FIFA KICKs - GRC Institute
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
June 2015 | The Official Magazine of The GRC Institute
FIFA MORE CLOUT
FOR CCOs
kicks
CCO standing is on the up
DATA TROVES IN PERIL
own
Push to mandate reporting
RISK ROUNDTABLE
goal Experts speak their mind
ELEPHANTS AT LARGE
ERM in the public sector
CLIMATE CONFUSION
What future returns?
DESIGN ON CRIME
Spotlight on security
Financial Crimes
ASIC talks tough on banks
www.curasoftware.com
Making Governance, Risk &
Supports multiple frameworks simultaneously for:
Enterprise Risk Management, Operational Risk Management, Project
Management, Financial Controls Management, and more.
Built-in support for incident management, loss events and self-assessments.
Full audit support.
Powerful executive dashboards, reporting and analysis capabilities.
Flexible installation options (on-site / hosted / software as a service).
Deployed in more than 250 organisations worldwide, including:
BHP Billiton Bendigo Adelaide Bank Coca-Cola
Contents
md’s MESSAGE X page 5 Contact us
Reader Poll X page 6
Cover story News X page 8
12
News feature X page 10
Financial Crimes
News X page 17 GRC Professional is the official monthly
publication of GRCI in Australia, New
AUSTRAC warns on local property fraud Zealand, Hong Kong & South-East Asia.
The ante has been upped to stop
FIFA red carded Australian property being a
prime investment opportunity for GRC Institute
for corruption money launderers. X page 19
President: Alf Esteban
In what has been dubbed the “World Cup Fraud drop “disappointing” Vice President: Carolyn Hanson
of fraud”, FIFA is starting to unravel as Despite a decline in monetary losses Treasurer: Gillian Kinder
the FBI alleges “generations of bribery and the number of victims, results from Director: Susan Cretan
a concerted anti-fraud campaign have Director: David Morris
and corruption”.
Director: Stephen Luk
been less than expected. X page 20 Director: Lois McCowan
Director: Kellie Powell
Crosshair on cybersecurity
With the troves of customer data Managing Director:
retained in Australia described as “a Martin Tolar
martin.tolar@thegrcinstitute.org
honeypot for malicious actors”, the
push is on to legislate mandatory data National Manager:
breach reporting. X page 22 Naomi Burley
naomi.burley@thegrcinstitute.org
The interconnectedness of risk
Ph: +61 2 9290 1788
At a recent KPMG and GRC
Fax: +61 2 9262 3311
Institute roundtable, senior risk www.thegrcinstitute.org
professionals debated the key issues GPO BOX 4117 Sydney
in operational risk. X page 26 NSW 2001 Australia
Elephants in the public sector
Risk management can be challenging GRC Professional
at the best of times, but the public
Editor:
sector faces a raft of frequently Mark Phillips
conflicting issues that need to +61 2 8245 0704
be overcome. X page 28 Mark.Phillips@thegrcinstitute.org
Investors at risk as climate changes Advertising:
Naomi Burley
A new study has shed light on the little +61 2 9290 1788
understood impact of climate change naomi.burley@thegrcinstitute.org
on investment returns. X page 33
Design on crime
In today’s business world, Disclaimer:
proactive and integrated security While GRCI uses its best endeavours in preparing and
ensuring the accuracy of the content of this publication,
practices are crucial, but whose it makes no representation or warranty with respect to
the accuracy, applicability, fitness, legal correctness or
responsibility are they? X page 34 completeness of any of the contents of this publication.
Information contained in this publication is strictly for
educational purposes only and should not be considered
legal advice. Readers must obtain their own independent
Institute news legal advice in relation to the application of any of the
The latest from the GRC material published in this journal to their individual
circumstances. The Institute disclaims any liability to any
Institute. X page 36 party for loss or any damages howsoever arising from the
use of, or reliance upon, any of the material contained in
this publication.
4 GRC Professional • June 2015
MD’s
MESSAGE
FIFA blighted
by bribery
News that the US Department of Justice had begun corruption and
bribery investigations into FIFA would be no surprise to those who
have been watching soccer’s world governing body for some time.
The surprising element is the sheer magnitude of the scandal.
As more and more details emerge, it appears money used to se-
cure host status for numerous World Cups has then been directed to
other affairs, including possible election of a national government.
There is a long way to run on this story yet, but it currently looks as
though FIFA has kicked the ultimate own goal.
In this edition of GRC Professional we also feature a story on the
practice of risk management in the public sector. In it, we examine
some of the factors unique to GRC professionals operating within
government departments or agencies. This is a new focus for the
GRC Institute. While we have always had members in the sector, we
will be launching a new public sector discussion group as well as a
one day pre-conference workshop dedicated to public sector GRC
professionals.
Also, as the property market heats up in our region, so too do is-
sues around the level of foreign investment and the amount of funds
being moved in and out of countries and financial institutions. In As the property
this edition, we take some time examining concerns that property is market heats up
not only being used as a means to launder money, but also what con- in our region,
trols can be put in place to ensure organisations do not unwittingly so too do issues
become part of the money laundering pipeline. around the
Finally, I would like to take this opportunity to welcome on level of foreign
board our new editor Mark Phillips. Those who have been in the investment and
GRC profession for a number of years would remember that the amount of
Mark did a stint with Risk Management Magazine before heading over- funds being
seas for a number of years. He has now returned to Australia as our moved in and
editor, and I am sure you will join me in wishing him every success out of countries
in his new role. and financial
institutions.
