New legislation could impact companies for failing to prevent fraudulent activity
September 14, 2016
In a news story published in The Times (12th September 2016) it is reported that new legislation is being considered by ministers whereby company executives could face prosecution and be jailed for failing to prevent fraudulent acts undertaken by their employees.
Currently, under UK law, company executives are only liable for failing to prevent bribery, however, the new legislation reportedly will be part of a new criminal finance bill which will extend that current liability and make employers responsible for a much wider range of activities perpetrated by their employees–such as money laundering, false accounting, and fraud.
The UK has previously been caught with its wheels spinning in respect of corporate law and the liability of company directors with high profile cases. Just such an example was when the interbank LIBOR rigging scandal came to trial and the UK was unable to pursue the company's directors who ultimately had to be tried in New York where it was legislatively possible. This new legislation is designed to bring a level of parity in respect of white collar crime between the UK and current US legislation.
In the article, Jeremy Wright, QC, the UK attorney-general, effectively describes the current system of limited corporate liability, as acting as an incentive for the board to distance itself from the company's operations.
This legislation is going to increase significantly the amount of controls and governance companies will need to implement in order to demonstrate they have done more than could reasonably be expected to mitigate the risks associated with this new legislation and consequently beat the burden of proof required.
Today's company's still have too many of their existing controls manually undertaken with spreadsheet checklists. These spreadsheet controls are massively prone to errors due to the sheer amount of time it takes to keep them current. Think, if you will, about your own organisation and ask yourself whether you have adequate systems that are able to constantly monitor the following:
- Purchase Orders
- Was a PO issued same day or after the goods were received?
- Who issued and approved that PO with non-standard terms?
- Who is alerted when a PO remains open for an exceptional period of time?
- Can we automatically detect differences between the PO and Invoice values?
- Are we able to see "parked", "blocked", or otherwise invoices that are being held from being issued?
- Are invoices paid without correlation to an official order?
- Are payments and Invoices being validated against duplication?
- Goods Receipt
- Are you able to validate the goods received is equal to Invoice detail or PO by unit and price?
- Can you realise if goods receipts are posted to the wrong accounting period?
Of course the above are just some of the areas in which an agnostic, enterprise-wide, and industry-strength solution should be able to monitor proactively for breaches of process along with the challenging aspects of segregation of duties where companies quickly become overwhelmed by the sheer number of conflicts they have with their existing role and user definitions. Of course, a big manual investment of time and effort usually can overcome this, but then your business isn't a static thing. Instead, it evolves, adds new products, services and staff change, and the roles morph and evolve. So, how does your monstrous spreadsheet stop the conflicts reappearing? In fact, these conflicts in the spreadsheets are like weeds–as soon as you have removed them they start appearing again and we all know managing spreadsheets is not as therapeutic as gardening so why do we insist on operating in this way?
For this reason, companies like Starbucks use Infor Risk and Compliance across both their Oracle and SAP systems to proactively monitor and access authorisations and configuration along with process monitoring for procure to pay, order to cash, and GL analysis. In fact, Infor Risk and Compliance solutions enables organisations to monitor all the different layers of controls required, from regulatory compliance and financial controls through operational and IT risk, to anti-fraud, policy and audit assurance usually querying a plethora of underlying systems and applications enabling organisations to ask and answer the questions related to "Which users can do this?" or "Who processed that?"
More information may be found on the Infor Risk and Compliance solution here.