Juli 2017
“You sold your soul. For sex, luxury trips with and without your wife; for bling and for swank”, Judge Martin Beddoe said, when he sentenced a corrupt banker to 11 years and 3 months' imprisonment in the HBoS case. In this Insight on internal fraud, we look into the steps that corporations can take to deter workplace-related crime, also classically referred to as white-collar crime. Since punishment is equally important, we address this too. In our next Insight on internal fraud, we will focus on tomorrow’s criminals – the so-called “cybercrooks” – and how corporations can protect themselves against cybercrime.   
Are criminals rational decision makers? We love this question, which was famously asked more than 40 years ago by Nobel Prize winner Gary S. Becker, who thereby introduced economic theory to modern criminal law. Put simply, the question is whether the cost of committing a crime is bigger than the benefit thereof and vice versa. In the real world, of course, this cost/benefit analysis is not that easy, but in a strictly theoretical form the analysis is well worth considering when enforcement tools as well as corporate policies and safeguards are being designed and developed in order to protect businesses against fraud. As suggested above by Judge Beddoe, criminals have different aspirations. That aside, we firmly believe that criminal employees now and in the future can be deterred from committing work-related crimes, but it is important that the costs of committing the crimes remain high. 

We will start out by taking a look at the Halifax Bank of Scotland case (the "HBoS case"), which was investigated over a period of six years by the Thames Valley Police.

The HBOs case 

On 30 January 2017, a UK senior banker and a handful of conspirators were found guilty by the Southwark Crown Court of conspiracy to corrupt, conspiracy to launder the proceeds of crime, and fraudulent trading between 2003 and 2007. In total, the six persons were imprisoned for 47 years. The banker alone was sentenced to more than 11 years in prison.  

The banker headed a high-risk assets office in HBoS, where he managed the portfolios of customers with businesses in financial difficulties, many of which were at risk of defaulting on their loans. As part of the banker’s position, he approved loans to the customers in order to restore solvency in the businesses.  

However, some loans were only approved if the customer agreed to purchase consultancy advice from an outside turn-around consultancy company, Quayside Corporate Services. In return for sending business to the consultancy company, the banker received gifts and hospitality at an unprecedented extent. Moreover, the consultancy company, which was supposed to help the businesses regain profitability, did the exact opposite or nothing at all. Its only achievement was to charge high fees for worthless consultancy services.

The banker - motivated by private gains - continued to approve loans to customers, well beyond the point where there was any chance of them paying back the loans with interest, thereby prolonging the flow of income to the consultancy company. The banker – as the judge remarked – wallowed in luxury provided for by his friends and was simply "motivated by greed", as he exploited the weaknesses in the bank's systems and the lack of supervision, falsified documents, removed or avoided protections that the bank should rightly have had. 

Thames Valley Police has stated in response to the case: 
“The sum of money lost by HBoS as a result of the actions of a corrupt senior employee and others was at the very least £250M. [The banker] and his fellow conspirators embarked on a spending spree involving yachts in the Mediterranean, villas in Barbados and Majorca, prostitutes, overseas bank accounts, and a general high life. This has been at the expense of the shareholders of the bank, and many medium and small companies which have been bankrupted and ruined. Little will be recovered.”

Lessons learned

Is there a lesson to be learned from the HBOs case?

The involved former employees and consultants are now facing long prison sentences, which is good, as it adds to the cost of committing crimes.

Anthony Stansfeld, Police and Crime Commissioner of Thames Valley, has, however, noted the following in relation to the case:  

“The cost in time and money for a police force to take on a major fraud investigation is considerable and a judgement has to be made whether the £7m spent on this case, and police officer time, could have been better spent in pursuing other crimes, such as child sexual abuse, and the multitude of lower scale frauds perpetrated against smaller companies and the elderly. If Thames Valley Police take on further cases of a similar nature it will again tie up a large number of police officers and staff. Yet if it is not prosecuted no one will be brought to justice. I have an uncomfortable feeling that other police forces are in similar positions. If a bank is physically raided then a huge police effort will go into bringing the bank robbers to justice. If it is raided by its own staff it may well be ignored.” 

Lloyds Banking Group, the current owner of HBoS, announced shortly after the verdict that it had appointed a retired judge to conduct an independent internal investigation, including into steps taken by Lloyds Banking Group following its acquisition of HBoS in January 2009. Once completed, the independent assessment will be handed over to the Financial Conduct Authority.

In addition, following pressure from members of Parliament, Lloyds Banking Group has set aside £100 million for compensation of customers affected by the HBoS fraud.

