This document discusses fraud risk management and its relationship to anti-corruption and FCPA compliance in Asia. It outlines common internal fraud risks like shell company schemes and tender rigging. Effective fraud risk management programs include pre-employment screening of staff, knowing your business partners through vendor screening, having a strong code of ethics, and FCPA compliance measures. Such programs help detect fraud and ensure no improper payments are made to foreign officials, reducing corruption risks. Cultural objections to screening are dismissed, and integrating fraud risk management into an FCPA compliance program is presented as an effective strategy.

1. Fraud Risk Management
And Its Nexus With
Anti-Corruption And
FCPA Compliance in Asia
Michael Short
5 February 2009

2. Topics for Discussion
• The Internal Fraud Risk?
• Cornerstone of Effective “Fraud Risk Management”
• It’s not just Fraud Prevention – “FCPA Compliance”
• Cultural Issues for FRM in Asia

3. The Internal Fraud Risk
1. ‘Shell Company’ Schemes
2. Basic Vendor Related Schemes (i.e. Over Invoicing)
3. ‘Tender Rigging’ or Vendor Collusion
Collectively known as “Purchasing Fraud”

4. What is “Purchasing Fraud”?
• Schemes attacking the purchasing function
• Causing an organization to buy goods or services that
are non-existent, overpriced or not needed
• By submitting bogus invoices or other supporting
documents
• Often collusion exists between Victim’s staff and
Fraudster

5. ‘Shell Company’ Schemes
What is a ‘Shell Company’?
• Fictitious entity
• Created for purpose of committing fraud
• Only exists on paper
• Usually consists of bank account and mail drop
• Generally registered with a company registry either
locally or offshore (as need to open a bank account)

6. ‘Shell Company’ Schemes (Cont.)
• Usually invoice for services, not goods.
– Services not tangible, harder to verify
• How ‘Shell Company’ invoices get paid:
Collusion among several employees
Fraudster prepares bogus support documents
Supervisor “rubber stamps” purchases
Fraudster or accomplice has authority to
approve payment

7. ‘Shell Company’ Schemes (Cont.)
Pass-through Schemes:
• Variation of standard ‘Shell Company’ Scheme
• Fraudster assigned to purchase goods/services for
company
• Uses ‘shell company’ to buy the items on credit from
provider
• Shell company sells items to employer at inflated
price
• Pays off shell’s credit, excess is profit

8. ‘Shell Company’ Schemes –
Countermeasures (Micro Level)
• Question invoices that have residential address or
mail drops for mailing address.
• Look for invoices lacking detail:
– Missing phone no., fax no., invoice no. etc.
• Sort payments by vendor, look for:
– Consecutive invoice numbers
– Consistent payment amounts, round numbers
• Know your Vendor (i.e. Vendor Screening)

9. ‘Tender Rigging’ or Collusion
• Often found in developing nations or in jurisdictions
with weak rule of law.
• Opaque business environments and ‘business through
connections’ foster collusion.
• MNC’s or Global Institutions are particularly at risk!

10. Collusion – Scenario #1
• RFP only sent to ‘chosen’ vendors.
• Vendors pay Internal accomplice at purchasing
authority to make final cut onto tender list.
• Vendor who offers most advantage to purchasing
authority gets the contract!
• As Vendor has to pay to get on the list, this ‘cost’ is
added to the price to maintain margin.
You’ll
You ll pay more!!

11. ‘Tender Rigging’ – Scenario #2
• Purchasing authority has ownership involvement in
tendering vendors.
• Totally corrupt tender process – short listed vendors
are all connected to purchasing authority.
• Contract goes to ‘cheapest vendor’, price is not
competitively tested and victimized organization gets
untested vendor at a higher price.
You’ll
You ll pay more!!

12. Collusion & ‘Tender Rigging’ (Cont.)
• Both TR and Collusion involve a high degree of internal
involvement.
• Superficially difficult to detect in any organization.
• Very Common method to defraud.
• Difficult to spot, but quite easy to detect!

13. Cornerstones of an Effective Fraud
Risk Management Programme
1. Know your Staff – Institute a rigorous and
informed Pre-Employment Screening programme:
– All fraud includes an element of internal collusion.
– Are your staff who they say they are?
– Have your staff previously been fired for unethical or illegal
practices at former employers?
– Have your staff got criminal records?
– Are your staff fraudsters?
– Have you asked them?
– Have you checked them?

14. Cornerstones of an Effective Fraud
Risk Management Programme
2. Know your Business Partner
– Does the company exist?
– Is it registered?
– Do you know who owns it?
– Where is the office?
– Who are the managers?
– How long has it been in business?
– Have you asked them?!

