To catch fraud, get your hands dirty

Although fraud in Asia is by no means as prevalent as it is in the Middle East and Africa, it is still a very real threat to private equity portfolio companies. Jack Clode tells GPs what they need to know.

Major buyouts by private equity firms have made the headlines in recent years. These huge deals carry substantial risks due to their sheer size and complexity. But one risk that is frequently overlooked in the rush to complete these deals is fraud. It is a risk that is particularly common, and costly, in the emerging markets and among the mid-size buyouts.

Fraud types vary by sector and geography. The energy sector is particularly prone to corrupt practices, the technology sector to intellectual property theft, and the manufacturing sector to vendor, supplier and procurement fraud, as well as theft of physical assets. Financial services firms are particularly vulnerable to information theft and breaches of regulations.

Fraud is most prevalent in less developed economies. These economies, particularly in the Middle East and Africa, have experienced much more fraudulent activity than in developed economies, such as in North America and Western Europe, according to the 2008/09 annual fraud survey by the Economist Intelligence Unit (EIU). In eight out of ten fraud categories, Africa had the highest or second highest incidence of activity, and in the same number of cases North America had the lowest. The only marked exception was intellectual property theft, in which less developed regions had the least, and North America actually had the most occurrences.

Asia also carries higher risk of fraud in certain categories – principally corruption and bribery – compared to North America and Western Europe. According to the 2008/09 fraud survey, 24 percent of Asian companies surveyed had encountered this category of fraud during the previous three years, while Western Europe scored 14 percent and North America 9 percent. However, Asia still ranked behind Latin America, Eastern Europe and the Middle East and Africa on this score.

The risk to private equity firms

What is disturbingly consistent is that 85 percent of companies worldwide have suffered from fraud during the past three years, the EIU’s survey found. Companies lost an average US$8.2 million to fraud over the last three years. Larger companies – those with annual sales over US$5 billion – lost nearly three times as much as the average, some US$23.3 million. Private equity firms should note that the risk of fraud tends to increase during and after a change in company ownership.

More companies than ever before, across all industry sectors, are now owned by private equity firms. Ownership often changes quickly, as these firms are competing intensely over the most tempting opportunities, and they frequently have to close the deals in a matter of weeks. Due diligence procedures have sometimes been rushed and the existence of fraud within target companies, or loopholes that can be exploited by fraudsters, have gone unidentified.

Proper due diligence not only includes assessing the financial health of a company and the accuracy of it financial records. It should also reveal the legal and reputational state of the company. Reputational or investigative due diligence explores the background and market image of the company with which one wants to do business. This includes its corporate culture and its reputation with employees, investors, consumers, the press – all groups that are directly or indirectly part of the market chain. It is the part of proper due diligence that will likely reveal the exposure of the investing company to fraud risk, and it is the part that is often skipped when due diligence is being conducted too quickly.

Now, in the wake of the global credit crisis, the rate of buyouts has slowed. Exit strategies, though IPOs or sales to strategic buyers, have become harder to execute. Private equity firms are therefore taking a closer look at their companies and realising that they may need to hold on to them for longer. As the credit crisis has flowed over into the wider economy, portfolio companies are struggling to meet their projected growth rates. The longer-term stability of these companies has become increasingly important and controlled, rather than dramatic, growth has been sought.

Beware the red flag

As private equity firms have started to ask more questions of their companies, certain “red flags” indicating likely instances of fraud have been raised. There are many such “red flags”. Management teams may respond very slowly to simple requests for information. Key staff may depart suddenly for no apparent reason. A closer look at banking arrangements reveals that they are unnecessarily complicated. Related party transactions may have appeared. The company may be losing staff to a nearby competitor.

Such “red flags” can often be detected before fraud significantly affects a company’s financial performance. Once they are detected, they should be assessed by the private equity firm and, if necessary, by a professional investigator.

If the “red flags” are not detected, or are misunderstood or ignored, the next event may be sudden and devastating. This could start with a whistleblower’s letter to a regulator, which leads to financial, legal and reputational damage to the private equity firm.

Less dramatic, but equally damaging, is the gradual loss of customers, intellectual property and other assets to a competitor that has been secretly established by the portfolio companies’ managers (or their relatives).