Martin Tolar CCP, Managing Director, GRCI
5
Reader
Poll
Last month’s Poll Best from around
the web
Social media These were the stories being discussed at
the GRC Institute this month:
Social media has given new
meaning to “the power of one”, and because
Reader Poll of it, all organisations are faced with either SINKING INHERITANCES X
BYODs
a new potential threat to their reputation or
a great opportunity through which satisfied
employees can become de facto ambassa-
MILFORD SETTLES WITH
This month GRC Magazine is dors for their company.
asking whether your firm has a strict policy Last month we asked whether your
FMA FOR NZ$1.5 MILLION X
on bring-your-own devices (BYODs) into organisation uses social media proactively;
the workplace. whether the risk function monitors social
If left unmanaged personal phones and media activity; if employees are educated on SCHOOLS CAUGHT IN
tablets can open a Pandora’s Box of risks for the risks; and whether there is a social media GET-RICH-QUICK SCHEME X
any organisation, particularly with regards policy in place.
loss of critical corporate information. How The results were mixed, with roughly
are you dealing with the issue? half of respondents saying their firms do, FIFA WHISTLEBLOWER
• Does your organisation allow BYODs in fact, keep close tabs on all aspects of the ADMits BRIBES IN
into the workplace? medium relevant to the organisation. On WORLD CUP CHOICES X
• If so, does it have a solid BYOD policy the downside, some professionals said a
document and insist employees sign it? formal policy on its use does not exist, while
• Does your company continually update the majority said education was “patchy”.
employees about emerging threats Most, however, believed their organisation
in mobile communications which, if was becoming more proactive in the use of
unchecked, could compromise the data social media.
stored on BYODs? Thank you to all those
readers who participated.
Complete the survey here.
Results will be published in the July edition of
GRC Professional.
6 GRC Professional • June 2015
Add extra protection against
Malware threats
Blueprint BrowserProtect is the solution for
advanced browser security
Contact us for a demonstration
+61 2 8096 8300 icsasoftware.com/bponeworld aunz@icsasoftware.com
© 2015 ICSA Software International Limited.
Blueprint OneWorld is a registered trademark of ICSA Software International Limited.
NEWS
Banks face Catch-22 on AML
Delegates at the recent Association of Certified Anti-Money Correia reflected the view of many when he said the debate
Laundering Specialists (ACAMS) European conference in London “doesn’t seem to be resolvable”.
have slammed a lack of regulatory guidance with regards how banks ACAMS executive vice-president John Byrne conceded there
are supposed to continue serving companies in high-risk countries. doesn’t seem to be an easy solution.
While regulatorzs have been ramping up warnings on the “In general, all of us want to see financial inclusion and help
wholesale consequences of de-risking, banks have been requesting economies, but, on the other hand, financial institutions are pushed
clearer and more specific guidance on anti-money laundering against the wall,” he observed. “I don’t get the sense that the
(AML) and counter-terrorism financing (CTF). regulators have been part of the conversation, but I think they have
“It is particularly worrying when the risks of non-compliance are to be in order to try to solve this.”
so high,” said HSBC head of financial intelligence unit for Europe,
Danny Sanhye.
“There is a perception now from regulators of intolerance, that
[AML] breaches are unacceptable, which has triggered a reaction
from financial institutions, which is called de-risking. This is not a
good thing, because we are not helping to fight money laundering.”
Sanhye maintained that the withdrawal of banking services
from certain sectors or regions would only create more avenues for
criminal activity.
LexisNexis Risk Solutions AML global director, Chrisol
Correia, agreed, warning: “In one way de-risking is seen as a means
to eliminate the risks of AML compliance, but at the same time it
may increase the risks of AML by driving it underground.”
The UK’s Financial Conduct Authority recently advised
banks that in its view appropriate AML due diligence need not
result in wholesale de-risking. However, even though banks have
substantially increased spending on AML/CTF compliance, they
are still struggling to cope with extensive know your customer
(KYC) rules.
Terror risk rise for to developed economies as to emerging markets,” says The Risk
Advisory Group head of intelligence and analysis, Henry Wilkinson.
Western economies
“In a hyper-connected world, faraway problems can affect
local threats and political violence can spread rapidly with little
warning. However, a high level of risk doesn’t automatically mean
Nine Western economies are now exposed to rising risk levels as a re- that these areas are closed for business. Companies can exploit
sult of an increased terror threat, according to AON’s Terrorism and the opportunities in any market with high quality intelligence and
Political Risk Map, compiled in partnership with The Risk Advisory analysis, and a strategy to navigate and manage the risks.”
Group. The map shows a mixed picture, with a net reduction on country
The map shows that Australia, Canada, Belgium, Denmark, risk ratings worldwide, but with political violence and terrorism
France, Germany, Norway, Ireland and Estonia are at higher risk. In risks concentrating and intensifying around a smaller number of
addition to terrorism, top risks for business include a progressively countries. The risk rating was reduced in 21 countries and increased
uncertain and dangerous geopolitical environment, where the risk in just 13.
of armed conflict is growing amid changing and unstable regional The global picture is also one of marked polarity, with clusters
balances of power. of concentrated risk across South Asia, North Africa and the
“The data highlights that terrorism and geopolitical uncertainty Middle East. Europe is at significantly greater risk from the rise of
are risks that businesses cannot ignore, and that they are as relevant Islamic State.
8 GRC Professional • June 2015
NEWS
Compliance candidates
in demand in Singapore
Compliance professionals in Singapore are in continued demand, However, because of the nature of the Singaporean sector
according to the Robert Walters “Global Salary Survey 2015”. – the need to liaise with key officials before advising a firm
The compliance recruitment market remained stable in 2014, of regulatory change – there is an onus on local regulatory
with professionals experienced in anti-money laundering, advisory experience. A shortage in the area means employers are prepared
and financial crime especially sought after at management level. to pay a premium to secure the right talent, with strong compliance
A tightening of regulatory standards in the city state has also candidates commanding an average increment of 20-30 per cent
ensured that compliance remains high on companies’ recruitment on a base salary.
agendas, with firms taking a greater interest in eligible and capable The average per annum salary of a compliance analyst in
domestic talent. The trend is expected to continue throughout the Singapore is SG$50-90k, rising to SG$90-180k at management
remainder of 2015. level.
War for talent heats “Asia Pacific Fraud Study 2015”, the percentage of employees
prepared to use their company’s whistleblower hotline has dropped
up in APAC
dramatically since 2013, down from 81 per cent to 53 per cent.
