Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
© 2015 Association of Certified Fraud Examiners, Inc.
Fraud-Related Compliance
Areas of Compliance, Part 1:
FCPA, SOX, PCAOB, Dodd-Frank
© 2015 Association of Certified Fraud Examiners, Inc. 2 of 27
Foreign Corrupt Practices Act (FCPA)
Enacted to prohibit corrupt payments to foreign
officials and political organizations
Enforced by the Department of Justice (DOJ)
and the Securities Exchange Commission
(SEC)
Two principle components of the FCPA
• Anti-bribery provisions
• Accounting provisions
© 2015 Association of Certified Fraud Examiners, Inc. 3 of 27
FCPA Anti-Bribery Provisions
Provisions make it
illegal to bribe foreign
government officials
to obtain or retain
business.
Violations can result
in fines and
imprisonment.
© 2015 Association of Certified Fraud Examiners, Inc. 4 of 27
Elements of an FCPA Bribery Violation
A regulated party
Makes a payment or offer
To a foreign official or political organization
With a corrupt motive
For the purpose of influencing an official
The payment relates to a specific business
purpose
© 2015 Association of Certified Fraud Examiners, Inc. 5 of 27
FCPA—Regulated Parties
Issuer—corporations, including foreign entities,
that must file reports under the Exchange Act
(publicly traded companies)
Domestic concern—includes U.S. citizens,
nationals, residents, and businesses organized
in or with their principal place of business in the
United States
Foreign nationals/businesses that take any act
in furtherance of a corrupt payment in the United
States
© 2015 Association of Certified Fraud Examiners, Inc. 6 of 27
FCPA—Payment or Offer
to a Foreign Official
Payments and offers include anything of value.
Foreign official—any officer or employee of a
foreign government or public international
organization
• Includes executives and elected officials
• May include managers of state-owned institutions
© 2015 Association of Certified Fraud Examiners, Inc. 7 of 27
FCPA—Corrupt Intent
The person authorizing
the payment must have
corrupt intent.
Constructive knowledge
or willful blindness
satisfies this element.
© 2015 Association of Certified Fraud Examiners, Inc. 8 of 27
FCPA—Purpose
For the purpose of influencing an official
• The payment’s purpose must be to influence an
official’s actions, decisions, or lack thereof that violate
the official’s duties.
Business purpose
• Includes payments to obtain/retain business, gain
special treatment under the law, or to obtain
permits/licenses.
© 2015 Association of Certified Fraud Examiners, Inc. 9 of 27
Exceptions/Defenses to FCPA
Routine governmental actions (grease
payments)
• Focus on the underlying purpose of the payment.
• Higher payment(s) will draw regulator’s attention.
Affirmative defenses
• It is lawful payment in the foreign country (most
bribes are not lawful anywhere).
• Payment was reasonable and bona fide expenditure
related to product promotion or performance of
contract.
© 2015 Association of Certified Fraud Examiners, Inc. 10 of 27
FCPA Accounting Provisions
Apply to publicly traded
companies and
subsidiaries
Recordkeeping
Internal controls
Penalties for entities
• Civil: up to $500,000
• Criminal: up to $25 million
© 2015 Association of Certified Fraud Examiners, Inc. 11 of 27
FCPA—Recordkeeping Provision
Rule 13b2-1—unlawful to falsify any book,
record, or account
Rule 13b2-2—unlawful to supply false
information to auditors
Even if records are quantitatively correct, they
must not fail to specify qualitative aspects that
reveal the true purpose of a payment (e.g.,
mischaracterizing a grease payment).
© 2015 Association of Certified Fraud Examiners, Inc. 12 of 27
FCPA—Internal Controls Provision
Internal control
provisions written to
prevent unauthorized or
unrecorded
transactions
Companies must:
• Maintain robust
compliance policies.
• Take reasonable action
to ensure affiliate
compliance.
