5 Ways Global Organizations Can Remain FCPA Compliant

GUEST BLOGGER

David P. Nolan
Vice President
Klink & Co., Inc.

Recently, HSBC announced that it was under investigation by the Securities and Exchange Commission (SEC) for its hiring practices in Asia. HSBC’s practice of hiring employees based upon their ties to government officials may violate the U.S. Foreign Corrupt Practices Act (FCPA). The FCPA regulates the activities of organizations and individuals with ties to the U.S. in matters involving foreign government officials. Foreign government officials include the heads of major government agencies and other leaders, down to the customs agent at a port or an environmental inspector. The FCPA forbids businesses and individuals from currying favor with government officials to get or keep business. Hiring the relative of a foreign government official to get or keep business is not permitted under the FCPA; however, that is what HSBC is being investigated for.

Hiring those with ties to government is not a new problem for global banking organizations. In 2015, BNY Mellon paid a nearly $15 million fine for providing student internships to family members of wealthy foreign officials in the Middle East. Other banks are being queried by the SEC about their potentially improper hiring practices, including Credit Suisse, Goldman Sachs, Morgan Stanley, Citigroup and UBS.

The FCPA does not forbid hiring family or friends of a government official. It does, however, make it illegal to hire anyone with a corrupt intent to obtain or keep business based upon that employee’s relationship to government officials. The SEC and the U.S. Department of Justice (DOJ) both take an aggressive view when it comes to FCPA enforcement, and they can be less than reasonable when it appears that an organization is trying to provide any benefit to enhance its standing with a government official. Improper hiring practices that violate the FCPA can readily give rise to civil penalties imposed by the SEC and possible criminal cases brought by the DOJ.

Below are five ways global organizations can avoid FCPA liability:

  1. When hiring outside the U.S., develop policies and procedures assuring that internships and jobs are being filled only by the best people.
  2. Be specific about the types of benefits that can be provided to officials.
  3. Provide crucial FCPA training, preferably in person, to those making important hiring decisions outside of the U.S.
  4. Perform due diligence regarding an applicant’s credentials and ties to government officials to insure that the record is clear regarding why that employee was hired.
  5. Conduct FCPA audits to make sure that hiring practices outside the U.S. are compliant with the FCPA.

Conclusion

Hiring for global employees may create liability, but with good due diligence and effective compliance policies, you can protect your organization.

3 Ways to Avoid a Fraudulent Vacation Rental

GUEST BLOGGER

Courtney Babin
ACFE Communications Coordinator

Vacation approaching? Longer days are on the way, along with summer and the chance to put your paid time off (PTO) to good use. With so many websites (Airbnb, HomeAway and VRBO) offering rentals, how do you know the difference between safe opportunities and false promises? As an Airbnb host in Austin, Texas, I’m part housekeeper, part businesswoman and part concierge. Among the success stories my friends have shared with me, I’ve also heard the ones of horror due to fraudulent rentals. So I often wonder who the people renting my spare apartment are, and who do they think I am? Renting someone else’s space is not for everyone, but if it is a type of rental you enjoy, then here are a few tips on how to verify that your vacation lives up to your expectations — and that you don’t end up losing money to a convincing rental scam.

Do reverse image searches
If you are using a vacation website, you should use a reverse image search before booking your stay. A reverse image search is available on updated versions of browsers such as Internet Explorer, Safari, Chrome and Firefox. With this technique, you can use a photo to search the internet by copying the URL and pasting it on a Google Image search. By reverse image searching, you are able to see if the rental property is the ‘real deal’ or if it’s an image that is commonly used with real estate scams.

Pay within the vacation website
Never pay outside of a website’s instructed payment method. As an Airbnb host, I can verify that legit hosts want you to pay through the hosting website. Through this security, their earnings are protected by the website’s server just as a guest's identity and investments are secure. Keep in mind that trustworthy hosts will never ask you to pay by wire transfer, bank transfer or by certified check. Also, by paying within the website you will have a complete record of all payments and messages between you and the property’s host. If you pay outside of a rental company’s website there is little to nothing they can assist with once the fraudulent transaction has been made.

Simply use due diligence
I know you’ve heard this before, but if something looks too good to be true, it usually is. Research your rental’s location and determine competitive prices where it is located. If the price is too low and you think you have come across an amazing deal (outside Expedia or other well-known discount websites), take caution. Use your personal discretion in order to avoid falling victim to this common fraud scheme.

Once you are ready to book your vacation, make sure to use a credit card — preferably one that has a fraud resolution department that can offer extra protection. If you are planning on booking a rental through other sites that have no payment controls (like Craigslist), simply be careful! There are fraudsters out there ready to make a quick buck on your hard-earned dime.

10 Golden Tenets of Fraud Prevention and Deterrence, Part 1

SPECIAL TO THE WEB

Possibly the toughest task for any fraud examiner is preventing and deterring fraud. Some believe that fraud control and prevention is at its best when the process of detection remains a secret. However, it’s very interesting to see how people react when the mode of detection is open, and he or she knows they risk being caught.

RULE NO. 1: NEVER UNDERESTIMATE

A fraudster uses the same techniques we use for fraud prevention to find new ways to penetrate a system or process.

Regardless of your system’s complexity, it’s just a matter of time until a fraudster overcomes its protections. Periodically updating and revising your fraud identification techniques are essential.

We had this interesting training-room incident at a bank, at which we’d taught select members from a team to identify patterns in bank passbooks that could indicate fraud as they reviewed huge volumes of loan cases. We split the team into two groups: Group A (trained with special skills) and Group B (trained with basic skills).

We let Group B process the cases first, and then let Group A review the processed cases. Out of 100 proposals reviewed by Group A, 12 cases matched the patterns that we had taught them. We didn’t tell the two groups, but we then added three perfect, pre-screened, fraud-free cases. We announced to Group B that 15 cases had been turned down for loans. We allowed Group B members to review any of the cases once again.

Within an hour, a shrewd member of Group B walked up with the three cases we added, asking, “Would you please re-process these cases? I think there has been a mistake in the assessment.” We asked him why he felt so. He said, “I’ve been observing these guys [members of Group A] from across the room and felt whatever they were looking for wasn’t here." He quickly explained the pattern that we had taught Group A.

Many of us sitting inside glass walls feel secure about the processes that are our safety valves. However, it's just a matter of time before fraudsters can penetrate processes and know the triggers. Rarely, neither remains a secret. The objective is to continuously explore and never be under the impression that fraudsters won’t uncover your triggers or identification mechanisms.

RULE NO. 2: NEVER REPLACE DILIGENCE WITH AUTOMATION

Nothing can substitute for common sense and diligence. We need technological fraud prevention mechanisms, but we can’t forget that the answers we seek depend on how logically and accurately we design the questions. And if someone tampers with your logic or queries, you could be barking up the wrong tree.

The Indian people work hard to retain their culture. Many across the country have the same first names. Street, city and locality names are also very similar or exactly the same. Therefore, when investigators find a match in a credit bureau verification report of a customer, they verify all details to establish that the customer and person in the report are one and the same. Customer credentialing for granting financing or loans is one of the toughest.

I recall a verification case in which we tried to review three years of income tax return (ITR) forms. However, the preliminary verification report stated that two of the forms didn’t exist. Based on these automated reports, we were about to decline the proposal. However, we wanted to make sure that we weren’t losing a good customer because the other documents apart from the ITR didn’t show any negative patterns. It’s prudent in business not to reject good customers simply because they made mistakes in the process or documentation. In this case, we decided to investigate the matter.

The evolving story was an eyeopener. 

Read the remaining golden tenets on Fraud-Magazine.com.