During the last financial crisis, Warren Buffet said, “You only find out who is swimming naked when the tide goes out.” Adverse market conditions expose risks and test a company’s resilience and like low tides, when the economy recedes, long-running frauds are often exposed.
In a recent episode of FTI’s new podcast series: Fraud Eats Strategy, I connected with the former Special Inspector General for the Troubled Asset Relief Program (SIGTARP), Neil Barofsky. We spoke about the increased discovery of financial crime that occurs in a down cycle of the economy and how organizations can use fraud risk assessments in tandem with cost-cutting efforts to identify fraud, pursue avenues of recovery and harden their organization against potential negative consequences.
The discovery of ongoing or historical fraud, bribery or misconduct does not need to be an accidental byproduct of cost-cutting. There are methodical ways to root out fraud at the same time the organization is looking to cut costs.
When asked about how the discovery of fraud is different in a down economy, Mr. Barofsky said that in a lot of ways, it’s easier. In an economic downturn, companies that have been committing fraud tend to be exposed. When you’ve had a long economic expansion with low-interest rates, companies that are committing fraud, particularly accounting fraud where they’re cooking their books, get away with it in a low-interest-rate environment. If you put in the mother of all whales, the United States government and they push out hundreds of billions of dollars in a hurry without the type of normal controls or anti-fraud provisions you would expect, it’s that honey that draws the criminal flies more than anything.
The discussion turned to what companies can do right now to discover historical or ongoing frauds. He suggested one way to discover fraud is by harnessing big data. There’s so much data generated by companies and a lot of times that data can be repurposed for compliance monitoring. By using data, you can find anomalies or areas where there’s potential fraud that the compliance and legal group could work with outside experts to analyze existing data and see areas where there might be ongoing fraud.
But the second, even more, important and less expensive thing is to double down on your existing controls and procedures. There’s a tendency during any time of economic dislocation to cut costs. Generally, one of the first things to go is the compliance function. Neil remarked that his grandmother used to say, “cheap now, expensive later”. One example is that in an economic downturn, salespeople are going to be under a lot of pressure to generate business, this is where you must be at your most vigilant. It’s not the time to pull back, but it’s time to make sure that your fraud controls are intact and being paid attention to because this is when fraud risk is at its peak.
We then spoke about the potential economic benefit to rooting out fraud and pursuing recoveries as opposed to waiting for them to surface. If fraud is happening inside of your company, the potential damage is well beyond what you might lose. If the company itself is the victim of the fraud, if that fraud is detected by the Government and not by you and not remediated, it goes to the culture of the institution itself and the financial consequences in terms of fines and penalties can be severe. It doesn’t necessarily mean that you need to bring in a mini FBI of former law enforcement to look at every aspect of your company, but it does mean monitoring and using your existing compliance function, or beefing it up to detect areas where there is misconduct; that goes to deeper cultural issues. If your company has pockets of fraud, that calls into question the efficiency of what you’re doing, how effective your middle management is and your culture. Those things are going to accrue much more to the bottom line. An inefficient company with a bad culture is going to find itself getting into trouble. It will also find monies that are lost to fraud and bad actors. In those circumstances, your employees are motivated not by what’s best for the company, but what’s best for their compensation. It’s always important to be monitoring for fraud, but particularly during downturns where there’s an added incentive for misconduct because it’s going to save you money; it is such a multiplier that the money spent by organizations to root out fraud, find and correct any misconduct is far less than whatever perceived loss there may be.
We then discussed the secondary benefits of fraud risk governance and the knowledge gained leading to stronger controls or a more resilient organization. Several benefits came to mind: First of all, if it turns out that you carried out this effort, it was a reasonable effort, but it failed to detect misconduct it’s going make a huge difference when you’re talking to the government. This effort shows you were maintaining a level of vigilance, surveillance and monitoring while doing everything that you could. Even if you have the best compliance system in the world, there’s still potential for misconduct that doesn’t get detected, but you will be in a much better negotiating position to avoid a guilty plea, get a non-prosecution agreement, or to get the government to walk away.
Two, you’re probably going to find misconduct that falls short of fraud, but it’s still a violation of the company’s policies and procedures. You want to be on the lookout for those types of bad apples because they’re willfully violating company policy. Other times it might attributable to a lack of training or it could be a cultural issue within a particular part of the company; those are the seeds that plant future significant frauds. If you’re able to cure them, find them and fix them before they blossom into something, that’s important.
And third, if you have people in your company committing fraud and you’re not doing the right type of monitoring revealing they are not on board with the company’s culture, its philosophy, and how it wants to carry out its business, you’re going to have problems.
You don’t need to pay the King’s ransom to have a good, effective control and monitoring system, a training system and a compliance program, but the absence of these program elements can be extraordinarily expensive and directly impact the bottom line.
