151117 KPMG 4A Presentation-Owen

(1)

Fraud, Bribery and

Corruption in Asia

Pacific Business

Practices

(2)

• _Topics

-

_{Finding fraud through investigative audit}

-

_{Forensic accounting and forensic audit techniques in}

identifying fraud, bribery and corruption

• _Agenda

-

_{Proactive Monitoring}

-

_{Data Analytics}

-

_{Investigation}

Agenda

(3)

Introduction

(4)

Managing third-party risk is the biggest challenge that companies

face in the field of bribery and corruption

Introduction

(5)

Fraud, Bribery and

Corruption Proactive

Monitoring

(6)

Risk-based Proactive Monitoring

Example risks and red flags

Suppliers/vendors

• Key risks



Bid rigging



Employees receiving

bribes from

suppliers/vendors to win

and/or maintain business



Phantom

suppliers/vendors

• Red flags



Failure to meet contract

specifications



Contingency payments



High-priced, low quality

goods



Low-priced goods but

numerous change orders



No ABC/antifraud-related

Distributors/agents

• Key risks



Bribery of officials in

supply chain



Grey markets

• Red flags



Close connections with

government officials



Unnecessary middlemen



Failure to meet contract

specifications



‘Excess’ commissions



Leakage in the supply

chain



No ABC/antifraud-related

policies



Rebates/credits received

not passed back to

• Key risks



Bribes being paid to

customers to win and/or

maintain business



Kickback schemes

between customers and

employees

• Red flags



Public sector marketing



Misapplied marketing

spend

(7)

• Periodic risk

assessments performed

on ‘higher risk’ business

areas to identify ABC

risks for mitigation.

Typical areas covered

include:



Governance

structures



Policies and

procedures



Training



Use of third parties



Government

interaction



Procurement/supply

chain management



Gifts, entertainment

and hospitality



Facilitation

payments



Donations



Incident response,

reporting and

• ABC training and

communication of

ABC-related policies to

employees/third parties

• ABC-related policies:



Code of conduct



ABC/antifraud policy



Gifts, entertainment

and hospitality



Accounts payable



Marketing,

sponsorship and

donations



Grants



Interaction with

government

officials/agents (e.g.

customs agents)



Due diligence



Whistleblowing and

incident response



Accounting records

• Development and

implementation of third

party due diligence

procedures

• Due diligence on

prospective third parties

prior to entering into a

business relationship

• Retrospective due

diligence on current

business partners

• Re-drafting of third

party contracts (e.g.

inclusion of ABC

clauses)

• Periodic due diligence

on third parties

(depending risk rating)

• Reconciling third party

invoices to contracts

prior to payments

• Outsourcing of due

diligence procedures to

independent parties

• Periodic reviews of the

risk assessment process

• ABC compliance audits

of business units and

third parties. Typical

transactions tested would

include:



Gifts, entertainment

and hospitality



Political and

charitable

contributions



Commissions



Marketing



Sponsorship



Customs/licencing

fees



Grants



‘Round sum’ amounts



Training fees



Bonuses

The audit would also

include a review of

ABC-Risk Assessment

ABC Training and

_{Policy Review}

Due Diligence

Monitoring

Risk-based Proactive Monitoring

(8)

Third party-related policies

• Written policies or guidelines relating to corruption compliance shared with business partners

• Procedures for payment of travel, gifts, entertainment and hospitality expenses involving third

parties

• Procedures for the negotiation, approval, and execution of contracts with third parties

• Procedures for background checks and due diligence performed on third parties

• Procedures for the retention and payment of consultants, subcontractors and third party agents

Third party-related policies

• Details of foreign officials engaged to provide products or services

• Joint ventures with personal or professional ties to government

• Government linked entities who are vendors

Substantive testing

• Payments made to third parties/agents

• Sample testing of selected accounts, e.g:

• agent and vendor accounts

• government and government-linked entities accounts

Risk-based Proactive Monitoring

(9)

Data Analytics for

Fraud, Bribery and

Corruption

(10)

Role of Data Analytics in Fraud, Bribery and Corruption Detection

C:\Use of technology in business

Data volume

Detect anomalies indicative

of fraud, bribery and

corruption

Provide leads for further

investigation _

(11)

Benefits of Data Analytics

Traditional Review

Approach

► _{Usually on sampling basis.}

► Manual review of supporting

documents.

► _{Dependent on the skill and}

experience levels of reviewer.

► _{Able to perform non-quantitative}

review and capture

non-Data Analytics

Approach

► Conducts analysis on 100% of the

data set.

► _{Focused on using data to identify}

trends and anomalies.

► _{Can leverage machine learning to}

detect known fraudulent patterns

and predict future suspicious

activity.