Resolving fraud in an emerging market portfolio company is usually a difficult process. Most often some level of senior management is involved. Legal systems can be weak, and the private equity firm often discovers that the company founders are have far better local political and law enforcement connections than they realised, further reducing the private equity firms’ chances of taking meaningful action against the individuals involved, or taking control of the company, or recovering assets and moving on. Instead, they are often faced with a long negotiation in an effort to salvage something from the investment.

Having personally experienced or, if they are lucky, witnessed such troubles, many private equity firms are now:

1 – taking a more active involvement in the detection of possible cases of fraud pre-investment;

2 – installing fraud mitigation measures at their portfolio companies.

Taking a more active stance on fraud pre-investment

Avoiding companies where fraud exists is clearly the best option and can be achieved with thorough due diligence, especially financial, legal and investigative. Even though access to the firm will be limited initially, public record and reputational checks on the company and management can be conducted. These will identify “red flags” such as undisclosed (and conflicting) business interests held by senior management, and integrity issues in the track record of the current owners and management team.

Many private equity firms now also signal their intent to place their own chief financial officer in the company after acquisition. If the company in question appears very resistant, then this is a “red flag” and the whole investment should be reconsidered.

Thorough and meaningful due diligence (not just media and litigation checks) has been increasing during the last 12 months.

Installing fraud mitigation measures in portfolio companies

Once the acquisition is made, it is still possible to minimise the chances of fraud, and to detect it if it does occur.

Much fraud is conducted by individuals who have a perceived grievance against the company owners, and feel their actions are justified, and that they deserve the fruits of their fraudulent behaviour. It is therefore critical that all levels of employees, and especially management, are communicated with well throughout and after the acquisition process. This reduces the chances that they will believe that promises have been broken. It also ensures they truly understand the private equity firm’s strategy, and why certain decisions need to be made for the benefit of the company and its staff.

Alongside clear communications, extra controls can be introduced, such as e-procurement tools, improved security for warehouses and R&D facilities, and the use of background screening for all new hires. Solutions often include the use of better technology (or the better use of existing technology) and establishing a anti-fraud culture within the organisation. These solutions need not be expensive.

If a significant fraud or related event does occur, it is useful to have a “crisis response” guide which can assist with making the right decisions, from a legal and compliance perspective, over the first 24 hours after fraud has been detected. After 24 hours, your legal, public relations and fraud teams should be in place and forming a taskforce to handle the situation. It is critical that all parts of the team are linked up – for example, you cannot have an effective public relations strategy without an effective investigation, as your communications need to be based on a full understanding of all the facts. 

At all times, indications of fraud need to be handled with great care and sensitivity. Sometimes bad handling of a small fraud can lead to much larger problems within the company, and more broadly if the issue becomes public.

Case study: XPTO

Conducting proper due diligence is obviously important when considering buying a company. However, too many investors only become aware of how important it is after the fact, especially when they conduct a reactive process to see if there are grounds for suspicions.

XPTO (a pseudonym for a real company which had just acquired a smaller firm) is one that learnt this costly lesson by experience.

One of XPTO’s executives suspected that the inventory recorded under assets was significantly overstated. He subsequently conducted a reactive due diligence process that confirmed his suspicions. This investigation revealed that the vice president of finance of the acquired business, an employee with over five years of service, had been stealing goods and selling them to the competition, and covering up his wrongdoing by falsifying the company’s inventory control records. An in-depth assessment of the company’s internal controls revealed serious failures that left it vulnerable on several fronts.

The question that immediately arose was whether this had been the first case of internal fraud. Time showed that it had not. Almost one year after the acquisition, it became apparent that the commercial director of the acquired company owned a competing business, in direct violation of XPTO’s policies and rules of conduct. The first “red flag” was an anonymous fax sent to the CEO, who decided to investigate the case immediately. The investigation revealed that the commercial director had a lifestyle far above what would be reasonable based on his income from XPTO. Further investigation showed a fully operational competing business, registered in the name of the executive’s spouse to prevent suspicions. Even more disturbing, the commercial director was a trusted employee who had been with the organisation for about 10 years.

Jack Klode is a managing director in the Business Intelligence & Investigations division at global risk consulting group Kroll. He based in the firm’s Hong Kong office.