“Implementing a hotline is not enough,” EY says. “Employees
must feel confident that their reports will be dealt with in a
Companies across the Asia Pacific (APAC) are finding it harder transparent and confidential manner and they will be protected
to recruit and retain qualified compliance professionals as would- from retaliation.
be job applicants increasingly scrutinise organisations’ ethical It also found that joint venture partners, distributors, agents and
standards and their ability to proactively use technology to prevent vendors are a key risk to businesses in relation to ABAC compliance.
and detect fraud, bribery and corruption. “Companies entering into a business relationship with a third
According to new research from Ernst & Young (EY), eight out party should conduct as much due diligence as they do with an
of 10 respondents would be unwilling to work for companies that acquisition,” EY says. “Simply having ABAC policies and codes of
they know, or suspect, to be involved in unethical practices. conduct is not enough – the policies must also lead to behavioural
For their part, companies say they are struggling with regulatory change.”
demands requiring them to look at increasing numbers of financial Employees in the region might be becoming more aware of the
transactions and relationships in greater depth, especially given need to curtail corruption, but as EY notes:
limited compliance resources. “Compliance starts at the top. Leadership must engage
The sentiment is particularly notable in Indonesia, Thailand proactively in compliance activities and demonstrate and
and China, where governments have recently taken a much communicate to employees a commitment to ethical behaviour.”
stronger anti-corruption stance. However, to date the results have Suggested starting points include translating codes of conduct
been mixed. into local languages during ABAC training. Further, global
Codes of conduct are still not being followed and whistleblower organisations need to be open to feedback from local offices on
programs are either missing or underused. According to EY’s the challenges of dealing with changes to policies and procedures.
Qatar nominated to China is currently president of the IAACA, with voting on
head IAACA
Qatar’s nomination to succeed it scheduled to take place at an
IAACA general Assembly in St Petersburg on October 31.
In a formal statement, Qatar Attorney General and UN
In a strange turn of events, despite FIFA being investigated for special advocate for stolen asset recovery, Dr Ali bi Fetai al-
corruption, 2022 World Cup host Qatar has been nominated by Marri, said: “Qatar has received a strong backing due to its
24 countries and world organisations to head the International efforts in combating corruption in all forms, whether locally
Association of Anti-Corruption Authorities (IAACA). or globally.”
9
NEWS
feature
MORE CLOUT FOR
COMPLIANCE OFFICERS
CCOs are gaining greater standing as key threats
to enterprise security grow.
Modern corporate compliance subsidiaries, business units, or different geographic
functions are gaining significantly more author- markets. Further, even among the minority that do,
“Compliance ity and stronger organisational support for compliance less than half (49 per cent) of business unit compliance
functions are programs, according to a new study. officers report to the global CCO. Some 40 per cent
still spending a In its fifth year, the “In focus: Compliance Trends report to local senior managers.
disproportionate Survey” has revealed a tidal shift in the standing of This gives rise to the key question of whether the
amount of time compliance professionals, with 59 per cent of respon- entire compliance function has proper ability and au-
collecting data, dents reporting that the job of a chief compliance offi- thority to carry out its mission, regardless of a CCO’s
versus time cer (CCO) is now a stand-alone position, compared to reporting relationship.
spent adding just 37 per cent in 2013. Some 57 per cent now report
strategic value directly to either the CFO or board. Risk assessment
to the business.” The study, conducted by Deloitte & Touche LLP, Alarmingly, 30 per cent of respondents in the study
measured the responses of more than 360 compliance revealed they still do not measure the effectiveness
professionals from around the world representing of compliance programs. Tom Rollauer, executive
more than a dozen industries including financial ser- director Deloitte Center for Regulatory Strategies,
vices, healthcare, and consumer and industrial prod- Deloitte & Touche LLP, emphasises the importance
ucts. While the data shows a clear trend toward a more of the risk assessment process.
empowered CCO with a higher position in the organ- “Risk assessment is at the centre of the effort to
isation, concerns and challenges related to broader manage compliance risk,” he maintains. “If you have
recognition of the value of compliance persist. In ad- a robust enterprise-wide risk assessment process, pri-
dition, many companies’ existing technology solutions orities will evolve out of that. CCOs should be set-
continue to fall short of compliance needs. ting compliance monitoring and testing priorities
based on these risk assessments.”
CCO authority A potentially concerning trend carried over from
Challenges remain in embedding compliance culture the 2014 and prior surveys relates to oversight of
throughout the entire organisation and its extended third party relationships across the extended enter-
enterprise. Results are also mixed on whether the en- prise.
hanced authority and positioning of CCOs has en- According to the study, third party compliance
hanced the perceived value and level of support of the risks (see story opposite) continue to be the single big-
program throughout the entire organisation. gest worry for compliance professionals, with proac-
As with previous surveys, only a minority of re- tive management of them being inconsistent. Some 42
spondents – 32 per cent in the 2015 study – believe the per cent of respondents indicated that they always au-
compliance program is recognised for driving business dit compliance with policies or regulations; 38 per cent
value throughout the company. With small staff num- always perform extensive background checks; and 32
bers continuing to be the norm, support of the compli- per cent always require training or certification.
ance program within the business is critical to the CCO
as he or she tries to help build a strong, transparent, Big Data
risk-intelligent enterprise, the study recognised. Compliance teams have become increasingly inter-
On a related point, only 43 per cent said their cor- ested in advanced predictive analytics that can aid
porations have designated compliance officers in in predicting future risks before they erupt into a X
10 GRC Professional • June 2015news
feature
catastrophe, or to assist with regulatory change man- “While Big Data A mere 32 per cent of survey respondents feel con-
agement. Unfortunately, few tools can now perform and GRC tools fident or very confident in their IT systems, down from
such functions without major customisation. may hold the 41 per cent in 2014. The report suggests this may trace
“While Big Data and GRC tools may hold the key key to effective back to the relatively small size of compliance depart-
to effective risk assessment and control monitoring, risk assessment ments, which forces them to depend on other depart-
many organisations are still waiting for the promise and control ments or business units to supply the data CCOs need.
to be fulfilled,” notes Deloitte enterprise compliance monitoring, many “In essence, compliance functions are still spend-
partner and national practice leader, Nicole Sand- organisations ing a disproportionate amount of time collecting data,
ford. “New applications and increasing access to data are still waiting versus time spent adding strategic value to the business
are coming, and that will take compliance to the next for the promise through analysing and trending the data collected,”
level with predictive analytics.” to be fulfilled.” Sandford says. •••
SUPPLY CHAINS A HAVEN FOR FRAUD
Despite risks, many companies still lack supply chain
fraud prevention and detection programs.