► Limited to available data and

Comparison of the

Traditional Review Approach

(12)

Data Analytics in Anti-Bribery and Corruption

(13)

Data Analytics in Anti-Bribery and Corruption

(14)

Data Analytics in Anti-Bribery and Corruption

Identifying Suspicious Transactions based on Time-series Variance Analysis

(15)

Data Analytics Methodology

Data Source

Analytical Process

Output Reports



Analyses



Red Flags for potential

fraud, bribery and

corruption

• Acquisition

• Normalization

• Validation

• Characterization

• Process Selection

• Customization

Execution of Analytics

Data Analysis

Data Preparation

Data Collection



Internal

• Vendor Listing

• Customer Listing

• Expenses

• Sales

• Tenders



External

• ACRA

• Thomas Reuter

• Lexis Nexis

• World Check

Rules-based and

behavior-based

algorithms for fraud,

bribery and corruption

detection

Fraud, bribery and

corruption

experience

Fraud, bribery

and Corruption

Risk Profiling

External

Databases

(16)

Assembling Your Team

Relevant Skill set

Functional knowledge

Industry knowledge

Subject matter knowledge

Relevant Skill set

Competent in:

Excel, SQL, SAS, IDEA,

R, SPSS, Tableau

Statistics, Mathematics

Relevant Skill set

Competent in:

Oracle® / PeopleSoft,

SAP®, JD Edwards, DB2

Information Systems

Database Management

Database Manager

Designs database to govern the

capture, structure, access, and the

distribution of data

Subject Matter Expert

Understands the nature and

background of the processes

Data Analyst

Works with the actual data;

Massaging and running

analyses using various data

(17)

(18)

Fraud, Bribery and

Corruption

Investigations

(19)

Scenario-based Investigation Approaches

(20)

Common sources of evidence

Examples:

• Ledgers

• Payment vouchers

Examples:

• Email

• Chat logs

• SMS

Examples:

• Bank statements

• Corporate intelligence

Examples:

(21)

Evidential Approach to Investigation

• _{Identify suspect conduct to be investigated}

−

_Allegation

−

_{Preliminary information}

• _{Based upon suspect conduct, identify}

_all

_{potentially relevant sources of}

data

• _{Consider the interactions implicit in that data}

−

_{What, where, when, why, by whom, how created and recorded}

−

_{Interrelation of that data with other data, especially that created by the subject}

• _{Obtain and review data likely to be material to the suspect conduct}

(22)

Case study: identifying evidence – ABC Insurance

Customer

Insurer

Insurance

Agent

Insurance

premium

($100)

25% sales

commission

($25),

insurance

policy

Insurance policy

Insurance

premium

($75)

(23)

(24)

(25)

Owen M. Hawkes

Partner, Forensic

OWEN M. HAWKES

Partner

KPMG Services Pte. Ltd. 16 Raffles Quay #22-00 Hong Leong Building Singapore 048581 Tel +65-6213-2280 Fax +65-6223-0428 [email protected]

Function and Specialization

Owen is a member of the Forensic practice specializing in regulatory risk management and investigations.

Education, Licenses & Certifications

 _{B.A. (Hons), M.A. (Oxon), University of Oxford}  _{Master of Professional Accounting, Singapore}

Management University

 _{Bar School, Inns of Court School of Law, London}  _{Barrister, non-practicing}

 _{Certified Fraud Examiner}  _{Chartered Accountant, Singapore}

Background

Owen is a Partner in KPMG’s Forensic practice with more than fifteen years of regulatory investigation and

risk management experience. He has a legal background, having practiced as a barrister from 1999 until

joining KPMG in 2007, six years of which was spent as an investigating lawyer for the British Government’s

Serious Fraud Office – the United Kingdom’s lead agency on financial crime and international corruption.

At KPMG, Owen has undertaken a variety of fraud and regulatory risk management engagements assisting

clients with assessing and upgrading their organizational readiness and fraud and regulatory risk controls.

Selected Professional and Industry Experience

Anti-bribery and corruption due diligence for the global takeover of a training company. Focussing on

Indonesia, we reviewed agent, expense and state-linked accounts. We examined and assessed the

adequacy of policies and procedures designed to prevent bribery and corruption and related to asset

control. In particular, we examined agent contracts and transactional records, establishing that payments

were made to speed transactions for a number of key government processes.

Investigation into a slush fund used for bribery by a global insurance company’s Indonesian subsidiary,

involving the diversion of funds using false agents and the use of those funds to bribe commercial

counterparties and regulatory officials.

