Take cover! Fraud investigator and author Mike Comer is out and he’s giving it both barrels!
True enough, some businessmen have behaved “inappropriately” and have ripped off shareholders and others. Cases of externally directed and widespread fraud like Enron and the UK pensions scandals are bad but they are exceptions. These rare cases have been used to supposedly justify a mass of regulations, enforced by hordes of regulators, quangos and fellow travellers, few of whom have ever tried to run a business.
A job is always easier for the people who don’t have to do it, especially if they are able to consistently claim the benefit of hindsight. Regulators have 20:20 vision, although it is usually retrospective and reactive: very few seem prepared to commit themselves before the event and are much like internal auditors in only making an appearance after the battle has ended and then to shoot the survivors. Compliance has given new life to law firms, accountants, consultants and internal specialists who, like Dracula, are unlikely to complain about an excess of blood. “Compliance” has become a full blown industry and an end in itself!
Politicians and regulators seem to overlook the reality that most businesses, and the vast majority of managers, are honest and hardworking and don’t need to be told what is right and wrong. Maybe politicians are too heavily influenced by those leaders in commerce who nuzzle up to them with generous political donations. These supporters do not represent the managerial masses who, like us, believe that the system of political donations and nepotism is the start of the chain of rampant corruption. There is no such thing as a free lunch or an independent “Patron”.
Most major frauds are committed against good companies that employ effective managers. For example, Barings was a not a bad company and collapsed, not through endemic control weaknesses, but because it placed trust in the wrong people and failed to react “appropriately” when the symptoms of fraud first emerged. This is true of most serious fraud victims and it is partly the fault of government in not providing sufficient police resources to help victims recover from fraud, or not relying on a public prosecution service that is at best myopic and a criminal justice system that is not geared to fraud cases. Against real fraud, there is little deterrent. As Donald Rumsfeld said in another context, a little “shock and awe” would to no harm.
Fraud is an unequal battle in which the perpetrator chooses the battleground, timing and weapons and always has the advantage of surprise. To him (or increasingly her) fraud is the number one priority and he only has to be lucky once. The honest victim is ambushed, needs luck all of the time and has to try to prevent fraud while focusing on a myriad of other tasks. A manager’s task is not made easier by pressures from investors, media and stock markets, all of which expect increasingly better financial performance, from quarter to quarter if not week to week. They seem to misunderstand – or consciously ignore – the risky nature of business, the toughness of markets and the fact that incomes for even the best run operations may be volatile. This is the reality, but no one seems keen to face it.
When the slightest blip panics markets, is it any wonder that some managers should consider equalising the results; especially when accounting standards leave almost endless space for creativity? The temptation to smooth results is ever present but it could be reduced if everyone took a more realistic and long term view of businesses, including the Inland Revenue. It would also be reduced if accountants worked exclusively on honest principles, rather than spinning the fine print of the rules.
A hospital now has to deal with over 30 regulatory agencies and usually irrelevant “key point indicators (kpi)” that encourage “spinning”. If the police make a single arrest they have to waste endless hours on form filling, recording among other things, the age, nationality, race, colour, religion and inside leg measurement of the suspect. And all of this is to do with “kpis” to confirm that there is no discrimination and that crime figures are diminishing. Yet the police know the truth that crime is increasing.
The fact is that British managers – in both commerce and government – are tied down with a morass of red tape, “kpis”, measurements, petty rules and regulations that kill initiative and spin the truth. The rule seems to be “if it can’t be measured, or might offend the sensitive skins of luvvies, don’t do it”.
The Oxford English Dictionary defines “compliance”, and its derivatives, as “an action in accordance with a request or command” or “an unworthy acquiescence”. It may be used as a noun, adjective or a verb – which, as you may remember from school, means doing something. In recent years the word is used only as a noun – in fact a proper noun – with a capital “C”, thus ranking it alongside “King” and “Queen” and putting it ahead of common, but more important, nouns such as “golf” and “soccer”. This nounal use is popular because it refers to an inanimate object that requires no action. Have you noticed that these days, verbs are becoming unpopular or even “inappropriate”? It is now much more appropriate to do nothing, except second guess others.
The truth is that if most Western democracies were held to Sarbanes-Oxley, the Listing Rules or compliance standards they would fail woefully and would make Kenneth Lay of Enron look like Mother Theresa. Just look at the recent cases of wholly inappropriate behaviour by political leaders, including financial shenanigans, conflict of interest, abuses of power, false reporting of key statistics and other hanky panky. Then turn to the European Union (which has driven much of the accounting, supposed anti-bribery and other compliance standards) and recognise that for the past nine years its accounts have been in such disarray that they have never, ever, been finalised: bribery and fraud is rampant and anyone who blows the whistle, apparently, ostracised or punished. If the European Union were a listed company it would be called “Titanic Plc”. And, remember, these are the people who tell us what to do and we want to get even further into bed with them!
If some of the laws and regulations are bad, the way they are interpreted by regulatory agencies makes them even worse; through a process known as “regulatory creep”. There is an old saying that “you never ask a barber if you need a haircut” which holds true in the compliance area. If you ask a regulator if you can do something the answer is unlikely to be positive: at best they will keep their options open, so that they can criticise later on. Unsurprisingly most regulatory agencies see their jobs as pivotal to the survival of the universe or even more important than that. If you want a simple example (and there are plenty more) of “regulatory creep” just look at the office of the Information Commissioner.