Viewed as a whole, the lesson learned appears to be complex. If, as suggested by the Police and Crime Commissioner, budgetary concerns of law enforcement authorities are a factor, these should be taken into account when the cost/benefit analysis is made. We will look more into this below, but it points to a very real concern that companies in many cases will be left on their own in the fight against internal fraud. This risk is probably even more imminent when confronted with the complexities of cybercrime.

The many ugly faces of internal fraud?

As extraordinary as the HBoS was, the crime involved is all too common. Internal fraud comes in many forms. Just to mention a few of the practices that we often come across, and where corporate safeguards are often challenged: 

  • Fake vendors, invoices, etc.
  • Data theft and trading in trade secrets
  • Kick-back schemes
  • Asset misappropriations, etc.

Fake invoices, etc., are a recurring problem, primarily because this kind of fraud is easy to commit and hard to detect. Typically, irregularities will go on for a number of years until revealed by chance in connection with absence or rotation of staff. Document reviews and internal audit routines will in many cases minimise the risk of this kind of fraud.    

Data theft covers theft of work-related data, including trade secrets. In most cases this kind of wrongdoing occurs in connection with dismissals of employees. Better data protection and monitoring of data will limit the risk of loss in these situations.   

The HBoS case is an example of a kick-back scheme. A corrupt banker working together with fraudulent consultants retaining business from the banker is a classic example of conflicting interests. Proper evaluation of business partners and structured processes are, in our view, necessary elements in making sure that no inappropriate relation develops.  

Asset misappropriation is an activity to be watchful about. Company assets are not always as well-protected as they should be. Inventory checks and preventive measures such as randomised controls can be used to limit the risks following from this kind of criminal behaviour.  

By no means exhaustive, to the examples provided above illustrate the variety of ways in which a company can be defrauded. 

New crimes in the criminal landscape include CEO fraud, hacking, and use of viruses in connection with cyberattacks. We will devote more time on this subject in our next Insight on internal fraud, but it is clear that cybercrime is an area where the rule of law is currently challenged and therefore must be reinforced. Strengthened internal policies and updated IT security protocols are minimum steps that should be taken from the corporate side, but better regulation and new legal tools and remedies are needed and should be developed in order to protect businesses and to deter potential perpetrators.     

Adding to the risk of detection 

We generally believe the risk of detection to be an important factor when seeking to demotivate crime, including criminal employees. A 100 % detection rate is not, however, in itself sufficient to deter work-related crime if punishment is not delivered or is delivered only very infrequently. 

In our anti-fraud work we generally focus on the following points of action: 

  • Risk assessment
  • Anchoring, ownership, and defence structure 
  • Due diligence, screening, and monitoring where appropriate
  • Design of internal safeguards, i.e. four-eyes principles and use of limits of authority 
  • Rolling out of specific fraud-related initiatives, e.g. conflict of interest projects, facilitation payments, etc. 
  • Whistleblowing 
  • Forensic capacity

The starting point when establishing an anti-fraud frame work is thorough risk assessment. The work in relation to the risk assessment is often revealing and we generally recommend that all relevant stakeholders are included in the process or parts thereof. 

When risks and fraud-sensitive parts of the business are identified, anchoring and ownership become important. Fighting anti-fraud is, however, rarely a job for just one function of a company. Detection of the crime is one thing. Assessment and reporting another. Designing of new internal mechanisms is a third, etc. The value of any anti-fraud programme or initiative lies in its ability to accomplish its goal, which in this case means its ability to detect or deter crime.   

Among the various instruments mentioned above, whistleblowing is a tool that we are particularly fond of. As well as adding generally to corporate crime prevention, we have seen in numerous cases that whistleblowing actually works. We therefore recommend developing and implementing strong whistleblower programmes. 

In our experience, whistleblowing is especially effective when it comes to fraud that involves more than one perpetrator since inappropriate relations are often more easily spotted by eyes and ears than by e-mail review. When designing these programmes we find it particular important that the programmes support subsequent investigation. The whistleblower should therefore be guided, in a structured manner, to include all relevant details associated with the matter reported.     

Consequently, we believe that whistleblower programmes, properly implemented and applied, are good for deterrence as well as for the detection of crime.

Strong forensic and investigative capabilities, i.e. data collection capacity, proper review and interview procedures, etc., are also important. Our experience is that in many cases there will be smoke, but without the tools or methodology to uncover the facts, the fire will not be located. Forensic capabilities such as the ones described may in these situations make the difference.

Finally, we note that law enforcement today expects businesses to be able to document a matter before the matter is handed over to the authorities. 