Anti-bribery & corruption investigation into the Indonesian operations of a FTSE100 food and beverage

company, involving allegations of staff receiving payments from suppliers. The review revealed that the staff

had been receiving monthly payments from the supplier, which were used to pay off the staff’s personal

credit card bills.

Investigation into allegations of bribery-related misconduct relating to a FTSE200 services company 's

Indonesian operations. The work involved obtaining forensic images of employees' computers and phones

to conduct an electronic review of the data and reviewing accounting transactions to identify anomalies

relevant to the allegations. The work highlighted a number of transactions of note which were used to

report to the authorities.

(26)

KPMG’s 2015 Global

Anti-Bribery and Corruption

Survey:

Implications for businesses

in the region

(27)

Snapshot comparison

of 2011 and 2015

(28)

Snapshot comparison of 2011 and 2015 survey results

Responses show a steep increase in

challenges faced in ABC compliance

(29)

(30)

Third party risks

Ranking of top ABC challenges



Managing third-party risk is the biggest challenge that companies face in bribery and

corruption compliance. We asked respondents to rank key issues in order of difficulty.

(31)

Third party risks



34%

(

Asia: 40%

)

of respondents admitted they do not formally identify high-risk third

party intermediaries or persons associated with government. For those that do have a

formal process, only

56%

(

Asia: 76%

)

indicated they have right-to-audit clauses in

contracts with third parties; however, only

41%

(

Asia: 40%

)

of these respondents with

right-to-audit clauses have actually exercised the right.



Only

69%

(

Asia: 70%

)

of all respondents assess third-party risk.

These represent potential gaps in companies’ ABC compliance

programs



31%

(

Asia: 31%

)

admit they do not have

formal risk-based onboarding processes for

third parties, opening companies to the

possibility of corrupt practices.



Once on board,

60%

(

Asia: 57%

)

say their

companies distribute their ABC policies to

all third parties or selected third parties, still

(32)

Third party risks

Comparison between ASPAC & the rest of the World

Q. Do you have a formal process to

identify high risk Third Party

Intermediaries/ Associated Persons

from an ABC perspective?

0%

10%

20%

30%

40%

36%

40%

13%

11%

21%

31%

34%

14%

ASPAC

Rest of the World

Q. Do all of your Third Party

Intermediaries/ Associated Persons

contracts have a "Right-to-audit" clause

and have you exercised this right?

Yes

54%

No

33%

Don’t Know

13%

Yes

45%

No

40%

Don’t Know

15%

ASPAC

(33)

(34)

Enforcing compliance

Pushed by the OECD, member governments and partners have adopted

tighter ABC regulations. In Asian and South American emerging markets,

enforcement agencies are becoming much more active.



79%

of non-US and non-UK respondents listed elsewhere say they

have developed formal ABC programs of their own. This may be due

to the threat of enforcement under the FCPA and Bribery Act on US

and UK customers, expansion into US and UK markets, and/or

growing regional enforcement.



87%

of non-US or non-UK unlisted respondents doing business with

Survey shows a sharp increase in respondents who say they

are highly challenged by ABC

(35)

Enforcing compliance

Comparison between ASPAC & the rest of the World

Q. Does your company have a formal,

written anti-bribery and corruption

compliance program?

Yes

80%

No

17%

Don’t Know

3%

Yes

77%

No

22%

Don’t Know

1%

ASPAC

0%

20%

40%

60%

80%

100%

81%

19%

76%

24%

Q. How frequently is the ABC Risk

Assessment conducted?

(36)

Enforcing compliance

Comparison between ASPAC & the rest of the World

Q. Does your company undertake an ABC Risk Assessment as a part of the overall

Risk Assessment or as a separate activity?

0% 20% 40% 60%

54%

16%

19%

11% 44%

16%

28%

13%

(37)

Enforcing compliance

Comparison between ASPAC & the rest of the World

Q. Who is responsible for conducting the ABC Risk Assessment?

0%

20%

40%

60%

47%

14%

13%

10%

3%

_1%

52%

17%

11%

10%

(38)

Managing

cross-border risks

(39)

Managing cross-border risks



For listed US and UK corporations, only

69%

indicated that they include ABC

considerations as part of the pre-acquisition due diligence process. For unlisted

entities and non-US/UK listed entities, the figures were lower at

54%

and

55%

respectively.

87%

of non-US or non-UK unlisted respondents doing business with

US and UK entities, have formal ABC programs.

60% of respondents engage in M&A, but many do not address ABC issues

during the acquisition process

(40)

Managing cross-border risks

60% of respondents engage in M&A, but many do not accord ABC

issues the status they should during the acquisition process

• Perform ABC due diligence procedures.

• In the pre-acquisition stage obtain and review publicly available

sources about the target, its reputation, the market in which it

operates, its likely customers and government relationships.

