.executiveview.com

104

in cases where the facts regarding a possible fine imposed on a corporation (“yhteisösakko”) are under investigation.

The decision regarding the search is made by police officials. Because of the nature of the matter, the objects of the

search are not of course made aware of the upcoming search beforehand. The search can, and often does, take place

in the premises of the company, in addition to the residences of the individuals in question.

As mentioned above, even a company itself can be a target of criminal sanctions. This is the question in cases in

which the sanction is a fine imposed on a corporation (“yhteisösakko”).

From the company’s point of view, there is not much that can be done on behalf of the company in preparation

for search of premises. The identification of the persons conducting the search shall be verified, and the same

applies to their authorities performing the search. The representative of the company can and should be present

when the search is conducted.

The main objects of interest of the authorities are generally company’s documents, computers and mobile

phones. The next step, thus, is the confiscation (“takavarikko”) of the items in question. Items of interest are

confiscated during the search, or as a result of the search, to be more thoroughly inspected at the authorities’

premises. Based on the Act on Coercive Measures, the confiscation can take place if an item or a document can

serve as evidence in a criminal matter (or has been taken from a third person illegally). Thus, in practice any item

or document can be confiscated. There are, however, certain exceptions to this with regard to documents of a

personal nature only, etc., if these have no connection to the issue under investigation.

The decision regarding the confiscation is also made by the police authorities. Minutes, concerning the

confiscation procedure, shall be drafted. In the minutes, the purpose, the progression of the confiscation and the

list of items and documents being confiscated shall be recorded.

Based on the Act on Coercive Measures, the representatives of the company are obligated to assist in the

procedure by giving necessary passwords, etc., to the authorities performing the search and confiscation.

In practice, it shall be noted that the most problematic situations often relate to the confiscation of computers

and mobile phones. Although the investigative authority (police) shall ignore all other material than the material

regarding the suspected crime in question, the investigative authority has, in practice, also access to all other

material, for instance, on the computer. This might not only affect the investigation in question, but might also

draw attention to other issues not yet under investigation.

Even in cases in which it is finally being determined that a crime has not been committed, careless drafting of

the wording of emails may, at first, mislead the investigative authorities to think that a crime is being committed.

Although it is not necessarily practical and possible in all situations, nevertheless, it shall be emphasised that even

company’s internal exchange of emails should be conducted and drafted in a way which does not give grounds for

unnecessary interpretations on the meaning and contents of the messages in question. The above-mentioned also

applies to the use of mobile phones, for instance.

The role of the company is usually secondary to the role of the individual person suspected of having committed

a crime. However, the consequences of a mere ongoing investigation may have a similar effect on the company.

Risto Sipilä is an Attorney-at-law at Borenius & Kemppinen Ltd.






105

Finnish Provisions Against Economic and Political Corruption

BY ANTTI KARANKO| BORENIUS & KEMPPINEN LTD

In this article, corruption is used as a synonym for bribery despite the obvious fact that corruption is a far wider

phenomenon which may present itself in other forms as well.

Both the offering and the acceptance of a bribe are offences where the essential elements consist of the offering

or the acceptance of an unjustified benefit with the intent to either influence the receiver or to act in accordance

with the intent of the offeror. Until quite recently, bribery and thereto relating legislation has in Finland been

geared toward civil servants or members of the business community. However, members of Parliament are neither

in their representative capacity.

Until 2002, members of Parliament fell completely outside the scope of application of the Finnish bribery

provisions. The ratification of the 1998 Council of Europe Criminal Law Convention on Corruption in 2002 finally

lead to the enactment of corresponding penal legislation on bribery toward a member of Parliament.

Both bribery and acceptance of a bribe require intent. In a bribery trial, proving intent or lack of it often

becomes crucial.

Bribery must always pertain to the mandate and the powers of the person who is being influenced, i.e. if

the person being influenced was not in a position to act in accordance with the intent of the offeror, bribery or

acceptance of a bribe has not been committed. The receiver of the bribe may be another person than the one

who is ultimately being influenced. No promise or even an approving attitude toward the intent of the offeror is

required. In fact, no reaction at all is required from the person being influenced in order for the bribery provisions

to apply. Nonetheless, the offeror’s intent to influence must somehow come to the attention of the person who is

being influenced.

Bribery of a member of Parliament means offering or giving a gift to a member of Parliament or other unjustified

benefit intended for him or for another, so that said member of Parliament would, “in exchange for the benefit”

and in his mandate, act so that a matter being considered or to be considered by Parliament would be decided in

a certain way.

A civil servant may be guilty of acceptance of a bribe if he asks for, accepts or agrees to an unjustified benefit,

which is either intended to influence him in his actions while in service or which is conducive to influencing him,

or otherwise takes such an initiative. A person engaged in business activities may be guilty of acceptance of a bribe

according to roughly the same principles. Acceptance of a bribe differs from these principles when the acceptor is

a member of Parliament, however, in as much as he must not only promise to act in accordance with the intent of

the offeror, but also promise to do so “in exchange for the benefit”.

The value of the bribe is a significant issue, although the law contains no provisions regarding it. Even smaller

gifts or, for example, unusually frequent or generous hospitality, may in an individual case be regarded as a bribe

if such advantages may be deemed to influence the person in question. In other words, there is no general rule or

limit which would clearly indicate the line between, e.g., customary and acceptable courtesy gifts and hospitality

on the one hand and bribery on the other. According to a persistent but yet somewhat informative anecdote, a

lukewarm beer and cold sandwiches do not constitute a bribe, whereas cold beer and hot sandwiches may in an

individual case do exactly that.



106

The penal scale for bribery offences ranges from fines to four years’ imprisonment. If bribery has been

committed within the activities of an organisation, the organisation itself may be held criminally liable. This

requires that the offender of an accomplice has been a member of the organisation’s statutory organ or other

management or has exercised actual decision-making authority in the organisation or if care and diligence

necessary for the prevention of the offence have not been observed in the operation of the organisation. An

organisation may be found liable even if the identity of the perpetrator is not discovered if it is evident that the

offence has been committed within the operations of the organisation. A corporate fine may range from €850

to €850,000.

Current Finnish Election Campaign Funding Scandal

Parties and candidates are required by law to disclose their campaign expenses as well as the sources of

funding.

There is currently a widely-publicised turmoil over the so-called scandal over the financing of election

campaigns in Finland. It has been discovered that several individual candidates and all the major political parties

have received significant financial enforcements from various instances such as labour market organisations,

major corporations and businessmen as well as certain associations which have been established by such actors

or by political parties. Such financing has often been funnelled to the parties and individual candidates – quite

in accordance with the law – indirectly through special associations.

The media has openly hinted, inter alia, at the possibility of widespread political corruption where particularly

retail businessmen whose vital interests are related to land use planning have donated considerable amounts to

parties and candidates who seem to share their views on zoning objectives.

Conclusions and Recommendations

The existing Finnish provisions against bribery would seem to be quite ineffective and vague as far as members of

Parliament are concerned. It follows from the phrasing of the provisions that it is, in practice, almost impossible

to convict a member of Parliament for acceptance of a bribe.

Firstly, it is very difficult to obtain evidence supporting a claim that a member of Parliament has, not only

promised to act in a particular way, but also given such a promise “in exchange for the bribe”.

Secondly, it is not forbidden to merely finance an election campaign – despite the obvious fact that

generous financing may well suggest that the receiver’s neutrality may be compromised due to his conceivable

indebtedness. Neither is it forbidden to even “purchase a member of Parliament as a friend”.

Thirdly, criminal liability requires that the acceptor of the benefit is already a member of Parliament at

the time of acceptance and that the concrete issue for which he or she seeks financial benefit is or becomes

pending.

Despite the pending scandal, it is still allowed for corporations and businessmen to finance political parties

and candidates and to exercise public relations. From their point of view, however, it is worth bearing in mind

that one should be careful not to hint in any way that particular favours are expected. Moreover, it is likely that

endorsements will become public knowledge even if they may have been channelled through an association.

The legislation may eventually be reformed so as to prohibit endorsements exceeding (either together or alone)

a specified amount.



107

As far as corporations are concerned, they should minimise their risks by introducing elaborate and effective

compliance programs addressing, inter alia, bribery issues.

Antti Karanko is a Senior Associate at Borenius & Kemppinen Ltd.


New White Collar Crimes in Finland – Securities Market Offences

BY MARKUS KOKKO | BORENIUS & KEMPPINEN LTD

Trials on securities market offences have strongly increased during the past years in Finland. The trials are

extensive and complicated, and they usually include lots of written and oral evidence compared to the ordinary

white collar crime cases.

Some of the recent cases still relate to the thrill of the stock exchange that took place in the late 1990s and in

the early 21st century, a time period in which several new technology companies were listed on the Helsinki Stock

Exchange. After the companies had been listed, the valuation of the technology companies as well as the demand

for the services and products of the listed companies went down quickly. The situation was exceptional and it

imposed difficult demands, e.g., with respect to the obligation to issue information, on the management of the

new listed companies.

At the same time, the recent securities market trials are the consequence for the activation of the Finnish

markets control as of the 20th century. The doubts of securities market offences usually emerge from the activated

markets control being conducted by the Financial Supervisory Authority in Finland.

During the last few years, several significant cases relating to securities market offences have been solved by

the Helsinki Court of Appeal, which is the exclusive appellate court in securities market offences in Finland, and

the Supreme Court of Finland.

Members of the Board of Directors Acting Carefully

The Satama Interactive case dealt with issuance of suspected false and misleading information of securities

markets. The state prosecutor pressed charges and claimed that the Members of the Board of Directors and the

Managing Director of the company would have withheld for two weeks the information concerning the profit

warning in spring 2000. The District Court gave the judgment in the summer of 2006 and dismissed all charges

pressed against the defendants. For reaching the obtained outcome, it was essential that the suspects could

show that they acted carefully. Additionally, they were able to show that the suspects informed of the company’s

economical situation immediately after the amendment to the future predictions the company had earlier given to

the markets had become apparent. According to the grounds of the District Court judgment, the Members of the

Board of Directors have not only the right but also the obligation to clarify the economic situation and the future

predictions of the company before actually publishing the profit warning. Therefore, the publishing of the profit

warning had not been delayed without a proper reason.





108

The state prosecutor traversed the judgment to the Court of Appeal, but the Court of Appeal did not reverse

District Court’s judgment. The case confirmed the principle that management of the listed company is entitled and

even obliged to revise uncertain or ambiguous information before giving the profit warning. The case also showed

the importance of careful documentation of the actions and conclusions made by the management regarding the

issuance of information to the securities markets.

Investment Bank’s Managing Director Under Prosecution

The so-called TJ Group case also dealt, among others, with issuance of false and misleading information of

securities markets via prospectus. The state prosecutor pressed charges by which it was claimed that, in connection

with the share issue and sale in 2001, the prospectus included false and misleading information of certain facts

that would essentially affect the value of the share. According to the state prosecutor, the prospectus included

overly optimistic visions of the future and the interim accounts enclosed as appendices to the prospectus were

“manipulated”. In addition to the Managing Director of the investment bank acting as the principal arranger of

the sale, the state prosecutor pressed charges against the main owners and the Members of the Board of Directors

of the company. The District Court found all defendants not guilty. It was essential for the Managing Director

of the investment bank to prove in the District Court that the investment bank was acting carefully and that the

investment bank clarified the fact having an effect to the overall economic situation of the company with assistance

of different experts and due diligence reviews and that the information presented in the prospectus was not of

a false nature. The state prosecutor has traversed the judgment and appealed to the Court of Appeal only with

respect to the main owners. Finally the Supreme Court of Finland sentenced the main owners to imprisonment

for two years. This was the first time when unconditional imprisonment related to securities market offences was

sentenced in Finland.

Inside Information in Capital Market Transaction

A listed insurance company made a public offer for the Conventum Oyj’s shares in May 2001. The representative

of the main shareholder of Conventum Oyj, who also acted as a Member of the Board of Directors of Conventum

Oyj had sold Conventum Oyj’s shares during March and May 2001 before the purchase offer was published and the

offer was handled by the Board of Directors of Conventum Oyj. The Court of Appeal ruled that it was not credible

that the representative of the main shareholder and the Member of the Board of Directors of Conventum Oyj had

not been aware of the negotiations between the insurance company and Conventum Oyj prior to the publishing

of the offer. It should be noted that no written or oral evidence regarding the knowledge of negotiations was

represented and the judgment was based purely on the circumstantial matters such as Conventum Oyj’s financial

stand and significance of the transaction for both Conventum Oyj and the person in question. It is recommended

that after the judgment the Members of the Board of Directors of the listed companies shall trade with the shares

of the company only with great caution and even with irreversible and long-term assignments with brokers.

Second Unconditional Imprisonment

The Jippii Group Oyj case deals with claimed issuance of false and misleading information regarding subsidiary

company’s operations in Germany, abuse of inside information as well as manipulation of the company’s share

price in 2001. In practice, the District Court dismissed all charges against the defendants but the Court of Appeal



109

remarkably amended the District Court’s judgment. The Court of Appeal considered, among other things, that

Jippii Group Oyj’s consolidated financial statements for 2001 contained errors in book entries regarding a sale and

lease back arrangement in Germany and therefore some members of the company’s management had committed

an accounting offence. It should also be noted that company’s Finnish auditor was found guilty of abetting in the

offence. In addition, the Court of Appeal considered that certain members of the Board of Directors who did not

decide upon or even participate in issuing information of securities markets were found guilty because they did

not react afterwards to the information issued by certain members of the Board of Directors. The Court of Appeal’s

judgment is not non-appealable because both the district attorney and the defendants have applied a leave for

appeal from the Supreme Court of Finland.

The above-mentioned cases are only part of the recent securities market cases in Finland. According to the

latest news, the police are investigating a new capital market transaction-related case from 2005, but there are

also some other cases in preliminary investigation. Therefore, it seems that the trials regarding securities market

offences have become a permanent part of Finnish White Collar Crime markets.

Markus Kokko is a Specialist Partner at Borenius & Kemppinen Ltd.





Poland | www.executiveview.com

110

Prevention, Detection and Prosecution of Business Crime in Poland

BY JANUSZ TOMCZAK | WARDYNSKI & PARTNERS

Since the beginning of the century, and especially since the accession to the European Union in 2004, Poland has

started to play an important role in the European economy. Bearing in mind its location and population, it must

also be considered an important jurisdiction.

Rapid economic growth, which has been observed in Poland since the 1990s, has unfortunately also been

reflected in the rise of business crime; this is nothing unusual for historians of the economy.

An opinion often held by lawyers is that the legal system and especially criminal law regulations do not keep

up with changing economic circumstances.

Prosecuting authorities are much more focused on common criminal activity than on business related crime,

although the financial consequences of this second group are significant for the state budget.

Economic Crime Departments are organised within the institution of the Prosecutor’s office but they face

prosaic problems – lack of means proportional to the complexity of the matters to be analysed, e.g., translations,

expensive experts opinions that they can not afford, etc. This results in time-consuming preliminary proceedings

where often the interests of the wronged, harmed institution or company are forgotten and not properly secured.

Polish criminal law is concentrated on the activity of the individual (natural person), and specific legal nature

of the business entity (legal person) is not properly reflected in criminal law provisions.

The existing law, the “Act on liability of collective entities for actions subject to penalty” (enacted in October

2002), is often not applied in practice.

The main reason for this is that the model accepted by the legislator consists of two stages. The first determines

the penal liability of an individual for the offence that has brought or might have brought advantage (even of a

non-financial nature) to the collective entity in whose name or interest the given person has acted (traditional

penal proceedings). The second stage involves proceedings against the collective entity. At this stage it is necessary

to demonstrate one of two prerequisites for liability: lack of due diligence in selecting the employee/person who

committed the offence, or else culpability in supervising this person.

As it can take a lot of time (sometimes years) to finish the first stage (traditional penal proceedings), often no

one is interested in continuing the proceedings against a company which gained profits.

Practice shows that in many cases the burden of responsibility is carried by the managers and officers of the

company. Such a practice is a source of risk to company interests.

Often years of investigation and significant budgets spent on prosecuting bring relatively weak results.

Nevertheless, the indictment is filed at court because after costly, time-consuming investigations the prosecuting

P O L A N D


www.executiveview.com | Poland

111

authorities are unable (psychologically) to make a decision to discontinue due to lack of grounds. The means spent

on the investigation should be justified.

When considering a director’s/officer’s liability, it is worth mentioning that Polish criminal law concentrates

on the relationship between the company and its manager in a narrow perspective – the commitment of a person

who acts on behalf of a company is analysed from the perspective of the specific company’s interests – interests

of a group of companies/holdings that a company participates in, are left out. This creates a specific risk to the

managers who are involved in managing groups, holdings, subsidiaries, etc.

Bearing in mind the lack of efficiency described above in actions undertaken by the prosecuting authorities,

we observe that entrepreneurs are trying to fight the risks of fraud and other business crimes on their own. Their

company’s best interests are a priority to them.

Crime always has a human nature so it is obvious that the risk of crime within any human organisation exists.

It is impossible to eliminate such risk completely, but what an entrepreneur may do is to minimise it.

When we refer to the above-mentioned director’s liability, it is now common for companies’ internal regulations,

statutes and employee/manager contracts to set out the precise scope of a person’s duties. This makes it is easier

to find out later whose misconduct led to the crime or damage.

Employers use different measures to monitor what their employees do at work, the limits for such control

are always subject to intensive discussion. Nevertheless, according to a survey conducted in Poland by

PricewaterhouseCoopers (2007), one the most effective means of detecting irregularities/crimes are external

forensic audits and internal monitoring/compliance programmes, although Polish employees are quite reluctant

to engage in ‘whistle-blowing’, as it is often considered as denunciation and has bad historical connotations.

