​​​​​​​

Corporate fraud increases during any economic downturn, and the chances of it occurring when the usual people, protocols, and controls in place to raise the alarm are not on site to check makes it ever more likely. Neil Hodge explores what the pandemic has meant for corporate fraud and bribery risks.

Fears that corporate crime may be on the rise have been a mainstay of the Covid-19 pandemic and the subsequent lockdowns. Market volatility, the risk of inadvertent leaks of commercially sensitive information, and the opportunity and incentive for wilful misconduct have all increased during the pandemic. Looser controls – including suspended rules governing public contracting – may also have unintentionally facilitated misconduct.

Feeling under pressure to compete in a market where supply chains have been in flux, share prices have wobbled, and contracts have been mothballed, cut down in size, or cancelled altogether, some companies are liable to fuel their aggressive risk appetites by pushing boundaries to the limit – and possibly beyond.

The typical corporate model – where there are no rewards without risk – can lend itself to dangerous levels of risk-taking as companies strive to retain market share or even stay afloat. And as so many employees’ salaries are tied up with bonus schemes, the temptation to ignore policies on corporate behaviour – especially when managers are no longer in the same building watching them due to the shift to remote working – can grow exponentially.

Even within weeks of lockdowns beginning around the world, seven per cent of executives taking part in KPMG’s Covid-19 Fraud Survey – released in April 2020 – said they had already seen fraudulent or corrupt behaviour that they would attribute to pandemic-era working conditions. An overwhelming 83 per cent believed their organisation was vulnerable to fraud taking place. Nearly half of all respondents said their organisations’ ability to investigate fraud or corruption allegations was ‘significantly’ or ‘somewhat’ inhibited by the current circumstances, while almost a quarter revealed that anti-fraud prevention programmes had been delayed due to the Covid-19 outbreak.

Worryingly, the report also found that financial controls were struggling to adapt to the mass remote working environment. Since April 2020, other surveys have predicted alarming rises in corporate fraud levels. The accounting company BDO has reported that more than a third (39 per cent) of companies in the UK alone experienced a year-on-year increase in fraud during 2020.

‘Whenever governments pump tremendous amounts of public money into the economy to stimulate growth, you can bet that incidents of fraud and bribery increase,’ says Nicola Bonucci, Member of the IBA Anti-Corruption Committee Advisory Board and a partner at Paul Hastings in Paris.

Other experts tend to agree. ‘In the context of a global pandemic, increases in bribery and fraud are to some extent unavoidable,’ adds Andrew M Levine, Vice-Chair of the IBA Anti-Corruption Committee and a partner at law firm Debevoise & Plimpton.

Cristian Francos, Senior Vice-Chair of the IBA Business Crime Committee and a partner at Lewis Baach Kaufmann Middlemiss, says that the pandemic has provided companies with the temptation to relax compliance and give in to pressure from the sales and marketing departments to take advantage and sell more, thereby creating more opportunities for fraud and corruption.

At risk sectors

Unsurprisingly, the pharmaceutical and medical supplies sectors (including their intermediaries) are potentially ripe for incidences of fraud and corruption, he says, because of the ongoing need for vaccines and personal protective equipment. Regulators around the world are, therefore, likely to be closely monitoring companies in these sectors.

More widely, Levine says that any company could be at risk, adding that key operational risk areas include the procurement and sales functions, as well as the management of government touchpoints. These risks are especially acute where companies must rely on new third parties to help generate business and overcome novel difficulties, such as obtaining government funding or seeking emergency regulatory approvals, he says.

‘In many ways, the pandemic has been the perfect storm from a compliance perspective, amplifying the important roles of personnel focused on monitoring, assessing and mitigating compliance risks,’ says Levine.

Some experts believe that organisations may have been buoyed by the fact that – at the point that the pandemic became particularly widespread in March 2020 at least – several regulators across a broad range of industry sectors said that deadlines to comply with upcoming regulations had been extended, while some indicated that their oversight and enforcement priorities had become more ‘pragmatic’ due to the unprecedented circumstances.

In March 2020, for example, the European Competition Network (ECN), which brings together the European Commission and national competition authorities from across the EU, issued a joint statement in which it acknowledged that the Covid-19 crisis might require companies to ‘temporarily’ cooperate to ensure the supply and fair distribution of scarce products.

Enforcement continues as ever

However, no regulator has ever said that criminal behaviour would go unpunished.

