November 11th, 2014

By Charles de Chermont and Bill Henderson

As it is often homogenized into monolithic, generic terms, it can be easy to forget that Africa actually consists of more than 70 nations, multiple markets and economies, hundreds of cultures, and thousands of commercial challenges.

African markets are perceived to have excessive risk. In 2013, EY conducted an attractiveness survey for Africa. Perceptions from the survey found Africa to be a country of disease, poverty, corruption, and ongoing conflict.

While the vein of corruption was a tributary shared among nearly all corners of the continents, the perceived risks are overstated, and Africa is in fact a surging, growing economy rife with economic possibility.

Perceptions versus reality

The survey results show overwhelmingly positive metrics regarding Africa’s opportunity and sustainability as a key market for international businesses. The data highlights that Africa has become a commercially significant market for the last two decades.

Since 2000, seven of the 11 countries that make up Africa’s business core have grown by seven percent annually, and in that time six of the 10 fastest growing economies in the world have come from Africa.

There is a wide gap between the perception and reality concerning corruption within the continent. “The reality is that a diverse range of African countries have now experienced consistent and robust growth for over a decade.”[1]

Still, the impression that doing business in Africa is risky has limited the flow of foreign direct investments in Africa, despite the fact that Africa’s relative attractiveness to foreign direct investment has continued to rise.

Despite an increase in growth, challenges still persist. The risks identified as key investment hurdles are political instability, bribery and corruption, and weak security infrastructure.

EY’s annual Global Fraud Survey reinforced the perception that bribery and corruption is a significant risk. Across all the geographies surveyed, African respondents are the most likely to have experienced a significant fraud in the last two years. Obtaining permits, licenses or even basic utilities can sometimes lead to a solicitation of a bribe.

 Read more.

November 4th, 2014

By Arpinder Singh and Bill Henderson

Change is in the air when it comes to corruption in India, long a pox on the nation’s hopes for a brighter commercial future. Whether the country can pull that change out of the ether and help it materialize into real change has yet to be seen.

Arpinder Singh

Bill Henderson

During national elections this past May, anti-corruption emerged as one of the top issues for this nation of more than one billion. Along with hope for a better corporate environment, the new Companies Act of 2013, which received presidential assent last August, is expected to be instrumental in stimulating anti-fraud and anti-corruption practices.

It also reflects a step toward increased accountability and enhanced corporate governance standards. Fraud, for the first time in India, has been defined. Harsh penalties for fraudsters are in the offing, and stock exchange regulators will be in a position to enforce those penalties, which is also a new development.

The new law requires companies to spend set amounts on social welfare activities, empowers investors against any frauds committed by promoters, encourages companies to have women directors, and seeks to bring greater transparency to corporate governance matters.

Released in March 2014, the rules for the Act comprise subtle changes from the draft rules. They will have a significant impact in terms of applicability to class or classes of companies and the role of the audit committee with regard to the vigil mechanism for directors and employees to report genuine concerns in a manner as may be prescribed.

To sum up, the Act aims to balance external and internal forces to improve corporate governance, bringing into its fold the liabilities of responsible parties and interests of various stakeholders.

The law also outlines more than 30 new definitions, including for “fraud,” as well as for promoters, turnover, small companies, associate companies and employee stock options. These definitions are crucial as policy-makers attempt to build a real antidote to corruption.

However, creating a more ethical business culture, free of shakedowns and fraudsters, still faces a number of challenges. The attitude is changing, and that is good, but what is happening in practice still leaves much to be desired.

 Read more.

October 28th, 2014

By Chris Fordham and Bill Henderson

Fraud’s human factor comes in as many stripes as human beings do. Depending on the corner of the globe, you’ll see different flavors of fraudulent behavior, but they are only symptoms, emanating from the distinct cultures that spawn behaviors, norms and mores.

Chris Fordham

Bill Henderson

It is against this strict authoritarian background that Western companies must try to institute a system of fraud controls that transcends patriarchy. Before doing so, some indicia should be considered. Consider China. In this culture, more than in most, respect for elders extends from the home to the boardroom. Senior managers and owners call the shots, sometimes even without the requisite titles. Allegiances run deeper than the names on the corporate masthead. If a founder or owner tells you to do something, you do it, or draft your resignation letter.