More than one-quarter of profes- • Bidding/procurement processes that are not
sionals (28.9 per cent) say their organisations expe- robust or independent;
rienced supply chain fraud, waste or abuse during the • Lack of sufficient clarity in third party invoice details;
past 12 months, yet nearly as many (26.8 per cent) have • Poor or strained relationships with certain third
no program currently in place to prevent and detect parties;
the risks, according to a new Deloitte Financial Advi- • Infrequent or non-existent “right-to-audit” “With reputational,
sory Services (DFAS) poll. assessments of suppliers and licensees’ practices;
litigation and
“When we ask executives overseeing supply chains • Little-to-no oversight into proper administration
why fraud risk management isn’t more top of mind, of agreements with third parties; and,
regulatory
we’re consistently told that compliance resource con- • Use of third party agreements that are sole- repercussions
straints are to blame,” says DFAS partner Larry Kivett. sourced without clear explanation or constructed hanging in
“With reputational, litigation and regulatory re- as cost-plus agreements without clear definitions the balance,
percussions hanging in the balance, companies can’t of cost and other relevant terms. companies can’t
afford to dismiss supply chain fraud prevention and About two-thirds (65.3 per cent) of respondents
afford to dismiss
detection. Schemes constantly evolve and come from reported their company conducts at least some due
every direction, making vigilance crucial.” diligence on their third parties. Nearly half as many (29
supply chain
Interestingly, employees (22.9 per cent) were the per cent) evaluate third party supply chain fraud risks fraud prevention
top identified source of supply chain fraud risk, com- on an annual or more frequent basis. and detection.”
pared to vendors (17.4 per cent), and other third par- “Don’t fall into the ‘it can’t happen at my company’
ties (20.1 per cent), which included subcontractors and trap,” Pearson warns. “Forces outside your company
their vendors. aren’t always to blame. Employees often leverage trans-
“Since every supply chain’s unique risk profile actions involving vendors and third parties to their own
stems from a mix of cultures, geographies, industries benefit via supply chain fraud, and when collusion is in-
and subcontractors, developing an effective supply volved, detection and prevention is difficult.”
chain forensics program is often more art than sci- Kivett believes vendors and other third parties
ence,” adds DFAS principal Mark Pearson. “But, have become accustomed to filling out surveys and en-
if you know where to look, red flags and other faint gaging in discussions about their practices within sup-
signals can help focus limited resources to drive sup- ply chains.
ply chain transparency and efficiency while reducing “Individuals and groups that have nothing to
fraud, waste and abuse risks.” hide work hard to clarify misunderstandings and im-
Warning signs for supply chain fraud, waste and prove relationships; those hiding illicit acts may not,”
abuse can include: he says. •••
11COVER
STORY
FIFA RED CARDED
FOR CORRUPTION
In what has been dubbed the “World Cup of fraud”, FIFA
is starting to unravel as the FBI alleges “generations of
bribery and corruption”. Mark Phillips reports.
“I’ve been to Russia twice, invited by President Yeltsin. No effective enforcement was ever undertaken,
I’ve been to Poland with their president. In the 1990 World and FIFA essentially continued in a regulatory, com-
Cup in Italy I saw Pope John Paul II three times. When I mercial and compliance vacuum until two of its key
go to Saudi Arabia, King Fahd welcomes me in splendid sponsors, Emirates and Sony, last year decided not to
fashion. In Belgium I had a one-and-a-half hour meeting renew their contracts. Indeed, apart formal obliga-
with King Albert. Do you think a head of state will spare tions under Swiss law, FIFA’s only real accountability
that much time to just anyone? That’s respect. That’s the seems to have been to the multinational brands that
strength of FIFA. I can talk to any president, but they’ll sponsor it, few of which have ever expressed much in-
be talking to a president too on an equal basis. They’ve got terest in insisting on good governance.
their power, and I’ve got mine: the power of football, which is And why would they? In 2014, more than a billion
the greatest power there is.” people worldwide watched Germany and Argentina
– Former FIFA president João Havelange battle for the World Cup. From a marketing perspec-
“A can of worms tive, the chance for such global exposure comes along
has been opened Many profess to have been “shocked” by the 47-count only once every four years, and distractions like the
and no-one indictment of senior past and present Fédération In- absence of any worker rights or safety standards in
knows for sure ternationale de Football Association (FIFA) officials building the 12 air-conditioned stadiums for the
just how many for bribery and corruption, but soccer’s worldwide extravaganza in Qatar (which, with a team ranked
are in there.” governing body has been mired in murky goings-on 99th in the world, has never even qualified for a World
for years. Cup) are merely inconvenient truths that, almost cer-
Consider just a few past headlines: tainly, will be forgotten when the first ball is kicked.
“Bribery scandal batters Blatter and FIFA” – UK Sponsorship at risk
Guardian, 2002 But maybe not. Although President Sepp Blatter has
“FIFA’s dirty secrets” – BBC Panorama, 2010 fallen on his sword “for the good of the game”, there
“Money makes the world cup go round” – Bleach- is a sudden disquiet among sponsors over the wide-
er Report, 2011 spread moral outrage that is currently engulfing, and
“FIFA has lost all credibility” – UK Financial may yet consume, FIFA.
Services Authority, 2011 In Qatar – where 4000 guest workers are likely
to die completing Cup infrastructure projects – the
While the US Department of Justice (DOJ) in- goose may be laying only a gold-plated egg, and one
dictments suggest criminal activity extending over that is already cracking. According to UK-based in-
21 years, and a parallel Swiss criminal investigation tellectual property management firm Brand Finance,
is looking into charges of money laundering involv- FIFA’s toxicity is such that its sponsors stand to lose
ing the awarding of the 2018 and 2022 World Cups to up to US$1 billion in value due to the reputational
Russia and Qatar, as far back as mid-2002 the world’s damage of being associated with FIFA.
press was reporting on serious non-compliance al- “Without knowing how quickly FIFA is going to
legations made by FIFA whistleblower Michel Zen clean out the Augean stables, my recommendation to
Ruffinen. the major sponsors would be to move towards X
12 GRC Professional • June 2015COVER
STORY
the exit,” Brand Finance chief executive David Haigh Given their direct stake in FIFA’s performance,
has said. reputation and standing, some sponsors have started
Even so, it still seems unlikely Qatar will lose the to make uncharacteristic (albeit still largely tepid) nois-
World Cup, despite it almost certainly having bribed to es about the need for change. Visa has been the most
get it. But key sponsors like Coca-Cola, Adidas, Hyun- forthright, threatening to pull its advertising unless
dai, McDonald’s and Budweiser are justifiably anxious FIFA immediately starts “rebuilding a culture with
over the turn of events and how they may yet unravel. strong ethical practices”.