Levine agrees that ‘meaningful pandemic-related leniency from regulators seems unlikely’.  He says that enforcement authorities have ‘acknowledged publicly the related risks in the current environment’, adding there has already have been ‘an uptick’ in related enforcement. ‘Companies in the healthcare industry should be particularly mindful of increased compliance risks,’ he adds.

Hannah Laming, Co-Chair of the IBA Business Crime Committee and a partner at law firm Peters & Peters Solicitors, also believes that neither regulatory scrutiny – nor enforcement appetite – have been curbed. ‘While the ability of companies to implement oversight and effective management procedures was tested in the early stages of the pandemic, this did not result in a corresponding easing of regulatory obligations,’ she says.

‘Anti-money laundering (AML) and Know Your Client (KYC) checks, anti-bribery and corruption (ABC) procedures and other regulatory requirements have all remained in place with companies having to adapt to meet them while operating remotely,’ she explains. ‘Regulated companies need to be aware that despite the novel difficulties of the pandemic, their obligations still stand.’

As such, Laming says that companies should remain conscious of internal risks posed by the remote working environment and heightened commercial pressure on employees. ‘The speed with which remote working was brought in may have meant that insufficient consideration was given to how best to adjust certain oversight mechanisms,’ she says.

This is particularly true in the context of financial services where the opportunity for misconduct has been much heightened by the shift to remote working. ‘The financial services sector is, by the nature of its business, high risk and there are some compliance and risk management policies which cannot be easily replicated at home,’ says Laming.

She highlights that it’s near impossible to monitor the use of personal electronic devices, which are often banned on the trading floor due to the potential for market abuse. Meanwhile, ‘the prevalence of shared living arrangements in London in particular gives rise to a greater risk of inadvertent sharing of commercially-sensitive information than office-based working.’

Internal scrutiny

The risk of employee fraud is another area to watch, says Laming. Covid-19, lockdowns and remote working increase the opportunity for employees to engage in misconduct, she warns. ‘In-house lawyers should assess additional risks posed by such arrangements which may result in less supervision and relaxation of compliance processes,’ says Laming. ‘They should check that compliance policies, procedures and guidance are clear, accessible, communicated to employees and properly overseen.’

Laming recommends revising or adapting policies to reflect changes in working practice so that they remain effective. ‘An alternative monitoring or supervision framework may be required,’ she says.

Corruption or fraud in the procurement process is also a key risk, she says. ‘Any ABC/AML/due diligence procedures which were paused at the outset of the pandemic should be reinstated at the earliest opportunity and a fresh risk assessment should be undertaken,’ says Laming. ‘In-house lawyers should check that whistleblowing and reporting processes remain fully operational and that any issues raised are investigated promptly and rigorously,’ she adds.

Francos says that assurance functions, including the compliance and legal departments, should ensure that regulatory requirements are complied with, particularly around sales, marketing and commercial activities, and that they should also pay closer attention to contracts with governments.

He says that while most large companies will have already developed strong and robust anti-bribery compliance programmes, he warns that the pandemic ‘presents the perfect opportunity to test these programmes’ as the push to sell in a difficult market provides many with the temptation of relaxing controls.

‘Most major companies already have world-class compliance programmes and crisis management procedures prepared and put in place precisely for these situations,’ says Francos. It’s vital, he adds, that companies strictly follow them.

‘If those controls detect breaches (such as fraud and/or corruption), the company in question must, through their lawyers, make an immediate self-assessment, put whatever questionable actions on pause until further review, and report matters to the regulatory authorities, if appropriate’, explains Francos.

Bonucci says that the compliance checks and audit reviews needed to gain the necessary level of independent assurance that parts of the business are following standard procedures are tougher, since site visits are currently not necessarily an option. ‘Travel restrictions have made it harder for assurance functions like internal audit, external audit, risk management and compliance to monitor employees and areas like sales, marketing and procurement, as well as supply chains – especially new suppliers,’ says Bonucci.

Upscaling frameworks

Bonucci does not believe that any particular type of company or industry sector is more prone to a potential increase in fraud or bribery risk due to the pandemic. However, he believes that companies generally need to ‘upscale’ their existing risk management and internal control frameworks to detect potential ‘red flags’ earlier.

Supply chains – and especially new suppliers who have entered into international markets since March 2020 when countries started going into lockdown – should be one of the prime areas of review, he says.