The Chief Financial Officer is a good place to start when analyzing organizational fraud risks in China. Perhaps not the sitting CFO, but his predecessors, how many there have been in recent years, and how long (or brief) their tenures ran are all important factors to know. The my-way-or-the-highway ethos that dominates the corporate culture means whistleblowers are few and far between. Most CFOs of substantive moral fiber, put in a position to condone immoral acts, will simply quit.

Perhaps, as a result of this particular cultural norm and the space, what we can see from China is a variety of management frauds, financial statements frauds, and falsified reporting. As the economy has matured, so has the white-collar crime. Numbers get massaged to satisfy investors and keep the appearance of success intact. In this way, fraud in China has become less about fraud and more about pretenses. Most of the executives who perpetrate these crimes, compelled to explain their transgressions, would likely point to the stable well being of the company as their prime motivator. (This ignores the overarching reality that the company’s well being has a direct effect on their personal enrichment.)

 Read more.

October 21st, 2014

By Maryam Hussain

In the book Corporate Fraud: The Human Factor, I explore unique regional insights and commentary from the practical experiences of EY’s team of fraud investigators around the world. The book highlights the importance of behavioral factors in tackling fraud.

Maryam Hussain

This post, which will focus on overall insights, will be followed by three posts from our India, Africa and Asia-Pacific leaders, respectively, to help global organizations identify, and mitigate, fraud and corruption risks relevant to each region.

When bringing an enterprise to a growing market, it is important to understand that the market is still growing and experiencing pains associated with that growth. Enterprises cannot expect to find a mature business environment, a reliable economic structure or institutional expertise. Controls have to be adapted to local risks.

However, there are some common areas of heightened risk in these markets that call for increased scrutiny:

1. Company structures

It’s important to consider whether a company’s control structure is “fit for purpose.” In a rapid-growth environment, such as India or China, business growth can rapidly overtake the evolution of controls. The financial controls put in place for 300 vendors are very different than those needed for 3,000.

2. Areas of bureaucracy

The business regulatory environment in many rapid-growth markets is highly bureaucratic. From setting up a new business to dealing with permits, registrations and enforcing contracts, businesses can expect lengthy delays. The risk is that organizations or organizations with which you do business, pay bribes to navigate the bureaucracy or even influence decisions. Unexpectedly smooth processes should be questioned.

3. Company governance

In India, for example, family-owned businesses account for 60% of India’s top 500 companies by value. In 2009, the revenues of one such family business — Hyderabad-based software company Satyam — were found to be overstated by more than US$840m, supported by a complex system of forged invoices, forged bank statements and manipulated accounting entries. While Satyam had become a global business, its governance arrangements had not kept pace with its growth. It is important to assess the governance structures of the companies with which you do business – how effective are the checks and balances?

 Read more.

September 23rd, 2014

By Robb Adkins and Bjorn Malmlund

Bjorn Malmlund

Robb Adkins

Much has been written in recent years about the steep rise in U.S. Foreign Corrupt Practices Act (FCPA) enforcement in the wake of high profile fines in the hundreds of millions of dollars.  In response, the past decade has seen companies around the world implementing more robust compliance programs to address potential FCPA issues.  More recently, companies with an international footprint have encountered a new compliance challenge: an increasing number of anti-corruption statutes similar to the FCPA that have been enacted or newly enforced in other countries.  This globalization of anti-corruption statutes creates difficulties – and opportunities – in terms of best practices and compliance for international companies.

Since its passage in 1977, the FCPA has served as the model for anti-bribery and anti-corruption legislation. And in the past decade, with high-profile cases and steep fines targeting large organizations, the US has become the model for enforcement as well. With the track record of the FCPA in mind, some 26 other countries have enacted their own legislation in response to international conventions such as the Organisation for Economic Co-operation and Development’s (OECD) Anti-bribery Convention and the United Nations Convention Against Corruption. The result is an escalation of legislation creating a global quilt work of aimed at curbing corruption and complicating the prospect of doing business around the globe. Of these laws, the FCPA and the UK Bribery Act are perhaps the most well-known and written about, but they now have a great deal of company. We’ve seen new laws governing corruption emerge from important economies like Brazil, Russia, India and China (BRIC).

