Corporate Fraud & Corruption

To what extent are boards and senior executives in Austria taking proactive steps to reduce incidences of fraud and corruption from surfacing within their company?

MAIR: From my experience, steps to reduce fraud and corruption are often taken as a response to an incident of misdemeanour within a company. After a fraud or corruption case necessitating a forensic investigation and involving potential operational and reputational loss or risks, companies re-evaluate their existing internal regulations and start to take proactive steps for the future. Independently of this observation, a clear tendency to increase compliance activities within companies can be noted. Even though the development and implementation of a code of conduct or ethics is in itself an important step to prevent and reduce fraud and corruption within a company, the problem in this case may lie in an over-ambitious execution of a laudable plan. Regulations are only effective if they are clear, structured, and practicable for the employees and the management. An excess of regulations and certifications, on the other hand, puts too much pressure on the employees and is, effectively, just as bad as a lack of regulations.

Have there been any significant legal and regulatory developments relevant to corporate fraud and corruption in Austria over the past 12-18 months?

MAIR: The last significant regulatory change relevant to corporate fraud was the amendment to the Austrian Criminal Act, as of 1 January 2013. Another innovation, introduced as of 20 March 2013, is the implementation of a whistleblowing-platform by the Office of Prosecution for Economic Crime and Corruption. This platform was established in order to complement the leniency policy, which was introduced as part of changes in the criminal law. Via this whistleblowing platform, people can submit reports about offences related to economic and financial crimes. It enjoys massive popularity, within only a year the platform has received over 1500 reports – most of them containing substantial information that brought charges against the offender. Thus, this innovation can be regarded as a new and effective tool in the fight against corruption.

When suspicions of fraud or corruption arise within a firm, what steps should be taken to evaluate and resolve the potential problem?

MAIR: The suspicion of fraud or corruption within a company requires immediate action. To clarify the situation and resolve the issue, it is advisable to conduct an investigation based on a three-step approach. Each investigation should start with a planning phase to evaluate the source of the incident and to set up a project plan, including the definition of custodians – for instance people within the company who can provide information about the situation. The planning stage is followed by the execution stage, which incorporates data storage and analysis, conducting forensic interviews and reporting. Based on the outcome of the investigation, appropriate measurements – especially awareness training – should be implemented to prevent further incidents in the future. In most cases, an investigation can profit from external consultants – for example, legal advisers or forensic experts with accounting expertise and appropriate technical skills.

How has the renewed focus on encouraging and protecting whistleblowers changed the way companies manage and respond to reports of potential wrongdoing?

MAIR: Compared to other countries, the protection of whistleblowers is still at a very early stage in Austria. While some protection for whistleblowers exists in the public sector, the private sector only provides individual regulations rather than comprehensive protection. However, due to recent developments – for example, the implementation of whistleblowing platforms by the Office of Prosecution for Economic Crime and Corruption and the Financial Market Authority, that enable anonymous reports of fraudulent activities – a positive trend in the perception of whistleblowing is discernible. On account of this change, companies are more likely to implement whistleblowing-hotlines or platforms themselves, as they start to appreciate whistleblowing as an adequate means to fight corruption rather than regarding whistleblowers as ‘traitors’. Still, profound background information is necessary to make whistleblowing-hotlines and platforms work – it is not sufficient that they are set-up and implemented by companies, the crucial factor is how the reports are handled. It is especially in the handling of reports by whistleblowers and in their protection where I see room for improvement.

Could you outline the main fraud and corruption risks that can emerge from third party and counterparty relationships? In your opinion, do firms pay sufficient attention to due diligence at the outset of a new business relationship?

MAIR: Third party and counterparty relationships can be accompanied by legal, operational and reputational risks, such as anti-money laundering, conflict of interest on account of intransparent business affiliations, and so on. As companies act increasingly on a global level, awareness regarding potential risks is crucial and companies are well advised to pay appropriate attention to risk-related due diligence, not only at the outset of a new business relationship, but also in regard to existing third-party relationships. Also, firms need to be aware of the risks related to the involvement with politically exposed people (PEPs) and of the existence of anti-corruption laws with extraterritorial jurisdiction, for example, the UK Bribery Act, which holds companies responsible for the actions of third parties. In my opinion, companies are starting to become more attentive towards risks that are related to third party relationships, but often lack the necessary processes or methodologies, databases and language skills, which is why firms can benefit from external support through specialists in the area of business intelligence.

What advice can you offer to companies on implementing and maintaining a robust fraud and corruption risk assessment process, with appropriate internal controls?

MAIR: When developing and implementing a fraud and corruption risk assessment process, it is important that the management level is supportive of the system – that is, the process needs to be motivated by the ‘tone from the top’ principle. As markets and laws change, and companies evolve on a permanent level, an anti-fraud management system needs to be able to adapt to changes. Also, the system must be subject to routine reviews regarding its implemented risk assessment processes. Internal controls should include basic standards, such as segregation of duty, establishment of a document management system and precise definition of responsibilities – requiring profound knowledge of the operation of the company. When implementing a fraud and corruption risk assessment process, it is of great importance that the framework is suitable to the industry and company, precise, easy to understand in terms of language, and accessible by all employees who, in addition, regularly attend tailored training.