‘In-house lawyers need to ensure that the third-parties that the company is dealing with accept strict contractual terms, as well as the company’s own code of conduct, that make it clear that incidents of bribery or corruption will not be tolerated and that the relationship would be immediately terminated if these terms were violated,’ he says.

Levine says that the challenges of the pandemic have highlighted the importance of companies and their in-house legal and compliance tailoring compliance programmes to their own business profiles. He believes that companies and their advisers should reassess compliance risks in light of changed circumstances, including dealings with governmental entities and third parties.

Specifically, he says, companies should re-examine how they engage and vet suppliers, particularly when the organisation needs to retain their services quickly. Levine says that companies can better mitigate supply chain related risks by conducting at least basic due diligence, as well as by contractually reserving the right to terminate the relationships once additional diligence is conducted. He adds that companies should also carefully monitor the third parties’ activities, and document any further steps to be taken as soon as practicable.         

Levine says that when companies suspect their potential involvement in wrongdoing, it’s vital to determine the relevant facts, assess potential exposures, and then act decisively – including stopping problematic conduct, considering whether to self-report to any government authorities, and remediating as appropriate.

‘Although gathering the facts can prove more difficult in a work-from-home environment, companies can capitalise on remote capabilities to review documents on web-based platforms and to interview witnesses through videoconferencing,’ says Levine. ‘Companies should document the steps taken in response to compliance red flags, as well as any steps deferred in light of the pandemic, rigorously tracking the additional actions to take when conditions allow.’

Yet investigations may not always be straightforward and engaging with regulators about cases of potential wrongdoing may open up the company to wider scrutiny and ‘unfair’ or ‘unwarranted’ fines.

Leopoldo Pagotto, Co-Chair of the IBA Anti-Corruption Committee and a partner at Freitas Leite Advogados, says that reporting suspicious activity can be difficult depending on where the alleged wrongdoing took place and where the regulator or enforcement agency is also based. ‘If a company tries to report suspected corrupt activity to a regulator in a country which has a high level of corruption in both public and private institutions, you run the risk of being subject to a politically-motivated investigation which can be severely damaging,’ he says.

As a first step, Pagotto says that companies should conduct their own internal investigation to determine whether there is any need to report concerns of alleged misconduct or corruption. ‘In most jurisdictions, under most circumstances, it is not always mandatory to report suspicious activity to a regulator, so there is a considerable discretion in making such decision,’ he says.

If a company has found evidence of misconduct, it should consider remediation measures –including compensation – to restore faith and correct faulty practices. ‘It is always best to take the path that leads to minimising the risks,’ says Pagotto. The company should also conduct a compliance review and test internal controls to check they are sufficient at detecting malpractice, he says.

A cultural matter

The key to good corporate conduct is to drive the ethical culture within the business, says Laming, and in-house lawyers have a critical part to play in the process. ‘Clear statements from the business about its expectations of ethical practice should be supplemented by regular training and a strong message from the top,’ she says.

To maximise the opportunity for potential misconduct to come to the attention of senior management, she says, companies should ensure they have open lines of communication and procedures in place for the reporting of concerns by employees. Where matters of concern do come to light, in-house lawyers can be instrumental in ensuring that organisations consider all the legal implications while ensuring that the right processes are followed.

Firstly, says Laming, in-house counsel can ensure that any relevant material or potential evidence is secured and preserved at an early stage, and put together a team to manage the investigation. Any such team, she advises, will need to comprise people with relevant expertise – such as accountants, lawyers, forensic IT personnel and public relations specialists – and should not include anyone who may be implicated in the misconduct.

Laming also says it’s important that in-house lawyers ensure they’re familiar with the procedures and practice of any regulatory body that the organisation may need to deal with so they can advise on any approach to the regulator, including where a self-report or announcement might be necessary or beneficial.

She adds that in-house counsel should assess the extent to which the company may have been the recipient of the proceeds of crime and what steps it might need to take to mitigate risks of committing money laundering offences in this regard. She also says that in-house counsel should manage the investigatory and evidence-gathering process around employees who are potentially implicated in the misconduct, as well as consider issues relating to privilege, ‘in particular, whether any material generated by an internal investigation will be protected by privilege and how to deal with privileged material in the organisation’, she says.

Other measures, Laming says, include making notifications to insurers as appropriate and identifying any steps towards remediation that could – or should – be taken to address any issues arising from misconduct and prevent them recurring. ​​​​​​​