© 2015 Association of Certified Fraud Examiners, Inc. 13 of 27
FCPA—Internal Controls Provision
Factors considered by SEC to evaluate internal
controls:
• Role of board of directors
• Communication of policies and procedures
• Assignment of authority
• Competence and integrity of personnel
• Accountability for compliance
• Objectivity and effectiveness of internal audit function
© 2015 Association of Certified Fraud Examiners, Inc. 14 of 27
Other FCPA Considerations
Certain factors make a business more
vulnerable to FCPA regulatory actions.
High-risk industries: pharmaceuticals, mining,
telecommunications, energy, infrastructure
High-risk locations: country’s Corruption
Perception Index (CPI)
High-risk activities: gift-giving, which is allowed
modestly in some situations
© 2015 Association of Certified Fraud Examiners, Inc. 15 of 27
FCPA Guidance
SEC and DOJ Guidance on FCPA compliance:
Anti-corruption policy from the top
Policies and procedures
Oversight, autonomy, and resources
Risk assessment
Training and continuing advice
© 2015 Association of Certified Fraud Examiners, Inc. 16 of 27
FCPA Guidance
SEC and DOJ Guidance on FCPA compliance:
Incentives and disciplinary measures
Third-party due diligence
Confidential reporting and internal investigation
Periodic testing and review of program
© 2015 Association of Certified Fraud Examiners, Inc. 17 of 27
2014 Corruption Perception Index
© 2015 Association of Certified Fraud Examiners, Inc. 18 of 27
Sarbanes-Oxley Act (SOX)
Legislative response to
accounting scandals
(WorldCom, Enron)
Sweeping legislation,
affecting many industries
Fraud-related rules on
corporate governance,
reporting, and accounting
© 2015 Association of Certified Fraud Examiners, Inc. 19 of 27
SOX—Audit Committee Provisions
Audit committee’s fraud prevention duties
• Outside audits
• Internal reporting mechanisms
• Establishing procedures for receiving anonymous
complaints
Under Section 204, outside auditors must report
to the audit committee
• Critical accounting policies and practices used
• Report GAAP alternatives and the auditor’s
suggestions
© 2015 Association of Certified Fraud Examiners, Inc. 20 of 27
SOX—Audit Committee Provisions
Composition of the audit committee
• Every member must be on the board of directors.
• Public companies must report whether or not at least
one audit committee member is a financial expert,
and, if not, explain why.
Committee must have sufficient authority and
resources to carry out duties.
© 2015 Association of Certified Fraud Examiners, Inc. 21 of 27
SOX—Management’s Responsibility
for Internal Controls
Section 404—Annual internal control report
• States management’s responsibility for controls
• Contains assessment of internal controls over
financial reporting (ICOFR)
• This requirement no longer applies to companies with
market capitalization below $75 million.
© 2015 Association of Certified Fraud Examiners, Inc. 22 of 27
SOX—Code of Ethics for Management
Effective compliance program requires an
ethical tone at the top.
Under SOX, companies must have a code of
ethics for senior financial officers.
• Public companies must disclose whether they have
adopted such a code of ethics.
• They must make an immediate disclosure if there is a
change in the code or waiver for a financial officer.
© 2015 Association of Certified Fraud Examiners, Inc. 23 of 27
SOX—Certification Requirements
Publicly traded companies file annual and
quarterly reports with the SEC.
CEOs and CFOs must personally approve
(certify) these reports.
Two categories of certifications
• Section 906 (criminal certifications)
• Section 302 (civil certifications)
© 2015 Association of Certified Fraud Examiners, Inc. 24 of 27
SOX—Criminal Certification
All periodic filings with the SEC must be
accompanied by CEO/CFO certification.
• States that the report fairly presents, in all material
respects, the financial condition of the company
• Accurately states the results of the company’s
operations
Violations of Section 902 may result in criminal
penalties of up to $1 million and up to 10 years
imprisonment.
© 2015 Association of Certified Fraud Examiners, Inc. 25 of 27
SOX—Civil Certification
CEOs and CFOs must certify that:
1. They have personally reviewed the report.
2. To their knowledge, the report contains no material
misstatements.
3. The report presents, in all material respects, the
company’s financial condition, results of operation,
and cash flow.
