Confronting the challenges of cross-border fraud examinations

As your organization grows, its business could expand into new nations. You might be conducting fraud examinations in cultures with unfamiliar social customs, laws and judicial systems. As I covered in part one in the January/February issue, you should have a solid cross-border investigative plan before you tackle a case with roots in several different countries.

In part two, we’ll cover assessing legal and cultural considerations, specifics of your plan, reporting findings and remediation across borders.

Assess legal and cultural considerations

Before the examination begins, you must discuss with in-house counsel if attorney-client privilege laws will protect it. You also must understand the laws of the area in which you’re investigating because they might not align with international corporate law. You’ll always have to tweak your investigations to comply with local laws and culture.

For example, corruption is dealt with in:

• The U.S. under the Foreign Corrupt Practices Act (FCPA) and some aspects of the USA Patriot Act.
• The U.K. under the Anti-Terrorism, Crime and Security Act 2001, which includes extraterritorial provisions relating to corruption.
• Australia under the Commonwealth Criminal Code Act 1995, which makes it an offense to bribe a foreign public official, whether in Australia or in another country
• Germany via the federal government’s complete legal framework from the Prevention of Corruption, 2004, that includes an anti-corruption code of conduct. The German penalty code and criminal procedure law allows the pursuit of employees as long as the act has taken place on German soil.

Also, consult regulations of economic bodies, such as the Organisation for Economic Co-operation and Development (OECD).

Many countries don’t have defined legal and political systems, especially those who have been or are engaged in war. (While once working on an investigation in a country at war, I had to plan every step to perfection or I might have had to say adios to the world.) That’s when an astute understanding of those countries’ cultures (unwritten rules of how things are done) comes in handy.

KPMG, in its report, Cross-border investigations: Are you prepared for the challenge? (KPMG International, 2013) says that cultural differences remain one of the top three challenges in conducting cross-border investigations — up to 37 percent in 2013 from 26 percent in 2007.

An obvious cultural barrier is body and spoken language. For example, in North American countries it’s fine to look directly into another’s eyes when speaking — even when lying! However, in some countries it’s considered rude to ever look someone straight in the eye. And watch out for social faux pas: Tipping wait staff in the U.S. is generally expected; in Japan it’s an insult.

Miscommunication and lack of awareness of a local language can be disastrous for investigators who don’t fully understand the jurisdiction in which they’re operating. In Middle Eastern countries words usually are as valid as written contracts, so many make deals verbally. However, you might receive a response such as “Inshallah” to a verbal request for a meeting, which indicates “if Allah wills it.” But don’t take it as an affirmative unless you’re setting up an electronic meeting. Depend on your translator.

You might have to tweak language to respect diverse cultures and customs. For example, in the Middle East, because the word “investigation” might disturb some, use words like “special review” and “analysis.” And rather than saying “whistleblower,” “informant” or “witness,” use “employee” or “colleague.”
Find subject matter experts in the regions in which you’ll be investigating and frequently run your plans by them.

Also, depend heavily on your organization’s administration staff in the areas in which you’re investigating. Plan them in your budget. You simply can’t conduct cross-border examinations without reliable people who know the intricacies and peculiarities of their jurisdictions. In hostile environments, plan for armored vehicles, local escorts and trained, savvy drivers.

Ask management for a hefty miscellaneous budget for intercity traveling, security, vehicles, translators, witnesses living in safe houses and emergencies.

If management is balking on supplying enough cash for miscellaneous spending, tell them that the organization’s reputation could suffer if you don’t have sufficient funding for your investigation.

Specifics of your cross-border investigation

Acquisition, seizure and collection of data

Most of your relevant data will be like the unseen 90 percent of an iceberg: submerged and difficult to access.

Collecting relevant information is a crucial step of any examination, but differing data privacy laws and procedures often make this process challenging. This is another area where it’s important to understand the local laws and procedures.