One of the reasons why companies/entrepreneurs are not that interested in cooperating with the prosecuting

authorities in crime detection and prosecution is the fact that most types of business crimes are prosecuted ex officio

which in practice means that the wronged party can not control the proceedings run by the official authorities.

We are seeing that the services of forensic auditors and private investigators are becoming more popular and

are becoming a common feature especially in those areas where financial interests are significant.

Conclusions

There is a visible division between the private and public sector even in the area of business crime prosecution.

The private sector presents an effective approach and applies measures relevant to the interests of a company/

entrepreneur, bearing in mind possible results to be obtained (even not prosecuting if it will lead to additional

costs). The public prosecuting authorities are ineffective in business crime prosecution; they often have to rely on

internal investigations conducted by the companies themselves.

Business criminal law regulations are not flexible, especially where procedures are applied conventionally,

which is why entrepreneurs rarely like to cooperate with the prosecuting authorities.

Janusz Tomczak is an Advocate at Wardynski & Partners.





Poland | www.executiveview.com

112

Public Entities – Internal Audit and Tender Mechanisms

BY JAN STYLINSKI AND KLAUDIA PRZYBYLOWICZ | WARDYNSKI & PARTNERS

The issue of corruption and financial abuses in the public-private sector, particularly in relation to the expenditure

of public funds through tender procedures, may be addressed at two levels: internal mechanisms to counter the

risk of abuses as well as legal consequences of financial abuses within the framework of tender proceedings.

Internal Audit Organisation

The system of protection against corruption and abuses in public entities has been established on the basis of

commonly binding conventions, principles and instructions arising from the prevention of fraud and corruption.

The introduction into Polish legislation of the term standards is a direct consequence of this term appearing in

the acquis communautaire. Currently, there are two main collections of such standards that are recognised at

public entities: Professional Internal Audit Standards issued by the international Institute of Internal Auditors

as well as Instructions on Internal Control Standards issued by the International Organization of Supreme

Control Bodies. An assessment of systems at a given entity takes place in practice with consideration of the

above principles.

According to the Public Finance Act, an internal audit at public entities includes an analysis of management

and control systems that provides an entity director an objective and independent assessment of the adequacy

and effectiveness of these systems. An auditor’s tasks also include advisory actions aimed at streamlining entity

operations. The law mandates an audit and its absence is penalised.

An internal audit is conducted by an internal auditor possessing statutorily defined professional qualifications.

He is directly subject to the director of a given entity. An element guaranteeing auditor independence is specific

procedure in the event of his dismissal from work, which requires consent from the Minister of Finance.

The Minister of Finance verifies and evaluates the propriety of an internal audit. He also sets its standards.

This course of action may raise certain doubts in light of the fact that these issues are specified and have been

commonly accepted by the internal auditor community in the private, public and banking sector throughout the

world.

An internal audit, in principle, is conducted on the basis of an annual internal audit plan of a public finance

sector entity. An internal auditor prepares an audit plan in conjunction with the head of an entity and includes an

analysis of risk areas within the scope of accumulation of public funds and their disbursement. An internal auditor

presents a report on implementation of the audit plan for the preceding year to the entity director and the Minister

of Finance. This report is the basis for the entity director to undertake appropriate action aimed at streamlining

entity operations.

In order to specify areas subject to audit in a given year within an entity, a risk analysis is conducted on the

basis of which issues entailing greatest risk or those whose streamlining may bring most benefit to an institution

are selected for an audit plan in such given year.

An assessment of risk related to fraud and corruption is made at all levels of management and measures to

reduce such risk are introduced as a result. Such forms as a strategic plan and reactions of management lead to a

reduction of such risk.


www.executiveview.com | Poland

113

Counteraction and Consequences of Abuses in Tender Proceedings

Public funds are expended for the most part through public tenders. According to the Public Procurement Law Act,

tender proceedings are open and written, as well as commence after public announcement, which serves to limit

abuses. Moreover, basic forms of selecting a contractor for an order financed from public funds are competitive tender

procedures, whereas the employment of other forms such as discretionary order or announcement without negotiation

are conditionally allowed in specific instances. Also statutorily limited is the possibility of biased proceedings since

persons engaged in procurement on the part of an ordering party are subject to exclusion if their impartiality raises

doubt. Also excluded are persons convicted of an offense in connection with procurement proceedings or of bribery,

commercial crime or other offense committed for the purpose of material gain. Upon commencement of a tender, persons

who prepared or who conduct such tender must submit a written statement under the penalty of perjury declaring no

conviction of the type noted above. Each bidder has the right to demand presentation of such statement, whereas its

absence will constitute a violation of the law and allow a demand to be raised to invalidate and repeat proceedings.

Similar principles apply at the stage of bid submission toward persons comprising a management board of

a contractor. If convicted of bribery or membership in an organised group intending to commit a criminal or fiscal

offense, they are subject to exclusion and their offer is not reviewed.

Other consequences are stipulated by the Public Procurement Law Act in the event that bribery or corruption takes

place during the course of tender proceedings, also after a bid is submitted and irrespective of whether it is committed

by a contractor or ordering party. If a bid has been selected in glaring violation of the law or a legal transgression took

place that affected the tender outcome, a concluded contract is invalid. Proceedings must then be repeated and an order

can only be placed on the basis of a new properly selected contract. Parties to an invalid agreement settle ex tunc, as if

the contract was never concluded.

In addition to the above contractual consequences, a violation of tender procedures that is unfavourable for public

finances as well as bribery and corruption are punishable as violations of public finance discipline or by penal means.

In specifying the range of actions constituting a violation of public finance discipline, it has been accepted that

they will encompass actions that are harmful to public finances and inconsistent with the law. These are nevertheless

actions of lesser and ancillary significance, which are not subject to criminal prosecution. For example, these include

duties such as the proper expenditure of public funds, assumption of liabilities, property inventory and reporting. This

means that improper expenditure of public funds within the framework of tender proceedings may result in a penalty,

together with dismissal from a post as well as a monetary fine imposed against the responsible party. It should also be

noted that only employees of public entities are liable for violation of public finance discipline. A private bidder is never

held liable on this basis.

As for criminal liability, it also applies, in addition to bribery and corruption, toward a party violating tender

procedure that prevents or hinders a public tender for the purpose of material gain and thereby acts to the detriment

of a public entity. It should be pointed out that, in contrast to liability for violation of public finance discipline, a person

acting in the name of a public entity as well as a bidder may be held criminally liable.

Jan Stylinski and Klaudia Przybylowicz are Lawyers at Wardynski & Partners.






114

3A S I A P A C I F I C

www.executiveview.com | Asia Pacific

115

Dealing With Government Raids

BY THAM YUET MING | DLA PIPER

Unannounced visits or “raids” by regulatory authorities in parts of Asia are not uncommon. This includes

situations where the authorities would show up on the company’s premises demanding to do an inspection and

to take documents without official authorisation such as a valid warrant. Putting aside arguments about whether

evidence seized under such circumstances are lawful, in view of the varying degrees with which the rule of law is

followed throughout the different parts of Asia, it would be prudent for companies with operations in the region

to have contingency plans to prepare for the possibility of such visits, in order to minimise the legal risks to the

extent possible.

First, companies should ensure that they have in place policies and procedures for dealing with such visits,

and then make sure their staff are familiar with the procedures. Given the unexpected and sudden nature of these

visits, it would not be practical to expect staff to start looking for the procedures only after the investigators have

arrived. The staff in particular who should be trained for such visits would be the office receptionists and security

staff, since they are invariably the first people to come into contact with the investigators. It is also important

to nominate in advance one or two senior staff members who will represent the company in dealing with the

investigators (“the Company Representative”). The Company Representative should be well-trained in the raid

procedures, have a good understanding of the local operations of the company, strong interpersonal skills,

possess good judgment and be fluent in the local language. However, while the Company Representative should

be someone fairly senior, it is not necessary for the Company Representative to be the top-level manager of the

company in that country. Reception or security should be familiar with the names of the nominated Company

Representatives and ensure that either one or both of the Company Representatives are informed immediately

when a raid happens. If possible, the receptionists or security should respectfully ask the investigators to await the

arrival of the Company Representative before proceeding with the search or inspection.

All staff should be advised to maintain a professional but polite attitude throughout the visit, so that as much

control as possible is kept over the investigation without obstructing the investigators. It is important to remind

all employees that cooperation with the authorities and showing courtesy to the officials is advisable at all times.

Second, the Company Representative should introduce himself/herself to the investigators, and explain that he/

she is there to facilitate the inspection and inquire as to the nature and scope of the inspection. Next, the Company

Representative should check the investigators’ identification and the warrant/authorisation documents, and make

copies if possible. If copies cannot be made, the Company Representative should at least take down the names

and credentials of the investigators. Then the Company Representative should check the scope of the investigation

A S I A P A C I F I C


Asia Pacific | www.executiveview.com

116

and the documents/information sought by looking at the authorisation documents. The Company Representative

should also try and notify a member of senior management and legal counsel, as soon as practicably possible, of

the visit, so that counsel can arrive on site, or at least be available by phone to advise the Company Representative

for the duration of the inspection.

Third, the Company Representative should offer a conference-room or office to the investigators and offer

to bring the requested documents to the room, and explain that this has been offered for the convenience of the

investigators. If the investigators insist on walking around the premises, it is advisable to assign staff to accompany

each investigator at all times, and discreet notes should be made of all investigated rooms, filing cabinets and data

systems inspected by the investigators. If notes cannot be made during the inspection itself, then notes should

at least be made immediately after the investigators have left the premises. The notes taken should not express

personal thoughts or concerns of the Company Representative or employee as there is a risk that these notes could

be seized by the authorities later. These notes should be handed over to legal counsel or the Legal department

immediately after the inspection. Similarly, it is advisable to keep a note of all verbal questions posed by the

investigators, and the responses given. In answering questions, the Company Representative and other employees

should answer honestly but should not volunteer information or offer comments. Nor should any employee offer

opinions, make admissions or guess at answers even if invited by the investigators to do so – employees should

not hesitate to say “I don’t know” if this is the honest answer. If possible, employees should only offer to answer

questions in a language which they are comfortable with.

Fourth, ensure that all documents inspected are within the scope of the authorisation documents. Offer to

make copies for the investigators and request to keep the originals. If not possible, then ask to make photocopies

of all documents gathered by the investigators and note on each copy in which room the original was found.

Employees should not hide, alter or destroy any documents, records nor other materials that have been requested

or that may be relevant to the investigation. It is important to ensure that the investigators do not read or copy

privileged documents and if an argument arises as to whether the document is protected by privilege (or any other

form of legal protection), it is advisable to try and get the investigators’ agreement to place the document in a

sealed envelope until lawyers arrive.

Fifth, except for an inventory of the materials seized, no employee including the Company Representative

should sign any document without that document first having been reviewed by legal counsel.

At the end of the visit, it is advisable to keep notes of any arrangements made with the investigators and in

particular, any points of disagreement. There may also be requests for more documents to be delivered to the

authorities subsequent to the visit, in which case, legal counsel should be informed of this as soon as possible so

that proper advice can be obtained.

Tham Yuet Ming is a Consultant at DLA Piper.






117

Designing and Implementing Compliance and Anti-Corruption Programs for Operations in Asia


Asia is one of the most economically dynamic regions in the world but the challenge, in designing and implementing

a compliance and anti-corruption program for the region, is that it is made up of a hotchpotch of countries with

very different regulatory regimes and business cultures, and vastly different levels of anti-corruption enforcement.

Therefore, not only will a compliance program have to be broad enough to encompass all applicable legal and

regulatory requirements whether these originate from overseas (for example, obligations under the US Foreign

Corrupt Practices Act (FCPA) which has extra-territorial reach) or from local laws, but the program will need to be

sufficiently flexible so that it can be adapted for practical use in each local jurisdiction.

The essential elements of a basic compliance program would be: (i) practical and easy-to-understand policies

and procedures; (ii) staff and resources to take ownership of the program and to carry out implementation;

(iii) sufficient and proper compliance training; (iv) tools and processes to monitor and detect irregularities (for

example, hotlines for people to make reports of violations and targeted compliance audits to test the level of

compliance); (v) an investigations process; and (vi) remediation.

Firstly, in terms of policies and procedures (P&P), it is important to do a risk evaluation to identify the areas

of regulation in which the company would face the biggest risks. Which areas are more risky can vary depending

on the nature of the business – the company may be in an industry which tends to be the target of antitrust

enforcement so that an antitrust P&P becomes more important, or it is in the technology business which may

make it more susceptible to stringent export/import controls. The risk evaluation should be accompanied by a

geographical assessment – this means being able to get a sense as to which kinds of regulatory enforcement are

more prevalent in each country. For example, the antitrust authorities in Korea and Japan have been known to

be more active than their counterparts in other parts of Asia. These types of assessments are important because

they enable the company to prioritise the implementation of the different types of P&P in each country (and would

also be important in planning the country’s compliance training program). It is generally easier to apply a policy

globally, but due to local country variations in the law and culture, it would not be as easy to apply a procedure

wholesale in a global organisation. In fact, more often than not, the procedure would have to be adapted for local

use (for this article, a policy refers to a general guiding principle, whereas a procedure sets out the actual steps

to be followed in order to achieve compliance with a particular policy). The most common example would be

procedures relating to gifts and entertainment in an anti-corruption program (this being an area which takes on

particular significance as it is common in many Asian cultures to give gifts and meals in the course of business as

goodwill) – a US$200 per head lunch may be reasonable in one country but risks being considered as overly lavish

in another country with a much lower cost of living, and many companies grapple with coming up with prudent

yet practical dollar-limits. Without a good sense of the regulatory regime and culture of a country or region, it

would be difficult to come up with a sensible P&P. Finally, it is crucial that P&P are user-friendly, and do not end

up being too legalistic or elaborate (a common mistake made by many companies).

Secondly, another part of a compliance program is to identify the resources within the company which can be

used to help implement the compliance program. This can involve using resources from the HR department, sales



118

or audit divisions to double-up as compliance officers to help implement the program. The reality is that many

companies today are hard-pressed to increase headcount. In any case, it makes sense to involve as many different

sections of the business in the compliance program as possible to ensure that accountability and ownership for the

compliance program is shared throughout the company.

Thirdly, it is important to ensure that training is done, not just as a one-off, but on a continuous basis so that

there are regular refreshers offered for areas of higher risks. Companies should also consider running courses in

local languages, as the risk of failing to do so, especially in countries with stringent labour laws, is that there will

be difficulties terminating employees who have violated P&P.

The fourth element is a very important part of any program, and this consists of processes to carry out regular

and targeted compliance audits, and also avenues for non-compliance reports to be made (for example, telephone

hotlines and compliance emails). Otherwise, there would be no way in which to test the efficacy of the compliance

program.

The fifth element is to put in place protocols for investigating allegations of non-compliance. This is important

because failure to follow up effectively on allegations of non-compliance is that this sends the message to employees

that the company does not take its compliance program seriously. The failure to properly follow-up could also be

a problem if the company is subsequently investigated by regulatory authorities.

Finally, remediation needs to be carried out if non-compliance has been found. This can either take the form

of disciplinary action against the wrongdoers, reviewing and revising a problematic P&P, and/or additional

training for employees. In fact, it is necessary to continually monitor a compliance program’s efficacy, determine

if any P&P need to be updated due to changes in the law and if the training program needs to be tweaked. This

requires paying close attention to the activities of regulatory authorities, whether abroad or locally (for example,

the government in a particular country may step up corruption investigations because of political pressure). A

common mistake made by multinational companies is to concentrate only on laws applicable in one particular

jurisdiction – for example, a US corporation becomes concerned only with the FCPA, and risks violating local

laws, the most common being the concept of facilitation payments, which may be allowed under the FCPA but

which are illegal under many local laws in Asia.

Having set out the basic elements of a compliance program, it is important to emphasise that underlying the

success of any compliance program, is the compelling need for strong and unconditional support for the program

from senior management.







119

The ABCs of Internal Investigations


There has been a marked increase in regulations requiring companies and senior management to be proactive in

detecting, investigating and reporting irregularities, some of the most high-profile ones being those coming out

of the US, such as the Sarbanes-Oxley Act (SOX) and the Foreign Corrupt Practices Act (FCPA). Many of these

regulations have extra-territorial reach which allow governments to control the actions of a company no matter

where it is doing business.

The need for an internal investigation may arise from tip-offs from whistleblowers, a compliance audit or an

inquiry/investigation by the government. Coupled with the ease with which information flows today, the increased

sharing of information by regulators around the world and the ability of whistleblowers (whether they are past/

present employees of the company or competitors) to lodge complaints directly with enforcement agencies

anywhere in the world, it would be very risky for any company to attempt to sweep things under the carpet.

It is therefore important for companies to establish clear protocols for conducting internal investigations, not

only to ensure the integrity of the investigation but also because an internal investigation, if carried out properly,

can be a mitigating factor if wrongdoing is subsequently established. On the contrary, an internal investigation

which has been shoddily done risks giving the impression that there has been a cover-up and creates more

problems.

An internal investigation can be a time-consuming and expensive process, so an important first step is the

plausibility check. This means evaluating the reliability of the information and determining whether sufficient

information has been given. If not done properly, this can lead to important tip-offs being ignored at the peril of

the company; the flipside is that valuable resources are wasted investigating maliciously instigated reports.

