Tackling financial crime A non FS view IOR

Tackling financial crime A non FS view IOR Conference November 2014

Overview 1 What do we mean by financial crime? 2 What drives fraud? 3 What about AB&C and AML 4 Prevention/Detection/Response 5 Questions © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 1

Overview 1 What do we mean by financial crime? 2 What drives fraud? 3 What about AB&C and AML 4 Prevention/Detection/Response 5 Questions © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 2

Investigations and compliance “Firm fined £ 1. 8 million for ‘unacceptable’ approach to bribery and corruption risks from overseas payments” BRIBERY Source, FCA , 19 December 2013 FRAUD “The Financial Conduct Authority (FCA) has fined Besso Limited £ 315, 000 for a failure to take reasonable care to establish and maintain effective systems and controls for countering the risks of bribery and corruption” Source, FCA , 19 March 2014 “Standard Bank PLC fined £ 7. 6 m for failures in its anti-money laundering controls” Source, FCA, 23 January 2014 “Commerzbank said to be investigated over money laundering charges. ” MONEY LAUNDERING Source, Reuters, September 2014 © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 3

Overview 1 What do we mean by financial crime? 2 What drives fraud? 3 What about AB&C and AML 4 Prevention/Detection/Response 5 Questions © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 4

The landscape – fraud losses by victim NFA – Annual Fraud Indictor 2013 © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 5

KPMG Fraud Barometer Number of UK fraud cases by perpetrator © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 6

New threats Pensions liberation fraud Investment scams - vulnerable adults Bad leavers Supplier payment diversion CYBER Fake products Trojans –Physical and virtual Organised crime Bribery & corruption laws © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 7

Old threats – KPMG investigations in Scotland in the last 3 years § Stealing petty cash and hiding the entries in balance sheet reconciliations § Taking advantage of poor segregation of duties to divert cash § Stealing employer’s IP to set up a new business § Inflated expense claims § Ordering goods and services for personal use / on-sale § False claims for grant funding § Procurement fraud involving kickbacks (three investigations) § Poor value supplier contracts and undeclared financial interests § Long term contract manipulation § Supplier payment diversion – yes people are still falling for it © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 8

The fraud triangle – what drives fraud? Opportunity “abuse of position, or false representation, or prejudicing someone's rights for personal gain'. Put simply, fraud is an act of deception intended for personal gain or to cause a loss to another party. ” Source, www. sfo. gov. uk Pressure Rationalisation © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 9

Case study ■ 38 year old female ■ Financial controller ■ Three years of service ■ £ 40, 000 annual salary © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 10

Drivers of fraud – potential scenario Pressure Opportunity ■ Social Pressure (living out with means) ■ Addiction (clothing, cosmetic surgery, expensive lifestyle) ■ Financial pressure to keep up with addiction to lifestyle Pressure Rationalisation Opportunity ■ Access to accounting system ■ Ability to add suppliers ■ Ability to amend payment details ■ Position of trust Rationalisation ■ Perception of being underpaid ■ Deserve additional money ■ Victimless crime ■ Business doing well © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 11

Real world fraud “Financial Controller embezzles £ 85, 000 to pay for cosmetic surgery and elaborate lifestyle)” ■ Financial Controller of small UK subsidiary (overseas parent company) ■ Had complete access to payments and accounts system and no immediate oversight from line managers ■ Had access to a bank account in the name of a local ‘Sports/Social’ club where she has previously been treasurer ■ Funds initially taken via company debit card from cash machines (£ 6, 500) ■ Then as addiction increases funds were then taken via BACS payments to a bank account of the ‘Sports Club’, then transferred to fraudsters personal account for spending ■ Colleague took over control of petty cash reconciliation while fraudster on holiday and became suspicious when entries did not balance © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 12

Profile of a fraudster ■ Male/Female ■ 36 -45 years old ■ 3 -5 years service ■ Senior management position – Finance department – Procurement ■ Working alone to perpetrate the fraud ■ Taking advantage of weak controls ■ Losses not recovered © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 13

Overview 1 What do we mean by financial crime? 2 What drives fraud? 3 What about AB&C and AML 4 Prevention/Detection/Response 5 Questions © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 14

Bribery & corruption ■ Tends to be higher up the agenda than fraud risk – Why? ■ Bribery Act 2010 – New requirements on UK companies ■ New corporate offence of failure to prevent bribery and corruption ■ No regulator to enforce in a non-FS environment – only criminal authorities ■ A number of pillars on adequate procedures per guidance issued by HMG ■ Key themes emerging: – Facilitation payments in overseas jurisdictions are now more difficult to justify – There has been a focus on travel and entertaining which is misplaced – Paying bribes to win business is where the focus is – Agents and other associated persons bring the risk home to a UK corporate – Training / whistle-blowing lines/ due diligence – Giving vs receiving bribes – relative risks – Approach to be RISK based © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 15

