The Investigative Side of Anti-Corruption Work
2018-08-24 16:01 Friday
Your company, FTI Consulting is a large player in risk consultancy. How does compliance and monitoring work in such an environment, and complement other risk consulting services?
FTI is indeed one of the largest companies in the risk consulting space and probably the only that is publically traded.
FTI enjoys a very wide range of consulting services to help our clients address different issues that affect their business operations. But it's the people we employ and the expertise they bring, across a wide range of disciplines that really makes a difference within our various service offerings. However we do not have a silo mentality and the different practice areas work together help our clients see and tackle risk, resolve disputes, and in so doing make an impact on the problems they encounter on an everyday basis.
How do compliance and monitoring fit in to that? Obviously, compliance is driven by the regulatory regime, invariably the FCPA for instance, and is applicable in a number of areas. Most notably, failure to follow the regulatory regime for compliance can lead to a number of issues that can impact a company's business down the line.
Compliance normally has a financial issue at its root. FTI has a number of disciplines to help companies that fall foul of compliance regulations. For example we have forensic account consulting specialists who can look into books and records to identify causation factors, and determine when and where the financial transactions went wrong. A data analytics and forensic capability to help clients work through the data that often surrounds compliance violation issues, to name two. Each has a different but inter-connected role to play in collectively addressing compliance issues.
Compliance can generally be broken down into proactive and reactive approaches. The reactive side is when something has gone wrong, and the client calls on us to deal with the fallout, essentially damage control. At FTI we have a number of service sectors, normally investigative in nature, that deal with reactive issues.
For example, a client in China has an issue that has brought the regulators upon them. The regulators obviously want to find what went wrong, and the company itself also wants to find out, in order to be able to answer the regulator's questions, and assess its position. The company is going to want investigative resources to determine if the allegations are true, as well as how the incident happened. This information is necessary for the company to put in place proactive measures in the future.
In addition, to ensure that companies don't fall foul of the regulators, we have a proactive capability that allows our clients to build safeguards into their policies and practices that shape their compliance landscape. In this area, our depth of experience, the sheer number of cases that we've dealt with over the years, helps us put forward the best practices for our clients. These practices protect clients against falling foul of the regulators in the future, and also provide self-help guidance to reduce the impact of any future violations.
In short, the reactive and proactive approaches assist one another in designing and implementing an effective compliance program. The different service sectors are tools at our disposal for strengthening both reactive and proactive capabilities.
Establishing a culture of compliance within a company is of the upmost importance. What are some tangible policies that companies can implement to encourage internal reporting, and protect whistleblowers?
The will for effective compliance has to come from the highest levels of the business, and cascade downwards to those that have to write, direct, and eventually implement the policies. When companies don't have that drive from the top, compliance doesn't work as well as it should. The buy in has to come from the C-suite; only this commitment can protect the company, and empower the individuals who will actually write and deliver the policies.
At the implementation phase, support from the top is also crucial. We've often found that when companies have had policies in place that were created at a lower management level, and the C-suite has not shown interest, those who have tried to implement the policies simply lacked the moral authority to do so.
Companies should bear in mind the equal importance of preventative and reactive policies. In our experience, clients that have implemented robust policies for preventing corruption, fare much better when violations occur. The benefits are double-pronged: a good compliance program not only helps in dealing with regulators, but it also does protect the business itself from destabilizing corruption.
This is where whistleblowers come in to play. Most of the companies that uncover unethical conduct, in the Asia Pacific region, particularly Southeast Asia, do so through whistleblower allegations. It's a common fallacy that most misconduct is uncovered by internal audits. Unfortunately, many companies have whistleblower policies in place, but only pay lip service to them.
When we've supported clients in implementing whistleblower policies, we've insisted that the system in place doesn't only address the client's immediate workforce, but also the suppliers, and other companies that trade and interact with the client. If those companies don't have a proper understanding, they can be a danger to the client. Therefore, when we assist a client in designing policies for whistleblowers, we emphasize that it has to permeate downwards to the suppliers, vendors, and companies or individuals with whom it does business. This often gets overlooked.
It is extremely important for companies to set up an ethics hotline for potential whistleblowers. Regulators regard this as an essential component of a compliance program, and will take its existence into account when they come knocking.
Many companies have begun to utilize data analysis in monitoring for corruption. What are the benefits, and limits, of strictly quantitative analysis?