There should also be clear protocols for employees who may be required to deal with the whistleblower, firstly

to ensure that the right questions are asked as the opportunity may be lost if the whistleblower chooses to remain

anonymous (which is more often the case). Secondly, employees should be trained on the proper way to deal with

whistleblowers in order to avoid an allegation that there has been retaliation, as many countries (including in

Asia) have laws to protect whistleblowers. The company will also need to know how to handle any information/

documents provided by the whistleblower – there may be privacy or confidentiality laws which limit the use of the

information. Next, the company will need to determine at the outset if there is evidence of a material violation so

that notification is made to the company’s Audit Committee or external auditors (or even a regulator such as the

local securities exchange). In fact, this is something which should be kept in mind throughout the investigation.

It will also be necessary to evaluate the nature of the allegation(s) so that the right resources are used. For

example, is it a HR matter that is best handled by HR staff or will Legal and Audit need to be involved instead?

Are there more serious implications for the company, i.e., it is a potential antitrust or FCPA matter which could

lead to heavy penalties? Can the investigation be handled internally or do external advisors need to be engaged?

If yes, should a law-firm be engaged (especially if legal privilege is important) or will forensic accountants be

appropriate? The potential wrongdoers will also have to be identified. If senior management is involved, this

naturally increases the severity of the allegation and increases the need for external investigators to be engaged.

Another important step is to identify the locations or countries where the investigation needs to be carried out



120

– investigations with multi-jurisdictional aspects will require extra care as different laws, some of which could

be conflicting, will be involved. With more cross-border investigations, one increasingly common mistake is that

the company is concerned only with one country’s regulations, but unwittingly violates the local laws of another

country in the course of carrying out the investigations. This is particularly prevalent with data-privacy and

employment laws, where one country has much stricter data-privacy laws than another. The geographical scope is

also important in deciding which external firm is to be appointed to carry out an investigation as this may require

a firm with an international presence and wide-ranging language abilities, as otherwise the company may end up

having to spend a lot of money translating documents for its external investigators.

It is critical that once the basic scope of an internal investigation has been determined, the relevant documents/

data are retained, including all electronic documents such as emails, instant messages, web pages. A “document

hold notice” may need to be circulated to relevant employees to prevent evidence from being accidentally destroyed.

Some of the information may be in the hands of third-parties such as distributors and it will be necessary to

decide whether to approach such external parties for information. Another issues is how best to evaluate the data

collected – does the data need to be transferred to another jurisdiction? If yes, are there data-privacy issues which

would prevent such transfer? Depending on the volume of information and the languages involved, this can be an

expensive process and if not planned properly from the outset, will lead to time and money being wasted.

It will also be necessary to decide how far up the chain the investigation should be monitored, that is, should

it be done under the purview of the Audit Committee, the Board of Directors, or if it would be sufficient for local

management to oversee the investigation.

Communication channels in relation to the investigation should also be established, especially in cases where

authorities are already conducting their investigations into the company. Clear instructions on how employees

should respond should they be contacted by the authorities or the media would ensure that sensitive information

is handled properly and legal privilege is preserved.

Interviews will likely need to be carried out, usually after the review of data and documents has been completed

but there may be occasions when an interview needs to be done without completing the document review, perhaps

because the employee of the company may be leaving the company shortly and will be unwilling to be interviewed

once he/she leaves. Then the location of the interview needs to be determined, for example, is it necessary for an

external location/meeting-room to be used for interviews or can the interview be conducted within the company

premises? Next is the protocols for carrying out such interviews (e.g., what language to be used, are translators

necessary, and what warnings need to be given at the beginning or end of an interview, etc.). The risk of not handling

interviews properly is that any evidence collated may be compromised – one common result is that the evidence

collated cannot be used to defend the company in subsequent wrongful dismissal proceedings commenced by the

employee. This is especially problematic in Asia, as many countries in Asia have stringent employment laws which

make it very difficult to terminate employees even where an internal investigation reveals that there has been a

serious violation by the employee.

The practical difficulty is that in internal investigations, warrants cannot be issued and witnesses cannot be

compelled to answer questions (unlike investigations by the government). This means it can be extremely difficult

coming to a firm conclusion despite hours of time and effort having been expended, and one of the most difficult

decisions is whether to expand even further the scope of the investigation in an effort to find more evidence, or if

the matter should be closed.



121

Once an investigation is concluded, it is important for the company to take disciplinary and remedial action

to prevent future wrongdoing, as this is what the authorities now expect and additionally, will serve to send the

message that the company takes non-compliance seriously.



Forensic Accountants in the Modern and Digital Age

BY LAWRANCE LAI AND ALLAN NG | ERNST & YOUNG ADVISORY PTE. LTD.

In the modern and digital age, technological advancement has enabled companies to reinvent the way they conduct

business and manage processes. However, technology is a two-edged sword. It offers innovation, yet it can open

up new windows of opportunities for fraud to be perpetuated in businesses. Meanwhile, investigative tools and

techniques used by forensic accountants have also evolved to keep pace with these changes.

However, there is no room for complacency. Forensic accountants face the constant challenge of equipping

themselves with modern tools and techniques to carry out more, if not the same level of, efficient and effective

investigations. Modern-day forensic accountants are increasingly upgrading themselves to be proficient in the

field of digital forensics, i.e., forensic data analytics and forensic text analytics to transform the ever-growing

amount of digital data into intelligence that is worthy of further actions, so as to support their investigations and

take on modern-day fraudsters.

Forensic Data Analytics

Traditionally, and more so in the modern age, companies possess enormous pools of digital data sets such as

records of invoicing, payment, purchase, access control and asset details, as well as vendor, customer and employee

records. Some of these are potentially unrelated and unstructured, and are often untapped and latent sources of

considerable forensics evidence. Forensic accountants are able to harness the power of forensic data analysis

technology to tap into such common and yet disparate digital data sets, and transform them into intelligence in a

quick and efficient manner, so as to point out the next steps in their investigations.

By applying forensic data analytical procedures timely at any stage during an investigation, forensic accountants

can then identify patterns, chronological details, conspirators and potential issues or anomalies by examining

the relationships that lie concealed beneath these seemingly disparate digital data sets. This allows forensic

accountants to focus their resources to identify and focus on physical documents that are more likely to be the

key evidence of the fraud and better tackle the potential issues. This method is more efficient and effective than

combing through voluminous reams of printed documents, and the problems or anomalies that lay concealed in

these documents may be overlooked by tired human eyes.

Forensic accountants need to re-adjust their mindset and the way they approach their investigative tasks.

Gathering evidence by manually combing through physical copies of documents and records, and more so in





122

silos, would likely yield only fractional results as compared to what data analytical software such as ACL, or even

Microsoft Access and Excel, can achieve in a considerably shorter span of time. The difference lies in how forensic

accountants approach and corroboratively analyse digital data sets in tandem with their understanding of the

business, processes and the allegations or issues that they are investigating.

Forensic Text Analytics

The 2008 Association of Certified Fraud Examiners (ACFE) Report to the Nation on Occupational Fraud and

Abuse reported that reviewing business records such as emails is a top priority in regulatory enquiries.

Forensic text analytics is a relatively new concept that calls for employees’ emails to be analysed in a systematic

manner as part of a forensic investigation. Going through throngs of employees’ emails to identify any remote

evidence of fraud can be like searching for a needle in a haystack. However, a systematic manner to cull digital

communication data and information into intelligence worth investigating is possible with modern day forensic

software and techniques.

Forensic text analytics typically encompass the extraction, grouping and relationship analysis of employees’

emails and electronic documents, which appear as hits when searched against a set of strategically conceived

keywords.

In the past year, Ernst & Young’s fraud investigators and an ACFE research team had developed an objective

list of keywords that are specific to each of the three components of the fraud triangle, i.e., opportunity, pressure

and rationalisation. Further, the team compiled and tested a library of more than 3000 conceived keywords that

are closely associated with the three main fraud categories: financial statement fraud, asset misappropriation, and

corruption. By collaborating with the Federal Bureau of Investigation and several Fortune 500 companies, this

methodology was further refined.

Besides the text information found in emails, emails also contain metadata that stores information such as

the author, origin, and communication date etc. These digital data form the basis of how forensic text analytics

are being used to analyse emails to answer questions of “who”, “what, “when”, and on certain possible instances,

“how” and “why” the fraud is committed.

Modern forensic tools are capable of indicating and even graphically displaying specific employees or individuals

from other companies and entities in association with emails that responded as hits to searched keywords. These

emails may also respond to other keywords that are associated with a fraudulent event or action. Analysing

the frequency and patterns of these emails, possibly against the chronology and timing of the communication

spikes, may indicate certain issues and anomalies that support a fraudulent event. The results obtained through

forensic text analytics should hence be considered corroboratively with allegations being investigated and any

other information already known to the forensic accountant. All of these can then be transformed into intelligence

to point out the “next steps” in forensic investigations. The results of forensic text analytics can also be associated

with accounting information and records such as payment vouchers, cash-books, journal entries etc., as important

and corroborative evidence to support forensic investigations.

Conclusion

As more and more corporations expand globally and business transactions increase in complexity, the way

forensic investigations are being conducted and the challenges faced by forensic accountants will change in



123

tandem. As such, new forensic concepts, tools and techniques are being conceived, and will need to continue to

evolve in order to address these challenges. Lastly, forensic accountants should keep abreast of the latest forensic

technology and harness its capabilities to enable them to carry out the often daunting and laborious tasks of

forensic investigations more effectively and efficiently.

Lawrance Lai is a Partner and Allan Ng is a Manager of Fraud Investigation & Dispute Services at Ernst & Young

Advisory Pte. Ltd.


Detecting Corporate Fraud

BY LAWRANCE LAI AND STACY CHAI | ERNST & YOUNG ADVISORY PTE. LTD.

Detection of fraud has always been a topic of interest for many people, especially when fraud has caused the

downfall of many giant conglomerates, such as Enron, and WorldCom. How does one detect fraud in the current

environment? Traditionally, external and internal audits are perceived as the main methods of fraud detection and

management usually rely on these checks to give their companies a clean bill of health. In reality, according to the

Association of Certified Fraud Examiners (ACFE) 2008 Report to the Nation on Occupational Fraud and Abuse

(the “ACFE 2008 Report”), tip-offs were the most common detection method, followed by internal controls and

internal audits. Besides the “bricks and mortar” ways of fraud detection, can fraud be detected by technology?

Fraud: The Five Ws and One H

Before discussing how you can detect fraud in your organisation, it is important to understand the five “W”s (and

one “H”) of corporate fraud – “Who”, “What”, “When”, “Where”, “Why” and “How”.

What is corporate or occupational fraud and who commits it? According to the ACFE 2008 Report, occupational

fraud may be defined as “the use of one’s occupation for personal enrichment through the deliberate misuse or

misapplication of the employing organization’s resources or assets”. Although extensive research has been done

to understand the profile of a fraudster so as to facilitate the detection of fraud, there is no face to a fraudster.

Fraudsters come in “all shapes and sizes” – it can be the friendly office clerk, the Finance Manager or the Chief

Executive Officer of your company.

Why does fraud occur? Dr. Donald R. Cressey is credited with the popular “fraud triangle”, where he theorised

that three factors, i.e., opportunity, pressure and rationalisation, are usually present when a fraud happens.

According to the European Fraud Survey 2009 conducted by Ernst & Young, corporate responses to the

economic downturn such as staff redundancies can create opportunities for individuals to commit fraud by

opening gaps in internal controls. And in the ACFE 2008 Report, the lack of adequate internal controls was one

of the most common factors that increased the opportunity for fraud.

Pressure to meet the expectations of various stakeholders of the company can also increase the occurrence of

fraud. In the abovementioned survey by Ernst & Young, 52% of interviewees cited either pressure to protect their






124

company results or keeping personal performance incentives as reasons for committing corporate fraud. As such,

in current turbulent times, management should be wary of the possibly increased opportunities and pressures

present in their organisations that can lead to fraud.

The last factor is rationalisation, i.e., when one convinces oneself that it is acceptable to commit fraud in order

to fulfil one’s objectives. Without rationalisation, fraud rarely occurs even if there is opportunity and pressure to

do so.

When and where does fraud happen? The answer is fraud happens anytime and anywhere. However, we

observe that the number of cases of fraud increases in an economic downturn. One of the reasons gleaned from

our survey is that fraudsters have less “padding” to conceal their inappropriate activities in such times.

How does fraud manifest itself in your company? Corporate fraud typically falls into three categories – asset

misappropriation, corruption (including conflicts of interest and bribery) and fraudulent financial statements.

Asset misappropriation occurs when an individual steals or misuses the company’s resources such as cash and

inventory. According to the ACFE 2008 Report, asset misappropriation schemes are most commonly reported

and least costly of the three major categories of fraud with a median loss of USD$150,000.

Corruption refers to schemes where the perpetuators use their influence in business deals to obtain a benefit for

themselves. For example, employees may receive bribes by a potential vendor to award the contract to the latter or

employees may bribe potential customers to secure a lucrative deal. The ACFE2008 Report stated that corruption

had occurred in just over one quarter of the cases reviewed by them, with a median loss of USD$375,000.

Last but not least, fraudulent financial statement involves the intentional misstatement or omission of

significant information from the company’s financials. Such schemes usually involve reporting higher revenue

and lowering liabilities and expenses in order to inflate the profit of an organisation. The ACFE 2008 Report

had indicated that fraudulent financial statement schemes are the least commonly reported scheme but the most

costly with a median loss of USD$2m. If we take into account the reputational damage, criminal action (think

Enron and Worldcom) and decline in investor confidence, the cost of fraudulent financial misstatement to an

organisation is definitely greater than just the monetary loss.

Detecting Fraud the Old-Fashioned Way

Fraud is usually detected by tip-offs, internal and external audits, internal controls, sheer accident or when

reported by the police.

Management needs to be equipped with the right attitude and skills to handle potential fraud. To do so, they

need to be aware of the “red flags” that may indicate the presence of fraud but do not necessarily mean fraud is

present.

We shed some light on some of these “red flags” for each category of corporate fraud:

Asset misappropriation

• Changes in behaviours of employees such as refusal to go on leave, sudden wealth, staying in office beyond

regular working hours

• Shortages in cash or inventory that cannot be accounted for

• Missing supporting documents for business transactions



125

Corruption

• Changes in behaviours of employees such as sudden wealth, and close relationships with vendors or

customers

• Significant contracts with government authorities

• Use of suspense accounts to conceal payments of bribes

Fraudulent financial misstatements

• Strong revenue growth when organisations in the same industry are experiencing weak sales

• Recurring negative cash flows from operations while reporting higher growth

• Significant estimates that require judgment are used for recording assets, liabilities, revenues or

expenses

• Domineering management and aggressive growth strategies

In addition, organisations should evaluate the internal controls that are more prone to fraud risk and check

their business assets regularly, including physically verifying cash and inventory. It is also advisable to pay

attention to the findings raised by statutory and internal auditors. There should also be proper procedures for

handling and reviewing the complaints lodged by employees, vendors and customers, and employees should be

encouraged to report any wrongdoing and suspicious behaviour.

Detecting Fraud Using Technology

Given that e-mails and user documents form the bulk of most organisation’s communications contents,

Ernst & Young and ACFE have recently teamed up to use technology to detect fraud, i.e., use of fraud triangle

analytics.

We have talked about the components of the fraud triangle earlier and how three factors, namely opportunity,

pressure and rationalization are typically present when fraud occurs. From the research by Ernst & Young and

ACFE, there are certain keywords that appear in higher frequency in e-mails whenever fraud is committed. A

list of 3000 keywords that are distinctive to each component of the fraud triangle and each category of corporate

fraud has been created. These keywords can then be used by management or internal auditors to proactively

review their employees’ e-mail communications to alert them of possible fraud occurrence.

While technology is a useful enabler, detecting fraud is not easy. The management of an organisation needs

to be alert to “red flags”, and be sceptical when things appear too good to be true. It should also instil the right

mindset and attitude towards fraud and fraud detection in their employees, so that as a team, they can serve as a

watchdog against fraud.

Lawrance Lai is a Partner and Stacy Chai is a Manager of Fraud Investigation & Dispute Services at Ernst & Young

Advisory Pte. Ltd.







126

Crisis Containment – Dealing with the Unforeseen

BY STEVE VICKERS | FTI-INTERNATIONAL RISK

Anyone who predicted in the summer of 2008 that some of the world’s leading financial institutions would soon

be wiped out, others rescued by massive government bailouts and that the global economy would teeter on the

brink of a new Great Depression, would have been laughed at. The size and speed of the financial tsunami last

autumn is a measure of how ill-prepared the corporate world was. While there are encouraging signs the worst

may be over, uncertainties still abound. This is precisely when organisations should take stock of their overall

ability to handle the unforeseen.

Fraud is likely to increase before the improving global financial environment stabilises. Individuals and directors

can be tempted to commit fraud if they have the opportunity, are sufficiently desperate, or if the potential rewards

are significant. Few businesses are immune from these risk factors, even in the best of times.

Other potential crises, including political risk, terrorism, and unforeseen and sudden natural disasters, can and

will destabilise organisations that are unprepared. The ability to react swiftly, effectively and - equally importantly

– be seen to do so may be critical to corporate survival or the preservation of a company’s market cap or position.

The bottom line is – “failing to plan is planning to fail”.

From a corporate perspective, crises generally occur in three key areas:

• Natural disasters – including floods, fires, typhoons, earthquakes and related acts of God;

• Environmental and health-related problems – including epidemics, accidental spills, hazardous material

issues, nuclear or chemical scares and sudden government or NGO environmental group intervention; all

of which are coupled with critical PR implications;

• Man-made events – including arson, sabotage, terrorism, agitated labour issues and the exposure of

substantial corporate fraud or corruption.

