Detecting Fraud In Real Time

A

perfect storm is brewing in the regulatory compliance arena. The push for stronger regulatory oversight ignited by corporate and Wall Street scandals is finally coming to fruition, with government agencies around the globe becoming more aggressive about — and more adept at — identifying and pursuing regulatory violations.

Three forces are converging to shape this new regulatory environment. First, regulatory bodies are employing sophisticated technology to detect and prosecute transgressions. The U.S. Securities and Exchange Commission’s Office on Market Intelligence, for example, has equipped its new task force on market abuse with the technology to conduct “Facebook investigations,” essentially mining data on traders’ personal relationships and communications to flag potential incidents of insider trading. Second, a “whistle-blower lotto” provision in the Dodd-Frank Wall Street Reform and Consumer Protection Act offers informants a bounty of 10% to 30% of any fine of more than $1 million resulting from a tip. And third, penalties for paying bribes in foreign markets are poised to escalate significantly under the U.K. Bribery Act of 2010.

The Importance of Being Integrated

This trend of intensifying exposure to myriad regulatory actions around the globe strongly suggests a need for multinational corporations — the most likely targets for government enforcement action — to develop integrated compliance programs that collect and monitor data in real time. Such systems could, for example, automatically monitor vendors and transactions, flagging those involving people or firms on government watch lists. If a company suspects a particular kind of violation, a custom inquiry can be written to mine the data and identify transactions for internal and compliance review. Deterring violations or detecting them early through a comprehensive, integrated program is a crucial first line of defense. Yet many large multinationals continue to employ piecemeal, often incompatible systems. That’s particularly likely when a company has grown through multiple acquisitions or has taken a decentralized approach to managing foreign subsidiaries. For example, if a U.S. company using Oracle’s financial management software buys a European firm running SAP and then buys a company in Asia that relies on a proprietary or a bespoke financial system, it may hope to avoid the thorny issue of integrating the three systems. But that leaves its internal audit team facing the manual and ad hoc challenge of collecting and interpreting data from each system. In today’s regulatory environment, that kind of disjointed effort is unlikely to succeed because companies need an effective way to deter and detect violations enterprisewide.

New technology provides a better solution, letting a company connect the dots — collecting and analyzing transaction data from disparate financial systems in real time. Responding to government investigations often costs millions of dollars in time and resources — and any resulting penalties, or criminal and civil judgments, can double or triple the bill, not to mention the impact on a brand or a corporate reputation. Establishing effective realtime automated compliance controls can also reduce external audit and insurance fees. And penalties may be lighter when a company can show it has an effective compliance program in place. That might have saved DaimlerChrysler, which settled a U.S. Foreign Corrupt Practices Act charge by the SEC for approximately $185 million, almost half of that penalty. An effective compliance program is a defense under the new U.K. Bribery Act.

Understanding Good Practises

In May 2010 the Organisation of Economic Co-operation and Development released “Good Practice Guidance” for antibribery compliance programs. The document outlines what companies are expected to do regarding antibribery policies, training, internal controls, reporting systems, discipline for violations, compliance incentives and accountability for program management. It also emphasizes the importance of having periodic third-party audits of compliance measures and reviews to ensure that programs keep up with evolving technology and with national and international standards. For multinational companies operating in this increasingly aggressive regulatory environment, now is the time to rethink their approach to compliance on a global scale.