Episode Transcript
[00:00:00] Speaker A: Hi everyone. You've got questions and we've got answers. Welcome to another Bella Asks episode of the Ethicast.
Here at Ethisphere, we believe there is no competition in compliance, which is why we're using this show as a platform to answer high level questions about business integrity to that have been posed to us by the members of the Business Ethics Leadership alliance, or bela. BELA is a global ethics and compliance community that provides exclusive access to helpful data, benchmarking events and other resources to advance your ENC program. It also provides a concierge service by which members can submit questions around best practices and our internal experts will provide an answer plus helpful resources with more information.
Many of these questions are particular to a specific company's needs, but many more of them speak to challenges and opportunities facing E and C professionals everywhere. So in this episode, we're going to answer one such question as part of our ongoing mission to make the world a better place by advancing business integrity.
And joining us once again to lend her deep knowledge to these matters is Bella chair Erica Salmon Byrne. Erica, once again, thank you so much for joining us.
[00:01:16] Speaker B: Absolutely. Bill. I am more than happy to be here to keep answering these questions. I do feel like at some point we're gonna get to a place where I do some sort of like, I'm back style Batman joke, but
[00:01:32] Speaker A: outstanding. Look, anytime you're gonna hit me with a Batman reference, you're gonna take me off track and I'm gonna like welcome it. 100 so. Well, look, today we have a great program structure question for you and it is this.
Who should own my company's anti fraud program Compliance Internal Audit, a joint group between Internal Audit Finance and Cyber Security.
[00:01:51] Speaker B: Who?
Yep. And, and Bill, I apologize to our consistent, wonderful listener base who has heard me say this on more Fridays than they probably can count. But my answer is going to be it depends on what kind of fraud you're talking about. So that you know not. Not to say that every answer goes back to risk assessment, but to a certain extent, Bill, every answer goes back to risk assessment assessment. Because what you need to understand is you need to understand what kind of fraud are you worried about? Are you worried about fraud in the sense of the Economic Crime and Corporate Transparency Act's failure to prevent fraud offense? So there you're thinking accounting fraud, you're thinking potentially sales fraud. Right. But it's, there's a, there's an element of financial fraud in a lot of that analysis. And so for, if you start from that perspective, then you are going to be thinking a lot about your finance team. You're going to be thinking about your internal controls, you're going to be thinking about your internal audit function and your ability to test those internal controls. All of those things are going to be really important to that analysis of who owns the anti fraud program.
If instead you are thinking about employment fraud, for example. So if you are a large staffing company, maybe one of the things you have to be worried about is a bunch of candidates pretending to be somebody that they're not.
And so that is going to be a different solution there. You're going to think about your HR team, you're going to think about your screening functions. Maybe you are thinking about credit card fraud or you're thinking about fraud in customer data. So the first thing that anybody listening into this needs to ask themselves is what are the types of fraud that are at the greatest possible risk for my business?
And who are the functional partners inside the business that are best positioned to combat that fraud? Because the type of fraud you're worried about is going to really guide you to that answer of who should own it. Now I will say no one can combat fraud by themselves. So just because a department has responsibility for the anti fraud program does not mean that they're going to work by themselves. And so to the person who asked the question about a committee of responsible departments, those departments that were listed in the question, right, Cybersecurity, finance, audit, compliance, all of them probably have to be involved. But there is going to be one department that is more responsible than others that is going to lead the coalition of control functions that are seeking to prevent whatever the riskiest types, the most prevalent types of fraud might be.
And those groups have to coordinate very carefully. They have to share data, they have to think about what they're learning from the work that they're each individually doing in order to make sure that you've got, you really have an effective anti fraud initiative in place. And I will say just to kind of go back around to the beginning of the question where I mentioned the Economic Crime and Corporate Transparency act bill, the Serious Frauds Office has a very good guide out on what a good anti fraud program looks like and the kinds of things that would get a company credit in the event that they were talking to the Serious Frauds Office about a failure to prevent fraud offense.
And so there's some really wonderful guidance including some scenarios in that document that would be a good starting place for somebody who's trying to think about what their fraud exposure might be.
[00:05:15] Speaker A: Yeah, I love that answer and what I really enjoyed about it, Erica, was mentioning how, you know, all these teams are going to have to work together anyway. One may hold the pen on this, but there's still going to be a coalition effort. I love that term, the coalition effort. And you know what, we just had a webinar about how ethics compliance can really lend itself as a strategic partner in the organization. And that coalition building is part and parcel of that. And so for organizations that maybe they don't have as mature of an ethics compliance program or they're kind of just doing this for the first time, this opportunity to forge ahead and figure out how you're going to work on this risk with your allied units is also a blueprint for how you're going to make your ENC program work across the board. Because that kind of coalition building is well beyond fraud. It's on everything the E and C touches.
[00:06:00] Speaker B: Well, and the thing I love about that point, Bill, is, you know, it's starting from, particularly if you're a relatively new program and if one of the things that you're seeking to do right now as part of that relatively new program is to get some wins that demonstrate the value of the work you're doing relatively early.
Unlike some other types of things that compliance works on, where it can be really hard to prove a negative, it can be really hard to, you know, show that you prevented a bribery situation or you know, like those kinds of things can be challenging fraud, particularly if you tackle travel and entertainment fraud, gifts and entertainment fraud, procurement fraud, right? You, you know, you, you, you start your anti fraud initiatives by looking at situations in which your employees might have set up side businesses where the addresses match, you know, the address in the HR file matches the address of the vendor and they're paying themselves on the side.
And by the way, for anybody who thinks to themselves, well, that couldn't happen. I strongly recommend that you check out a couple of recent news stories, some of which Bill has linked in the at the Sphere newsletter, including one of the, the more recent ones which is this case that's going on in, in Connecticut with the very high level risk senior risk officer at Marsh, who set up a bunch of side businesses and made himself, you know, buckets and buckets and buckets of money.
And so, you know, by, by tackling some of these, these types of fraud that might be happening inside the organization, you know, AI enabled CAB receipts that defraud the T and E system or whatever it might be, you can really demonstrate the tangible value of the program very quickly. So if you are a new program, you're, you're, you're building it, you know, relative is a relatively nascent effort.
This is a way you can show that you actually have a tangible business effect relatively quickly by catching some of these things that might be happening because you don't have the right controls in place.
[00:08:04] Speaker A: Well, Erica, as always, thank you so much for coming onto the program and for sharing your knowledge and insights with the Bell community. I know they really, really appreciate it.
[00:08:11] Speaker B: Yeah, well, Bill, absolutely, 100% my pleasure. And to all those Bell members out there listening, please do keep the questions coming because that means I get to come back and continue to answer them and you and I can. Well, I will know in my heart when I'm going to hit Bill with my Batman reference and you can tune in to see it.
[00:08:31] Speaker A: To learn more about Bella, visit ethisphere.com bella to request guest access to the member resource hub and to speak with the Bella Engagement Director. If you have a question that you would like answered on this program, contact the Bella Concierge Service and we'll get to work on it for you right away.
This has been another Bella Asks episode of the Ethicast. Thanks for joining us. We hope you've enjoyed the program. If you haven't already, please like and subscribe on YouTube, Apple Podcasts and Spotify. And be sure to tell a colleague about us as well. Every like comment and share really helps this program. That's all for now, but until next time, remember, strong ethics is good business.