This illustrious body started as the “Data Protection Registrar” whose job was, as its name implies, simply to keep a register of organisations that process data automatically: mainly by computer. It now grandly announces that it is “the independent champion of public openness and personal privacy”. Whoever gave it that role? Has no one told the distinguished Commissioner that there is not a “privacy law”, as such, in the UK and that if anyone ever detects truthful “public openness” they should have it framed and mounted on the wall, alongside the picture of granny? Over the years, the office of the Information Commissioner has repeatedly expanded its empire and, for example, after the passing of the Data Protection Act 1998, dictated that “relevant filing systems” (such as paper based personnel files) also fell within its ambit and issued almost endless tomes (usually called “guidelines” but intended as mandatory standards) including some incredible instructions on employment practices and the conduct of investigations when fraud is suspected.
In 2003, the Court of Appeal ruled that many of the Information Commissioner’s rulings on “relevant filing systems” were inappropriate or plain wrong, but has the Commissioner withdrawn the offending guidelines and thereby shrunk its empire? You guess. Regulations are easy to make but difficult to withdraw. You will also remember the Soham murders and the scandal that followed when the police admitted that, supposedly through over-enthusiasm for the Data Protection Act, they had destroyed intelligence records which would have exposed Ian Huntley, the murderer, as a paedophile. In the face of public outrage, the Information Commissioner ran for cover and let the police take the hit. At this stage, it is impossible to say who was to blame, but the case illustrates the dreadful process of regulatory creep through which those regulated increasingly err on the side of caution; thereby emasculating themselves. Excessive and unnecessary compliance is as dangerous as under compliance and it destroys competitive advantage.
While the standards demanded of businesses have increased the tools and powers available to managers to comply have decreased. For example, the Information Commissioner’s guidance on pre-employment screening and the conduct of internal investigations are naïve bordering on harebrained. If any company were to follow them, fraud would run rampant, regulations be broken and managers (but, of course, not the regulators) held accountable for failure. There seems to be no consistency in the laws and regulations, nor any understanding of the problems they create at a working level. Managers are told to do this or that without being permitted to do that and this. It is a sick joke!
The fact that managers should be held personally accountable for failures at work is a given but they (and not regulators) must run their businesses and exercise this right based on an internally generated tone and framework of what may be called “assertive integrity”. Having dealt, over the past 40 years, with crooks in all shapes, sizes, colours, sexes (all five) and ages, the one common feature appears to be that their self-image was inconsistent with honest behaviour. In other words their value system was skewed, enabling them to rationalise dishonesty as being acceptable or even the norm. Also most of them had fancy shoes and appeared to be compliant: sometimes to extremes.
What to do?
The first steps are to set the tone from the top of the organisation – really meaning it – creating a set of positive “self-image” and “collective image” values, recruiting honest people and organisations and keeping them that way by positive rewards as well as severe and certain punishment. Managers should regularly review their risks and clearly identify the laws, rules and regulations to which they are bound, excluding those which have simply crept in without lawful support. They should ensure that their control procedures are commensurate with both risks and regulatory requirements, without going overboard on stifling preventive controls. They should work with regulators, but not prostrate themselves before them. On the contrary they should commit regulators to writing anytime there is a disagreement. In short, managers should assert the right to manage, but this is not difficult for truly honest people. Managers should also report results fairly, align the expectation of shareholders and markets and create a reputation for excellence through their products or services and the way they treat others; especially employees, customers and suppliers. If short term financial results are not as good as expected, so what? The truth will out and any sensible investor should not be deterred by a blip.
If the blip repeats then this must be a reflection of true value and the organisation must behave accordingly. It is much better to face the truth than to falsify figures, because eventually the bubble will burst. It is amazing how companies like Enron never thought through the end game of their scams. Where did they think it would all end?
The rules about false accounting are that problems seldom cure themselves and that it is rare to trade out of anything dishonest. It is always best to take the hit and move on. Another important point: managers should deal openly and aggressively when fraud is suspected and prosecute offenders – either criminally or civilly and be prepared to defend adverse publicity in the unlikely event that the need arises. In short a company should maintain the unquestioned reputation of being an exemplary corporate citizen and a very, very hard target. In this way compliance with regulatory standards will be surpassed while retaining innovation, profitability and management control.
The threat of punishment, for breaking some esoteric regulatory whim that the subject probably regards as meaningless, is not likely to change anyone’s inner values. This is especially true if, at the end of the day, punishment is avoided because the criminal justice system fails. Edwin O Sutherland, the American sociologist and political economist who founded the term “White Collar Crime”, discovered this in 1949, yet politicians and regulators don’t seem to have learnt the lesson. Sutherland’s idea was that criminal behaviour is learned through associations with others. The tone is set by leaders, either good or bad. Eventually that tone becomes ingrained as a self-image; again either good or bad. Penalties achieve nothing if all the majority sees are minor rule-breakers being punished while the gross offenders escape. This is often the result when regulators prosecute the easy technical cases, under the “lowest fruit” approach, because the real villains are too difficult to catch. You see these failures far too often when, for example, legitimate banks are severely punished for not filling in the right form at the right time while corrupt political and commercial leaders are able to stash away billions through complex skulduggery.
In the improbable event that politicians would be prepared to accept advice from a pooper it would be to put their own houses in order (and especially the European Union), to cut back on the obscure red tape and the regulatory hordes, encourage entrepreneurs to manage through assertive integrity; to provide a law enforcement framework, (including changing the laws on bribery in line with the 1998 report of the Law Commission) and to take all other reasonable steps to help managers deter fraud. Finally, they should build more prisons and keep them full.
For more from Mike’s pen (metaphorically speaking) and his CV, visit:
