Imagine that a large multinational company in China is suspected of engaging in collusive activity between salespeople and distributors, and the allegations involve potentially thousands of entities and millions of transactions. The company needs a way to rapidly identify potential trouble spots where they can launch a detailed investigation.
According to Allanna Rigby, director of Control Risks Group, conflicts of interest, like the case described above, are quite hard to detect. At the 2019 ACFE Fraud Conference Asia-Pacific, she told attendees that cultural nuances make conflict-of-interest investigations even more difficult.
“In the Asia-Pacific region specifically, there are situations where there might be a conflict, but you need to define if that poses a conflict to your organization,” said co-presenter Diana Ngo, associate director of compliance, forensics and investigations for Control Risks Group. “In southeast Asia, we find this situation a lot: there could be a procurement tender for your company, and your employee’s brother-in-law has put in a bid for that tender. Your employee has disclosed this relationship. So, there’s disclosure and he’s actively bidding for it. Does that pose a conflict?”
Ngo and Rigby explained that you first must know some of the more common conflict-of-interest situations:
An employee has a financial interest that might benefit them unduly, like having a procurement tender or giving a contract to someone.
An employee receives improper benefits, like kickbacks, gifts or entertainment and personal favors from a third party.
An employee engages in illegal or unethical behavior, especially in public procurement processes (kickbacks are given to government officials).
Employees direct business to third parties owned or managed by themselves, family members or close friends.
An employee faces intimidation or threat by a third party to direct business from the employer to the third party.
An employee uses company resources for self-interest.
Understanding what a conflict of interest is in your specific case or your specific region, and the challenges to it, will help define the investigation’s approach. Ngo and Rigby explained that they approach conflict-of-interest investigations differently because of this; they tailor them to their clients and local context.
For example, in the traditional sense, you might get a whistleblower email that tips you off to a potential conflict of interest. You may at first want to go into the investigation aggressively, but that alerts people in the company that something’s wrong and doesn’t help with business continuity, explained Ngo. It also helps the perpetrators; you’ve just alerted them that something is going on and they need to hide information.
Ngo and Rigby advocate a different approach that centers around two questions: 1) who are they? 2) how do they act? They do this by using a two-pronged, outside-in approach. The first is “outside” using business intelligence. Who are the perpetrators? How do they interact with each other? Are there wider networks they need to check? The second is “inside” by using data analytics and forensics. How do they act? How do they react from the outside-in? How do they run transactions?
“This approach is really useful in a conflict-of-interest investigation because it starts off very discreet,” said Ngo. “No one actually knows it’s happening, so no one can hide information from us as we’re running the case.” It’s only at the end when they have enough information that they use traditional methods, like transaction testing and email forensics, to get evidence. They then interview people using the evidence they’ve already found.
According to Ngo and Rigby, using an analytics-led solution increases the success of the investigation. Fraud examiners can efficiently review an entire universe of data instead of a small sample, leverage data programming and automation to reduce manual review, narrow the investigative focus and prioritize resources to high-risk areas, consolidate and map disparate data sources for holistic analysis, and use data to provide evidence that can be obtained with minimal input from employees.
Using all of this information, let’s revisit the opening case. How did Ngo and Rigby rapidly identify potential trouble spots in order to launch a detailed investigation? They:
Identified and collected Human Resources employee data, accounting data, vendor lists, customer lists and any other relevant data sources.
Synthesized and aggregated local office records that contained project financials and accounts payable details. These hundreds of excel files contained payment descriptions, vendors and project details needed to identify potential bribes or fraudulent payments.
Analyzed aggregated data to identify suspect high-dollar payments, transactions with descriptions containing key works, recycled invoice numbers, date discrepancies and vendor-employee relationships. Data was also cross-referenced with the organization’s global centralized financial system to identify payments not reported to the home office.
Reported an overall summary of the targeted results and analysis methodology to the client. The report contained details to support the findings with data visualizations to highlight unusual payment activity.
The company was able to identify, very quickly, which employee/distributor relationships seemed questionable, and using detailed forensics investigations, found there were conflicts of interest in most cases. “What was great about that case is … within three or four days of coming to us, we were able to find out exactly what happened and exactly what we were going to do in the investigation,” said Rigby. “We were able to wrap up the investigation in a number of weeks.”