Partner Ravinder Thukral recently took part in a roundtable discussing corporate fraud and was published in the November 2019 issue of Financier Worldwide Magazine. 

At a time of geopolitical uncertainty and massive technological advances, corporate fraud is increasing, with cyber crime, particularly in relation to the misuse of data, especially prevalent. There has also been a demonstrable increase in detected bribery, corruption and wider corporate malfeasance. In response, government and enforcement agencies are continuing to ramp up their anti-fraud activities, utilizing a range of new legislative tools against companies and individuals. Companies need to track such developments carefully and update their fraud prevention strategies accordingly.

FW: Could you provide an insight into the types of corporate fraud that are typically being seen across the current financial and economic landscape?

Thukral: At a time of geopolitical uncertainty and massive technological development, particular types of corporate fraud are prevalent, such as the rapid evolution of cyber crime, particularly in relation to the misuse of data. We see an increase in reports of bribery, corruption and wider corporate mismanagement involving both the civil and criminal law, with the theft of company assets and business opportunities. Often this is because a corporate has expanded their operations into new and emerging markets, where they have encountered unfamiliar business cultures and practices. Sometimes, their internal systems and controls, which have been developed and refined over many years, have not caught up.

FW: Could you highlight any recent, noteworthy cases of corporate fraud which caught your eye? What would you say are the most important lessons that the corporate world can learn from the outcome of such cases?

Thukral: Two recent developments are worth examining. First, the Serious Fraud Office's (SFO's) decision not to prosecute a number of individuals following recent corporate investigations and deferred prosecution agreements (DPAs) might give some hope that individual directors are no longer a priority target. This is unlikely and should not encourage companies and senior managers to think that enforcement agencies are interested in pursuing the corporate entity to the exclusion of anyone else. Secondly, there are an increasing number of reports of bank fraud being committed as part of a wider campaign of human trafficking. Companies should be aware of recent legislation on human trafficking and its potential impact on the way in which fraud should be investigated and resolved.

FW: If a company finds itself under investigation by the authorities and subject to potential litigation, what general steps should it take in response?

Thukral: In so far as possible, it is important to get to grips quickly with the factual and legal basis of the complaint, as this will inform the nature of the response. It is also important to select a separate team of people who are responsible for managing the issues involved. In this way, the corporate response to the complaint cannot properly be criticised for having been implemented by employees or directors who may be implicated in the alleged wrongdoing. A corporate will need an internal and external strategy to deal with questions and requests for information from shareholders, investors, investigators and the press. It may also need to move quickly to secure documents and assets. The early stages of a dispute or investigation are crucial and will likely influence how the investigation or litigation proceeds. In the criminal sphere, a corporate should consider how the SFO's corporate cooperation guidance might apply in relation to issues such as self-reporting and legal professional privilege.

FW: What advice can you offer to companies in terms of implementing and maintaining a robust fraud risk assessment process, with appropriate controls to detect potential misconduct? For example, what measures should they take to strengthen processes around third-party relationships?

Thukral: The approach that a company takes to fraud detection is informed by a thorough assessment of its potential vulnerabilities and the wider business context in which it operates. Once a corporate understands how it may be threatened by fraudulent activity, then it can craft policies, practices and a culture which seeks to reduce its exposure to that threat. Proper planning is a central consideration so that employees and managers know how to act if an incident arises which requires an immediate response. While due diligence on third parties can be complicated and time consuming, it is an essential feature of any fraud prevention strategy. Corporates should also consider their contractual arrangements with third parties on issues around disclosure of information, cooperation and integrity standards.

FW: When suspicions of fraud arise within a firm, what steps should be taken to evaluate and resolve the potential problem?

Thukral: Once fraud is suspected, it is crucial that robust steps are taken quickly to make sure that information and documents which relate to the incident are preserved and isolated. Without this, companies may not be able to understand fully what has taken place and how to respond. If an internal investigation becomes necessary, it should be conducted impartially and with the support of trusted company management. Once a company feels confident of the results of any investigation, it must then consider carefully how to resolve it. This will likely involve myriad contractual provisions and regulatory requirements and will likely require the input of outside counsel to help make the numerous judgement calls where time and relevant information may be in short supply.

FW: How important is it to train staff to identify and report potentially fraudulent activity? In your experience, do companies pay enough attention to employee education?

Thukral: The benefits of staff training on the detection and reporting of fraud can be crucial. Staff form a central part of a company's anti-fraud strategy as they are aware not only of the risks but also how to act once confronted by suspicious activity. When it is provided, training should be engaging, interactive, mandatory and frequent. A workplace culture in which staff know what fraud can look like, such as a phishing fraud, and can communicate their concerns reduces the risk of repeated incidents and penalties. If training is demoted to a single online module or presentation which is delivered and then forgotten about, it is highly unlikely that staff will know when and how to report with confidence.

FW: How do you envisage the regulatory and legislative landscape unfolding in the coming months and years? Against this backdrop, do you expect companies to enhance their measures to mitigate potential fraud in future?

Thukral: There is every reason to think that government and enforcement agencies will continue to ramp up their enforcement activities against companies and individuals. Not only do they have new legislative tools at their disposal, such as the Criminal Finances Act, but they are also looking to regulate further the way investigations are conducted and coordinated. Use of technology and machine learning tools also means enforcement agencies are likely to get to the 'hot' documents quickly. Companies should track such developments carefully and ensure that they build any such guidance into their fraud strategies where necessary. In the courts, there is also an increasing amount of cross-over between criminal and civil proceedings where allegations of fraud or corruption are being considered. Sometimes, the courts allow both actions to proceed in parallel, which puts great strain on the defendant having to defend on two fronts. D&O policies need to be reviewed carefully at renewal time to ensure they are 'fit for purpose'.

Read the full Financier Worldwide article here.

This article was first published in Financier Worldwide Magazine November 2019 Issue, and is reproduced by kind permission of Financier Worldwide.