Key to Foiling Financial Fraud: Protect Honest Employees
As the "Enron pattern" shows no signs of abating, it is clearer than ever that corporate book-cooking will remain a stubborn blemish on America's corporate image for, well, a very long time. For corporate, regulatory and law enforcement fraud-fighters, the question therefore is, "How can we at least reduce the number of Enron-type cases?"
One obvious, yet often unpalatable answer is, let employees tell the truth...
SILENT KILLER: SUPPRESSING THE TRUTH
The fate of whistle-blowers is well documented. They become corporate pariahs, unemployed and persona non grata in their industry. They are blacklisted and blackballed. Many have had to defend against public disclosure of sensitive information about their personal lives after their identities have been revealed.
Enron example: One reason that no one at Enron spoke up before it was too late can be found by examining the relationship of former chief control officer, and soon-to-be-corporate secretary, Rebecca Carter.
According to one employee, "people were afraid to tell her of problems because she would run off and tell Jeff (CEO Jeff Skilling)."
Employee concerns appear to have been valid. Rebecca married Jeff Skilling on March 2, 2002.
HONEST PEOPLE ON THE FRONT LINES
Regardless of the complexities of book-cooking scheme(s), it takes employees to manage and implement them. These people are acutely aware of what is really going on. Their silence is critical if a company's CFO, COO and CEO want to keep the directors in the dark.
That was accomplished at Enron by using intimidation and the placement of trusted, compromised allies in key financial positions to secure everyone's silence.
Result: When employees are threatened with termination if they blow the whistle on suspicious business activity, it obviously becomes very difficult for honest managers in a position to do something to get the incriminating facts.
INFORMATION IS EVERYTHING
Challenge: Research shows that few accounting frauds are discovered through routine audits. Most are uncovered accidentally...or by a tip or complaint from an employee.
Law enforcement agencies are highly dependent on confidential informants for conducting successful investigations. They understand that information will continue to flow to them only if they protect the confidentiality and identities of their sources.
This is a critical lesson most large American corporations have yet to learn.
Unfortunately, even if employee reporting mechanisms had been in place at Enron they would have been useless.
Reason: Enron executives controlled all of the incriminating information. So—even the most well-intentioned employees were not inclined to place themselves at risk and take the chance that reporting unethical conduct could result in termination.
Critical lesson: If members of a board of directors really want to know what is going on inside their company, they must establish an air-tight confidential reporting mechanism. To neglect doing this is to place themselves at risk by believing what they want to believe, or what others want them to believe.
WHAT WORKS AND WHAT DOESN'T
Toll-free telephone reporting systems have been around for more than 20 years.
Problem: Callers using these numbers to report suspicious or illegal business activity have their phone numbers automatically recorded when they place the call. That is how the phone company bills the subscriber for the service. Hence the confidentiality that is supposed to exist with these reporting systems doesn't exist at all.
Better: Encrypted on-line sites accessed through the Internet. These transmissions are as secure as providing a credit card number to Amazon.com. The messages can not be intercepted by a third party.
How it works: The encryption technology. Together with other basic features can be incorporated into a well-designed confidential reporting system that provides whistle-blowers with absolute confidentiality.
The only threat to this type of communication comes from the company IT department. Technicians can determine who contacts which company Web site at what time.
Solution: A cloaking mechanism. With this technology, if IT people snoop around to see which employee communicated with a confidential reporting site, they would find data indicating every employee had contacted that site.
THE COMPLIANCE MYTH
Many top executives say that ethics or compliance officers are an integral part of their management system of checks and balances.
They are certainly correct. But—saying is one thing. Implementing and maintaining is quite another.
Example: The prominent Wall Street financial services firm, Lehman Brothers responded several years ago to client concerns regarding conflicts of interest, or unethical conduct by implementing an internal compliance program with a compliance officer in every one of the firm's offices.
However, Lehman Brothers eventually discovered that one of its star stockbrokers, Frank Gruttadauria, had stolen $40 million from investment clients over at least a six-year period.
How could this happen with a compliance officer stationed in every office? (Gruttadauria was head of Lehman's Cleveland branch.)
Simple. The compliance officer in Cleveland reported to and received his job performance evaluations from Frank Gruttadauria. Employees had actually reported to the compliance officer that Mr. Gruttadauria was using a laptop computer to generate false and misleading account statements, but the company did nothing.
In other companies, reporting systems merely consist of telephone numbers that ring into the offices of the legal department. Too often the legal department complains that the reports received are petty or unfounded. Without overwhelming evidence to the contrary the reports go ignored.
Important: Uninvestigated reports result in reduced calls and increased vulnerability to fraud, as the company signals to employees that they don't really want to know what's going on below the surface.
PUTTING IT ALL TOGETHER
A genuinely confidential reporting system is the only effective anti-fraud device available to management, the board of directors, the owners and stockholders of a company. In addition to an airtight technological channel for reporting, an effective system must...
- Be readily available to employees-and everyone doing business with the company—to file confidential reports.
- Allow for thorough documentation of the nature and details of an incident.
- Be capable of providing management as well as the board of directors with reports indicating what is actually going on below the surface.
- Allow investigators the ability to contact reporting parties for clarification, without compromising their anonymity.
DOES IT WORK?
Ask any law enforcement agency how closely they guard and how much they value confidential information flowing to them about crimes committed in their communities.
Ask a company that has a truly confidential and effective reporting system in place.
Ask the employees at Enron if they would have reported their observations if there had been a confidential way for them to communicate with the board of directors without placing themselves at risk.
Ask yourself what you would do if you found yourself in circumstances similar to those of Enron employees back in early 2001. Would you have blown the whistle and documented your concerns if you knew management would know it was you making the report?
The bottom line: In today's business environment "I didn't know" is no longer acceptable. Executives and directors are expected to know what's going on in their organizations.