The Importance of Whistleblower Mechanisms and Protecting WhistleblowersThe Institute of Internal Auditors – Calgary Chapter—March 20, 2019
2© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
IntroductionsPaul Ross CPA, CA, CBV, CFE, CFFSenior Vice President, KPMG Forensic
– Practice focus – Investigations and Dispute Advisory
– 25+ Years in KPMG Forensic
– Accepted as Expert Witness 25+ times, both civil and criminal
– Recognized by Who’s Who Legal
Jason Armstrong CPA, CA, CFE, CFFSenior Manager, KPMG Forensic
– 15-years experience in forensics
– ABC investigations
– Fraud and wrongdoing investigations
– Shareholder/contract disputes
– Fraud risk management
3© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Agenda1. Recent trends in fraud detection related to whistleblowing and the
importance of reliable whistleblower mechanisms
2. Key components of whistleblower protection policy
3. Best practices for communicating your safe-disclosure policy and developing a corporate culture that promotes ethical conduct
1. Recent trends
5© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Recent Trends - Detection
0
5
10
15
20
25
30
35
40
45
50
Tip Internal Audit ManagementReview
By Accident
Occupational Fraud - Method of Detection (%)
2018 2016 2014 2012
Tips are consistently and by far the most frequent method of fraud detection
Internal audits and management reviews are inherently focused on specific areas, and therefore fraud detection can be limited
Source: 2018 and 2016 Report to the Nations on Occupational Fraud and Abuse. Association of Certified Fraud Examiners, Inc.
6© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Recent Trends – Sources of Tips
Employees are the top source of tips that lead to the detection of fraud
External stakeholders also need to be considered as potential sources
The ability to receive tips anonymously can also be fruitful
Employee
Customer
Anonymous
Vendor
Other
Competitor
Owner
0 10 20 30 40 50 60
Source of Tips
2016 2018
Source: 2018 and 2016 Report to the Nations on Occupational Fraud and Abuse. The Association of Certified Fraud Examiners, Inc.
7© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Recent Trends – to Whom Tips are Reported
Wide variety of parties and offices within the organization received the tips
Could lead to inconsistent approaches of handling and properly investigating the tips
Raises concerns of inappropriate disclosure of sensitive information
Direct Supervisor
Other
Executive
Fraud Investigation Team
Internal Audit
Coworker
Regulator
Board/ Audit Committee
0 5 10 15 20 25
Party to Whom Tips were Reported (%)
Source: 2016 Report to the Nations on Occupational Fraud and Abuse. © 2016 by the Association of Certified Fraud Examiners, Inc.
8© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Recent Trends – Impact of Hotlines and RewardsImpact of fraud was reduced in cases where a whistleblower hotline existed and/or rewards were offered for whistleblowers.• Hotlines existed in 63% of cases (60.1% in 2016)
• Average duration of fraud was 12 months compared to 24 months where hotlines did not exist (same in 2016)
• Median loss of fraud was $100,000 compared to $200,000 where hotlines did not exist (same in 2016)
• Rewards for whistleblowers existed in 12% of cases (12.1% in 2016)• Average duration of fraud was 9 months (11 months in 2016) compared to 18 months
where rewards were not offered• Median loss of fraud was $110,000 ($100,000 in 2016) compared to $125,000
($163,000 in 2016) where rewards were not offeredSource: 2018 and 2016 Report to the Nations on Occupational Fraud and Abuse. The Association of Certified Fraud Examiners, Inc.
9© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Importance of Whistleblowing MechanismsRecent stats demonstrate the impact of establishing proper reporting mechanisms
If set up and used properly, a whistleblower mechanism could pay for itself through reductions in fraud losses
Whistleblower mechanisms should be used to strengthen an organization’s anti-fraud regime, rather than replacing other fraud detection or prevention measures
10© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Increasing Acceptance of Whistleblowers• Negative stigma fading in recent years
• High profile whistleblowers• Allan Cutler (Federal Government – AdScam)• Cynthia Cooper (Worldcom) and Sherron Watkins (Enron)• Chelsea Manning and Edward Snowden
11© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Current Whistleblower Protection Measures
SOX 806 and 1107
PSDPA
Canadian Criminal Code S. 425.1
Public Interest Disclosure Act (AB)
Ontario Securities Commission S121.5
Covers SEC listed companies
Protects Federal Government employees
Whistleblowing to law enforcement
Covers public sector and MUSH
Provides reward to whistleblower and protects against reprisal for OSC listed companies
2. Key components of whistleblower protection
13© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Organizations should want:• Employees to tell them about any suspected impropriety or corruption
• Employees to raise any concerns with the company directly rather than externally
• Employees and all levels of management to understand and accept that it is safe for staff to raise concerns internally
• Management to properly deal with any concerns raised
• Stakeholders to feel comfortable that the organization acts with integrity
14© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Earning the Employee’s Trust is Difficult
Retaliatory measures historically faced by whistleblowers: • Isolation or humiliation• Threats – overt or implied• Creating a poor performance history• Dismissal, constructive or otherwise• Criminal prosecution
15© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Whistleblowing policies should:• Encourage employees to feel confident in raising serious concerns and question
and act upon their concerns• Provide ways for employees to raise those concerns and get feedback on any
action taken as a result• Ensure that employees get a response to their concerns and that they are aware
of how to pursue them and know what to do if they are not satisfied with any actions
• Reassure employees that if they raise any concerns in good faith and reasonably believe them to be true, they will be protected from possible reprisals or victimization
• Clearly identify that it is not intended to be used for matters that have other more appropriate programs or reporting mechanisms (i.e. grievances, harassment)
16© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Protecting the Whistleblower• Demonstrating support for whistleblowing and whistleblower protection through
ongoing training, workshops and announcements
• Ensure the confidentiality of the whistleblower is maintained at all times and where possible allow for anonymous reporting of concerns
• Properly document the policies and procedures for reporting and disseminating concerns including identification of potential conflicts of interest between the investigation team and the concerns or the whistleblower
• Clearly define and strictly enforce anti-reprisal policies
3. Communicating your program and developing the corporate culture
18© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Common Pitfalls of Whistleblower Mechanisms
• Mechanism or hotline established then ignored
• Low number of calls does not necessarily mean fraud is not occurring
• Policies excluded from new staff training or annual declarations
• No reporting of results
19© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Best Practices
• Communication, communication, communication
• Disclosure of program and contact details to external stakeholders
• Periodic reminders of the program or signoffs for employees
• Consider use of independent champion to spearhead communications and reminders
• Consistent reporting of results or statistics and publicizing success stories
20© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Developing the Corporate Culture• Tone from the top is crucial
• Actions speak louder than words
• Transparency of reporting investigation outcomes to whistleblower, where possible
• Disclosure of program and contact details to external stakeholders
• Consider incentivizing employee vigilance
21© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Summary of key messages• Tips are the most frequent method of fraud detection
• The impact of fraud is significantly reduced if organization has a whistleblower line
• Protect whistleblowers
• Communication is critical
© 2016 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. 22
Questions?
Paul [email protected]
Jason [email protected]
© 2016 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
kpmg.ca
© 2019 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.