A can of worms has been opened and no-one knows “Given their Coca-Cola has welcomed the resignation of Blatter
for sure just how many are in there. direct stake only days after he was elected to a fifth term as a “posi-
Unfortunately, sport and racketeering have long in FIFA’s tive step for the good of sport, football and its fans”.
been bedfellows, but no entity entrusted with the performance, Adidas, which has provided the official match
oversight of any code has so blatantly or for so long reputation and ball for every World Cup since 1970, said “[the] news
snubbed pressure from governments, the media, pub- standing, some marks a step in the right direction on FIFA’s path to
lic and regulatory watchdogs to implement reforms sponsors have establish and follow transparent compliance stan-
as FIFA. Unsurprisingly, questions have started to be started to make dards in everything they do.”
asked as to whether punches have been pulled because uncharacteristic
the “FIF-dom” is too big to fail. noises about Collateral damage
Still, nothing talks louder than money, and even the need for It is a small first step on what will likely be a very long
though FIFA does not disclose how much it is actually change.” path, and that assumes FIFA even intends to continue
paid by sponsors (it makes most of its money by sell- down it. Under its governing rules, the election of a
ing television rights to the World Cup, with other rev- new president and any fundamental reforms to FIFA
enue streams from hospitality rights, brand licensing, statutes must be voted on by member associations and
ticketing and investments) it is likely they contribute to regional federations at the next FIFA Congress, which
nearly a third of its total revenues. is scheduled for May 2016 in Mexico City. X
13COVER
STORY
However, Blatter himself has conceded that this
represents an unacceptable delay, and an Extraor-
dinary Congress is expected to take place anytime
from December of this year to March of next year.
For their part, FIFA’s main sponsors will probably
continue to show restraint until they know convic-
tions are in and the extent of any crimes committed,
“Someone and after that judge whether their own stakeholders
should go to the consider the brand to be irrevocably toxoid.
auditors and say, Meanwhile, the fallout shows no sign of abate-
‘Hang on, where ment. Activists in the US are targeting sponsors
actually did that while Football Federation Australia (FFA), which
come from and rushed to the moral high ground when news of the
go to? Where is scandal broke, has since come under fire.
it in accounts? When Blatter quit, it said in a statement: “The
Did you know challenge is not just to change the top elected posi-
about this?’” tion, but the governance structure at all levels and
the culture that underpins it. Australia will remain
an active voice within the forums of FIFA and AFC
[Asian Football Confederation] in promoting gov-
ernance reform and a new era of transparency.”
The FFA itself is now understood to be un-
der FBI investigation for a controversial $500,000
payment that ended up in the pocket of disgraced
former FIFA executive Jack Warner. Further, the
Australian Federal Police is evaluating allegations
of misappropriation of funds during Australia’s
$46 million bid for the World Cup, focusing on that
$500,000 payment.
FIFA’s auditor, KPMG in Switzerland, has also
been dragged into the morass.
KPMG was not only responsible for auditing
the umbrella organisation in Switzerland, but also
member associations around the world that receive
FIFA funding. Notably, it was auditor for the official
Russia and Qatar organising committees whose suc-
cessful bids to host the World Cup have been tainted
by bribery allegations.
Some auditing analysts believe KPMG should
have caught, and called out, the alleged illegal activi-
ties, particularly given FIFA’s tarnished history.
In comments made to financial informa-
tion website MarketWatch, Jerry Silk, a partner
at law firm Bernstein Litowitz Berger and Gross-
man, who has sued global audit firms, said he was
surprised KPMG would not have uncovered X
14 GRC Professional • June 2015COVER
STORY
evidence of the acts currently being investigated by done in order to regain the trust of the public and to
the US DOJ. fundamentally reform the way in which people see
Referring to an alleged US$10 million bribe pay- FIFA. These steps will ensure that the organisation
ment at the centre of the US investigation, England cannot be used by those seeking to enrich themselves
Football Association chairman Greg Dyke also ex- at the expense of the game.”
pressed concern, stating: “Someone should go to the
auditors and say, ‘Hang on, where actually did that Closed shop
come from and go to? Where is it in accounts? Did Of course, many maintain that the time to move for-
you know about this?’” ward has long since passed. Blatter still insists he had
Being FIFA’s statutory auditor, KPMG is bound no idea of any wrongdoing and that it was impossible
by professional confidentiality and says it cannot for him to keep tabs on everyone within the organisa-
comment on the matter. tion. Given he has been president since 1998 and an
Anti-money laundering experts remain unim- integral part of FIFA for over 40 years, it’s hard to fath-
pressed, arguing that root-and-branch reviews of om how this rings true.
past FIFA transactions are needed in order to demon- For all its committees, FIFA has essentially been
strate counter-money laundering compliance. Mean- a closed shop to the outside world. Once, when ques-
while, Barclays, Standard Chartered and HSBC are tioned on FIFA’s ethics, Blatter replied: “I will not go
scrambling to review a number of transactions, total- into discussions with people that like to create prob-
ling hundreds of thousands of dollars, after the trio lems.” Little surprise, then, when a One World Trust
were named in the US DOJ indictment. Global Accountability Report scored FIFA with just
27 per cent in its transparency section, nor that even
Too little too late? “To address before the FBI investigation 84 per cent of the British
Through it all, Domenico Scala, independent chair- specific calls, public perceived it as being corrupt.
