A case of 'Grande Frode' at BT Italy

If you review the Transparency International (TI) Corruption Perceptions Index 2016, you’ll find that Italy ranks 60th out of 176 countries. Interestingly, that places it in a tie with Cuba and one place below Romania.

I tend to think of Italy romantically — with images of museums, gondolas and pizzerias popping to mind. However, Italy has been a hotbed of fraud and corruption since before the Renaissance. In January 2017, British Telecom (BT) announced that it was the victim of a 530 million pounds ($680 million) accounting fraud/embezzlement, which occurred at its BT Italy subsidiary. BT filed criminal charges last March against several former employees and executives. (See Exclusive: BT files criminal complaint over Italy accounting scandal, by Emilio Parodi, Reuters, April 21, 2017.) In this column, I’ll examine the BT Italy fraud and emphasize some key lessons.

Fake sales and bullying

The “Project Crane” investigation into alleged bullying and other inappropriate behavior of BT Italy executives uncovered the multi-year accounting fraud. (See the Reuters’ article by Parodi.) In October 2016, BT estimated the fraud to be 145 million pounds. That number grew to 530 million pounds in just four months, and BT would lose more than 8 billion pounds in market capitalization as its shares entered a free fall. (See Why BT’s stock just plunged 21% and wiped $10 billion off its market cap, by Sara Sjolin, MarketWatch, Jan. 24, 2017.)

As reported in a March 30, 2017, Reuters article, investigations were opened in Italy and the U.K., and shareholders filed class-action lawsuits in the U.S. As the media reported more details of the scandal, it became apparent that those responsible included senior management of BT Italy — its CEO, COO and CFO, among others. (See Exclusive: Bullying, bonuses and a red flag that BT missed in Italy – sources, by Emilio Parodi, Reuters, March 30, 2017.)

Common or novel case?

As far as I could initially discern, this scandal wasn’t unique. Greed plus pressure to meet financial targets motivated the players to commit fraud. BT Italy management would be eligible for increased bonuses and promotions if it met or exceeded these targets. According to the March 30 Reuters article, insiders said the scheme included faking sales to boost revenues and creating fake purchase orders to hide the deception. This fraud required collusion among multiple persons in the sales, procurement and finance departments. The insiders said this type of manipulation had been going on since at least 2013.

However, not everyone was comfortable just playing along. As reported in the March 30 Reuters article, in November 2015, a few BT Italy employees dared to report their concerns to the BT head of European sales, Jacinto Cavestany, during a company event in Munich, Germany. Cavestany apparently didn’t act on their information, so the scheme continued for more than another year.

When Reuters contacted BT for comment, it replied via email: “Jacinto has no recollection of these issues being raised with him at the conference.” This shows how organizations often don’t properly document when lower-level employees submit concerns to management. And that raises the possibility that media will break fraud stories first. As a Wall Street Journal article noted in its opening line, “A juicy accounting scam in Italy has a way of drawing attention.” (See BT’s Italian Scam Is Just One of Many Problems, by Stephen Wilmot, The Wall Street Journal, Jan. 24, 2017.)

Measuring mid-level employees’ ethics perceptions sheds invaluable light on the true nature of the organization.

Proceed with caution

We know that tone at the top, company culture and overall corporate governance are important factors to prevent, deter and detect fraud, waste and abuse. Those we rely upon to maintain oversight of an organization — internally or externally — need to be sensitive to red flags associated with a hazardous corporate culture.

It’s unclear whether PwC, BT Italy’s external auditors (which they replaced with fellow Big Four firm KPMG after PwC had audited BT Italy for 33 years), had any concerns about BT Italy’s financial reporting. However, we’d expect that, as part of its annual fraud risk assessment process, PwC would speak, in a confidential manner, not only to top management but also to mid- and lower-level management during its audit to discover any fundamental issues that would raise concerns.

When I help an organization conduct a fraud risk assessment, one of my top goals is understanding its ethical temperature. Measuring mid-level employees’ ethics perceptions sheds invaluable light on the true nature of the organization. Capturing candid, open feedback about potential retaliation against whistleblowers is vital when judging the health of the reporting process.

We know that organizations’ confidential hotlines can be ineffective. Unfortunately, many organizations believe that because they haven’t received many complaints for workplace-related issues or fraud-related concerns they must have healthy environments. Management might be assuming that employees, vendors and other third parties are aware of and feel comfortable using hotlines without fear of retaliation or other negative consequences. In BT Italy’s case, three employees even went one step further and sought out face-to-face meetings to share their multiple concerns.

We should remember that when allegations of ethical misconduct are connected to C-suite executives — as in the BT Italy case but also at Wells Fargo, Volkswagen and Toshiba — an organization might have difficulty conducting an unbiased and independent investigation of potential wrongdoing. Additionally, when allegations rise as high as C-suites, the potential for reputational damage to organizations increases dramatically.

Therefore, an organization often handles such an investigation with extreme caution. Its caution is warranted, but it can lead to a long, drawn-out investigation with a double focus. First, the investigation will focus on gaining clarity about the allegations. However, at the same time, the organization is careful not to produce reports and other records that prosecutors or other adversaries might be able to use against it in future legal proceedings. This presents a fraud examiner with a challenging work environment where transparency and legal liability are pulling in opposite directions.

Beware the lawyers

Organizations conduct almost all such investigations under the auspices of both internal and external legal counsel whose main focus is the protection of the organization and limiting potential liability — not necessarily the full and complete examination of fraud, waste or abuse. This tends to place fraud examiners in an all-too-common dilemma — they face the possibility that they won’t correctly discover or analyze all aspects of the wrongdoings because the lawyers are running the investigations.

If they limit the scope of investigations and acquisitions of potential documentary evidence, they also face possible document destruction and other manipulations. Therefore, it’s important that at the beginning of any investigation that the fraud examiner educate board members and legal counsel about potential fraud schemes and risks that could be associated with certain behavioral red flags so they’ll consider this when defining the breadth and depth of the investigation.

As the BT Italy case demonstrates, we should see bullying not only as workplace harassment that poses risks to employees — we should recognize it as a “high risk” indicator for potential fraud. We also should understand that external and internal fraudsters can target us. Investigate bullying and retaliation claims as parts of your insider threat assessments.

As we can clearly see in the BT Italy case, you can have a climate ripe for fraudulent behavior when the CEO, COO and CFO don’t respond to employees’ concerns or are overtly resistant to their opposition. Therefore, we should develop our internal networks to ensure sharing of information among departments such as legal, HR, internal audit and security. Multiple vertical silos within an organization raise the risk that red flags won’t be properly evaluated during the risk or threat assessment process. Therefore, invite those working in various areas of expertise to participate in fraud risk assessments’ discussions and evaluations, while still respecting their internal boundaries and areas of responsibility.

Check your back

Collusion is one method by which bad actors can circumvent effective internal controls. It also makes fraud detection extremely difficult, if not impossible, unless you have inside information — such as a tip — to help uncover it. Also, complicated accounting systems, fragmented sales structures and language differences raise the difficulty of conducting internal fraud investigations.

Finally, C-suite fraudsters can easily erect roadblocks or even sabotage your fraud examination. Therefore, we should make sure that we have the required independence and support from those charged with the governance of the organization before tackling a fraud examination.

Steve C. Morang, CFE, CCEP, CIA, CRMA, is a senior manager at a Northern California-based CPA firm and president of the ACFE’s San Francisco Chapter. His email address is: steve.morang@yahoo.com.