Mr. Barofsky related his experience as the monitor of Credit Suisse for which he was appointed by the New York State Department of Financial Services. By the end of that monitorship, the company had record profits and revenues conducting business in a compliant way with the right culture and making more money. Now that’s not necessarily solely because of the monitorship, but it shows that when you have these cultural shifts and you prioritize compliance, it does go to the bottom line and gets the whole company moving in one direction. It’s not surprising when you take a step and think about it. If you’re at a company where crime is being committed openly, and that is the culture of the institution, why on earth would you think that your employees are looking out for what’s best for the company? They’re going to follow that dysfunctional culture and do what’s best for themselves as they perceive it within that culture. Nothing is better for the bottom line in an institution than people proud to work there and their incentives are aligned with the interests of the company following the company’s well-designed policies.
The pandemic has been a catalyst for frauds old and new. Neil offered his point of view on what is currently happening and how the pandemic and the economic crisis will likely continue to play out from a fraud standpoint. We’re seeing all the things that you would expect to see concerning the government programs themselves. The biggest one that’s been launched so far is the Paycheck Protection Program directing money into the hands of smaller businesses. Before PPP was initiated, everyone knew this is a program that’s going to be riddled with fraud. The reason why we’re able to say that with so much confidence is that the program was rushed out with almost no anti-fraud protections. When the goal is to get as much money out to as many businesses as quickly as possible then you don’t have room for fraud controls, slowing things down and limiting the number of people that can receive program benefits.
The fraud so far has been so over the top. There are companies getting money that aren’t real companies. Companies are representing that they have three restaurants and it turns out that they have no restaurants. Loan applicants are representing the use of this money for payroll and instead they are buying a Rolex, a Bentley or are just putting huge amounts of cash in their bank accounts or paying down their credit cards.
This is just the first wave and we’re going to see more sophisticated frauds over time. There will be shell companies that don’t exist, have no business and are making loan application misrepresentations. There will be insider cases involving individuals at banks who are originating these loans and working with others to create fraudulent applications. Much of the fraud will entail wholesale lying about the number of employees on the payroll because these are all forgivable loans and you have to make certifications about your payroll levels to meet the criteria for loan forgiveness.
The real test for the government is ensuring that they don’t get bogged down in all this low hanging fruit, these very easy, smaller cases that are going to be part of this program and not set aside the necessary resources for some of the bigger cases in which the government is going to be a victim. That’s also going to be in some of the bigger programs that are still just underway of getting launched. The Federal Reserve has committed trillions of dollars to lending programs for businesses of all shapes or sizes. Any company that’s already committing fraud or has misrepresentations in its numbers and continues into one of these Fed programs is repeating that misconduct. This not only takes down the market or their investors, but the government also falls victim to these frauds. Now, if a company lies on its loan application and the Federal Reserve buys that loan through the Main Street program, the Federal Reserve is included in these casualties.
This is the time to proactively look for fraud – when companies are at their most vulnerable and cannot afford to sustain a major fraud loss. You may be thinking – “I can’t concern myself with what could be happening, I need to focus on the here and now.” But hunting for fraud can have a better return on investment than simple cost-cutting since significant frauds can potentially give rise to financial recoveries. A proactive fraud risk assessment performed in parallel to cost-cutting measures can deliver significant additional benefits to the organization.
- Stopping Future Losses – if a fraud scheme is discovered while it is ongoing, there is an immediate cost-saving realized from shutting it down.
- Improved Resiliency – A forward-thinking approach to fraud risk, together with cost-cutting measures, business continuity and crisis management planning can result in a more resilient organization better prepared for the various types of fraud and other business disruptions that can occur.
- Enhanced Competitive Intelligence – A better understanding of the fraud that has negatively impacted members of the organization’s peer group, their customers, distribution channels, markets, supply chain and third parties and how those same factors could represent latent or previously unknown organizational fraud risk.
- Improved Fraud Radar – At the outset of a fraud risk assessment, executives often express confidence there is no fraud in their organization and if there is, the control environment is rock solid and would readily detect and mitigate with negligible impact on results or reputation. A subsequent discussion of real-world fraud scenarios can open their eyes to a world of possibilities, none of them particularly good. Frauds that have been reported in the media, occurred in their industry and have negatively impacted the organization itself, transforms the concept of fraud from an abstract concept to a tangible, preventable risk that could have very real consequences. This awareness is among the most important outcomes of a fraud risk assessment.
- More Realizable Strategy – As every MBA knows, a SWOT analysis considers the Strengths, Weaknesses, Opportunities and Threats when evaluating business situations. Unless the analysis considers the inherent fraud risks embedded in core operations, such as procurement and sales, along with the frauds that are nuanced to the organization’s unique nature, market position and industry, the results will be far less useful in guiding organizational strategy.
Now and for the foreseeable future, resiliency and renewed strategy are going to be at the top of organizational agendas. Many organizations are looking for ways to survive during a simultaneous global pandemic and an unprecedented financial crisis. The organizations that will successfully navigate these waters are those that have fully considered all of the weaknesses and threats that could undermine their strategy including fraud and have hardened their controls and aligned their strategies accordingly.
Click here to hear the full Fraud Eats Strategy podcast episode with former TARP Special Inspector General Neil Barofsky.
Note: The postings on this site are my own and do not necessarily represent FTI Consulting’s positions, strategies or opinions.