While contingency and “continuity” plans can and often are made to respond to natural disasters, and to a certain

extent, environmental crises – such events are both difficult to prevent and to neutralise. Man-made events on the

other hand can be mitigated. Unfortunately, most organisations are ill-prepared to deal with substantial corporate

fraud, terrorism and other man-made crises. They can go un-monitored and undetected until it is too late to avert

disaster.

In the corporate context, companies find that a corporate crisis can often surface following a mass defection

of staff or the receipt of an anonymous email alleging impropriety, or the sudden loss of critical confidential

company data, or perhaps an indication of strange movements of company funds.

How Prepared is Your Company to Handle a Crisis?

The critical question that company directors should be asking now is – do we have systems and protocols in place?

Have they been tested? Can we respond quickly and efficiently to a crisis? Do we have an effectively structure in

place? Can we find the people who are part of our crisis containment team; this on a 24-hour basis? Directors need

to know that in times like these, that the company has sufficient resources, both internal and external, to respond

to any major corporate emergency or challenge.



127

In our experience, the first 48 hours from the onset of the crisis is the most critical period. The key to success is

to support senior management in mobilising company resources, focusing them on resolving the core issue, whilst

also causing the minimum impact to personnel or disruption to the company’s operations.

Part and parcel of a crisis containment plan is that the dedicated team can act robustly, expeditiously, with

experience and discretion. While there is always an urgent need for rapid decisions and their execution, many

companies will find, at the same time, there is an acute shortage of suitably trained personnel and experience.

Where it is evident that management does not have the necessary knowledge or experience in-house,

organisations should seek the support of an independent risk mitigation consultant. For the first few days of the

crisis, consultants can act as the “aggregate” to hold together the various disparate elements required to work

through the crisis. Organisations which have matrix management structures are often particularly ill-suited to deal

with sudden and unpredicted events – which require a clear chain of command with no room for equivocation.

Crisis containment teams are usually comprised of investigators, data forensic experts and/or forensic

accountants as well as public relations and crisis communications specialists who can provide expert advice to

senior management and the company board. This is to facilitate well-informed decisions that can made and

implemented in a consistent, timely fashion. It is essential for this team to have a clearly defined objective, a

flexible and achievable plan and sufficient resources. It is also important to brief and support teams who are

keeping certain operations running as normally as possible, with minimum disruption to customers and business

partners.

The initial step is to comprehensively assess “ground zero” and realistically estimate the damage or likely future

damage. In the event of catastrophic fraud or corruption issues, this is often determined via the examination of

relevant documents, including phone records, emails and other computer files, meeting schedules, travel patterns,

etc., as these might apply to the crisis at hand.

Ninety-five percent of the world’s business records are reportedly in some form of electronic medium. Therefore,

electronic evidence recovery is a vital tool to be used in support of almost any crisis.

Once the key factors are known, efforts can be made to determine possible solutions and the relative merits of

various courses of action. It is imperative that senior management (CEO and main board members) be presented

with sufficient information and recommendations to make strategic decisions, but equally importantly, that they

be kept sufficiently above the fray so as not to be over-involved in the minutia to the detriment of a key focus on

the bigger picture – which is to see through the current crisis and to visualise the resolution of the matter.

Crisis Resolution

Throughout the handling of any major crisis, the designated crisis containment team should be concurrently

examining and resolving at least the following issues:

• Is this an enterprise-threatening issue?

• Do we have sufficient resources in-house to deal with it?

• Can we call upon external specialists to fill in for lack of in-house expertise?

• What is the likely long-term financial impact on the bottom line?

• Have we plugged all immediate and identifiable gaps to prevent further losses?

• Can the losses be recovered or, are they covered by insurance – fidelity policies, bankers’ blanket bonds or

a Directors and Officers policy?



128

• Which controls failed and are we still exposed?

• Who was involved / what damage has been done / what are we doing about it?

• Should an immediate report be made to the police or to other local authorities?

• Crisis communications – are we prepared to deal with the media even if we have not had time to plan?

Crises are by their very nature unpredictable, but with a well-designed and tested structure in place, companies

can mitigate damage to their reputations, their organisation, share value and the loyalty of customers and staff.

Finally, the reader will note that this article is entitled “Crisis Containment – Dealing with the Unforeseen”,

and NOT “crisis management”, which some corporate gurus preach. In fact, I would contend that there is no such

thing as “crisis management”, there is only “crisis containment” – effectively the act of “putting the toothpaste

back in the tube”, after something has occurred. Therefore, the only crisis that is perfectly handled is one that has

been averted.

Steve Vickers is President & CEO of FTI-International Risk.


Mitigating Corporate Risk in Asia – an Overview


Managing and growing a sustainable business in Asia can present unique challenges to foreign multinational

corporations and to overseas investors. The current global economic downturn and continued volatility on the

world’s financial markets has, exacerbated these risks. Yet Asia, and particularly China, still offer the greatest

opportunity for growth. Many companies will fail to seize the moment or will become entangled in difficulties

simply because they lack comprehensive and relevant risk mitigation policies or because they have failed to

conduct effective due diligence.

The informed investor will already be aware that risks to foreign companies seeking to operate in Asia are more

considerable than in their home countries; this is due principally to a number of unpredictable variables including

non-transparent business environments, poorly developed and still evolving legal systems, insufficient and

unreliable market and business information, and rapid and confusing change. Despite all the above, multinational

corporations have little or no option but to be involved. So what then are the principal risks, operational risks and

other issues which can be identified and mitigated?

Corporate risk manifests itself in a variety of forms, not all of which are unique to Asia. Some of the more

common operational issues include the selection of unsuitable joint venture partners. In our experience, this

is a critical issue. The selection and assessment of joint venture partners or distributors is a matter of the first

import. Sadly, many organisations do little or no investigative due diligence into the background and reputation

of prospective partners, sometimes being too dependent on third parties who are commission or introduction

fee-oriented, and who have little interest in the longer-term success of the business. A key consideration must





129

also be whether or not the interests of the two organisations will remain aligned on a sustainable basis – after

the multinational corporation has parted with its cash, and what long-term and sustainable incentives exist for

a Chinese partner to sustain the working relationship? If this is not clear from the outset, serious problems can

often occur.

Another key issue is the significantly differing business cultures between the legalistic / contract-driven Western

business model, and the Chinese or Asian relationship-driven approach. Many Western firms spend an inordinate

amount of time concocting US-styled legal documentation and drafting detailed representations and warranties

in these contracts; in reality, many of these can never be enforceable in Asian countries. Sadly, the same firms

spend little or no time on understanding, in any great detail, what makes their prospective new partners tick.

Most recently, a number of ugly disputes have occurred during the downsizing of operations, particularly in

Southern China. Downsizing exercises need to be carefully executed in order to protect the long-term reputation of

multinational corporations, and, setting aside the unfortunate public image issues, to avoid incurring the ire of the

local government; this especially important if the company wishes to return following the economic downturn.

Although corruption is certainly endemic in many Asian countries, it is not necessary that it be tolerated in a

foreign corporate environment. In fact, companies that have failed to take a stand and who have tolerated unchecked

corruption have fared worse than other companies with better developed corporate ethics and “zero-tolerance”

policies. Key areas include kick-backs from public relations companies, marketing spend and all forms of vendor

commissions and payments. Hong Kong and Singapore have exemplary anti-corruption mechanisms, and free

advice and guidance can be provided by the ICAC in Hong Kong via their corruption prevention department.

While many companies bring with them tried and tested internal controls and systems, not all may be

appropriate to the Asian environment. For example, internal audit teams from the West seldom understand the

critical import of company and individual chops as business instruments in the Chinese and Japanese cultures.

Although some companies may have brought in state-of-the-art electronic compliance systems to segregate

job functions, authorisation levels and access to sensitive data, these systems cannot protect a multinational

corporation from abuses. These typically include unauthorised use of a company chop to open accounts, move

money or commit the company to onerous obligations. Consequently, audit and risk assessments are way off mark

and fail to identify key vulnerabilities.

No Western-style system that we have seen to date effectively manages to curtail risks arising from such

apparently unimportant but actually crucial instruments. The use of a counterfeit company chop in China or

Japan is a very serious offence and various local control systems exist to register chops. Many multinational

corporations and their internal audit departments are blissfully unaware of these risks and of the processes which

exist in-country to mitigate them.

The potential for collusion between employees and outside parties should be high on management’s priority

list. This risk is intensified where employees actually control or have beneficial interests in companies who are

suppliers to the multinational corporation. Apart from the almost inevitable quality control and price implications,

such arrangements can lead to counterfeit goods being injected into the genuine supply chain, causing considerable

damage to brand equity as well as significant loss of revenue.

Most recently, we have become aware of highly sophisticated counterfeiting syndicates who have effectively

taken over the management of brands, and who have even licensed others to produce goods without genuine

authority. This “brand-jacking” can be an enterprise-threatening problem, and must be dealt with on a strategic



130

basis corporate wide. Previously issued genuine legal documents such as licenses to produce, etc., have been

amended by culprits who, using the company’s own legal documentation and language, have authorised other

companies to produce “unlimited amounts” of their product in return for large sums of money disguised as royalty

payments. This is not a simple intellectual property problem – it is, in effect, an organised crime and needs to be

dealt with as such.

Poor quality control is often a downstream consequence of unchecked corruption elsewhere in the organisation.

Where companies outsource this vital function, special attention should always be paid to any suspicion of corrupt

payments to product inspectors and the like. Failing to address this problem can lead to catastrophic liabilities

and consequences, especially in the pharmaceutical and food sectors.

Many companies have anti-money laundering policies which can only be described as wooden or inappropriate

to the actual threat. In the current environment, governments are paying increasing attention to money laundering

and US companies have been under increasing scrutiny in relation to the Foreign Corrupt Practices Act (FCPA),

which prohibits payment to foreign officials to obtain business. The current regulatory framework in many

Western countries is being actively reviewed and any perception of corporate wrongdoings will, in this climate,

attract severe penalties from regulators.

The Psychology and Structure of MNC’s – Does This Make Them More Vulnerable to Risk in Emerging Markets?

Above are just some of the potential dangers for Western businesses operating in Asia. However, the structure and

organisation of some multinational corporations can be a significant factor in making them much more vulnerable

to risk in emerging markets, such as Asia. That many multinational corporations bring problems onto themselves

by virtue of their structure, lack of clarity and direction in management, and the lack of a visible and well-enforced

deterrence policy.

We recently examined a number of major cases and crises. We then sought to identify whether or not there

were any common factors in these situations which arose. Significantly, in each of the cases studied, the same

key factors – listed below – were present in one combination or another and had a major bearing on the problem.

We believe that any multinational corporation with three or more of these factors present runs a higher risk of a

significant corporate crisis, corruption exposure or the potential for massive fraud. Such organisations would be

wise to act immediately to focus their resources, both internal and external, to contain and mitigate such risk.

Organisational and Structural Factors Which Increase Multinational Corporations’ Risk Profile in Asia:

• Matrix management systems;

• A recent business process re-engineering exercise or significant restructuring;

• Expatriate management who are rotated every two years or so;

• High local staff turnover;

• Internal controls which are insufficient or not appropriate to the Asian environment – such as not allowing

for company chops and local / national practices;

• Overdependence or over-reliance on “technical solutions” or on apparently sophisticated electronic controls;

this while failing to allow for the real risk of collusion between internal staff, resulting in the compromise

of such systems and passwords;

• Insufficient pre-employment screening of employees and permitting recently hired executives to recruit



131

personnel in complete “tribes” from their previous workplace – their loyalty will not lie with the new

company;

• Anti-money laundering programmes which are “wooden” or which are not relevant to the local circumstances

or the actual threat;

• External accounting procedures which were weak, or the use of external auditors who have little or no

experience in the industry being audited;

• Internal audit staff being reluctant to confront local management for cultural reasons – especially so in

Japan;

• Previous early warnings or minor frauds which had been covered up for internal corporate or political

reasons, resulting in a corrupt culture; and

• Overall staff morale being low – probably due to a combination of all the above factors, resulting in an

unhappy workplace.

Unforeseen and Political Risk

In addition to the factors outlined above, companies operating in Asia are, to a certain extent, hostage to events

outside of their control, which are not immediately apparent but which may have a material impact on their

businesses.

Specific to Asia at this time are issues surrounding North Korea’s increasing belligerence and the likelihood

of increased sanctions, their enforcement and the potential for low-intensity attacks on South Korean or foreign

shipping, or the closure of air space and sea lanes in the East China Sea as a direct consequence. This, for example,

could significantly increase freight and air rates as well as related insurance.

In South Asia, Pakistan’s growing fragility is of deep concern as is the spread of terrorist activity to India and to

the international business community operating there. In Southeast Asia, despite the recent bombing in Jakarta,

the outlook is more cautiously optimistic and, setting aside the recent bombing outrage, is unlikely to significantly

undermine foreign investment and trade in Indonesia.

Another political risk stemming from regulatory reform in the US and elsewhere is now apparent. The US is the

epicentre of regulatory reform with a rising tsunami of changes; these calculated to rein in hedge funds, investment

banks, brokerages, insurers and others. Efforts to beef up regulatory oversight will certainly require overhauling

of risk management models, which will be expensive, time-consuming and may materially impact the manner in

which firms can do business. These reforms may well impact Asia by affecting investment flows, slowing down

transactions and increasing risk adversity. Nationalistic and protectionist trends abound, and the US is currently

launching aggressive action aimed at “off-shore banking centres”, having somewhat irrationally labelled some of

these as money laundering centres. Hong Kong was previously thus targeted, but following discussions with the

Chinese premier, the US apparently recanted somewhat.

Managing “Off-Balance Sheet” Risk in Asia

It’s clear that for foreign companies to succeed in Asia and other emerging markets, it is critical that they understand

clearly where the actual risks lie and take robust measures to mitigate these. Risk mitigation is not a quick fix but

a continuous process which necessarily evolves apace with the development of an organisation.

Companies should not rely solely on their auditors, whether internal or external, to prevent catastrophic fraud



132

or related issues. Auditors are “watch-dogs”, not “bloodhounds”, and their function, training and structure is not

sufficient to protect companies from such risk. Companies must police themselves.

Multinational corporations should be aware of the significant risks associated with internal changes in

technology; especially so if the IT function, compliance and security functions are not properly integrated or

if they fail to work together co-operatively. This risk is again exacerbated when companies operate a matrix

management system across countries.

Finally – and at the risk of stating the obvious – for companies to effectively mitigate risk and to thrive in

the Asian environment, it is crucial to have honest employees, strong and relevant internal controls, robust

and visible deterrents and clear management responsibility to prevent fraud and corruption. Senior staff

must expressly accountable for this as part of their job descriptions, and as far as is possible, clear and distinct

reporting lines to mitigate confusion between the operating units and the corporate headquarters thousands of

miles away.



Mitigating Against Corporate Fraud in Asia


Recent headlines exposing major corporate fraud – such as Madoff, Stanford Financial, “Yen from heaven”

and the Satyam case, to name but a few – have come as no surprise to investigators and risk consultants. What

was a surprise though were the huge amounts involved and the lengthy period of time over which these frauds

had been perpetrated. In general terms, it is true to say that fraud becomes harder to conceal when credit is

tight or during a major financial crisis. Essentially, when the tide goes out, it is easy to spot who is swimming

naked.

Corporate fraud will always occur when there is a clear opportunity and when the likelihood of detection

appears remote, or where the prevailing corporate culture is insufficiently robust and where there is a general

belief that the worst that can possibly happen is a simple dismissal.

Ponzi schemes, such as the Madoff case however, are different. Such scams nearly always involve the

payment of high returns to a few investors, using the incoming cash from the second wave of investors.

Unfortunately, the second and subsequent waves of investors’ funds are not actually invested. Rather, fictitious

statements are produced which always show disproportionately successful returns, over a sustained period;

this irrespective of the actual market conditions. These schemes are largely built on greed or unwavering trust

in the perpetrator. The simple rule of thumb in considering investments or trusting investment advisors is that

“if the return looks too good, it probably isn’t real”.

For the purposes of this article, fraud is split into two specific categories: fraud by the corporation and

fraud against the company.





133

Fraud by the Corporation

This typically occurs when corporations and companies find themselves under some financial pressure, and the

directors are tempted to falsify records, overstate the value of their receivables or to engage in other activities to

extend or to obtain lines of credit under false pretences. Often, those involved in these criminal activities rationalise

their actions on the basis that, “I did it to save the company – it wasn’t for my own gain”. Other examples of fraud

by the company include, deliberate and wilful tax evasion, deception of customs authorities to avoid paying cross-

border VAT (especially between Hong Kong and the Chinese mainland), and deliberate non-compliance with

environmental or other regulations to save money.

Other examples of fraud by the company include the deliberate manipulation and ramping of shares; this

calculated to obtain short-term gains for individual directors, sponsors and related parties.

The spectre of companies paying illegal commissions to obtain business is, unfortunately, rampant in South

East Asia and in China, and, whilst hitherto companies had little to fear from the authorities, outside of Hong Kong

and Singapore (where strong anti-corruption legislation and enforcement exists), this situation is now changing

slightly for the better. The US Foreign Corrupt Practices Act (FCPA) and many other international and regional

laws are being much more actively enforced and there is now a much higher chance of prosecutions taking place.

Foreign multinational corporations are actively taking note of the new environment, but many local and PRC

firms continue with these practices.

Fraud Against the Company

There are many ways and systems by which companies are effectively the “victims” of fraud; this can be achieved

by individuals within the company, acting alone, or, and this is much more dangerous – in collusion with internal

employees and external providers/vendors.