• Where adequate ABC due diligence cannot be performed prior to

acquisition, perform post-acquisition procedures to address

residual ABC-related risks associated with the acquired entity.

Recommendations for the buyer:

(41)

(42)

Better controls needed

Evaluating ABC controls is a highly complex task

• The lack of resources ranked 4

th

_{overall among the top challenges facing}

survey respondents, and 3

rd

_{for companies listed on stock exchanges outside}

the US and UK.

• Survey responses that many important ABC controls have not been

Global companies don’t have resources to deal with ABC issues

around the world. US and UK companies may have sufficient

resources at the Head Office, but not at the level of subsidiaries.

Corporations based in other jurisdictions generally suffer worse

from a lack of resources.

(43)

(44)

Finding the needles

One of the most cost-effective tools for monitoring ABC controls

is data analytics

• Data analytics is an increasingly important and cost-effective tool to assess ABC controls,

yet only

25%

(

Asia: 28%

)

use it to identify violations and of those that do, a mere

42%

(

Asia: 45%

)

continuously monitor data to spot potential violations.

(45)

Finding the needles

Comparison between ASPAC & the rest of the World

Q. Which areas do you focus your ABC Data Analytics on?

0% 20% 40% 60% 80% 45% 28% 14% 10% 3% 0% 0% 61% 17% 13% 5%

2% _2% _2%

(46)

(47)

Key Findings

A sharp increase in proportion of respondents who say they are highly challenged by the issue of

ABC compared to four years ago.

Despite difficulty monitoring business dealings with third parties, more than one third of the respondents

do not have formal processes in place to identify high-risk third parties. More than half of those with

right-to-audit clauses over third parties have not exercised the right.

As companies continue to globalize, management of third parties poses the greatest challenge in

executing ABC programs.

ABC considerations are accorded too low a priority by companies preparing to acquire, or merge with,

other corporations across borders.

Respondents complain they lack the resources to manage ABC risk.

Data analytics is an increasingly important and cost-effective tool to assess ABC controls, yet only

25% use it to identify violations and of those that do, less than half monitor data to spot potential

violations.

(48)

Conclusion



Companies are facing up to the challenge of

managing ABC risk, but the expectations of

regulators continue to increase incrementally at

the same time.



Corporations with international operations are

tightening ABC controls and procedures,

causing companies in their supply chains to fall

into line.



Companies are struggling to deal with third-party

risk on the one hand and with the growing

number of national ABC regulations on the

other.



Despite better controls and stronger ABC

policies, companies continue to fail to comply

with the tougher regulations, and risk being fined

(49)

The information contained herein is of a general nature

and is not intended to address the circumstances of any

particular individual or entity. Although we endeavour to

provide accurate and timely information, there can be no

guarantee that such information is accurate as of the date

it is received or that it will continue to be accurate in the

future. No one should act on such information without

appropriate professional advice after a thorough

examination of the particular situation.

Company and a member firm of the KPMG network of

independent member firms affiliated with KPMG

International Cooperative (KPMG International), a Swiss

Owen Hawkes

Partner, Forensic

KPMG in Singapore

(1)

Finding the needles

One of the most cost-effective tools for monitoring ABC controls

is data analytics

• Data analytics is an increasingly important and cost-effective tool to assess ABC controls,

yet only

25%

(

Asia: 28%

)

use it to identify violations and of those that do, a mere

42%

(2)

45 Finding the needles

Comparison between ASPAC & the rest of the World

© 2015 KPMG Services Pte Ltd (Registration No: 200003956G), a Singapore incorporated company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (‘KPMG International’), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.

Q. Which areas do you focus your ABC Data Analytics on?

0% 20% 40% 60% 80% 45% 28% 14% 10% 3% 0% 0% 61% 17% 13% 5%

2% _2% _2%

(3)

(4)

47 Key Findings

A sharp increase in proportion of respondents who say they are highly challenged by the issue of

ABC compared to four years ago.

Despite difficulty monitoring business dealings with third parties, more than one third of the respondents

do not have formal processes in place to identify high-risk third parties. More than half of those with

right-to-audit clauses over third parties have not exercised the right.

As companies continue to globalize, management of third parties poses the greatest challenge in

executing ABC programs.

ABC considerations are accorded too low a priority by companies preparing to acquire, or merge with,

other corporations across borders.

Respondents complain they lack the resources to manage ABC risk.

Data analytics is an increasingly important and cost-effective tool to assess ABC controls, yet only

25% use it to identify violations and of those that do, less than half monitor data to spot potential

violations.

A top-down risk assessment would help companies set priorities, but conducting an ABC risk