man of FIFA’s audit and compliance committee, is FIFA will seek Scala is on the right track when he blames the
putting on a brave face. to publicise the structure of FIFA’s executive committee and its
“FIFA has worked hard to put in place gover- compensation members for many of FIFA’s woes. As mentioned,
nance reforms, but this must go further to implement of the president FIFA is essentially an umbrella group of different
deep-rooted structural change,” he has declared. “A and executive football confederations from a host of geographic
number of steps have previously been proposed but committee jurisdictions, each of which are responsible for their
have been rejected by members. Today more than members and own internal governance.
ever, FIFA is committed to ensuring that changes are propose term Further, some have far more clout than others.
implemented and upheld. limits.” Compounding the problem is that even though good
“Nothing will be off the table, including the struc- corporate governance is premised on principles of
ture and composition of the executive committee and transparency and responsibility, depending on their
the way in which members of the executive commit- legal frameworks and business traditions, differ-
tee are elected. I expect this to be an important aspect ent countries can have very different ideas not only
of reform, as the structure of the executive commit- on how to achieve and manage it, but what it actually
tee and its members are at the core of the current is- constitutes.
sues that FIFA is facing. In addition, many of FIFA’s associations around
“While FIFA operates in line with all applicable the world are in very poor countries, with money
laws and international accounting standards, FIFA ostensibly meant for the development of football
recognises that many have questioned the transpar- sometimes provided in cash, without appropriate
ency by which FIFA operates. To address specific oversight. It borders on patronage which, in turn, has
calls, FIFA will seek to publicise the compensation of grown the risk of a “look after us and we’ll look after
the president and executive committee members and you” mentality.
propose term limits. Ironically, if and when a new approach to gover-
“FIFA is fundamentally committed to change and nance comes, it will need to appease not only millions
determined to address the issues that continue to un- of football followers around the world, but multina-
dermine FIFA and football more broadly. Now is the tional sponsors that pour countless millions
time to move forward. There is significant work to be into FIFA’s own existence. X
15NEWS
Words of warning
The FIFA scandal has destroyed the professional reputations of many and will almost certainly damage more. Here are
five lessons to be learned.
• Allegations of corruption were nothing new long before the DOJ indictments, yet Blatter stonewalled and maintained
they were groundless There needs to be a continuous focus on corporate culture and appropriate disclosure, and
“An organisation certainly no place for wilful ignorance in any organisation.
has little if not • Global organisations in particular must stay abreast of international trends in anti-corruption legislation. As the
its reputation.” legal landscape changes and greater expec tations around transparenc y develop, a new raft of risks emerges for
organisations that fail to flag internal anomalies or audit discrepancies.
• Despite overt or subvert pressures to “toe the company line”, risk and compliance professionals have a responsibility
to all stakeholders to expose misconduct when it is detected, regardless of by whom it is perpetrated, and
irrespective of potentially negative consequences.
• An organisation has little if not its reputation. The reputational damage wrought on FIFA has undoubtedly been
immense, albeit thus far hard to quantify. However, international police agency Interpol no longer wants anything to
do with it, having just suspended €20 million donated by FIFA in 2011 towards its “Integrity in Sport” program. Clearly,
any issues with the potential to inflic t brand damage need to be brought to the immediate attention of management
and/or board of directors by those charged with providing assurance to stakeholders and governance officials.
FBI director James Comey perhaps best sums up the serious risks of not learning from FIFA’s mistakes: “If you touch
our shores with your corrupt enterprise, whether that is through meetings or through using our world-class financial
system, you will be held accountable for that corruption.” •••
Do you feel
valued?
Taylor Root is the leading specialist legal, risk and
compliance recruitment consultancy in Australia. Each year
our teams produce dedicated market updates and salary
survey reports to help our clients stay on top of market
trends. If you would like to request your copy of the 2014
Salary Guide and Market Report for the Australian
compliance and operational risk market, please contact us
on the details below.
Request a copy by visiting taylorroot.com/Australia or by
contacting Amanda Atherton on +61 (0)2 9236 9000 or
amandatherton@taylorroot.com.au
taylorroot.com
@TaylorRootLegal PART OF THE SR GROUP
Brewer Morris | Carter Murray | Frazer Jones | SR Search | Taylor Root
UK | EUROPE | MIDDLE EAST | Asia | AUSTRALIA | OFFSHORE
taylor-root
16 GRC Professional • June 2015Financial Crimes
Edition Twelve June 2015
Security warning Austrac Fraud drop
after Qld business warns on local “disappointing”
hacked property fraud Page 20
Page 18 Page 19
ASIC sets sights where employees believe risk breaches will be
ignored or excused – is endemic.
across the whole organisation,” he said. “And
that makes us look deeper.”
on banking “People are sick of it,” Medcraft declared.
“When culture is rotten and inappropriate
Speaking before a Senates Estimates hear-
ing in Canberra, Medcraft later said that it
culture investments become worthless, it is not the
wealthy who are being fleeced. Markets might
was up to the government to initiate a “broad
review of penalties” to ensure there were ap-
T
recover but often people do not. The bench- propriate civil penalties in place to deter mis-
he Australian Securities and Invest- mark manipulation scandals all over the world, conduct among the country’s banks, brokers,
ments Commission (ASIC) is calling and problems locally in the financial advice sec- financial advisers, credit providers and other
for tougher penalties on financial tor, demonstrate this.” Australian financial services licence holders
crimes with chairman Greg Med- Over the past year, ANZ Banking Group, He said it was up to the government to pro-
craft telling a recent stockbroker conference in Commonwealth Bank of Australia, National vide the regulator with the tools necessary to
Sydney that they need to “inject so much fear Australia Bank, and Macquarie Group, among ensure “fear of penalties outweighs the tempta-
that it stops people from breaking the law”. others, have been caught up in governance tion of greed”.