Making sure that crime does not pay 

Punishment is hugely important to the cost/benefit analysis. Two elements are crucial: Firstly, the punishment must, as a minimum, remove all gains of the crime. Secondly, the punishment must in fact be applied. 

As for the removal of gains, many law enforcement authorities today focus on asset tracking and recovering, which is good, but more can be done.  

A new initiative in the UK is the regime of the so-called Unexplained Wealth Orders (“UWO’s”), introduced in the Financial Crime Act 2017. 

The motivation behind the UWOs is to establish a procedure according to which suddenly enriched persons, under certain circumstances, can be required by the authorities and upon review of the courts to disclose information about the origins of their sudden wealth. In short, an UWO will be passed ordering the person involved to account for the targeted property. If unable to do so, the property will be left open for asset recovery.

We have not made a full analysis under Danish law, but we do note that in many cases suspicion begins with rumours of excessive living. 

In our view, the UWO regime adds importantly to the possibility of detection and is an initiative worth following also from a Danish law perspective. 

As for the actual application of punishment, the Police and Crime Commissioner of Thames Valley, in our view, gave voice to a relevant concern. If in reality certain specific crimes are ignored or not prioritised by law enforcement authorities, where does that leave the private businesses? With the prospect of continuously limited resources the question is therefore whether today's policing prerogative is the best way to secure that the cost/benefit analysis is a sufficient deterrent? Of course, the answer to this question is political. Since corporate assets and values are at stake, it is important that an adequate law enforcement model is consistently developed and applied. Otherwise, we may end up in a situation where criminal employees are not deterred and corporate assets are lost. This holds true now and tomorrow. 





Seminars on corporate criminal law

In a new series of recurrent seminars Kromann Reumert has decided to focus on corporate criminal law enforcement in Denmark and beyondIn the first session we look at the present state of affairs with regard to corporate enforcement and the response thereto from a business perspective. In the second session we look at fighting internal fraud in own ranks, and kicking back on kick backs.

Read more and sign up for the next seminar here:

Corporate criminal law: Intern svig - ulovlige kick-backs og andre former for snyd


Alle Insights

Den nye lov om forretningshemmeligheder – Ti ting du skal vide om den nye lov

Den 9. juni 2018 trådte den nye lov om forretningshemmeligheder i kraft. Men hvad betyder det for dig og din virksomhed? I denne insight får du et hurtigt overblik over ti ting, du skal vide om den nye lov.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         

Den nye databeskyttelsesforordning - start jeres compliance-tjek med disse 6 trin

Den nye databeskyttelsesforordning træder i kraft den 25. maj 2018. Kom godt i gang med jeres compliance-tjek med disse seks trin.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                

New FIDIC contracts

After 8 years of preparations, FIDIC has finally published the updated versions of the contracts Red Book, Yellow Book and Silver Book at the annual “FIDIC International Contract Users’ Conference” in London on 5 and 6 December 2017. The new contracts are expected to be broadly applied similarly to the previous versions. In this Insight, we introduce the most significant changes to the commonly used FIDIC Yellow Book and point out some of the new provisions which employers, contractors and engineers should keep particularly in mind. Furthermore, we include some remarks from the conference speakers.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        

How to reach 500 million online chinese consumers and navigate the regulation landscape

Cross Border E-Commerce ("CBEC") is evidently on the rise in China and has brought about massive opportunities for non-Chinese companies, including Danish companies. To embrace this new market, it is important that Danish companies familiarize themselves with the local regulation for CBEC, especially products approval, tax, and labelling.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

Corporate Power Purchase Agreements – Grønne energiaftaler

Det europæiske marked har set en stor vækst i corporate power purchase agreements ("CPPA"), og disse er også begyndt at gøre indtog på det danske marked. Det skyldes ikke mindst det øgede fokus på og krav til virksomheders bidrag til den grønne omstilling. I denne insight giver vi dig svar på, hvad en CPPA er, de primære drivere bag at indgå dem, vores praktiske erfaringer med CPPA'er, samt hvordan din virksomhed kan gøre brug af dem.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      

Grønne obligationer – Tid til en fælles definition af "grønt"

Markedet for grønne obligationer er de seneste år vokset hurtigt, og 2019 blev et rekordår for både det globale og nordiske marked. Udstedelse af grønne obligationer giver adgang til funding og gør det samtidig muligt for udstedere at tage et miljømæssigt og bæredygtigt ansvar samt bidrage til værdiskabelse for samfundet som helhed. I denne insight giver vi dig et overblik over og status på den kommende regulering, som vil få betydning for grønne obligationer, og som alle aktører på det grønne kapitalmarked bør følge.