Anti Money Laundering ■ No regulator to enforce standards ■ Less of an issue outside FS ■ Only some limited industries have specific KYC and transaction monitoring obligations: – most UK financial and credit businesses such as currency exchange office, cheque cashers or money transmitters – independent legal professionals – accountants, tax advisers, auditors and insolvency practitioners – estate agents – casinos – 'High Value Dealers' - businesses that accept cash payments for goods worth € 15, 000 or more either in a single transaction or in instalments – Trust or Company Service Providers ■ For some SME’s money laundering puts them at a disadantage © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 16

Overview 1 What do we mean by financial crime? 2 What drives fraud? 3 What about AB&C and AML 4 Prevention/Detection/Response 5 Questions © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 17

Anti-fraud framework: KPMG’s five pillar approach The five pillar framework set out below shows what we consider to be the key elements in an effective antifraud framework. The illustration below shows the key elements that should be developed under each pillar in moving towards good practice in an anti-fraud framework. Prevention Strategy Governance Risk Awareness Monitoring et D e ns po ec t io s Re n Co Fraud risk management aims to achieve three core objectives: Prevent instances of fraud and misconduct from occurring in the first place; Detect instances when they do occur; and Respond appropriately and take corrective action when instances arise. These three objectives run through all the five pillars of an effective antifraud framework. No strategic direction Disparate structures Informal risk methodology Unstructured approach Limited monitoring Relevant policies Clear anti-fraud message Risk appetite Fraud awareness included within induction Fraud detection systems Whistle blowing Aligned to, and supports, anti-fraud strategy Reporting structure Investigation processes Risk strategy Intelligence gathering Executive buy-in and sponsorship Management oversight Clearly defined roles and responsibilities Risk identification and assessment Fraud awareness training programme Established risk assessment methodology Communication channels developed for sharing information Employee and third party due diligence Documented antifraud framework Controls assessment and mitigation action plans Exit procedures Clear strategic direction Drive from the top Formal risk methodology Structured approach Measure effectiveness of reporting Measure effectiveness of policies and procedures Measure effectiveness of risk programmes and action plans Measure effectiveness of awareness programmes Established monitoring © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 18

Red flags for look out for…… ■ Poor controls - not followed/collusion/bending of rules ■ Lack of effective oversight/internal control checks not performed ■ Abuse of authority ■ Lack of segregation of duties ■ Weak fraud prevention policy ■ Sales or budgetary pressure ■ Remote locations (e. g. overseas) ■ Personal traits - control, lack of holidays, dominant character, ■ Unusual journals - time, people, amount ■ New suppliers - are they real? ■ False/unusual/duplicate invoices © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 19

Response – Dos and Don’ts Do Don’t § Protect the evidence § Jump to unsupported conclusions § Involve HR, Legal, IT (from the outset) § Speak to a suspect without proper planning § Consider suspending IT access rights § Delve in the data looking for the smoking gun § Check whether you have insurance § § Consider speaking to the Police Allow a suspect to keep their laptop, without making an image § Consider possible recoveries § Ignore your suspicions § Plan for success § Gather the facts before making decisions § Move to protect customer/supplier relationships if necessary § Consider self-reporting © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 20

Anti-fraud framework: technology and tools The items listed below are some examples of where tools and technology can be used to assist in the development and support of an effective anti-fraud framework ■ ■ ■ Screening employees/partners (e. g. Astrus) ■ ■ e-Learning Risk Mapping KPI production/recording Fraud Management Strategy Assessment Tool (‘FMSAT’) ■ Integrity Thermometer Prevention Continuous auditing Continuous monitoring Data mining Whistle-blowing Detection Response Integrity Thermometer ■ Computer forensics and data analytics ■ Case management systems ■ Reporting systems ■ Knowledge management (e. g. investigation best practice) © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 21

It will never happen here. . . . The Telegraph - September 2009 KPMG Director ■ Earning six figure salary falsely claimed £ 550, 000 in expenses to fund his wife’s £ 15, 000 per month spending ■ He made more than £ 100, 000 a year as a director at KPMG ■ Fraud went undetected as he kept his expenses under the approval amount of £ 5, 000 ■ Only detected when a colleague became suspicious about his air claims, after claiming for £ 480, 000 of travel expense with £ 243, 000 supported by fake documents ■ The 49 -year-old, was branded as “spineless” by the judge and sentenced to four years in prison © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 22

? Questions Contact Details: Ken Milliken ken. milliken@kpmg. co. uk ? ?

A final thought. . . © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 24

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. © 2014 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks or trademarks of KPMG International.