Medcraft’s comments came hard-on-the- scandals. Medcraft dismissed any suggestion Medcraft’s comments followed a revelation
heels of preliminary findings from a study by that they were just a few “bad apples”. by ASIC commissioner Greg Tanzer that the
Macquarie University into the risk culture of The regulator is clearly worried that cumu- regulator is currently reviewing the incentive
Australian banks which, among other things, latively, they may weaken the entire sector. As and staff promotion structures of three un-
reveal that bank executives are oblivious to Medcraft himself acknowledged, public confi- named investment banks in Australia.
cultural deficiencies and that more than half of dence in financial institutions is low. Medcraft said all financial institutions need
banking staff believe remuneration plans en- He said a poor bank culture – such as one to determine whether their remuneration and
courage excessive risk taking. that is focused only on short-term gains and rewards facilitate inappropriate conduct. Fur-
Alarmingly, the Macquarie study has equat- profit – drives poor conduct. ther, he emphasised the importance of an en-
ed some banker personality traits with “Ma- “When ASIC uncovers poor conduct and vironment wherein employees can express con-
chiavellianism” and found that “avoidism” – poor culture, it generally finds the issue spreads cerns without fear of retribution. •••
E-commerce times the average) and Asia, which despite the
huge number of consumers engaging in e-com-
At the positive end of the spectrum, Scan-
dinavian countries are the safest, holding down
fraud: best and merce in the region, is right on the average.
On a country-specific basis, Forter found
three of the top five slots, with Denmark being
the least fraudulent country on Earth and Fin-
worst countries that e-commerce fraud tends to poorer econo-
mies, but in particular those with accessible
land and Norway not far behind. New Zealand
took second place with regards safety of online
O
internet infrastructure. According to Forter purchasing, with Switzerland ranked fifth.
nline fraud is alive and well just business development vice-president, Noam Interestingly, the analysis revealed that
about everywhere, but some Inbar, these are also countries where the fraud rates of transactions using Google’s An-
places more so than others. In chances of being pursued by law enforcement droid operating system were twice that of iOS,
fact, according to a new study and being extradited are lower. something Inbar attributes to the open nature
by fraud prevention software firm Forter, if “Weak economic conditions drive more of Android.
you want to avoid fraud, it matters a great deal people to crime and decent internet infra- “That openness allows fraudsters to bet-
where your online provider is based. structure makes online fraud easier,” Inbar ter study the system and find the weaknesses
Through analysis of more than one mil- says. therein for access,” she says.
lion e-commerce transactions over the course Indonesia lays claim to the dubious title The onus, she adds, is on everyone shop-
of 2014, Forter determined that Africa has an of being the world’s most fraudulent country, ping online to regularly monitor their bank
average fraud rate 10 times that of the world’s followed by Venezuela, Brazil, South Africa statements and credit ratings, and to always
average. It is followed by South America (three and Romania. ensure use of strong passwords. •••
17Security family and threatened to discredit members
of his family through online attacks,
warning after particularly targeting a child”.
“This is a very serious attack on an
Queensland organisation and quite traumatic for the
business, the victim and his family,” Acting
business
Assistant Commissioner, State Crime
Command Brian Hay said.
“We are strongly urging businesses to
hacked ensure their computer systems are secure
A
and protected from hackers, that they adopt
n international company based a policy of not paying ransom demands and
in Brisbane recently paid carefully consider the information posted on
Bitcoin worth thousands of social media.
dollars to hackers after it was “Organisations need to think about
targeted by a ransom demand following the putting in place a strategy to counteract or
theft of sensitive data. respond to these types of incidents. But the
Queensland police refused to identify one message that I cannot stress enough is
the company, but said that after paying the to never comply with extortion demands and
demand the hackers attempted to extort report these matters to us immediately.”
more money by threatening to launch an In the Asia Pacific region, Australia is
online attack against a child of one of its placed first for such attacks, and globally
employees. seventh. Symantec’s “Internet Threat Report”
The company refused to cave in to the According to Symantec security specialist has highlighted that of the cyberattacks on
new demand and contacted the police, which Nick Savvides, attackers generally focus on Australian organisations in 2014, 30 per cent
said the hackers then “profiled a senior wealthier countries, and as such Australia is a impacted large organisations while 40 per
member of the organisation, identified their frequent target. cent took aim at SMEs. •••
Nine charged HK talks US$1.2 million being sent to an HSBC ac-
with fraud tough to banks
count in Hong Kong, most of which was
later transferred via Standard Chartered
T W
Bank in New York to a Cayman Islands-
he Independent Broad-based An- ith fallout from the FIFA based bank. •••
ti-corruption Commission (IBAC) scandal (see story page 12)
has laid more than 100 charges showing no signs of abat-
against nine people allegedly in- ing, Hong Kong’s banking
volved with procurement of infrastructure at regulator has warned that it will sanction any
Public Transport Victoria and the former De- institutions that fail to fully comply with anti-
partment of Transport. A company has also money laundering regulations.
been charged. In a formal statement, head of the Hong
IBAC’s Operation Fitzroy examined cir- Kong Monetary Authority’s anti-money
cumstances around procurement between laundering and financial crime risk division,
2006 and 2013. Stewart McGlynn said: “Meeting anti-money
The alleged offences include conspiracy to laundering expectations, particularly around
cheat and defraud, obtaining financial advan- higher risk customers, remains a challenge for
tage by deception, misconduct in public office, some banks. There should be no doubt on the
giving and receiving secret commissions and part of the industry or the public that where
furnishing false information. they do not, we will take action.”
The nine have been summoned to appear The recent indictment by the US Depart-
in the Melbourne Magistrates’ Court on July 6. ment of Justice of FIFA officials referenced
18 GRC Professional • June 2015AUSTRAC warns on
local property fraud Buyer dodged investment laws
As warnings about loopholes which exempt
real estate from onerous disclosure require-
ments escalate, Treasurer Joe Hockey has
The ante has been upped to stop Australian property being a vowed to enforce new foreign investment laws.
prime investment opportunity for money launderers The government recently announced penal-
F
ties, such as hefty fines and prison terms of up
ollowing the April release of a re- conduct transactions on their behalf. These to three years, for foreign investors illegally
port by the Paris-based Financial include establishing trusts and other struc- buying properties in Australia
Action Task Force (FATF) which tures to hide identity, recovering fictitious The treasurer’s announcement coincided with
determined that Australian prop- debts and making payments through law- news that a Chinese businessman was the
mystery buyer behind the purchase of one of
erty is a haven for international money laun- yers’ trust accounts. Australia’s most famous homes, Altona in Syd-
dering, two top lawyers have been caught on Key indicators include: ney’s Point Piper, for $39 million.
video in conversation about how regional • multiple and unexplained funds trans- The mansion was bought through a complex
leaders appropriate funds from their own fers, especially from overseas; structure of shelf companies and holding
people and lodge them in Australian bank • difficulty identifying the ultimate source trusts, including nominee arrangements that
accounts. of deposits; and have been reported as stretching from Mel-
bourne to the British Virgin Islands.
