Phil Beckett, Managing Director at Proven Legal Technologies – a corporate forensic investigation and edisclosure firm
The Serious Fraud Office (SFO) recently cautioned companies and banks, warning them that if they fail to prevent financial crime by their staff, they could face great fines and official blacklisting from European contracts. This proposed amendment to the Bribery Act put forward by the SFO would give Britain the power to take direct action against corporates, enabling it to levy US-style fines and brand them with assisted bribery.
Reinvigorating the Bribery Act
This is not the first time the Government has tried to shock organisations into taking action, and firms need to take it seriously. These developments can be seen as both a carrot and stick, however. The stick: organisations in the UK found guilty of offences under the Bribery Act could find themselves blacklisted from European contracts; the carrot: deferred prosecution agreements (DPAs) that the SFO stated they could use as of 24 February 2014.
Undoubtedly, the SFO will look to reinforce these messages by publicly taking action in both regards. To make the message even clearer, the SFO could showcase two cases side-side – one under a DPA and the other in the form of a traditional prosecution – in order to show the benefits of companies entering into DPAs.
A call to action
Firms should not take these latest developments lightly. The SFO, which recently had to ask for emergency funding, is trying to shift the cost focus onto organisations when it comes to investigations into allegations of bribery. To keep away from the wrath of the SFO altogether, all firms need to implement a mixture of good policies, procedures and training. Although to date, these have primarily been viewed as a defence mechanism and best-practice in terms of bribery avoidance, they can however have more far-reaching benefits if they are taken further.
When looking into cases of bribery, corruption and other similar offences, there are signs of the deviant behaviour hidden within the vast quantities of data that passes through or is stored on the company’s technical infrastructure. A detailed analysis of this information can provide remarkable insights and early warning signs into these issues.
Communication and accounts analysis
Analysis typically revolves around two key weaknesses in the bribery process. The first being that there is generally some need to communicate, either between the perpetrators and their associates, or internally to deal with internal queries around unusual activities. The second weakness is that money has to leave an organisation’s accounts, however well disguised, as the perpetrators do not generally use their own assets when funding a bribe. Both of these weaknesses can be intelligently targeted.
Communications are not normally maintained using the corporate email system, at least in respect to communications with external perpetrators. However, corporate systems including instant messaging or chat systems should not be ignored. They can provide a wealth of intelligence when it comes to spotting the peripheral signs of these actions, such as internal queries about payments or comments on behaviour or results. Chat systems are particularly valuable as people tend to use these in the same way they would a phone-call, which means they are often less cautious about what is said and how exactly it is said.
The development of technology
Technology is continually developing and there are a wide range of communication mediums that can be used, including web-based email accounts, social-media messaging (e.g. Facebook and Linked In) and Skype. Simply analysing internal systems alone is not enough. It is important to consider other legal constraints before engaging in a full-scale investigation into these, for example Data Protection and Human Rights legislation. However, given the appropriate circumstances and legal footing, these mediums can be thoroughly analysed looking for both patterns of communication and also the actual content of the communication itself.
Often both of these mediums create vast volumes of data that needs to be carefully analysed in order to identify potential warning signs. A number of techniques can be used here that do not rely on simple keywords, including the use of linguistic analysis and clustering to identify key themes within a data set, the analysis of communication patters between different entities, the use of sentiment analysis and using a ‘Frankenstein’s document’ to seed the data set to look for other documents similar to it.
The circle of knowledge
It is also important to consider the level of awareness amongst the suspects as to what it is believed they know or do not know about any investigation. As always, keeping the circle of knowledge about any investigation to a minimum to avoid any ‘tipping-off’, either accidentally or maliciously will benefit the case. If, for whatever reason, it is believed any suspects are aware that an investigation is imminent, then it is important to put added emphasis on methods by which they may try to destroy evidence. This can include analysing their computers to look for signs of wiping or mass-deletions. If specific files are wiped, it is practically impossible to recover them, unless you are able to find them in an alternative location. However, it is more challenging to both hide the fact that wiping has occurred and to remove all references to the wiped files from the computer as they are very often referred to in numerous system files, such as the Registry on a Windows system.
Back-up tape extraction
If it is believed the data may have been deleted, then it is also worth considering the analysis of back-up tapes (or equivalent) from a time frame before they may have been aware. Not only can this provide a snap-shot of the data at the time before there was any opportunity to delete anything that could have been useful to the investigation, but also by analysing what files were deleted (i.e. looking at what files are on the back-up but are not on the live server) can be like a big, flashing arrow pointing at what was deleted. This could therefore be of great potential value to the investigation.
What is of upmost importance is that the analysis is not performed in isolation for the rest of the investigation and that it is a dynamic process that grows and morphs as the findings are evaluated and considered with the findings from other dimensions of any investigation.
When considering the monies leaving an organisation, there are many techniques that can be used to try and identify unusual transactions or patterns of transactions within an organisation’s accounts. Before performing any analysis, it is important to ensure that all data is captured and then normalised to ensure that transactions are consistently and completely analysed. The analysis can take on simple forms such as checking for payments of round-sums, looking for payments to entities in high risk countries or can be linked to politically exposed people or identifying payments to entities before or around key contractual dates. Although, it can also take more advanced and complex forms, such as Benford’s Law, which looks for unusual frequencies of transactions with the same leading digits, and statistical clusters and outliers that seeks to identify transactions that are statistically deviated from the norm.
Basic analysis can also reveal surprising and unusual findings and therefore should not be overlooked. This can include identifying payments outside of normal working hours, round-sum payments, payments clustered just below authorisation limits and unusual relationships between the person who enters and the person who authorises payments.
Analysis like this can be more effectively performed using specialist software as opposed to trying to perform these tests on the organisation’s own accounting platform. This has the added benefit of being able to sense-check the data being extracted, for example looking for invalid dates (for example, 00/00/0000) or dates outside of the norm (for example, 13/03/1914 or 13/3/2114), which can be used to try and disguise unauthorised transactions.
An integrated approach
Organisations can really benefit by looking at all analyses in conjunction with each other. Allowing the results of one to feed into the other can help achieve a higher level of analysis. If the results from any human-side investigations are then combined, it allows an organisation to analyse the data in a more informed and complete manner. For example, a review of transactions may identify an unusually named party or there may be a certain date or time when a series of unusual payments get made.
This information can be used to target searches across the communication data, looking for communications relating to that party, or content discussing it; or by analysing communications at those dates and times, as well as the surrounding time frames. This approach can help draw out findings that can be otherwise opaque.
Taking preventative methods
Whether investigations into fraud are undertaken as part of regular internal audits seeking to identify issues before they come to the surface, or in response to other suspicions, they can help an organisation avoid large fines, unwarranted bad publicity and now being blacklisted for European contracts. Rather than the ongoing fines, a preventative approach should be taken by firms to protect potential reputational and financial damage to their business. Implementing the right systems needs to be a priority for firms so that they can stop any suspicions before they rise to the surface. At present, this is not something that many firms are doing well.