The following reflect my work in assisting regulators and enforcement authorities, and research on governance in companies that have been accused of fraud, bribery, corruption, and other malfeasance such as harassment, nepotism, expense reporting, and excessive compensation. I also draw on my interactions with, and guest lectures by, fraudsters who are currently in prison or who have served time in prison, and experts such as forensic accountants.
Here are the red flags, as I see them, in problematic companies and boardrooms that may contribute to fraud and other malfeasance going undetected or undeterred. Drawing on a speech I gave this month to a bribery and foreign corruption conference, and an earlier speech to corporate directors, the red flags are, in no particular order:
- Independent oversight functions (audit, compliance, risk) either non-existent or reporting to senior or operating management.
- A board lacking in risk, international and relevant industry expertise, and paucity of audit committee know how of how fraud is or may be committed.
- A whistle blowing procedure that is neither anonymous nor protected.
- A board that does not believe it sets tone at the top. A tone that is not equal and consequential.
- A focus on rule and legal correctness, not spirit and intent. Failure to account for exogenous shock, stress, and a different frame of analysis. Directors not speaking up.
- Complex design being approved by directors. Directors approving when management does not fully tell them the counter-argument, and directors do not ask (know), or press.
- Captured, conflict-seeking, self-dealing, over-compensated, over-tenured directors and gatekeepers who are not objectively independent.
- Immature risk management, non-investment in information technology, and defective or non-existent controls, particularly non financial, reputational and behavioural.
- Defective, non-existent, or dominated internal audit function.
- Lack of culture and reputation control assurance to the Board. No understanding of tone in the middle, or toxic or bullying work culture.
- Non-audited compensation, and improper incentives (quantitative, financial, short-term) that incent risk-taking behaviour. Unconstrained risk-takers and a complacent board.
- Clawbacks not at correct threshold of ethics or risk. Lack of risk-adjusted compensation.
- Charismatic, dominating, and/or stretched CEOs and CFOs, including distracting external activities, personal issues, living beyond their means, not tasking vacations, and undue attention to accounting.
- Ethical code poorly designed, controlled, monitored, enforced, assured and reported to the board.
- Lack of documentation with explicit limitations and thresholds for material risks, cascading to emerging markets and key suppliers.
- Lack of executive sessions, with only independent directors, and with only internal oversight functions (audit, risk, compliance).
- Lack of due diligence and integrity controls at the hire or contract stage. Lack of integrity controls over senior management, and capacity for over-ride.
- Non-zero tolerance of facilitating payments. Mixed message sent by the board.
- Lack of independent, expert validation (board, risk, controls) reporting directly to the board.
- Weak or corrupt host country auditors not vetted or overseen by the audit committee, and lack of availability and translation of documents.
Do you recognize any of the above red flags? On a board or in a company of which you serve? Allegations of wrongdoing can put assets and reputation at risk. Regulators have enormous power, and are focusing their sights much more on the role a board plays, or does not play, in overseeing the affairs of the company.