Many of the really successful frauds occur because of bad processes, insufficient actual supervision of employees

or a poor culture of accountability within the company.

Typically, the more senior the manager involved in corporate fraud, the greater the amount of damage that will

be caused, both financially and reputationally. These frauds can often run for lengthy periods of time, and in many

Asian cultures, notably Japan, internal audit may be reluctant or unwilling to challenge senior management.

Whilst it would be nice to assume that fraud can always be prevented by robust business controls and a

dedicated and thorough audit processes, the hard reality is that nearly all companies will face a serious fraud at

some time or another.

There are two key issues that companies can practically do to mitigate the impact of fraud and corruption. The

first is to recognise the key factors and specific risks to any given industry or business location, and to take such

risk mitigation measures as are practicable.

The second key factor is to be prepared for, and to react to a major fraud incident effectively to contain the

impact – once the fraud has occurred.

Recognising Key Fraud Factors

Some of the key risk factors which can enable serious fraud to go undetected include the following.

Companies with transnational operations utilising matrix management without enhanced audit capabilities.

Fraud in offshore subsidiaries and affiliates can be difficult to detect from corporate headquarters, especially



134

when different languages and cultures apply, and when no one individual is accountable for fraud prevention and

proactive local measures on the ground in all the countries.

Insufficient due diligence into new suppliers or vendors. Nine out of ten of the major cases we handled

have occurred at companies who failed to conduct thorough due diligence into their suppliers and vendors; this

especially so in emerging markets.

The absence of a systematic “vendor verification programme” exposed firms to considerable risk. In numerous

instances in China, we have seen the unjustified substitution of loyal vendors with others who are actually

beneficially or otherwise controlled by the company’s own management (or their immediate families). Such a

situation poses inherent conflicts – typically, either the quality of the product (QC) will degenerate, or the pricing

of suppliers’ products will become disproportionately high – causing a significant drop in profitability.

Insufficient background vetting into management and key staff. Many companies fail to do detailed background

checks into employees. Current trends in human resources departments compound the problem, with company

references simply stating that, “Mr. Wong worked for us between X and Y dates”. What might be missing is that

Mr. Wong was actually fired for fraud or malfeasance.

Companies that do perform background checks often retain low cost screening organisations, which although

cheap, offer little or no actual protection and in fact, create a false sense of security. We recently handled a case

where the client had paid US$300 for a computerised background check, which came back clean. In fact, the

person concerned was an undischarged bankrupt and went on to defraud the company for over HK$100 million

in a sophisticated internal scheme.

In the financial services industry, mass staff movements between institutions are common and recently

recruited managers from other companies were given carte blanche to recruit their previous followers. This has

resulted in collusive practices and the undermining of business controls and systems.

Inappropriate business controls and systems. As previously mentioned earlier in the series, China and Japan

as well as a number of other countries including Korea, make extensive use of business “chops”, which are at the

heart of all corporate transactions. Western firms operate on a completely different system and many international

audit processes and internal systems and controls fail to take account of local practices. Consequently, the value

of internal and external audit in preventing fraud is severely limited. Additionally, many international firms

operate on the basis that a clean audit report is an indicator of no fraud, when in fact auditors can be described

as “watchdogs”, not “bloodhounds”. Overdependence on audit, to protect the organisation from fraud, is always

a mistake.

Companies should examine their global fraud prevention measures, and identify specific and unique risk areas

arising from cultural, operational and local differences in emerging markets. Thereafter, specific emphasis through

internal audit and management processes should address these key differences and risk factors.

Fraud risk management (fraud prevention) requires a holistic approach: a realistic assessment of potential

areas where fraud can occur and the development of systems and procedures to mitigate against these risks.

The fraud risk profile of an organisation can change rapidly with each new business venture, including M&A

activity, so fraud risk management is (or should be) an on-going process for every business.

Companies should also plan ahead by developing a fraud response plan.

In summary – the prevention of fraud requires the following key factors:

Honest employees. But how do we know they are honest now? Have their circumstances changed? Does your



135

star trader have a cocaine habit? Is your CFO a regular visitor to the Macau gaming tables? Is one of your staff

under critical financial pressure – perhaps due to a family issue?

Companies should consider a substantive background checking and vetting programme, and beware of low-

end background checking providers, the value of which is questionable.

Strong and relevant internal controls. Are they relevant to the marketplace in which we are operating?

Strong and visible deterrents. We strongly recommend a zero-tolerance policy be adopted in all cases of

corporate malfeasance. In China, this is described as “killing the chicken in front of the monkey”. It is important

to consider the company’s policy. Simply dismissing offenders is not a deterrent to future fraud.

Clear reporting lines – management responsibility – whistleblower programmes. Staff need to know clearly

to whom they are accountable, and how and to whom to report suspicious activity.

Management staff should be allocated responsibility and accountability for fraud risk management, which

should be written into their job descriptions, and subject to annual reviews.

An independent “whistleblower programme” (provided it is properly conducted and followed up), is the most

effective way to ensure that fraud and corruption is detected at the earliest possible opportunity.

Effective corporate reaction to fraud

Once fraud is alleged or suspected, prompt action is necessary to seek, verify or refute suspicions.

Corporate fraud investigation is not something that should be conducted in-house, other than in the largest of

organisations who have trained personnel. Additionally, making use of specialist consultants avoids accusations

of conflicts of interest amongst staff who may have worked together for many years. Once the investigation is

concluded, the consultants can leave and the business can continue as normal.

If preliminary investigations indicate that there is fraud, two parallel interrelated investigations need to be

commenced immediately. Firstly, to confirm the full extent of the fraud and to identify those involved so that the

fraud/s can immediately be stopped from causing an even greater losses. The second investigation is to trace the

proceeds of the fraud through asset tracing investigations: to seek quickly to prevent dispersion of the proceeds

and to seek recovery. It is also essential early in this process to “ring fence” any relevant insurance policies.

As the commercial world has become more complex and globalisation also grows, the investigation of fraud

has become more specialised and requires a highly experienced multi-disciplined team. The essential skills for a

fraud investigation team include:

• Legal and procedural knowledge relevant to the jurisdiction/s involved;

• Data forensics and electronic evidence recovery skills. With nearly 100% of all documents now created

electronically and continued growth in email traffic, use of PDAs etc., it is critical that investigators know

properly and expeditiously how to locate, protect, retrieve and analyse significant amounts of electronic

data for investigative leads and potential evidence;

• Forensic accounting skills to document and quantify losses, and to assist in tracing fraud proceeds;

• Interviewing techniques. Fraud is committed by people, not machines, so the ability to draw essential

information and evidence, to include potential confessions, through interview is key;

• Experience. Whilst fraud investigation is becoming more complex, the underlying nature of fraud itself has

hardly changed in the last decade; and

• Dogged tenacity.



136

The Chinese curse of “may you live in interesting times” has never been more relevant than it is today. There is

unlikely to be any “outbreak of honesty” in Asia soon.






www.executiveview.com | Australia

137

Bad Medicine – the Application of the Foreign Corrupt Practices Act to the Pharmaceutical Drug and Device Industry in Australia

BY GREG WILLIAMS AND RICHARD ABRAHAM | CLAYTON UTZ

Introduced in 1977, the Foreign Corrupt Practices Act 1977 (15 U.S.C. §§ 78dd-1) (FCPA) has long shaped the

conduct of US businesses abroad. The FCPA prohibits US persons, US firms, and entities listed on the US

Stock Exchange from making corrupt payments to foreign officials for the purpose of obtaining or retaining

business for or with, or directing business to, any person. Further, a US parent corporation may be held liable

for the acts of foreign subsidiaries where they authorised, directed or controlled the activity in question. A

breach of the FCPA can lead to significant civil and criminal penalties being imposed on the company or

individual in question.

In comparative terms, Australia may be considered a “low risk” environment, given that the Australian

public sector has low levels of perceived corruption. Each year, Transparency International releases its

Corruption Perceptions Index (CPI), aimed at measuring the perceived levels of public-sector corruption

across 180 countries. In 2008 Australia was ranked in equal ninth position with Canada.

Notwithstanding this, it is important that US pharmaceutical and medical device companies (and their

subsidiaries) operating in Australia have an understanding as to:

• who in the medical drug and device field may be considered to be a “foreign official” for the purposes of

the FCPA; and

• what conduct will be considered to be corrupt conduct under Australian law.

This is important given the recent scrutiny of US medical device manufacturers by the US Department of Justice,

with a number of manufacturers being the focus of investigations relating to possible violations of the FCPA. The

application of the FCPA to the medical device industry is a comparatively recent phenomenon and one which

reflects the increasing focus of governments and regulators on relationships with health professionals. This recent

US focus has been mirrored in Australia by the increased regulation of the pharmaceutical and medical device

industries by their peak industry bodies, Medicines Australia and the Medical Technology Association of Australia

respectively. In short, medical drug and device companies are under the microscope as never before.

Public Officials in the Health Industry

Under the FCPA, a “foreign official” is defined to mean any officer or employee of a foreign government, a public

international organisation, or any department or agency thereof, or any person acting in an official capacity.

A U S T R A L I A


Australia | www.executiveview.com

138

In many cases it will be clear to a US company that they are dealing with a “foreign official”, for example when

dealing with members of the Therapeutic Goods Administration (TGA) when applying to have a product listed

on the Australian Register of Therapeutic Goods (ARTG), or negotiating the contents of a Consumer Medicine

Information (CMI) or Product Information (PI) document.

However, in other cases there is no neat distinction between those who regulate the provision of medical

services (government), and those who provide the services (medical practitioners). This is because government

in Australia (at both the federal and State levels) oversees a large public health system. Much hospital care in

Australia is provided free in large public hospitals.

And while private health insurance is available for those who wish to pay a premium for elective procedures

at private hospitals, clinics, and practices, few medical practitioners in Australia conduct purely private practices.

Rather, most also hold appointments at public hospitals.

This makes the majority of Australian health professionals and health administrators employees or contractors

of an Australian government, and as such there is a very real risk that they will be considered “foreign officials”

for the purposes of the FCPA.

Regulation of Corrupt Conduct Under Australian Criminal Law and Industry Codes

An understanding of Australian criminal law and industry regulation in this area is important for a US company.

While any prosecution under the FCPA would of course proceed under the jurisprudence developed around the

enforcement of that Act, contravention of Australian law or industry regulation would draw the attention of

Australian authorities, and in turn the attention of the Department of Justice.

Australian Criminal Law

Australian criminal law prohibits bribery and other corrupt practices. The Commonwealth Criminal Code

(contained in the Schedule to the Criminal Code Act 1995(Cth)) creates offences relating to bribery and the

provision of corrupting benefits to Commonwealth public officials with the intent to influence the public official in

the exercise of the official’s duties. It is an offence to give or offer a bribe or benefit as well as to ask for or receive

one.

In addition to the Commonwealth legislation, each Australian state has specific legislation addressing these

issues. For example, in the state of New South Wales Part 4A of the Crimes Act 1900 (NSW) contains provisions

prohibiting an agent from corruptly receiving or soliciting a benefit as an inducement or reward for behaving in

a particular way in respect of the affairs or business of the agent’s principal. It also prohibits any person from

corruptly giving or offering to give any agent (or another person at the request of an agent) such a benefit as an

inducement or reward.

The medical profession is also regulated by state legislation. In NSW the relevant legislation is the Medical

Practice Act 1992 (NSW). Section 112B of that Act makes it an offence for a person to offer or give a registered

medical practitioner, or the employer of a registered medical practitioner, a benefit as inducement, consideration

or reward for the registered medical practitioner recommending to another person that the other person use any

health product supplied by the offeror.

These statutory offences are complemented by a common law offence of bribery. The defence is defined as “the



139

receiving or offering of an undue reward by or to any person in public office, in order to influence that person’s

behaviour in that office. and to incline that person to act contrary to accepted rules of honesty and integrity.” (R v

Allen (1992) 62 A Crim R 251)

In practice, these criminal offences are difficult to prove and are therefore rarely used.

Industry Codes

Australia has a system of self-regulation of the pharmaceutical and medical device industries’ promotion of their

products. Under this system, members of these industries are required to comply with Codes which are promulgated

by their industry peak bodies when promoting their products. The Code for prescription pharmaceuticals is

promulgated by Medicines Australia (MA) and Code for medical devices by the Medical Technology Association

of Australia (MTAA). Compliance with certain parts of the MA Code is compulsory for all companies as a condition

of marketing approval. The MTAA is lobbying the federal government to make compliance with the MTAA Code

compulsory for all medical device companies in a similar manner.

The Codes regulate both advertising and engagement by manufacturers and suppliers with healthcare

professionals and the public. For example, section 10 of the MA Code regulates the relationship between companies

and healthcare professionals, it requires that “financial or material benefits must not be offered to healthcare

professionals to influence them in their prescribing or dispensing of pharmaceutical products.” The section also

regulates the related areas of:

• the provision of entertainment (10.1), hospitality (10.2), and travel (10.3);

• the creation of consultancy and advisory board positions (10.6); and

• remuneration for services (10.7).

Part 6 of the MTAA Code addresses interactions between member companies, healthcare professionals and

other professionals. Generally, Members are required by clause 6.1 to abide by the following principle: “A

member must undertake and encourage ethical business practices and socially responsible Industry conduct

and must not use any inappropriate inducement or offer any personal benefit or advantage in order to promote

or encourage the use of its Products.” Part 6 of the MTAA Code also regulates the related areas of:

• member sponsored training (6.2) and third-party educational conferences (6.3);

• consultancy arrangements (6.4) and the provision of hospitality and entertainment (6.5); and

• the giving of gifts (6.7) and running of competitions to/for healthcare professionals (6.8).

Operating in the Australian Regulatory Environment

The increased scrutiny of the whole of the relationship between pharmaceutical and device manufacturers

on the one hand and healthcare professionals on the other is likely to continue both in Australia and the

United States. Australian pharmaceutical manufacturers with parents who have a US presence need to be

aware that their activities in Australia may well expose their parent to risk under the FCPA. Conversely, US

companies should be aware that the activities of their Australian subsidiaries have the potential to give rise to

risk, particularly in light of the increased scrutiny being applied to these industries in Australia. In both cases,

the standards established by the relevant industry Code are likely to be an important determinant of liability.



140

Accordingly, companies must adopt a “whole of relationship” view of their interaction with doctors so as not to

contravene either Australian law and regulations, or the FCPA.

Greg Williams is a Partner and Richard Abraham is a Solicitor at Clayton Utz.


Australia’s Response to the OECD Convention on Combating Bribery

BY GARY BERSON, GREG WILLIAMS AND GEORGIA MORTLEY | CLAYTON UTZ

The United States’ anti-corruption legislation, the Foreign Corrupt Practices Act (FCPA), is a well developed

and internationally recognised document. With recent US prosecutions and settlements demonstrating the

ever increasing reach of the FCPA to prosecute non US companies, the international community is aware of the

serious risks imposed by the FCPA. What may be less known is that multinational companies dealing with corrupt

behaviour face risks above and beyond the FCPA, by reason of an international convention which builds upon the

bribery offences in the FCPA.

Origins

In 1997 the Organisation for Economic Co-operation and Development (OECD) adopted the OECD Convention

on Combating Bribery of Foreign Public Officials in International Business Transactions. The OECD was

optimistic that by reducing corrupt practices globally the OECD member countries and associated non-member

countries would improve transparency in international business. It was hoped that such improvement would

level the competitive playing field for all companies and, in turn, have a catalytic effect on efforts to promote good

governance by encouraging greater transparency and accountability in both the public and private sectors.

To date the OECD Convention has been ratified by 30 member countries, including the United States, United

Kingdom, Canada and Australia, and eight non-member countries. By ratifying the OECD Convention, countries

have agreed to implement functionally equivalent provisions of the OECD Convention into their domestic

legislation and subject themselves to regular progress monitoring by the OECD’s Working Group on Bribery in

International Transactions.

Australian Criminal Code

While companies or individuals may be subject to the FCPA’s jurisdiction, any legal entity or individual subject to

Australian jurisdiction also needs to be aware that the Australian Criminal Code Act 1995 (Cth) imposes obligations

just as stringent as those in the FCPA.

In 1999 the Australian government criminalised the act of bribing a foreign public official by implementing

the OECD Convention into Australian domestic law through the Criminal Code Amendment Bribery of Foreign

Officials Act 1999 (Cth). The Australian Criminal Code was further amended in 2007 to comply with the OECD’s

Working Group’s recommendations.





141

The Criminal Code applies where conduct amounting to bribery occurs wholly or partly in Australia, or on

an Australian ship or aircraft, as well as where bribery occurring wholly outside Australia is committed by an

Australian citizen, an Australian resident or a company incorporated in Australia.

The legislation is functionally equivalent to the FCPA in the sense that a person will be found guilty of a bribery

offence if they offer, offer to provide, provide or cause to be provided a benefit which is not legitimately due to

another person with the intention to influence a foreign public official in the exercise of their official duty in order

to obtain or retain business or a business advantage.

Furthermore, the Criminal Code contains specific provisions which relate to accessorial liability and corporate

liability. If a company is held to have corporate liability over another’s actions, or if any person is found to have

aided, abetted, counselled or procured the commissioning of a bribery offence, they are taken as having committed

the offence in its entirety and will be sanctioned accordingly. Corporate liability for an individual’s actions can be

established by proving that the company’s board of director’s or senior managers “expressly, tacitly or impliedly”

authorised or permitted the conduct, or by proving that the company had a corporate culture which “directed,

encouraged, tolerated or led to non-compliance” with the relevant provision.

