Anti-fraud rules are the Sarbanes of corporate life

Click to follow
The Independent Online

Some 17,000 companies operating in the United States will have to ensure that they have "adequate" fraud prevention control in place in their internal systems in the next few weeks. These must then be checked by their auditors, who will have to deliver a clean bill of health so that the companies comply with section 404 of the Sarbanes-Oxley Act, introduced in the wake of the Enron and WorldCom scandals.

But, according to one of the world's leading experts on fraud, it will be a struggle. His studies indicate that none of the companies - not a single one - is in a position to be able to meet the standard.

Toby Bishop is the president of the Association of Certified Fraud Examiners (ACFE), an international body that includes accountants, lawyers, investigators and police. In recent months, he has conducted scores of seminars for businesses worried about how vulnerable they are to fraud, as part of which they are put through a seven-point "fraud prevention check-up". Companies are asked in detail about the anti-fraud controls they have in place, and depending on the answers given, receive marks out of 100.

"We've worked with 3,500 companies in the last two years," Mr Bishop says. "None has passed the test. The average score is around 50 per cent."

The organisations the ACFE has tested range from small businesses to government agencies and members of the Forbes 500 list of America's biggest companies. US subsidiaries of European companies have also taken - and failed - the test.

Mr Bishop, a Briton based in Austin, Texas, is exasperated with the application of Sarbanes-Oxley and section 404 in particular. All US companies need to comply with it by the end of their current financial year (which for most is 31 December), and all foreign companies with US listings (including over 100 UK groups) have to comply by the end of the next financial year. Mr Bishop, in London for the annual conference of the ACFE, which starts tomorrow, believes that Sarbanes-Oxley has been implemented too hastily and is causing all sorts of problems.

"It is like securing the front of a bank really tightly but leaving the back door open," he argues.

Some firms have spent up to $9m (£5m) complying with 404, he points out, but the accountancy firms are so short of staff that they are constantly running adverts to find people with the right skills. Meanwhile, auditors are running scared because they fear lawsuits may arise from the 404 reports. American company directors are similarly fearful of potential criminal charges resulting from Sarbanes-Oxley; this has prevented some companies from going public and led others to seek to take themselves private.

Although Sarbanes-Oxley is the issue taking up the most amount of time for the ACFE, it is not the only pressing matter. Mr Bishop arrived in London to discover that the European Commission had fired Marta Andreasen, the whistle-blowing senior accountant in Brussels who was honoured with the ACFE's Corporate Sentinal Award last year. Ms Andreasen went public with concerns that the EC did not have controls that would prevent fraud.

"The real issue is the protection of the whistle-blower," Mr Bishop says. "They continue to be hung, drawn and quartered - that will be bad for business in the end."

The other vitally important issue is identity theft, the fastest-growing fraud in the world. Mr Bishop points to increasingly sophisticated tactics used by fraudsters, involving emails and the internet, to obtain people's personal details. Statistics from the US Federal Trade Commission indicate that over 27 million Americans have suffered identify theft. Even if they do not lose money, this costs them up to 200 hours of work on average to sort out.

Mr Bishop argues that steps could be taken by financial services companies and government departments to dramatically cut identify theft, but they are not doing it. "I foresee class action suits being brought by people who have suffered identify fraud against banks for not sufficiently protecting sensitive information," he says.

All that is needed is a court ruling that banks must reimburse customers for the inconvenience they have suffered. Compensation bills would then to run into tens of billions of dollars.

  • More about:
  • USA