Data analytics is growing in importance, in helping companies understand patterns and trends, for issues such as procurement, sales bonuses, entertainment expenditures, etc. I've seen some good demonstrations of its use, and it is undoubtedly beneficial. However, data analytics does not provide you with the specifics, mainly the individuals that are committing the corrupt acts; this requires human judgment. As analytics becomes increasingly common, it will become more refined, and in turn more valuable.
One limitation to data analytics is that you only get out of it what you put in. The input side must be accurate and precise. You have to be extremely guarded in how you interpret the data; different individuals are prone to interpret it in different ways. Therefore, consistency within an organization is essential. Otherwise you get skewed data, and the ramifications of that are quite serious. If you take data and use it as the basis to make accusations within a company, inconsistent interpretation can obviously have disastrous consequences.
At the end of the day, data analytics needs to be intelligently interpreted by human beings. The action taken in response to issues surfaced by data analytics, still needs to done by investigators. Data analytics on its own cannot solve the problem. It can help identify the problem, but ultimately investigators will need to determine whether there is any veracity to the issue called into question.
In recent years there has been a trend toward greater vigilance and international cooperation in combating transnational bribery. What is FTI's approach to working with anti-corruption authorities in multiple jurisdictions, and monitoring for transnational bribery?
One important thing to keep in mind is that FTI is a private organization, not a law enforcement body. We don't work with law enforcement directly; we work for clients who engage us to deal with their issues. If the client wants us to interact with a law enforcement agency, then we will do so at their behest. We don't do it on our own volition.
There have been cases in my experience when working with law enforcement was necessary. I can recall an investigation we conducted into corruption within a multinational corporation operating in Mainland China, in which the suspects were Hong Kong citizens and fled to Hong Kong. There were indications that the proceeds from the corruption were flowing to Hong Kong. Our client supported FTI engaging with the Independent Commission Against Corruption (HK anti-corruption authority).
That type of scenario is not uncommon, but must be initiated by the client. If the case ever advanced to the stage of a judicial hearing, it would be the client that would need to provide evidence. Here in China, if fraud is uncovered, and the size of the fraud is sufficient that we believe would meet the threshold for the Public Security Bureau (PSB) to take it over, we would not go to the PSB on our own. We would work with the client, and the client would invariably bring in their legal counsel at that point, if they had not done so earlier. The client would then decide how to proceed, and we would assist them.
What are some common risks you encounter with regard to corruption in China? Have these changed over time?
One common thing that never changes is that with corruption you have two happy parties. This makes the investigation of an offense difficult, to say the least, because you are actually trying to unravel the activities of individuals that are happy to coexist together. It's the same with fraud, though you may not have two happy parties involved. Those issues are universally common, whether in China or anywhere else.
In China over the last two to three years under President Xi, there has been a renewed emphasis on combating corruption. In the past the focus of anti-corruption enforcement actions was the bribe-taker, whereas under the recent crackdown, both the bribe-giver and bribe-taker are prosecuted – the two happy parties I mentioned earlier. More and more, the authorities have gone after companies that give bribes. This has been a wakeup call to enterprises that thought they were immune, but are no longer. I'm encouraged by this change in paradigm, and believe that it can be a game changer for the future of anti-corruption enforcement in China.
Could you tell us a little bit about yourself, and how you came to work for FTI Consulting?
My working life started with the Hong Kong police, where I spent 20 years from 1977-1997 (year of the handover). As a senior police officer I focused almost entirely on organized crime, which included bribery, fraud, and corruption.
After that I worked as the Asia Pacific Director for the International Federation for the Phonographic Industries (IFPI), a global association committed to protecting the music industry against illegal activity. At IFPI I did a lot of anti-counterfeit and anti-piracy work, as well as investigating fraud and corruption within the industry, and risk mitigation for the major labels, such as Sony, Warner, EMI, and many others.
After 10 years at IFPI, I joined FTI Consulting, and was posted to Shanghai in order to oversee the global risk and investigation practice for China, which I'm still doing. As we've built the business in China over the last 8-9 years, I've leaned on my background of doing investigative work in the region, in coming to clients with sensible solutions that are carried out ethically in compliance with local and international laws. As a publically listed company, rare for our field, there is an additional layer of accountability to our work. There's a stigma from the old days, that information can simply be bought, or that there are gray areas in which companies such as ours can operate. I'm extremely proud of the manner in which we conduct our work, and the fact that we can approach potential clients as a listed company. With the emphasis on legal compliance and accountability, the landscape in China has certainly changed to benefit a company like FTI.