Exclusive Q&A on Fraud and White Collar Crime with James Ratley
Can You Outline The Key Fraud And White Collar Crime Trends In Your Jurisdiction?
Information security and technological innovations are two major trends to keep an eye on in the near future. Information security is a major concern for organisations of all sizes and in virtually every industry, especially in the wake of the numerous high-profile data breaches that occurred in 2015. These breaches show that senior executives must become more aggressive in strengthening information security and preparing for potential breaches. Also, technology will continue to play a key role in shaping the fraud landscape. Fraudsters are becoming more innovative in their use of technology and, consequently, their schemes are growing in complexity. These developments mean that anti-fraud professionals must also adapt to advances in technologies.
What Are The Benefits And Disadvantages In Using Court Experts And Expert Witnesses?
Financial crimes can be among the most complex court cases, and attorneys often need the help of experts not only to develop the case, but also to potentially explain it to a judge and jury. A case might need technical analysis or call on the court to decide whether a professional standard was violated, and this is very difficult to do without the guidance of a respected expert in the relevant field.
On the other hand, parties typically have to reimburse the expert (or multiple experts) at a substantial hourly rate and pay for travel expenses. The expert might be required to appear in multiple depositions or proceedings. In short, it can get expensive. In cases with small amounts in controversy, expert testimony often is not feasible. Even in major litigation, parties have hired experts when doing so was not necessary to prove the case effectively. This mistake could confuse the jury, or the court may refuse to admit the expert testimony.
Can You Explain How Whistleblowing Works In Your Jurisdiction With Reference To Incentives And Protection?
Whistleblower laws in the U.S. are fragmented—they differ based on jurisdiction, industry, and sector. The protections available to a federal employee might be very different from those to, say, an employee of a private manufacturing company. This complexity and the fear of retaliation can have a chilling effect on whistleblowing. However, the general trend over the past several decades has been for greater protection. Legislatures have recently passed laws creating or increasing financial incentives for whistleblowing (e.g., programs by the Securities Exchange Commission and the Internal Revenue Service).
In the private sector, a modest number of organisations provide financial incentives for whistleblowing. More commonly, organisations encourage whistleblowing by promoting an anonymous hotline where employees, contractors, customers, or others can report fraud and other violations. We know from our study on occupational fraud, The Report to the Nations, that tips are by far the most common detection method for internal fraud. Organisations are increasingly taking advantage of tips by facilitating whistleblowing.
How Can Data And Analytics Be Utilised For A More Effective Risk Management Procedure? What Else Should Be Included In A Company’s Risk Management Framework?
In the age of big data, companies must harness the power of their data to effectively manage their risks, especially the risk of fraud. To do so, both the fraud risk management program and the data analysis process must be based on a thorough and living risk assessment. The company must identify where it is most vulnerable to fraud and then implement an analytics framework that digs through the data to find the red flags of those risks. Additionally, as the amount of data companies have grows, the use of predictive analytics techniques—where the data itself defines what is normal and uses that to identify outliers—helps catch frauds more quickly and mitigate the associated losses.
What Advice Would You Give To An Organisation Undertaking An Internal Investigation When Serious Misconduct Is Suspected?
Ideally, an organisation will already have a team identified for investigating certain types of misconduct before it happens. For some organisations, this will mean outsourcing investigative duties. There are special concerns for investigations that involve executives or owners (common in major frauds). In these cases, it might be best to obtain outside legal counsel, due to privilege issues that can arise. Additionally, outside investigators and legal counsel help ensure that an objective inquiry occurs. Confidentiality is also an important goal for serious misconduct, and having a selected fraud team planned beforehand helps to only provide case information on a need-to-know basis.
Can You Talk Us Through The Process Of Damage Limitation For An Organisation Whose Cybersecurity Has Been Breached?
Some the most important steps that an organisation can take to manage and mitigate the damaging effects of a cybersecurity breach include conducting an investigation to determine the cause of the breach and what information has been compromised, researching applicable breach notification laws that require notice to individuals whose sensitive information has been compromised, providing open and sincere communications to advise affected parties about the breach, supplying honest and timely responses to questions about the breach, and taking steps to remediate the breach and prevent future incidents.
James D. Ratley, CFE, serves as President and CEO of the Association of Certified Fraud Examiners, where he works to promote the ACFE to the public and other professional organizations. He also continues to assist in the development of anti-fraud products and services to meet the needs of ACFE's members, and teaches regularly at workshops and conferences on a variety of fraud-related subjects. Mr. Ratley was selected as one of Security magazine's Most Influential Security Executives for 2010. This honor is bestowed each year to the top security executives who positively impact the security industry, their organizations, their colleagues and their peers.
James can be contacted on +44 (0) 207 692 1888 or by email at firstname.lastname@example.org