Combating fraud and corruption risks in the IT-ITeS sector – recap of 2016 and outlook for 2017

it-ites2016 was a watershed year for the Indian information technology (IT-ITeS) sector. Many companies continued on an upward growth trajectory, and, as per a report by India Brand Equity Foundation, the sector is looking to achieve 12%-14% growth by the end of the financial year 2016-17. Data from the report further highlights that the Indian technology sector is expected to triple its current annual revenue to US$ 350 billion by FY 2025.

The year also witnessed significant political, economic and regulatory developments such as BREXIT, the US Presidential elections, automation of roles resulting in job cuts and demonetization drive in India. Their impact on the sector is expected to continue in this year as well.

As the industry grew at a sustained pace, challenges related to fraud, bribery and corruption continued to be obstacles for the top management, affecting their time and resources. The global perception of these risks in India has shown marginal improvement over the past year. According to the 2016 Corruption Perceptions Index published by Transparency International, though India’s corruption perception score improved in 2016 compared to that in the previous year, global ranking came down from 76 in 2015 to 79 in 2016.

EY’s Global Fraud Survey 2016 further threw light on the trend of low awareness and compliance with anti- bribery policies among employees. As per the survey, while 42% of global respondents could justify their actions and unethical behavior to meet financial targets, the number stood significantly higher at 70% in India.

key-fraud-risks-in-it-ites-sector

Some key fraud scenarios and examples of non-compliance that were reported in 2016 included,

Cybercrime plaguing global enterprises

In one of the biggest cyber security incidents that was ever reported, a technology enterprise confirmed a security breach that resulted in data theft of millions of user accounts. It was reported that the breach was first suspected when a hacker, previously associated with data thefts in two social networking companies, claimed to ‘sell’ the information relating to customers of the company in question. Similar cyber-attacks, but probably not of the same magnitude, were also subsequently reported in some other companies including a data storage company and another technology enterprise. In addition, phishing incidents continued to plague the industry resulting in financial loss to companies. Regulatory authorities such as The Securities and Exchange Commission (SEC), are also focusing on companies to disclose any hacks that may have taken place in the past to avoid cases of data security breaches. The SEC may seek enforcement action against public companies that fail to disclose major data security breaches to its shareholders. Thus, increasing incidences of cybercrime and renewed focus of regulatory authorities on data security breaches and disclosures norms have highlighted the need for heightened data security protocols and proactive risk assessment techniques.

Surge in call center scams

Numerous cases of call center frauds which also came to light last year, possibly affecting the reputation of the IT-ITeS industry. In an incident that was reported by the press, several employees of a call center were arrested over allegations of a security breach. Reports also stated that the breach was identified by a client during a forensic review, wherein theft of customers’ data was detected. The perpetrators were allegedly using the stolen data to con customers. In a separate incident, law enforcement authorities uncovered a fraud wherein fake call centers were used to fleece citizens at international locations, including the US. According to various media reports, such rackets have extorted millions of rupees in 2016 alone. The crackdown on illicit and fraudulent activities by enforcement agencies is expected to mitigate such risks to a large extent.

Rise in sexual harassment cases in the IT-ITeS sector

Although corporate India is focusing on driving gender diversity at the workplace and providing a safe ecosystem for working women, the number of companies in the nation actually adhering by the Prevention of Sexual Harassment at the Workplace policy is still an ongoing debate. Data collated from the annual reports filed by Indian companies in accordance with the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 was recently released by the Ministry of Child and Women Development. It highlighted a 26% increase in the number of complaints related to reports on sexual harassment at the workplace in 2016 compared to 2015. As per the report, IT and banking companies constituted over 80% of the total complaints registered. While the quantum of complaints registered may seem to be a cause of concern, it could also be a case wherein a higher number of cases are now disclosed, which may not have been the situation earlier. This reflects a positive step to enhance reporting systems for minimizing cases of sexual harassment and meeting pre-determined compliance requirements.

Enforcement under global anti-corruption regulations

Interestingly, 2016 also saw the highest number of enforcement actions and penalties imposed on corporates under the Foreign Corrupt Practices Act (FCPA) 1977 in the history of the law. According to data from the FCPA Blog, 27 companies paid about US$ 2.48 billion in 2016 for non-compliance. In one such incident, it was reported that the company apparently agreed to give up millions in dollars in sales profits to settle the SEC charges indicating that it has violated FCPA norms, wherein gaps in the internal controls enabled an executive to pay bribes to procure business.

The US Justice Department launched a pilot program last year, designed to encourage self-reporting of violations under FCPA, in return for reduced penalties. Under this program, companies that choose self-reporting will be eligible for a full range of credit, including a reduction of up to 50% below the lower end of fines outlined in the federal sentencing guidelines. Taking benefit of this, several companies made self-disclosure of violations under FCPA last year. In one such case, the US SEC announced a non-prosecution agreement with a company, which mandated the latter to dismiss millions of dollars in profits connected to bribes paid to officials by one of its foreign subsidiary.

key-bribery-and-corruption-risks-in-it-ites-sector

The roadmap ahead

Enterprises in the IT-ITeS sector are expected to continue facing headwinds on the compliance front, with FCPA and anti-bribery compliance remaining a priority.  As technology adoption grows, cybercrime and incidents of data theft will remain areas of concern going forward. On the resources front, frauds perpetrated by employees are expected to rise in this current volatile environment. Conducting proactive fraud risk assessment for key processes such as recruitment, payroll, procurement, employee transport and capex functions will be instrumental in mitigating inherent and emerging fraud risks.

Customer disputes arising on account of bribery allegations, inaccurate billing and data thefts can erode confidence of investors and shareholders in companies and might tarnish their reputation globally. Enhanced focus on data security, documentation of processes and policies, and being e-discovery ready can go a long way in helping companies mitigate and address risks arising out of customer disputes in a timely manner.

Companies should make qualitative investments to strengthen their cyber security and compliance programs to mitigate risks. Disinclination towards proactive reviews and non-adherence with global compliance standards can end up potentially compromising data security and even invite regulatory action. These may also result in adverse impact on companies in the long run. Notable developments such as the voluntary disclosure program under FCPA could provide opportunities for companies to remediate the repercussions of unethical practices and bring in robust internal controls to be in tune with global standards.

While accelerated revenue growth and increased profit margins will be crucial to maintain the financial health of the IT-ITeS sector, there should be greater impetus for focusing on cyber security, building robust anti-fraud controls and enhancing procedures to be compliant with global regulations such as FCPA. All these factors will collectively push the IT-ITeS sector to continue being an engine of growth for the Indian economy.

Follow @EY_India and track #EYForensic for regular updates


One thought on “Combating fraud and corruption risks in the IT-ITeS sector – recap of 2016 and outlook for 2017

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s