© 2015 Association of Certified Fraud Examiners, Inc. 26 of 27
SOX—Civil Certification
CEOs and CFOs must certify that:
4. They have designed and evaluated the effectiveness
of controls.
5. They have disclosed weaknesses of controls to
auditors.
6. They have reported any significant changes in
internal controls.
© 2015 Association of Certified Fraud Examiners, Inc. 27 of 27
SOX—Whistleblower Protection
Section 801—mechanisms for receiving
complaints about accounting/auditing methods
Section 806—civil liability for retaliation against
fraud whistleblowers
Section 1107—criminal liability for retaliation
against whistleblower of federal offense (covers
all individuals, not just publicly traded
companies)
© 2015 Association of Certified Fraud Examiners, Inc. 28 of 27
Public Company Accounting
Oversight Board (PCAOB)
PCAOB was created
under SOX to oversee
auditors of public
companies.
PCAOB rules provide
further regulations and
guidance for auditors
(rules subject to
approval by the SEC).
© 2015 Association of Certified Fraud Examiners, Inc. 29 of 27
PCAOB Auditing Rules
Auditing Standard No. 5 governs audits of
ICOFR.
It requires specific evaluations of controls:
• Over significant, unusual transactions
• Over journal entries and adjustments made during
the end of the reporting process
• Over related-party transactions
• Related to significant management estimates
• That mitigate motivations for management to engage
in fraud
© 2015 Association of Certified Fraud Examiners, Inc. 30 of 27
Dodd-Frank Wall Street Reform and
Consumer Protection Act
Passed in response to the economic crisis
beginning in 2007
Major reform for financial services industry
Many of its provisions remain untested, making
updates to compliance programs essential.
© 2015 Association of Certified Fraud Examiners, Inc. 31 of 27
Dodd-Frank—Whistleblower Provisions
In addition to SOX whistleblower protections,
Dodd-Frank offers whistleblower incentives.
Whistleblowers are entitled to a portion of a
successful recovery against violators.
• Includes violations of the Exchange Act and the
FCPA
• Must be original information
• Penalty must be at least $1 million
• 10–30 percent of the recovery (based on helpfulness)
© 2015 Association of Certified Fraud Examiners, Inc. 32 of 27
Dodd-Frank—Whistleblower Provisions
Internal reporting
• Many whistleblower laws require internal reporting.
• Dodd-Frank allows whistleblowers to go straight to
the SEC with information, bypassing the employer.
• However, the whistleblower may report the fraud to
the SEC within 120 days of reporting to employer and
still be entitled to the reward.
© 2015 Association of Certified Fraud Examiners, Inc. 33 of 27
Dodd-Frank—Lending Provisions
Lenders must take steps to ensure borrower’s
ability to repay before issuing a loan.
If the failure of a nonbank entity would risk
national financial stability, it will be regulated by
the Federal Reserve.
It allows consumers free access to their credit
scores if it is used to negatively affect them in a
financial transaction or hiring decision.
© 2015 Association of Certified Fraud Examiners, Inc. 34 of 27
Discussion Questions
Suppose that a company contacts you,
requesting that you assist it in designing a
compliance policy. All you know so far is that
the company is a large multinational operation
with its headquarters in the United States.
© 2015 Association of Certified Fraud Examiners, Inc. 35 of 27
Discussion Question #1
Regarding Foreign Corrupt Practices Act
compliance:
• What kind of questions do you need to ask to begin
designing the policy?
• What content do you need to include in the policy?
• What will the company need to do to remain in
compliance once the policy is created?
• Do you have any ideas as to how the company can
enforce the policy?
© 2015 Association of Certified Fraud Examiners, Inc. 36 of 27
Discussion Question #2
Regarding Sarbanes-Oxley Act compliance:
• List a few preliminary questions you need to ask to
help design the policy.
• What are some procedures that need to be included
in the policy?
• After implementing the procedures you came up with,
what does the company need to do to remain in
compliance once the policies are created?
• How should the company enforce these policies?
© 2015 Association of Certified Fraud Examiners, Inc. 37 of 27
Discussion Question #3
What would you recommend the company do to
encourage employees to report matters
internally before reporting to government
investigators first?