The Australian law provides for only two exceptions where a transaction to a foreign public official may be

legitimate. Firstly, is if the benefit or conduct is lawful in the official’s country. This exception is only available

where the advantage given or offered to a foreign public official is expressly permitted or required by written

law. Secondly, a payment or benefit may be legitimate if it is clearly a facilitation payment. Such payment must

have a value of a minor nature and have a sole and dominate purpose of expediting or securing performance of a

minor routine government action. To rely in this exception companies must demonstrate that they have in place

appropriate recording keeping procedures which includes adequately recording the value, date, recipient and the

purpose of any transaction to a foreign public official.

The penalties for those who breach the Criminal Code are currently fines of up to $66,000 and a maximum

prison term of 10 years for individuals and fines of up to $330,000 and possible penalties and forfeiture of assets

under the Proceeds of Crime Act 2002 (Cth) for corporations. However, in August 2008 the OECD’s Working

Group reviewing the Australian law (discussed further below) expressed its disappointment “in the lack of actual

progress in increasing the fine available for legal persons for the foreign bribery offence to a level that is effective,

proportionate and dissuasive. “

OECD Review and Australia’s Commitment to Prosecute

The real risk to companies or individuals coming within Australia’s jurisdiction is that following the OECD’s Phase

2 examinations in 2005, where Australia’s practical application of their anti-corruption laws were evaluated, the

OECD issued 22 recommendations and the stark acknowledgement that to date no company or individual has

been charged under the Australian legislation.

Not having a successful prosecution has had serious ramifications for the Australian Government and in turn

those within its jurisdiction. As a country’s true commitment to anti-corruption enforcement can only be judged

on steps taken to successfully prosecute, the OECD’s Working Group reported that they would await “sufficient

practice” to be undertaken before they could further assess Australia’s ability to commit to their anti-corruption

legislation. The Australian Government has reacted, implementing numerous recommendations and issuing a

mandate through the Australian Attorney General’s Department to investigate and obtain a successful prosecution.



142

In Australia’s commitment to detection and investigation the Australian Federal Police (AFP) Case

Categorisation Prioritisation Model has been amended to place the corruption of foreign officials within the

“high” priority category. The AFP has also verbally informed the OECD that they will undertake evaluations on all

suspected foreign bribery allegations based on credible media reports, publicly available documents from foreign

courts and mutual legal assistance requests.

In Australia’s attempt to obtain a successful prosecution the Australian Government has also targeted

government and non-government organisations. By amending the Australian Public Service Code of Conduct

the Australian Government has imposed positive obligations on the Australian civil service, including all

Commonwealth officers, public servants, agencies and employees of AusAid (Australia’s official development

aid agency) to directly report any evidence relating to foreign bribery. Further, the Australian Taxation Office

has established guidelines for all tax auditors which places upon them equal obligations to report any suspected

foreign bribery.

The current economic climate has also increased the risks to companies and individuals falling within the

Australian jurisdiction. Not only do times like these see the potential for disgruntled employees and stakeholders

to become whistleblowers, but the Australian Government has reported that they are currently considering

possible reforms to increase protection to whistleblowers. Secondly, the regulatory authorities will not fail to

notice that anti-corruption measures may become less of a priority to companies and their employees during an

economic downturn. Finally, the Commonwealth Director of Public Prosecutions has issued a formal direction

which clarifies that decisions to prosecute for foreign bribery should not be influenced by the potential effect

upon the relations with another state, the identity of natural or legal persons involved or any considerations of

economic interest.

Conclusion

Based on the underlying principles and provisions of the OECD Convention, Australia has created and enacted

legislation which is legally as stringent and identical in intent to that of the FCPA. As a result, recent US

prosecutions and decisions are relevant to how the Australian legislation may be interpreted and this, paired with

the ever-present mandate for Australia to investigate and obtain a successful prosecution of their own, should

alert companies and individuals within the Australian jurisdiction of the importance of compliance and the very

real risks they face if they deviate from their legal obligations.

Gary Berson and Greg Williams are Partners and Georgia Mortley is a Solicitor at Clayton Utz.







143

Preventing Corporate Fraud

BY LAWRANCE LAI AND IVAN WONG | ERNST & YOUNG ADVISORY PTE. LTD.

Corporate fraud did not start with Enron or WorldCom, and did not end with them either. Recently we have

witnessed major financial frauds such as that of Madoff making headlines globally.

What most employers, investors, and consumers do not realise is how much fraud costs them. Based on the

Association of Certified Fraud Examiners’ 2008 Report to the Nation on Occupational Fraud & Abuse (the “ACFE

2008 Report”), it is estimated that in the US, companies lose approximately 7% of their annual revenues to

fraud.

Investor confidence in global capital markets has been weakened as a result of the financial crisis and economic

slowdown in most major economies. This has been further aggravated by the frauds that have happened globally.

It is hard to restore investor confidence, and this demonstrates the significant destabilising effect that fraud can

have on the economy.

Preventing fraud is not solely the responsibility of management, although they play an important role; it is the

responsibility of all stakeholders.

Business leaders, investors, and top management are increasingly acknowledging their responsibility to

implement and maintain strong and effective internal controls to prevent fraud. Regulators and authorities also

recognise their roles in setting appropriate guidelines and enforcement standards. For example, in Singapore, there

have been proposed changes to listing requirements. These proposed changes include requiring all newly-listed

companies to appoint governance advisers for an initial period of two years post-IPO, and CFOs and independent

directors should be appointed at least six months prior to IPO submissions.

Auditors globally also acknowledge that they will need to continue improving their methodologies and

technologies for spotting “red flags” more quickly. This could also be evident in the requirements in “AUS210 –

The auditor’s responsibility to consider fraud and error in an audit of a financial report”, issued by the Australian

Accounting Research Foundation on behalf of CPA Australia and The Institute of Chartered Accountants in

Australia, that the auditor should obtain written representations from management that:

• It acknowledges its responsibility for the implementation and operations of accounting and internal control

systems that are designed to prevent and detect fraud and error.

• It believes the effects of those uncorrected financial report misstatements aggregated by the auditor during

the audit are immaterial, both individually and in the aggregate, to the financial report taken as a whole. A

summary of such items should be included in or attached to the written representation.

• It has disclosed to the auditor all significant facts relating to any frauds or suspected frauds known to

management that may have affected the entity.

• It has disclosed to the auditor the results of its assessment of the risk that the financial report may be

materially misstated as a result of fraud.

However, stakeholders also need to consider the potential for management override of controls or management

influence over the financial reporting process in order to manipulate earnings and influence the perception of the

company’s performance and profitability.



144

With major fraud scandals hitting the headlines, most of the company have now realised that having a

robust anti-fraud program can play an important role in assisting the company to soften the impact of fraud if it

happens.

Implementing an Anti-Fraud Program

The objective of an anti-fraud program is to provide the framework for a company to prevent, detect and report

fraud. An anti-fraud program cannot provide absolute assurance that a fraud will not occur. However, an anti-

fraud program provides guidance to management and its employees on preventing fraud. A good and effective

anti-fraud program should encompass the following:

Set the Proper Tone from the Top

Companies that value ethical behaviour and actively manage their fraud risks will ultimately enjoy a greater

competitive edge and stronger reputation. As such, companies should have a written code of conduct that reflects

their ethics, values and non-tolerance for employee fraud. Like any policies and procedures, corporate culture and

ethical behaviour need to be communicated, understood and supported by the top. Hence, management needs to

serve as a role model for honesty and integrity. To maintain credibility, be sure to conduct a prompt and thorough

investigation of every incident.

Conduct Periodic Fraud Detection Procedures

Conducting periodic internal auditing procedures that are specifically designed to detect major fraud is necessary

and essential for deterring employees from committing fraud. Designing a fraud detection procedure that meets

your needs is important as there is no one procedure that fits all companies.

Set Up a Whistle-Blowing Hotline

Companies should establish a confidential system that makes it easy for employees, vendors and customers to

anonymously report suspected fraud activities. The system could be operated 24/7 either internally or by a third-

party professional.

Many companies are now required under their governance structure to have a way for employees to anonymously

report any suspected fraud activities. Based on the ACFE 2008 Report, companies with fraud hotlines cut their

losses by more than 50%, because fraudulent activities were detected earlier through the hotline.

It is critical that allegations of fraud that are received through an anonymous reporting system get to the

right people within the company and are investigated promptly and thoroughly. A common mistake in dealing

with allegations is spending time identify the anonymous source, rather than quickly looking into preserving the

evidence. It really doesn’t matter who made an allegation; what matters is whether or not the allegation is true.

Training and Education

A whistle-blowing system will not be effective if employees, vendors and customers are not adequately aware

of it or do not understand what constitutes fraud. Broad-based fraud education for all employees, vendors and

customers are recommended, with more specific anti-fraud training presented to different groups of people within

and outside of the company.



145

Companies should also consider introducing complementary activities across different media, e.g., intranet,

posters, newsletters, to build awareness on ethical behaviours and encourage everyone’s involvement in bringing

illegal or unethical behaviours to light. Establishing regular communication on anti-fraud is integral to preventing

fraud.

Perform Background Checks on Employees

Hiring the right, as well as honest and ethical employees is one of the ways to prevent fraud from happening.

Companies can consider performing background checks on potential employees, including their criminal history,

civil history, credit check, education records, past employment and references. Before performing background and

credit checks, be sure to comply with any legal requirements and obtaining the applicant’s consent, if required.

Where fraud prevention is concerned, there is no one-size-fits-all approach. However, there are some

fundamental guidelines to consider. What is more important is to understand your business and company

processes so as to design an effective anti-fraud program that serves your needs.

Lawrance Lai is a Partner and Ivan Wong is a Manager of Fraud Investigation & Dispute Services at Ernst & Young

Advisory Pte. Ltd.






India | www.executiveview.com

146

Designing and Implementing a Compliance and Anti-Corruption Program

BY ANIL ROY | GRANT THORNTON INDIA

Today, corporates are global – both in reach and structure, they operate in multiple jurisdictions and in a dynamic

and evolving business environment. They are subject to a number of regulations and laws, of their own country

and the jurisdiction they are operating in. There may be circumstances in which they are also covered by the trans-

jurisdictional laws of other countries, e.g., the US Foreign Corrupt Practices Act (FCPA), even when they are doing

business in a third country. Anti-money laundering, anti-terrorism financing and Sarbanes-Oxley, have all gained

momentum in the last two years with their enforcement directives. With regulations appearing at an increasing

pace, compliance costs have significantly increased.

However, there is an undisputed case of compliance being part of the corporate strategy. In the long run, only

compliant companies enhance their business. Today corruption has become a global challenge and Asian and

Middle Eastern countries appear at the lower spectrum of the Transparency Corruption Perceptions Index. If

companies operating in such environments need to attract businesses across borders, they need to exhibit a strong

compliance program which not only concentrates on internal processes but also addresses risks relating to their

dealings with the outside world.

Companies that contravene the governing laws may suffer damage to their reputation – unravelling years of

brand development. The reputational loss when a regulatory violation occurs can often be more severe than the

fines and penalties for a violation. And recent landmark judgments by the US Department of Justice and Securities

and Exchange Commission under the FCPA are testimony to this statement.

A successful compliance program can, however, be put in place by following some simple rules.

Compliance Culture

Creating a compliance program is about creating a compliance culture. The culture of a company can be seen as

deep-rooted values, attitudes and beliefs, what it stands for and their relationship with all stakeholders including

employees, suppliers, customers, investors and regulators. A company with a good compliance culture has a top

to bottom approach that encourages compliance. Leadership spirit is at the heart of a successful compliance

program. The management should have the willingness and the commitment to address compliance issues and

allocate resources to achieve it. The values, attitudes and beliefs exhibited by top management have the greatest

influence on organisational culture. If the management is not seen to be consistently committed to implementing a

compliance culture, it may send a message to all employees that compliance is discretionary and not mandatory.

I N D I A


www.executiveview.com | India

147

Commit Resources

While it is imperative that each organisation sets the tone at the top; people driving the compliance program should

have enough clout to be able to seek results and also be accountable for its development and implementation. The

ownership, roles and responsibilities should be clearly defined and documented in order to implement various

aspects/procedures of the compliance program.

Code of Conduct

The company’s code of conduct is critical in this process as it sets forth the ethical stand of the company. The

code should highlight compliance obligations, as the code is to guide all employees and stakeholders it should be

relevant to their roles and duties within the organisation and include relevant ethical dilemmas for them to relate

to. Often the code of conduct and policy/ programs on compliance are drafted by the company’s legal experts with

little resonance to common concerns. Hence, the code should be clear, simple and easily adoptable for it to be

followed and implemented by the employees.

Education and Training

Several statements within the governing code could have different connotations for employees at different

levels; hence, educating employees on the compliance programs and training on various aspects of a compliance

program is very important. Creating awareness of the downside of non compliance contributes to the success

of a compliance program. Successful training should effectively communicate compliance standards, roles and

responsibilities of all stakeholders and also motivate them to comply. When employees are aware of their rights

and obligations, they will be more vigilant and better equipped to deal with unlawful or unethical conduct that

the company may be exposed to. A measure of the success of the education and training program is reflected in

employees being proactive in seeking to understand their legal obligation that impacts their work.

Reporting and Communication

The design of a compliance system should be such that it encourages employees to report potential violations.

Clear and secure channels of communication should be set up for employees and all stakeholders to report

wrongdoing and lodge complaints or questions which can be addressed in a timely and meaningful way, ensuring

the anonymity of complainants and protection of whistleblowers from retaliation. This is the key to a successful

compliance program.

Monitoring and adapting to changes

The company’s management needs to recognise that setting the right culture will be a major responsibility for

them which should be in parallel with monitoring and controlling. To achieve a good compliance program it is

imperative that the system put in place should be “proactive”. The system should not only deter but also detect,

and once detected – corrected expeditiously. The compliance program should be subjected to regular audits and

monitoring. Companies should use technology for automated exception reports, system alert for any deviation

with inbuilt checks and balances and other technology enabled evaluation techniques. Further, if as a result of any

monitoring exercise any gaps are identified, alternate controls should be vested in the system in a timely manner

and communicated effectively. A good compliance program should also be dynamic and flexible. The risk/process


India | www.executiveview.com

148

owners should anticipate and respond to changes in the market, technology, or governing regulations.

Enforcement and Re-enforcement

It is equally important to enforce standards through well-publicised disciplinary guidelines and actions.

The company should not hesitate to enforce appropriate disciplinary action against employees or other

stakeholders that have violated policies, procedures, and/or applicable regulatory laws. Such an act goes a long

way in reinstating the management’s stance of “zero tolerance” on unacceptable behaviour.

Conclusion

Compliance programs should be devised and implemented in a way that it is internalised and is integral to company

objectives/strategy. It should be the company ‘norm’, where non-compliance attracts exemplary punishment.

Anil Roy is a Partner at Grant Thornton India.





www.executiveview.com | Indonesia

149

Indonesia’s White-Collar Crime Regulatory Framework

BY RICHARD CORNWALLIS | MAKARIM & TAIRA S.

Indonesia has long had laws dealing with corruption although at the moment there is no separate law which

governs private to private corruption – this will still fall within certain provisions of the Criminal Code relating to

fraud and embezzlement, etc.

The Criminal Code offences relating to the bribery of public officials have been expanded and added to by Law

No.31 of 1999 on the Eradication of the Criminal Act of Corruption (the “Law”). In brief, the Law:

• expands the definition of “government official”

• increases fines and custodial sentences

• expands the definition of “corruption” and introduces a cross-border element

• details the concept of officers of a company being liable for criminal actions of employees

• attempts to ease the investigation/prosecution of criminal acts

• provides for the establishment of a joint team and commission to fight corruption

• enables the public to assist in eradicating corruption.

Other subsequent legislation has also added to the basic regulatory framework as contained in the Law. For

example, there are laws or regulations relating to public participation in the eradication of corruption, the creation

of the State Ombudsman and the “acceleration” of the anti-corruption programme.

The Anti-Corruption Law

The principle provision of the Law which will likely concern corporate executives in Indonesia is Article 13 which

basically states that anybody who gives presents or promises to a government employee because that employee

holds a certain power, authority or position may be sentenced to a maximum of three years imprisonment and/or

a maximum fine of Rp150 million (approximately US$15,000). There are of course a number of other important

provisions which deal with various aspects of corrupt acts.

As can be seen, Article 13 is extremely broad and the Law does not provide for any exceptions or exclusions

in relation to this provision. The Law does not differentiate the presents or gifts based on value. Directors,

commissioners and certain senior officials in state-owned enterprises are considered to be government officials.

Of course, the Law was deliberately drafted to try to avoid leaving any loopholes.

Any director of an Indonesian company, whether local or a foreigner and wherever resident, can be personally

liable for their subordinate’s illegal payment to tax or other government officials. The definition of “government

I N D O N E S I A


Indonesia | www.executiveview.com

150

employee” is very broad and includes employees of companies that receive assistance from state funds.

The offences under the Law are also very broad. For example, just giving a company paper weight, or

sponsoring a flight to a seminar in Bali, because the official holds a certain position, may be a technical breach

of the Law. As discussed below, there does not appear to be any specific exception for facilitation, expediting or

similar payments.

In addition, having a middleman or an offshore affiliate make the payment will not assist as any individual or

corporation, including a foreign party, “who provides assistance, opportunity, facilities or information to create a

criminal act of corruption”, is also guilty of the offence. The Law therefore has an extra-territoriality aspect.