Although enforcement activity related to anti-corruption laws outside the U.S. pales in comparison to that of the FCPA, we are beginning to see increased enforcement of these laws in Europe and in a few developing countries such as China and Russia. Whether the increase in enforcement of the new anti-corruption laws in these countries will continue remains to be seen. The so-called “BRIC” countries garner the lion’s share of anti-corruption attention worldwide. Each presents its own unique challenges and endemic risk factors. As emerging markets, the scrutiny is warranted. Companies, accordingly, must be aware of the regulations and requirements.

Trying to give global advice across such a varied landscape is by necessity extremely fact-specific and risk-based. However, we can identify trends and issues facing organizations and point out issues that, if you are with an organization with an international presence, you should be focusing on.

It is critical in today’s global enforcement landscape that companies and their counsel are aware of all anti-corruption statutes in the jurisdictions in which they do business, and design compliance policies to conform accordingly.  At a general level, this seems to be common sense, but in practice companies relying on a uniform global compliance policy could be exposed in some local markets. Where gaps exist, companies need to supplement their global policies with local policies that address unique local requirements. Some examples are helpful to illuminate these fact-intensive issues.

In Russia, for example, Federal Anti-Corruption Law No. 173 came on the heels of the country’s signing onto the OECD Anti-Bribery Convention, and has increasingly been a subject of focus given the number of countries doing business in Russia, as well as the Winter Olympics and future hosting of the World Cup. For the first time, companies doing business in Russia must implement internal anti-corruption compliance measures. In the past, this was only a consideration during the punitive phase of a prosecution. The law also compels businesses in Russia to conduct due diligence and assess corruption risks, spelling out specific requirements for such activities. If a company complies with the requirements of the Russian statute, it can potentially avail itself of a form of safe harbor. In short, companies that have business interests in Russia need to be aware of its anti-corruption statute and compliance safe harbor, and implement local policies to ensure that their compliance programs meet these requirements.

 Read more.

August 19th, 2014

By David Coleman and Beth Junell

David W. Coleman

It should go without saying that success in the natural resources business requires keen attention to business resources. Specifically, this means keeping a close eye on what affects the bottom line and always searching for ways to stay in the black. One source of cost reduction and recovery that can have a positive effect on the bottom line is reviewing 3rd party contracts already in force.

Companies operating in the mining and mineral industry are facing increased financial pressure of late. With revenue inflows having declined due to lower commodity prices, and with less access to capital, many organizations renewed their focus on reducing outflows. To address these realities, and identify potential cost savings, contract reviews have become increasingly prevalent. These reviews can help companies control and contain capital and expense related outflows.

Beth Junell


Contract reviews, if done effectively, can pay significant dividends. These reviews can be broadly done across the entire portfolio of contracts or projects, or can be done in a targeted manner, focusing on individual contracts. For example, in a broad application, EY conducted a contract review on a project with expenditures in excess of $30 billion on behalf of a client in the energy sector. EY leveraged technology to review 218 contracts and identified over $61 million in savings, which generated a 10:1 return on investment. As a result, some 30% of the firm’s contracts were renegotiated. While not all contract reviews have such significant outcomes, even reviews of individual contracts can result in a positive return, and in our experience most are at least self-funding.

In another example, we worked with a global mining client who believed that one of its mines was making losses, with fraud and waste being suspected. The company employed a new mine manager and finance manager as part of its turnaround strategy. With fraud a very real possibility, however, the CFO of the holding company also sent a team of forensic specialists to assist the finance manager. While working with the finance manager, the team identified risk areas and contracts to focus their attention on.  Read more.

August 5th, 2014

By Jonathan Huynh

US companies may be at increased risk as a result of India’s well intended new law surrounding Corporate Social Responsibility (CSR). The good news is that for many US companies, CSR has evolved into the fabric of their business, resulting from social and political maturity in this area as well as companies looking to promote the many good “by-products” of their products or services.

