Corporate scandals in Singapore over the last two years put the spotlight on integrity. Incidences of fraud and corruption have serious financial and reputational consequences. Not surprisingly, boards now see anti-fraud and corruption as corporate priorities. More importantly, beyond compliance, companies must demonstrate that they are putting integrity firmly on the boardroom agenda.
The board has statutory and general regulatory obligations to exercise their fiduciary and other responsibilities with care, skill and reasonable diligence. Breaches of these duties can result in criminal and civil prosecutions.
While independent directors (IDs) have the same legal responsibilities as other directors, by virtue of their non-executive capacity, IDs are arguably under greater expectations to provide the checks-and-balances and take on a more active role in challenging management and auditors to ensure that appropriate anti-fraud programs and controls are in place, and that independent investigations are undertaken promptly.
However, IDs face several challenges, including obtaining access to comprehensive information and having limited awareness of emerging fraud, bribery and corruption trends and the prevention and detection tools.
Prevention and detection: up to standards?
According to the Association of Certified Fraud Examiners’ (ACFE) 2018 Report To The Nation, Asia-Pacific Edition, having an established and documented code of conduct, proactive data monitoring and analysis, surprise audits, routine management reviews and an effective whistleblower hotline were useful measures in reducing the financial losses and time spent resolving fraud-related issues.
This means that boards and IDs must seek to proactively establish and embed principles of effective anti-fraud management into the organization. As the business environment becomes more global and complex, many compliance programs have not kept pace and compliance responsibilities may be “siloed” within different corporate functions. These silos create gaps and inconsistencies in key processes, which significantly undermine the company’s effectiveness in preventing and detecting non-compliance.
It would be helpful for companies to look at the various types of standards that set out the requirements and elements of an effective compliance management system (CMS). For example, Germany and Switzerland have introduced PS980 Compliance Management Systems, which requires organizations to implement a CMS and conduct periodic appropriateness and effectiveness audits.
Another leading voluntary standard is ISO37001 Anti-bribery Management Systems (ISO37001), which provides the requirements and guidance for establishing, implementing, maintaining and continuously improving an organization’s CMS. In September 2017, the Singapore Corrupt Practices Investigation Bureau (CPIB) adopted a local version of ISO37001, the Singapore Standard ISO37001 (SS ISO37001).
There is a real opportunity for boards and IDs to push for the implementation of CMS frameworks in accordance with these best practice standards.
Response readiness is key
While prevention and detection of fraud risks are important, response is just as vital. An effective response plan should include guidance on the internal reporting structure, which outlines the appropriate escalation avenues to senior management and the compliance, legal, human resources and other departments. The plan should also clarify the external reporting obligations to law enforcement agencies, regulators, insurance companies, and include guidance on engaging external parties such as forensic specialists, where necessary.
Organizations must also have appropriate measures for the preservation of evidence so that any information collected as part of an investigation or other legal matters remain admissible in a court of law.
Questions for boards
Given the growing responsibilities of boards and independent directors, keep a watch for these red flags:
- Is there a lack of support for the company’s values and ethics, low morale and high turnover?
- Is the company making manual adjustments to accounting records, incurring fines or missing tax returns submission?
- Is there resistance to provide accurate and timely information to the board or does management keep changing the narrative on events?
- Has management taken actions to remove or reduce temptations for personnel to conduct unethical, dishonest or illegal behaviors?
- Has management taken prompt and appropriate actions on departures from approved policies and codes of conduct?
This article has been co-authored with Belinda Tan, Partner, Forensic & Integrity Services, EY Singapore