Gratifications

In 2001, the concept of “gratifications” given to public officials was introduced and determines when and how

these may be considered as bribery. If the gratification (which can be a gift in basically any form, including among

others, free travel tickets, accommodation, discounts, commissions or medical treatment) has a value of Rp10

million (approximately US$1000) or more, then the recipient has the burden to prove that the gratification

is not bribery. If the value is less than Rp10 million, then the burden of proof of bribery rests with the public

prosecutor.

There are two interesting points here. First, the penalty for breach of the relevant article is only imposed on the

recipient (the situation of the person providing the gratification may be dealt with in other provisions of the Law).

Secondly, the receipt of a gratification is not a crime if the recipient reports the gift to the Corruption Eradication

Commission. The Commission will then decide whether the gratification can be kept by the recipient or should

become State property.

Entertainment

The Law does not specifically mention meals or entertainment and therefore there is no reference to value. It

may be argued that paying for meals for public officials could be deemed as the provision of a present or gift and

the advice above in relation to gifts is equally applicable to meals. In reality, it is still common practice to pay for

meals for public officials or to invite them to functions, seminars etc., which may involve free food and beverage.

Arguably, hospitality of this kind which is arranged around a proper business purpose and which is not unusually

luxurious or excessively frequent is not caught by the relevant anti-corruption laws.

Agents

The Law provides that in the event the corrupt act is committed by or on behalf of a corporation, then the

lawsuit and the sentence can be imposed on the corporation and/or its board. A corrupt act is committed by a

corporation if it is committed by persons based on “work relations or other relations, acting in such corporate

environment, both personally or jointly”. The language is unclear and there is nothing further to assist with

interpretation.

Corruption Eradication Commission (the “KPK”)

The KPK was established by Law No. 30/2002 which sets out the details of the KPK’s authorities to enforce

the provisions of the Law. It also introduced the Corruption Court which is authorised to examine and decide



151

on corruption offences prosecuted by the KPK. The Corruption Court is within the District Court’s authority

and is authorised to examine and decide on corruption offences within or outside Indonesia committed by

Indonesian individuals.

Among others, the role of the KPK is to coordinate with and supervise those agencies having the authority

to eradicate corruption; conduct investigations, interrogations and prosecutions with respect to corruption;

and take steps to prevent corruption; and monitor the management of government.

The KPK is even authorised, provided certain criteria are satisfied, to take over investigations or

indictments against perpetrators of corruption offences from the police or the district attorney’s office as

well as to investigate, interrogate and prosecute law enforcers, state apparatuses and other parties involved

in corruption offences committed by such government officials, etc.

To assist enforcement, the KPK is granted wide powers to take certain measures, among others to: use

wire-tapping; instruct the issuance of travel bans; request data and clarification from banks or other financial

institutions regarding the financial status of suspects or defendants under investigation; and to block their

accounts. In addition, witnesses (except certain close relatives and Catholic priests) cannot invoke client

confidentiality or refuse to provide information. Interestingly, an acquittal verdict does not abolish the right

to reclaim state losses. Also, even if the accused executive dies, the lawsuit may in some circumstances be

continued against his or her heirs. Financial rewards may be given to those providing information on corrupt

acts.

The Corruption Court

The Corruption Court was formed in order to examine and settle corruption offences investigated by the KPK

and is part of the public court located in the Central Jakarta District Court with jurisdiction covering the

entire territory of the Republic of Indonesia. It has authorisation to examine and settle corruption offences

committed by Indonesian citizens within and outside Indonesia.

The existence of the Corruption Court in its present form is threatened as the Constitutional Court

determined that the establishment of the court was not lawful and stipulated that the Corruption Court will

be disbanded unless a new law mandating the existence of the Corruption Court was enacted by no later than

19 December 2009. With various political forces at play and vested interests lobbying, it appears at present

that any new Constitutional Court will be a ‘watered down’ version of the existing court.

Conclusion

Since the introduction of the Law, it is true to say that there has not been a tidal wave of successful prosecutions

of corruption cases, other than those judgements issued by the Corruption Court. Indeed, there are cynics

who maintain that corruption is both endemic and as prevalent as it was 10 years ago. However, it must also

be acknowledged that the difficulties faced by the government authorities in bringing actions in the ‘normal’

courts against offenders have been and still are substantial, particularly when the vehicle for bringing such

actions, the Indonesian judiciary, has itself been under intense scrutiny and the subject of criticism and

accusation.

Setting aside the successes or failures of the recent legislation, we can conclude from the foregoing that

there is ample provision in the Law, not to mention the establishment of the KPK and the Corruption Court,



152

to warn corporate executives against committing (or allowing their businesses to commit) the criminal act of

corruption, or indeed any type of white-collar crime.

Richard Cornwallis is a Senior Foreign Legal Consultant at Makarim & Taira S.


Employment Aspects of Corruption in Indonesia

BY RICHARD CORNWALLIS | MAKARIM & TAIRA S.

Not even the strictest compliance and anti-corruption systems and safeguards can guarantee the absence

of white-collar crime or other serious misconduct such as fraud and embezzlement. This is particularly so

in Indonesia where termination of employment for corruption or embezzlement is common. The problems

in dealing with white-collar crime facing corporate executives in Indonesia can be very different to those

encountered elsewhere, as Indonesian manpower laws and practices vary significantly from those in place in

many other jurisdictions such as the US, Australia or Europe.

In particular it is required to set aside preconceived concepts and notions of what may happen here as the

easy, efficient, cheap and speedy termination of employees, even those who may have committed criminal

acts, rarely occurs in Indonesia. Given certain vagaries and uncertainties in the judicial process (including the

labour courts) it is just not possible to guarantee a swift, smooth and easy, not to mention cost-free, termination

of employment.

The comments below are by no means comprehensive and the procedures taken by the employer may be based

just as much on “feel” and “instinct” (taking into account the character of the person involved and the chances of

that person aggressively contesting any termination).

Legal Position of Termination for Corruption (i.e., Serious Misconduct)

Under Article 158 of Law No. 13 of 2003 on Manpower Affairs (“Manpower Law”), an employer may terminate

an employee’s employment if the employee commits “serious violations” (these would include deception, theft,

or embezzlement of goods and/or funds belong to the employer). Such violations however should be supported

by evidence, namely: the employee/labourer was caught in the act; or there is a confession from the employee; or

other evidence in the form of a report made by the person in charge in the employer exists and this is supported

by at least two eyewitnesses.

The problem in Indonesia is that in 2005 the Indonesian Constitutional Court declared the provisions of

Article 158 (among others) to be “unconstitutional” and therefore not legally binding. Therefore, an employer

cannot “dismiss” immediately an employee for serious misconduct. The employer should report the alleged crime

to the police and then follow the criminal proceedings under the Indonesian Criminal Procedural Law. Only

after the employee has been found guilty (and assuming the conviction is not appealed by the employee) can the

employer terminate the employee.





153

Following the Constitutional Court’s decision, the Ministry of Manpower (“MOM”) issued two circular letters

stating, amongst other things that an employer can terminate an employee for “Urgent Reasons” under an

article of the Indonesian Civil Code without having to report the serious misconduct to the police etc.

Recently, the Indonesian Supreme Court stated that the above decision of the Constitutional Court does

not need to be followed; i.e., the position is as under Article 158 (and other relevant articles) of the Manpower

Law. However, given that Indonesia does not follow the principle of precedent, it is questionable whether this

decision needs to be followed by other courts, including the Labour Court.

The end result of the above is that it is still currently unclear whether an employer can immediately dismiss an

employee for serious misconduct under Article 158 (and other relevant articles) of the Manpower Law. In

practice, most employers use their adopted Code of Conduct and Company Regulations as the basis for

termination of employment. It is important that the employer ensures that it has adopted a Code of Conduct

and has a “state of the art” set of Company Regulations (or Collective Labour Agreement, if there is a labour

union) in order to assist in any termination of employment for corruption.

Termination Procedures

It is not within the scope of this article to detail the formal procedure for termination of employment. Suffice

it to say that it is a process which would usually include a series of bipartite meetings with the employee, a

series of mediation meetings with a mediator/conciliator and then, assuming there has been no agreement,

the formal legal action at the relevant Labour Court, from which appeals are possible. In all, the entire process

could take 6-9 months to get to the initial Labour Court decision stage and during this period the employee

is still required to pay the employee who is being terminated. Legal costs could be substantial not to mention

the expenditure on executive time and effort and disruption to business (see also the Worst Case Scenario

below).

In view of the time and involved processes of the termination procedure, not to mention the uncertainties

of termination for serious misconduct as mentioned above, it is hardly surprising that many employers prefer

to enter into discussions with the employees to agree upon a mutually-agreed termination of employment

without any further punishment and certainly without any report to the police authorities.

In deciding the course to take once an act of corruption has been discovered, much will depend on the

employee’s character and personality, background, family situation and also of course whether the employer

has full knowledge of the extent of the corruption. Much will also depend on whether the employee obtains

external advice in this matter and is willing to spend money on trying to “fight” any charges.

Alternative Actions Available to the Employer

One of the problems in reporting the employee’s violations (e.g., fraud or embezzlement of funds) to the police

is that the police will often would not pursue and continue an investigation due to the insufficient government

funding in their investigative budget. Consequently, there are reports of employers having to provide some

kind of “financial assistance” in order for the police to sustain their investigation on a reported criminal action.

This may obviously have significant implications for the employer from an FCPA (or equivalent) perspective.

As mentioned above, the option of obtaining a resignation (where no approval is required from the Labour

Court) or a mutually-agreed termination is often attractive notwithstanding that sometimes a financial



154

inducement may even need to be paid to the employee. To achieve this, the employer may need to “convince”

the employee that this may be the only win-win solution in this particular case and to warn the employee of

the potential for detainment by the police if the employer decides to bring and report the employee’s actions to

the police.

In most corruption cases the employee is immediately and formally suspended or placed on “garden leave”

during the time that any investigation is carried out.

Worst Case Scenario

It is not uncommon for employees, even those who have admitted a criminal act, to change their minds, renounce

confessions, take action against the employer for making false accusations and obtain court injunctions or

attachments over assets of the employer. This “worst case scenario” could also include reports to the police,

manpower, immigration and tax authorities, and the initiation of civil suits as well as a denial that any wrong had

been done. The scenario continues with the employer having to go to the Labour Court (and potential appeals

therefrom) to obtain termination approval. Furthermore, employees could place false stories in the press, write

accusatory letters to newspapers, customers, suppliers and others and generally cause the employer to incur

great time and expense in “fighting fires” rather than carrying on its business. Whilst it is still often the case that

the employee will resign and some form of repayment will likely be made, it is always prudent to keep in mind

the worst case scenario and not allow any circumstances to exist that may allow any of those events to occur.

Recovery of Misappropriated Funds

Recovering misappropriated funds in Indonesia may be difficult in view of the inherent irregularities in the

Indonesian legal system. Moreover, any seizure of assets, unless the employee gives them up voluntarily, should

first be conducted upon a decision of the competent district court through submission of a lawsuit, otherwise

this may be considered as an illegal confiscation of someone’s property. The easiest way to recover funds is

usually to use a personal approach with the employee to reach a mutual agreement to return the funds to the

employer over a certain period of time. Experience shows that obtaining a portion but not all of the stolen

money immediately is often more successful than aiming for the return of all funds over a longer repayment

period.

Involvement of Foreign Expatriates of the Employer/Group

Although the Manpower Law only prohibits an expatriate from holding a position which deals with human

resources affairs, in practice, many manpower officials interpret this provision broadly so as to restrict expatriates

from dealing or being in any way involved with manpower related issues. Consequently, it is advisable for

expatriate directors/senior officials to be accompanied (if not replaced) by an Indonesian HR officer/manager

in coping with termination matters and the Indonesian HR officer/manager who should take the leading role.

Conclusion

The concept of having to pay money to someone who has defrauded their employer may appear to be abhorrent

but it is a regular occurrence here. Likewise, the concept of having to obtain approval from a court to terminate

the employee’s employment may also seem strange but, again, it is required in Indonesia unless there is a



155

voluntary resignation or mutually-agreed termination. Termination of employment for reasons of corruption

can offer some difficult choices and significant potential problems for employers and their senior corporate

executives.

Richard Cornwallis is a Senior Foreign Legal Consultant at Makarim & Taira S.





Thailand | www.executiveview.com

156

Criminal Liability and the Thai Customs Act

BY THAWAT DAMSA-ARD AND CHITCHAI (ADDY) PUNSAN | TILLEKE & GIBBINS INTERNATIONAL

Thailand is a country in which violation of customs laws can create criminal liability. However, such criminal

liability may not necessarily be easy to assign. One reason is that Thailand’s 83 year-old customs law, the Customs

Act B.E. 2469 (1926) (the “Act”) contains several ambiguities. These ambiguities have provided a significant

challenge for Thai authorities trying to enforce this criminal law. Nevertheless, the Thai government’s efforts to

tackle “customs evasion” and “customs avoidance” have become more high-profile in recent months. Pursuant to

an August 2009 press release from the Thai Customs Department, customs revenues in July 2009 are thus far

the highest of the year, despite the current global economic downturn. The press release also states that customs

officers have been instructed to improve “efficiency” in customs collections. This raises public concern as to

whether such stringent law enforcement is justified. The problem, however, lies not in enforcement of the law per

se, but in the law itself. If change is desired, such change should come first with revisions to the Act.

The first problem involves definition of the terms “customs evasion” and “customs avoidance.” According to

some legal scholars from the Thai Customs Department, the terms “customs evasion” and “customs avoidance” are

two different offenses under Section of 27 of the Act. While “customs evasion” refers to import and export without

passing through customs (smuggling), “customs avoidance” refers to import and export with false declaration for

goods passing through customs.

On the other hand, the Office of the Council of State (OCS) and the Anti-Money Laundering Office (AMLO)

are of the opinion that “customs avoidance” is classified under “customs evasion”. Therefore, as the Anti-Money

Laundering Act includes “customs evasion” as a predicate offense, but does not include “customs avoidance” as a

predicate offense. However, despite this absence, AMLO has requested that the Customs Department also report

“customs avoidance” cases to it for further action. As a consequence, an alleged offender’s assets may be subject to

confiscation by AMLO for violation of acts of “customs avoidance”. This has been a practice guideline although there

is no Supreme Court precedent to support such exercise.

Besides the aforementioned definition confusion, application of strict liability under the Act has proven

problematic. What distinguishes this law from other criminal laws is that the Act adopts the concept of strict liability

where “intent” or “negligence” is not required. Further, one cannot be excused for violation for lack of “intent” and

mere “negligence”. What is unclear is whether strict liability under Section 16 of the Customs Act Number IX (“Act

No. IX”) applies to the offense of “customs avoidance” under Section 27 of the Act. Section 16 of the Act No. IX

provides that “the execution of any act provided in Section 27 and Section 99 of the Customs Act B.E. 2469 shall be

deemed to be an offense, irrespective of the existence or non-existence of any willful intent or negligence.”

T H A I L A N D


www.executiveview.com | Thailand

157

Such provision contradicts Section 27 of the Act, which defines “customs avoidance” as being “involved in

any manner in carrying, removing or dealing with such goods in any manner to avoid or attempt to avoid the

payment of customs tax or of any duties to avoid or attempt to avoid any provisions of law and restrictions relating

to the importation, exportation, landing, warehousing, and delivery of goods ‘with the intention’ to defraud the

government tax.”

As above, the question is whether a “customs avoidance” offense requires “intent” as an element for a cause of

action. Should a defendant be convicted because of mistakenly declaring the wrong number for customs clearance?

Alarmingly, some Supreme Court decisions suggest that the offense does not require “intent” by reasoning that

Section 16 of the Act No. IX clearly excludes “intent”. However, many Supreme Court decisions guide otherwise by

ruling that offenses under Section 27 of the Act do not require “intent”, arguing that “customs avoidance” offenses,

as specifically provided in the statute, must have been committed with the intention to defraud the tax. This is

an example of the ambiguities and apparent inconsistencies that currently exist in the customs laws. One way to

resolve this problem would be to separate all offenses in Section 27 into different sections under the Act and to

explicitly identify whether “intent” is required.

Another problem in the Act that should be resolved is the ambiguity surrounding the provision on officer and

director liability. Violations under the Act are offenses for which an officer or director can be presumed criminally

liable under Section 115 quarter, which states that “in the cases where an offender liable . . . under the Act is a

juristic person, a ‘managing director,’ a ‘managing partner’ or a ‘person responsible for the operation of such

juristic person,’ [that person] shall be liable . . . for such offence unless it can be proven that such offence was

committed without his knowledge or consent or [if] he has acted reasonably in preventing such offence.”

The Act fails to clearly define the terms (i) “managing director”, (ii) “managing partner”, and (iii) “person

responsible for the operation of juristic person”. Without the definition of each term, one may question who

should be the defendant if the company has a CEO and a chairman but no “managing director”. Another question

may be whether all staff of the company should be liable simply because each of them contributes to the company’s

operation. As a common practice for the Thai authorities, all directors listed in the company registration would

be named as defendants. However, the real solution is for these three terms to be clearly defined to minimise the

confusion and reduce the number of unnecessary defendants.

As provided by the Penal Code, a person shall be criminally punished only when the act committed is defined

by law as an offense. It is therefore not appropriate for authorities to enforce such an ambiguous law under the

concept of strict liability, particularly where the penalties are significant, with criminal fines as high as four times

the price of the goods (plus duty) and incarceration of a maximum of ten years. If Thailand wants to continue to

enjoy its reputation as a business-friendly country, the Customs Act must be amended.

Thawat Damsa-Ard is a Partner and Chitchai (Addy) Punsan is a Paralegal at Tilleke & Gibbins International.