Jonathan Huynh

Jonathan Huynh

However, CSR becomes more complicated when it is subject to legislation and regulation, as it is now in India after passage of the new Companies Act of 2013 (“the Act”). Under Section 135 of the Act, every company in India with a net worth of at least Rs. 5 billion or more ($83M USD), a minimum turnover of Rs. 10 billion ($160M USD), or a minimum net profit of Rs. 50 million ($830,000 USD), is obligated to set aside 2% of their average net profits for donation to socially responsible activities in India. These activities include things such as promoting education, environmental sustainability, and gender equality.

The law impacts not only Indian companies, but also foreign companies who conduct business in India, whether directly or through third-party agents. These companies must establish a CSR Committee who is responsible for formulating a CSR policy and recommending CSR activities that fall under the Act’s activities guideline listed under Schedule VII.

International companies with operations in India are finding this topic to be receiving significant attention from their compliance and internal audit departments, particularly because provisions of the Act leave room for question and ambiguity. Technology firms across the United States, from Silicon Valley to Brooklyn, are particularly affected, as many have key operations in India.

The most pressing questions include:

  • Are companies required to donate 2% of their overall profits, or just the profits from their Indian business?
  • If companies choose to donate these profits to non-governmental organizations who purport to in turn apply the funds to good social causes in India, how can the donors ensure the money does not end up in the wrong hands? And, are they in fact responsible for ensuring appropriate use by the recipients of the funds. Would misuse of the funds by the recipients put the donor at risk of violating the U.S. Foreign Corrupt Practices Act (FCPA) or other anti-corruption laws? If so, under what circumstances?
  • Who will be responsible for monitoring this process, both internally, and among the various government regulators (in India and elsewhere)? International businesses are struggling with these issues because the Indian law, as written, is ambiguous as to compliance obligations.

 Read more.

July 30th, 2014

By Vincent Walden

Recent regulatory enforcement actions demonstrate that companies seeking growth are encountering markets with higher levels of fraud, corruption and bribery. To determine the adoption and effectiveness of data analytics tools by businesses worldwide, EY conducted a Global Forensic Data Analytics Survey in 2014, interviewing more than 450 executives across 11 major markets.

Vincent Walden

As the marketplace expands in size and complexity, the term “big data” has been coined to express the exponential increase in volume, velocity and variety of data. 72% of survey respondents indicated that big data provides significant opportunities for companies to utilize Forensic Data Analytics (FDA) in mitigating fraud and corruption risks. However, only 7% are aware of big data technologies, and only 2% actually leverage such capabilities.

Need for FDA

The survey results identified three major risk areas where FDA can plan an important role: asset misappropriation, financial statement fraud, and capital project spend.

It is apparent that FDA efforts are well-aligned with fraud risk concerns. According to the global survey, FDA is used around 75% of the time to investigate asset misappropriation, 74% for bribery and corruption, and 62% for financial statement fraud, demonstrating a high need for FDA in various areas.

Leading practices in compliance monitoring suggests the use of FDA to be more commonplace. Current legislation and recent enforcement actions related to anti-bribery and corruption (ABAC) such as the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act create a landscape for integrating new FDA procedures into compliance testing.

Successful corporate compliance programs require a continuous process of testing and monitoring of high risk areas. In fact, 87% of survey respondents believe that FDA enhances the overall risk assessment process and improves the ability to detect fraud.

Opportunities for FDA Improvement

Not surprisingly, survey results indicate that the vast majority of companies are missing key opportunities to leverage the appropriate FDA technologies. The majority of the technologies utilized for FDA are spreadsheets (65%) and data base tools (43%).  While these “rules-based” tools are important, they are typically not sufficient to effectively prevent and detect fraud.  Just 26% of survey respondents utilize forensic analytics software while a mere 12% use data visualization tools and 11% use statistical analysis software. Despite 69% of respondents suggesting that their respective anti-fraud and anti-bribery programs are effective, 62% of respondents admit the need to enhance their management’s expertise and awareness of the benefits of FDA.

 Read more.