According to a report in Fairfax media, • moving funds to/from a law firm’s trust
an undercover “sting” caught a Papua New account and to/from bank secrecy or At the time of the purchase, the buyer, Wang
Zhijun, did not have permanent Australian
Guinea lawyer explaining how a “presti- high risk jurisdictions.
residency, which contravenes laws that prevent
gious” law firm and Queen’s Counsel issue In its report, FATF singled out China foreigners from buying established housing.
inflated invoices to conceal the movements as the main source of international money “Foreign investors who think they may have
of corrupt money. laundering in Australian real estate. broken the rules should come to us before we
The footage, which was filmed by anti- It said that while regulation of major come to them,” Hockey has warned.
corruption NGO Global Witness, exposes money laundering and terrorism financing Buyers who come forward before November
complacency among Australian politicians channels, such as banking, remittance and 30 2015 will be forced to sell properties, but
and enforcement agencies, as well as gaps in gaming, is largely effective, most designated will not face criminal prosecution.
regulation. It follows news that corrupt Ma- non-financial businesses and professions According to Hockey, the Foreign Investment
laysian officials have teamed with Australian (DNFBPs) are still not subject to AML/ Review Board is currently investigating 195
cases of purchases by foreign investors, in-
property developers to launder kickbacks CTF requirements and have insufficient un-
cluding 24 by those who voluntarily flagged
through a student apartment complex in derstanding of their risks. These include real their own possible breaches.
Melbourne. estate agents and lawyers. •••
The revelations coincide with the re-
lease of a new AUSTRAC report, which says Know your customers
criminals are being drawn to real estate in KYC rules don’t just have to apply to financial institutions. Here are some questions
Australia as a means to launder illicit funds businesses of all sizes should ask to help protect against money laundering.
because it is possible to purchase in cash, of- Do you really know the customer? Were they referred by a reliable source or from an obscure
fers reliable financial returns and ownership or unknown origin? If a seemingly affluent new client suddenly arrives at your doorstep, alarm
can be disguised. bells should ring.
It says methods of laundering money in- Do you really understand a customer’s proposed transaction and are you going to be comfortable
clude mixing illicit funds with loan funds, executing it? Does the transaction make sense considering what you know about their business?
manipulating property value, use of third Is this the usual way transactions are done or are there some curious kinks in it? For example,
parties to present as the official owner, pur- why would a total stranger offer to invest a substantial sum in your business?
chasing properties to facilitate criminal ac- There is no such thing as a too lengthy paper trail. Are there any records you should be keeping
tivity, and generating rental income to seem to better protec t yourself?
legitimate. What tech tools might be relevant to your business in stopping any involvement with money
According to AUSTRAC, criminals are laundering schemes?
also using professional facilitators such as What are the latest ploys being used against your types of business?
lawyers to help them seem legitimate and to
19Fraud drop “disappointing”
Despite a decline in monetary losses and the number of victims, results from a
concerted anti-fraud campaign have been less than expected.
D
espite the number of high- alerts to notify consumers of suspicious ac-
profile data breaches in 2014 tivity, the lower figures do not suggest any Hackers raise the cost of a coffee
(see story page 22), fears about turnaround in the fight against fraudsters.
Criminals have come up with a clever new
record losses were not realised He believes the coordinated efforts way to steal money from back accounts,
– even though the US Federal Trade Com- should have resulted in a bigger drop, point- targeting Starbucks customers’ coffee
mission reports that identity theft was the ing to the fact that there is still a victim about accounts as a side door.
most-complained about category in 2014, ac- every two seconds in the US. The hackers are using the chain’s mobile
counting for 13 per cent of complaints. payment app to drain the stored value
Notwithstanding the high total, both Overall, 5.2 per cent of Americans of gift cards, then using Starbucks’ auto-
reload function to obtain consumers’
the number of victims and fraud losses de- were victims of identity theft, credit
associated debit and credit card details.
clined from 2013, according to Javelin Strat- card fraud, or similar issues
The scheme is part of a new fraud trend
egy & Research’s just-released “2015 Iden-
wherein hackers are targeting third party
tity Fraud Study”. It shows that thieves stole Overall, 5.2 per cent of Americans were firms that create alternative payment
US$16 billion from 12.7 million US consum- victims of identity theft, credit card fraud, or systems and attacking them, finding
ers last year, down 11 per cent from US$18 similar issues last year, according to the Jav- that they are often easier to breach than
billion the previous year. The number of elin study. The majority involved credit card financial institutions. In the process, they
are turning rewards programs, points and
victims also fell 3 per cent from 13.1 million. fraud, with victims of data breaches three
prepaid cards into cash.
times as likely as the general population to
Thieves stole US$16 billion from be a fraud victim. In cases where a breach The strategy has worked because many
Starbucks customers link their credit or
12.7 million US consumers last year, exposed social security numbers, victims be- debit cards to gift cards that are loaded
down 11 per cent from US$18 billion came twice as susceptible to identity theft or onto mobile payment apps. Once a criminal
the previous year. fraud. steals a Starbucks mobile or gift card login
On a positive note, instances of new ac- credential, stealing from associated cards
However, Javelin director of fraud and count fraud – where a criminal uses personal is relatively easy.
security, Al Pascual, says that in light of a information to obtain new loans, credit
massive effort from regulators, businesses cards and other accounts – did dramatically
and financial institutions to curtail breach decline, down from US$3 billion to US$2 sumers, the lowest Javelin has ever recorded.
losses via swift replacement of impacted billion. According to Pascual, this kind of Unfortunately, 13 per cent of victims do
cards, more sophisticated monitoring, and fraud now impacts just 0.29 per cent of con- not notice the misuse for more than a year. •••
20 GRC Professional • June 2015You can also read