158

4A F R I C A

www.executiveview.com | South Africa

159

The Insider Trading Regime in South Africa

BY AMANDA TREGONING AND RIAZ ITZKIN | BELL DEWAR

According to a recent study undertaken by a crime risk management consultancy, the South African economy loses

approximately R40 billion to white-collar crime each year. This has led to a suite of legislation being enacted to curb

the incidence of white-collar crime, including the Financial Intelligence Centre Act 38 of 2001 (which regulates

money laundering controls), the Protected Disclosures Act 26 of 2000 (often referred to as the Whistle-Blowing

Act) and the Securities Services Act 36 of 2004 (SSA) which, inter alia, renders insider trading an offence.

Insider trading refers to trading activity and non-activity which take place on the basis of price-sensitive

information which is not available to other shareholders or to the general public. In general, its prohibition is

aimed at preventing trading on the basis of unfair informational advantages which may undermine the stability

and efficiency of the securities market.

By international standards, the prohibition of insider trading in South Africa is relatively recent, having been

made illegal for the first time in 1973 by Section 233 of the Companies Act 61 of 1973.

The dated insider trading provisions in the Companies Act were replaced in 1998 by the Insider Trading Act

135 of 1998, a move motivated in part by South Africa’s re-integration into the international financial markets and

the government’s desire to create an environment conducive to foreign investment.

In 2005, the Insider Trading Act was repealed by the SSA. The SSA’s insider trading provisions are more

finely-tuned, forming part of the corporate governance regulations aimed at improving financial market efficiency,

increasing investor confidence and maintaining a stable market environment.

The Offence of Insider Trading under the SSA

‘Inside Information’ under the SSA is specific or precise information regarding a company which is obtained as an

insider and which, if made public, would result in a market response through a change in a company’s share price

or value (Section 72 of the SSA).

An ‘Insider’ under the SSA is a director, employee or shareholder of an issuer of listed securities to which inside

information relates, a person having access to such information by virtue of employment, office or profession, or

a recipient of inside information from such a person (Section 72 of the SSA).

The SSA creates four offences. These offences relate to dealing in such securities for the insider’s own account,

dealing in such securities for any other person, disclosure of inside information to others, and encouragement or

discouragement of others from dealing in such securities (Section 73 of the SSA).

The SSA affords defences to certain persons who have engaged in the first three offences. In respect of the

S O U T H A F R I C A


South Africa | www.executiveview.com

160

two offences of dealing for one’s own account and for any other person, an insider is not liable when acting in

pursuit of a specific category of transactions regulated by the Securities Regulatory Panel established under the

Companies Act. In addition, such an insider is not liable where he or she only became an insider after having given

the instruction to deal.

In respect of the offence of disclosure, a transgressor is not liable if it was necessary to disclose the inside

information for the proper performance of the functions of his or her employment, office or profession. However,

an insider who encourages or discourages dealing is afforded no escape from liability.

Enforcement

The SSA provides for both criminal liability and civil proceedings against transgressors of the insider trading

prohibitions.

Criminal Liability

The criminal sanctions in the SSA allow for a maximum penalty for the offence of insider trading of up to R50

million, imprisonment of up to 10 years, or both. However, these provisions have been largely benign.

One of the reasons for their lack of efficacy lies in the onerous quantum of proof which the prosecuting authority

must satisfy to secure a prosecution. Given the nature of insider trading and the fact that it is difficult to prove

that a person traded on the basis of inside information, proof beyond reasonable doubt is exceedingly difficult to

establish.

In S v Western Areas Ltd & others [2006] JOL 16679 (W), the only reported court case in South Africa in which

criminal liability for insider trading was imposed, the accused were jointly charged with the offence of insider

trading under the Insider Trading Act.

The accused had purchased shares in Randfontein Estates Ltd in the knowledge that an offer for the acquisition

of the entire share capital of Randfontein Estates Ltd by Western Areas Ltd for a specific price was forthcoming.

The accused therefore purchased shares knowing that they would be able to sell them at a fixed profit.

The accused were found guilty of insider trading, and it was held that the defences under the SSA were unavailable

to them as they had committed fraudulent misrepresentation through failing to make certain disclosures required

under the rules of the Securities Regulation Panel and the Companies Act.

Civil Liability

The SSA allows the Financial Services Board (FSB), through the Directorate of Market Abuse (DMA), to institute

civil proceedings against transgressors of the insider trading prohibition in the High Courts of South Africa (Section

83(1)(c) of the SSA). The SSA provides for civil penalties of the equivalent of the profit or loss resultant from the

offence, and a compensatory and punitive penalty of up to three times such amount (Section 77 of the SSA).

The penalties fulfil a compensatory purpose as they are distributed among persons who have submitted and

proved claims to the DMA, demonstrating that they have been affected by the prohibited activity (Section 77(7)

and (8) of the SSA).

The SSA has also established an Enforcement Committee which is empowered to impose an administrative

penalty, without an upper monetary limit, which is payable to the FSB (Section 97 of the SSA).

Despite making provision for civil judicial and administrative proceedings, the SSA makes allowance for



161

settlement agreements to be concluded with the FSB (Sections 77(7) and 104(1)(b) of the SSA). This allows the

parties concerned to reach settlements without an admission of liability, and has been widely-used, resulting in a

number of settlements.

Conclusions

The SSA has tightened-up the regulation of insider trading in South Africa through its focus on the rationales of

market fairness, efficiency and integrity.

At company level, it is advisable to implement policies aimed at effective information management and at

preventing insiders from trading on the basis of inside information. It is advisable for such policies to require

employees to obtain written permission to trade, and to prohibit all employees from trading in the company’s

shares during closed periods and periods when share prices are particularly volatile.

The conclusions reached in a report commissioned by the Financial Services Board analysing the effects of

the current insider trading regime in South Africa indicate that the new regime has changed prevailing attitudes

to insider trading, has resulted in new policies and approaches among listed companies and their advisors, and

has led to a sharp reduction in the perceived incidence of insider trading. (G:enesis “The impact of South Africa’s

insider trading regime: A report for the Financial Services Board” (2004) (G:enesis) at 6.).

Amanda Tregoning is a Director and Riaz Itzkin is a Candidate Attorney at Bell Dewar.


Statutory Measures Relating to Combating White Collar Crime in South Africa

BY ANDRÉ VOS | DENEYS REITZ ATTORNEYS

South Africa has a trilogy of statutes which are complex but powerful pieces of legislation aimed at combating

organised crime and related activities, such as terrorism. The first of these statutes is the Prevention of Organised

Crime Act, 1998 (POCA), which came into force in January 1999. The other two statutes are the Financial Intelligence

Centre Act, 2001 (FICA), which came into force in February 2002, and the Protection of Constitutional Democracy

against Terrorist and Related Activities Act, 2004 (PROCDATARA), which came into force in May 2005.

POCA and FICA have particular relevance to white collar crime, such as fraud, corruption, theft and money

laundering, and are discussed in this article.

POCA

Although POCA is primarily aimed at organised crime it also applies, where appropriate, to cases of individual

criminal activity. It creates a number of statutory offences, including racketeering, which is the crime of continuously

or repeatedly committing offences such as fraud, corruption, theft and the like in an organised or planned fashion,

and money laundering, which is the subject of detailed regulatory and preventative measures under FICA, as will





162

be dealt separately in this article.

In what has probably been the most high profile case relating to POCA, the Constitutional Court in May 2008

dismissed the appeal of Mr Shabir Shaik and two of his companies against the confiscation of their property in

2006, thus making the State R34 million richer at their cost. The matter attracted significant attention in the

media in view of Mr Shaik’s controversial relationship with one of the most senior politicians in the country

and what was found to be an abuse of that relationship. The Constitutional Court confirmed that the property

concerned was the proceeds of crime pursuant to the provisions of the Prevention of Organised Crime Act, 1998

(POCA). But what actually happens to the confiscated property and how does the process work?

POCA provides for permanent divestment of property from the hands of wrong-doers in one of two ways. The

first is where the confiscation of property constituting the proceeds of crime is divested pursuant to the successful

criminal prosecution and conviction of the wrong-doer. The second is a civil court procedure whereby the State

may institute legal proceedings to claim the forfeiture of property that has either been instrumental in committing

offences or represents the proceeds of unlawful activities.

Property includes virtually all forms of tangible and intangible assets and benefits, including rights, privileges

and claims.

The criminal confiscation process requires that a person must either already have been charged with an offence

or the court has to be satisfied that the person will be charged. The State, acting through a unit within the National

Prosecuting Authority known as the Asset Forfeiture Unit (AFU), applies for an interim restraint order to freeze the

relevant assets, pending finalisation of the prosecution of the person or persons concerned. A criminal conviction

requires proof beyond a reasonable doubt. Upon conviction, the AFU applies for the permanent confiscation of the

property under restraint that represents benefits derived from the offence concerned.

The civil court forfeiture process involves the AFU obtaining an interim preservation order in civil proceedings,

pending the determination by the court of whether the assets concerned fall to be permanently forfeited to the

State. The standard of proof required in South Africa is proof on a balance of probabilities, which is a lower

threshold than that imposed for criminal conviction.

In both instances, once there is a divestment of the proceeds, they are realised and go to the State. POCA,

however, provides that interested parties such as creditors and victims can make representations to court and claim

against the realised property. The main purpose of the statute is to divest criminals of their ill-gotten gains, not to

enrich the State. Further, it ensures that persons, who have suffered patrimonial loss at the hands of the wrong-

doer, are able to recover against the proceeds concerned, if such proceeds would otherwise go to the State.

POCA creates a criminal asset recovery account (CARA). All the proceeds of forfeited property upon realisation

are paid into the account, which forms part of the National Revenue Fund. CARA is overseen by a statutory

committee which includes the Minister of Justice. The objects of CARA include providing financial assistance to

law enforcement agencies and victims of crime.

In both criminal and civil forfeiture procedures under POCA, a curator is appointed by the court to oversee and

control the frozen assets pending final determination of the matter. If the State is unsuccessful in the proceedings,

the frozen assets are returned to the person against whom the proceedings were brought. Where the State is

successful, the assets, as stated, are forfeited to the State, subject to rights of creditors and victims.

Restraint orders under POCA can potentially be enforced cross-border in terms of the International Co-

operation in Criminal Matters Act, 1996. Equally, foreign confiscation orders can be enforced in South Africa



163

provided certain requirements are met, including that the order cannot be satisfied in full in the country in which

it was obtained and the person against whom it is enforced holds property in South Africa.

FICA

This statute is aimed at combating money laundering activities, one of the most prevalent white collar crimes but

which is notoriously difficult to prosecute. Money laundering as defined in FICA generally means an activity which

has the effect of concealing or disguising the nature, source location, disposition or movement of the proceeds of

unlawful activities and includes the specific money laundering offences created in POCA.

A Financial Intelligence Centre is established under FICA. The objective of the Centre is to assist in the

identification and combating of money laundering activities.

An accountable institution under FICA may not establish a business relationship with a client or conclude any

transaction with a client unless the institution has established and verified the identity of the client. Accountable

institutions include attorneys, trust companies, real estate agents, banks, long term insurance companies, foreign

exchange dealers, investment advisors and stock brokers.

Accountable institutions must keep records of the establishment of the business relationship for a minimum

period of five years calculated from the date of termination of the relationship and all transactions from the date

of conclusion of the transactions concerned.

There are onerous reporting duties on accountable institutions to report “suspicious and unusual” transactions

to the Centre. These include the duty to report receipt of the proceeds of unlawful activities, transactions facilitating

or likely to facilitate the transfer of the proceeds of unlawful activities and transactions with no apparent business

purpose. Transactions involving the electronic transfer of money in excess of a prescribed amount out of or into

the country must also be reported, irrespective of whether it involves a suspicious or unusual transaction.

Penalties under FICA, depending on the nature of the non-compliance or offence, can be as high as 15 years

imprisonment or a fine of up to ZAR10 million.

André Vos is a Director at Deneys Reitz Attorneys.


White Collar Crime, Creditors and Costs

BY ANDRÉ VOS | DENEYS REITZ ATTORNEYS

If ever you have a claim against a debtor whose assets become the subject of an asset forfeiture order, there may

still be hope for recovering what is owed to you.

Businesses are often the victims of commercial crime. The Prevention of Organised Crime Act, 1998 (POCA)

was enacted mainly to combat organised crime, but it also applies to individual wrongdoing. POCA regulates

asset forfeiture orders. Where a person has been charged or is about to be charged with a criminal offence, the

court may grant a restraint order to preserve assets pending the criminal prosecution of the person concerned.





164

Upon conviction, the court may grant a confiscation order, which permanently divests the defendant of the assets

concerned, where the court finds that the defendant derived a benefit from the offence.

A criminal case may take years to finalise. One of the counter-balances in POCA is a section which provides

that the High Court may make provisions in the restraint order for the payment of the defendant’s reasonable

living and legal expenses from the restrained assets. The defendant must be able to live reasonably and pay for

a defence. During the interim period, the assets are controlled by a court-appointed curator. However, the court

has to be satisfied that the defendant has made full disclosure of his or her assets and cannot meet such expenses

from unrestrained property.

There are three competing rights at stake, namely the right of the State to preserve the assets pending potential

confiscation to divest the defendant of the proceeds of unlawful activities, the right of the defendant to living and

legal expenses and the right of creditors of the defendant to be paid.

For as long as a restraint order remains in place, the order would override virtually any other court order,

such as a money judgment in favour of a creditor. An exception would be that immovable property owned by the

defendant would fall into the defendant’s insolvent estate, where it is subject to a restraint order but the defendant

is sequestrated (in the case of a natural person) or liquidated (in the case of a juristic person such as a company).

But the payment of living and legal expenses for any prolonged period could well drain the restrained assets,

thereby frustrating the claims of creditors.

How these competing interests are to be balanced was the subject of the Constitutional Court’s decision in the

matter Fraser v ABSA Bank Limited. Mr Fraser, a businessman, was charged with offences relating to racketeering

and money laundering. The Asset Forfeiture Unit was granted a restraint order over his assets. ABSA obtained

default judgment against Fraser on a debt he owed to the bank. The debt was not secured and the bank enjoyed

no preferent claim against the defendant. It was therefore an ordinary creditor of Fraser, the defendant. Fraser

applied to court for the payment of his reasonable living and legal expenses.

ABSA sought to intervene in Fraser’s application because it believed that its interests would be negated, given

that an expensive legal battle would drain the assets and frustrate its claim. The court upheld the right of a creditor,

in appropriate circumstances, to intervene in a defendant’s expenses application but found that a concurrent

creditor’s claim does not automatically take priority over a defendant’s legal expenses.

A defendant should not benefit unduly from the terms of the restraint order. At the same time, the defendant

should not be prejudiced as far as living and legal expenses are concerned.

On the facts of the case, the court held that Fraser had not made full disclosure of his assets. He sought to hide

assets from his creditors. There was no evidence that he experienced any delay in the prosecution of the criminal

case as a consequence of the bank’s attempt to intervene, as was suggested by him in argument.

The Court concluded that Fraser had sought to benefit from the restraint order, as it effectively granted a

stay of execution against his creditors but at the same time provided him with a means to pay legal and living

expenses. It referred the matter back to the High Court to re-exercise its discretion in the light of the principles of

its judgment.

A creditor with a secured claim (e.g., a mortgage bond) may well be in a different position. Such a creditor may

have grounds to excise the secured property from the ambit of the restraint order by applying to have the order

appropriately varied.

The judgment dealt with another important aspect, namely the right to a fair criminal trial. These rights include



165

the right for the trial to commence and conclude without unreasonable delay and the right to legal representation.

They are relevant to the exercise of the court’s discretion. The role of the defendant in causing any delay is also

relevant – he or she should not be able to complain about delays if such delays are brought about by his or her own

conduct. The right is not unbridled – if a defendant cannot afford a particular legal representative of choice due to

financial constraints, one will be assigned at State expense.

Should there be a conviction, the court will enquire, on application of the prosecutor, into possible confiscation

of the defendant’s assets. POCA provides for a creditor at this stage to stake its claim against the restrained assets.

The amount which may be realised after the court has considered an application for confiscation must be net of

all obligations of the defendant having priority and recognised by the court. The claims of ordinary creditors will

rank ahead of confiscation orders, provided the creditor has instituted civil proceedings, or intends to do so within

a reasonable time, or has obtained judgment against the defendant.

The aim of POCA is to divest criminals of the proceeds of crime, not for the State to profit from asset forfeiture.

Where there is a discharge, the restraint order falls away and creditors are free to exercise their normal execution

rights.

André Vos is a Director at Deneys Reitz Attorneys.





A B O U T E X E C U T I V E V I E W M E D I A L I M I T E D

In today’s competitive business environment, the need for intelligent advice and comprehensive analysis has never been greater. Business leaders around

the world have come to rely on the guidance of intermediaries and consultants to successfully maintain a competitive advantage.

Executive View delivers unparalleled insight and comprehensive professional coverage of the issues driving the global business community. This unique

platform provides leading business advisers with a channel to publish thought leadership on issues relevant to corporate leaders around the world.

Visit us at www.executiveview.com


E X E C U T I V E V I E W M E D I A L I M I T E DISBN: 978-1-907420-00-9



w w w . e x e c u t i v e v i e w . c o m

White-Collar Crime & Regulatory Enforcement Crime & Regulatory Enforcement 2009 | DIGITAL GUIDE...

Documents

Transcript of White-Collar Crime & Regulatory Enforcement Crime & Regulatory Enforcement 2009 | DIGITAL GUIDE...