June 24th, 2014

By Chris Fordham and John Auerbach

Chris Fordham

John Auerbach

When doing business in China and the Far East, it can be challenging enough to get a handle on the individuals you employ. Add to that the responsibility of monitoring the myriad contractors, vendors, agents and intermediaries, and the challenge rises almost beyond control.

In recent Foreign Corrupt Practice Act (‘FCPA”) enforcement actions, a trend has emerged where third parties are landing corporations in hot water. In fact, some 90 percent of recent FCPA cases involved a third party taking actions on an organization’s behalf that fell outside the bounds of the rules. While third parties work outside the company’s walls, and often outside the company’s purview, regulators are holding corporations and their executives responsible not only for their actions, but also for the corrupt behavior of their intermediaries and improper payments made by these intermediaries.

Activities can be outsourced, but responsibility cannot. In some cases, significant risks associated with outsourcing are being ignored. In the Asia-Pacific region, the corporate use of intermediaries to assist with business is the norm. However, corporations often have a limited understanding of their third party intermediaries, and how they operate. Mitigating the inherent risk of doing business with third parties has therefore become essential.

Specific anti-corruption onboarding processes, like company training and acknowledgement of policies and procedures, have become par for the course for new hires. Most companies today require freshly hired employees to review the company ethics handbook. Why are the same requirements not applied to third party intermediaries? The approaches that many corporations use to manage their contractors, vendors and intermediaries are proving insufficient or ineffective, because they focus solely on economic performance and don’t include monitoring their compliance with controls and procedures designed to mitigate financial and fraud risk.

In the EY Fraud Survey, 55 percent of the respondents believe that risks are more likely to arise from third parties than from internal staff. The survey further reveals that almost half of the respondents said that some level of controls was in place to assess third party risks, but that these controls do not work well in practice.

However, some solutions do exist. A broad set of tools is available to companies to prevent and detect third party breaches.

 Read more.

June 11th, 2014

By Fernando M. Caleiro Palma and Ana Carolina Cayres Szyfman

Fernando M. Caleiro Palma

Ana Carolina Cayres Szyfman

The enactment of a Federal anti-corruption law is changing the face of business in Brazil. As compared to conventional Western markets, having a compliance program as a strong corporate governance tool has not been seen as essential for the majority of Brazilian companies.

The Clean Company Act (“The Act”), or Federal Law 12,846/2013 was passed on August 1, 2013 and gave corporations only six months to prepare themselves before the law came into force, on January 29, 2014.  The act establishes a corporate anti-corruption regime that imposes both civil and administrative liability on Brazilian companies for domestic and foreign bribery. The act also covers international companies if they engage in bribery within Brazil.

The history

The Act was approved in a singular moment of political backlash in Brazil. After more than 10 years under the rule of a Federal Labor-party administration, Brazil saw massive public demonstrations (the largest since re-democratization in the mid-1980s) protesting against low-quality public services, high inflation and corruption scandals.

In this context, Brazil took steps to comply with its commitment to enforce the OECD Convention on combating bribery of foreign public officials in international business transactions and passed The Act. As a signatory of the OECD Convention in 2000, Brazil was under pressure to enact a law that provides strict administrative and civil liability to corporations, national or foreign.

The Act and the FCPA: broader jurisdiction

In principle, The Act has a great deal of similarity to the U.S. Foreign Corrupt Practices Act (“FCPA”).

The Act has broad application. Both national and foreign companies doing business in Brazil can face liability under the new Brazilian statute, regardless of their corporate legal form, of whether the wrongdoing is committed within or outside Brazil territory, or even of the rank of the violator (by directors, officers, employees or third parties).

(Also see: Brazil’s New Anti-Corruption Environment: A Q&A with EY Sao Paulo’s Fernando Caleiro Palma)

Similar to the FCPA, The Act also sets severe penalties for breaches. Though companies cannot be held criminally liable under The Act, administrative and civil fines can be established on a strict-liability basis, reaching fines of up to 20% of percent of a company’s gross revenue for the fiscal year ending prior to the initiation of the investigation. The companies may face additional penalties (as imposed by courts with jurisdiction), that may include suspension of activities or ban on receiving benefits from the government. In addition, reputational damage may be significant coming out of a charge or enforcement activity.  Read more.