15. Cornerstones of an Effective Fraud
Risk Management Programme
3. Screen your Business Partner
– Is it owned or managed by your staff?
– Is it owned or managed by entities also involved in the
tender process or who are existing vendors?
– Why is it newly incorporated? Has it been established solely
for the contract?
– Why is it established offshore? Opaqueness?

16. Cornerstones of an Effective Fraud
Risk Management Programme
4. Ethics and Whistle Blowing
– Do you tell your Vendors that corruption is unacceptable?
– Code of Ethics (frequently updated).
– Ethics Awareness Training.
– Establish Whistle Blowing mechanisms.
– Train vendors in ethical practice and gain their ‘buy in’.

17. Code of Ethics
• Use a COE that includes strong anti-bribery
language as part of your company culture. COE
must be provided in all relevant languages.
• Make all players in your business understand and
sign the COE- staff, vendors, distributors, partners.
• Bind COE into all contracts – with staff, vendors,
distributors, partners.
• COE must emphatically ban giving, soliciting or
taking all kinds of kickbacks, bribes, gifts, etc.

18. Code of Ethics (Cont.)
• Violators of COE must be punished by disciplinary
action, dismissals, vendor contract termination.
• All should sign COE again at regular intervals. Update
COE to reflect new developments and governance
needs (e.g. new laws).
• Reinforce with annual ethics & compliance training.
• Management must set the Tone!!

19. It’s not just Fraud Risk
Management…
It’s
FCPA Compliance too!!

20. Foreign Corrupt Practices Act
(FCPA)
• Enacted in 1977
• FCPA imposes severe civil and criminal
penalties on US companies and individuals
who “bribe” or “offer to bribe” foreign
government officials to obtain business.
FCPA Prosecutions 2003 -
2007
18 20
7 78
5
2 23
0
Source: 2007 Year-End FCPA Update – Gibson, Dunn & Crutcher LLP (4 January 2008)

21. FCPA - The Risks
• Individuals may face fines of up to USD 250,000
and 5 years imprisonment.
• Companies may be fined up to USD 2 million for
each violation.
• Disqualification from US government contracting
and export licenses.
• Shareholder law suits.
• Failing the WSJ test.

22. FCPA - Violations
In 2005, Titan Computer Co., Ltd settled a fine of
USD 28.5 million for bribing a government official in
Benin (West Africa) to secure a telecommunications
contract.
In 2004, ABB Ltd fined for USD 10.5 million for
bribing African government officials with illicit payments
worth USD 1.1 million to influence decisions related
to M&A and retention of business.
In 2006, Tyco Int’l Ltd fined USD 50 million for
engagement in improper financial practices overstating
its reports by USD 1 billion. The money was used to
entertain Brazilian and South Korean government
officials to sustain contracts and obtain new businesses
for its subsidiaries.

26. It’s not just Fraud Prevention…
If you screen your Vendors and Business
Partners you will:
Know if a “Foreign Official” or an “Associate/
Affiliate” owns or manages or benefits from your
business partner
President of Belarus
Alexander Lukashenko
President of Sudan
President of Zimbabwe Omar al-Bashir
Robert Mugabe

27. It’s a Cultural Thing… or is it ?
“It is not culturally acceptable to screen our vendors”.
NONSENSE!
“We have to trust our business partners, vendors, clients
etc.”
NONSENSE!
“No information exists with which to screen our vendors”.
NONSENSE!

28. FCPA Compliance Program
What does it include?
• A clear defined corporate policy regarding gifts, payments
and violations of FCPA
• An effective communication to members of all levels of such
a policy
• An effective reporting system (e.g. “whistle blowing”)
• An appropriate disciplinary procedure to address matters
involving violation of FCPA
• Extensive due diligence requirements pertaining to the
company’s agents and business partners (e.g. “vendor
screening”)

29. FCPA Compliance Program
Continue….
• Clear corporate procedures designed to ensure the
company exercises due care
• A system to review and to record actions related to
contracts and payments
• Include in all agreements and contract renewals with all
agents and business partners of provisions
• A transparent financial and accounting procedure
• Periodic independent audits of company’s compliance
code

30. Sound Familiar?
“An investment in an effective, highly
structured and regularly audited FRM
programme will also ensure compliance
with the FCPA and will be invaluable in the
event of a DOJ investigation”

31. Effective Fraud Risk Management
• All fraud involves ‘Staff Collusion’ – so know their
background.
• Know your ‘Business Partners’ – check they are not owned
or managed by your staff or your staff’s mother-in-law!
• Communicate your corporate values on corruption to both
‘Staff’ and ‘Outside Partners’- Make them sign up to it!
• Make ‘Fraud Risk Management’ part of your FCPA
Compliance Programme – Your budget will be larger!
• Good governance is not a “Cultural Thing”. It is good
business!

32. Questions