Many countries don’t have defined legal and political systems, especially those who have been or are engaged in war.

• You must obtain explicit permission from those who own data — physical or in electronic form — that you’re processing, and they must always be able to access it at any time.
• Of course, you must process all data accurately.
• You should only process data — in fair and lawful ways — for purposes of the examination.
• If you’re in the European Union (EU), you should only share data with those located in countries that can afford adequate protection to data in the eyes of the European Commission (EC).

Application of data-collection principles

Applying these principles in practice, particularly in the context of a cross-border Foreign Corrupt Practices Act investigation, isn’t necessarily straightforward. Say, for example, providing notice to wrongdoers that you’re collecting their data obviously will tip them off that you’ve begun an examination. Or when you’re looking for evidence, exculpatory or otherwise, it might be technologically impossible to examine limited data. And non-EU legal requirements or requests from non-EU authorities don’t overrule EU data protection laws and consequently might not be lawful.

The EC has numerous exceptions for transferring data outside the EU. While transferring data outside the EU is sometimes tedious, you can adopt — at a minimum — risk mitigation strategies, such as determining the exact location of the data, transferring de-identified data, filtering data prior to transfer, etc. (De-identified data, of course, doesn’t disclose identities.)

Interviewing

Be culturally sensitive when you’re interviewing. Always remember that the person sitting in front of you is only a potential alleged fraudster no matter how much evidence you might have.

During a cross-border examination, you must realize that many countries allow employees to refuse to cooperate or allow them to have limited access to files that identify them as relevant. And your organization’s jurisdictional documents might not be valid in a country like Afghanistan. Again, understanding the culture can help with this process. Sometimes the only weapon you might have is the skill of persuasion.

During an interview, always have your trustworthy translator in the room. (Never use family members or friends of the interviewee.) Even if the interviewee speaks in your language, the local experienced translator can help with dialects, slang and local jargon.

Make sure your body language radar is up and running constantly to make sure movements, expressions and words all coincide.

Analysis

Midnight brainstorming sessions with your team (and your daily investigation diary) will help you fill in the blanks on your linked analysis. Don’t hesitate consulting with your SMEs, your in-country consultants and onsite organization staff.

Reporting findings

After you’ve completed your examination, your team needs to report its findings to the authorities. You must understand the chain of reporting in the country in which you’ve conducted the examination. Their privacy laws might not allow some of the information to be seen outside of the jurisdiction, such as individuals’ names, financial information or personal data. Therefore, establish the proper data export channels before providing a report (even a draft of a report) to management or directors outside of the country. Do likewise for reports and materials prepared by experts and consultants.

Remediation across borders

Remediation is the final step of the process before formal charges are brought against an individual or organizations. It’s critical that organizations punish employees proportionately to the magnitude of involvement in the unethical conduct and in line with local regulations. For example, certain countries require employers to notify an employee if they’re going to be terminated for cause or without permissible cause. Even if the evidence appears to implicate a person, the labor laws in certain countries contain higher standards that must be fulfilled to justify a termination for cause.

Another key area of remediation is to address the inadequate, insufficient or non-operating/ineffective controls or procedures that allowed the unethical act to occur. Implementing these changes to the existing controls (such as a fraud response plan or anti-corruption/compliance program) might reduce the severity of the charges against a company.

Cross-border fraud examinations are unique

As fraud examiners, we deal with this paradox: Organizations are continually expanding globally, but border restrictions are tightening. So, we must always be prepared with a preemptive cross-border fraud examination plan that includes understanding of changing countries’ laws and cultures. Your success depends on it.

Robin Singh, CFE, LPEC, is the compliance and fraud control department lead officer at Abu Dhabi Health Services Company - SEHA (Government of Abu Dhabi). Reach him at: robinsingh002@yahoo.com.

The opinions expressed in this column are those of the author and don't reflect the opinions of SEHA or its business entities or its affiliates.