SEC Crackdown: How Effective Are Your Anti-Fraud Controls?
The Securities and Exchange Commission (SEC) filed a record 755 enforcement actions in the fiscal year that ended in September 30, 2014, covering a wide range of fraud schemes and financial misconduct. The investigations have led to roughly $4.2 billion in disgorgement and penalties in fiscal year 2014 — significantly higher than the amounts collected in fiscal years 2012 and 2013, which totaled $3.4 billion and $3.1 billion, respectively.
“Aggressive enforcement against wrongdoers who harm investors and threaten our financial markets remains a top priority, and we brought and will continue to bring creative and important enforcement actions across a broad range of the securities markets. The innovative use of technology — enhanced use of data and quantitative analysis — was instrumental in detecting misconduct and contributed to the Enforcement Division’s success in bringing quality actions that resulted in stiff monetary sanctions.” — SEC Chair Mary Jo White
“Aggressive enforcement against wrongdoers who harm investors and threaten our financial markets remains a top priority, and we brought and will continue to bring creative and important enforcement actions across a broad range of the securities markets. The innovative use of technology — enhanced use of data and quantitative analysis — was instrumental in detecting misconduct and contributed to the Enforcement Division’s success in bringing quality actions that resulted in stiff monetary sanctions.”
— SEC Chair Mary Jo White
SEC Plans to Build on Its Success
One possible explanation for increased enforcement actions could be an increase in misconduct by unethical individuals. However, SEC Chair Mary Jo White attributes the agency’s fruitful enforcement campaign to more stringent SEC oversight, as well as the efficiency of new investigative approaches and the innovative use of data and analytical tools. She also promises that the agency’s tough stance against misconduct will continue in 2015.
Getting companies and individuals to publicly admit guilt — not just settle and pay fines — was a major priority in fiscal year 2014. By holding individuals accountable for their misconduct, the SEC sends a powerful message to the markets. In the words of SEC Commissioner Luis A. Aguilar:
“While we frequently obtain through settlement all the monetary and injunctive relief we are likely to obtain in litigation, when we settle on a ‘neither admit nor deny’ basis, the public is denied a finding, either by a fact finder or by the defendant’s own admission, that the defendant engaged in bad conduct. … Requiring admissions in these cases will appropriately sanction defendants for their misconduct, and will go a long way toward enhancing the deterrence message of our settlements.”
The agency’s enforcement actions also included first-ever actions to impose an emergency stop on a municipal securities offering and against whistleblower retaliation. Other actions targeted gatekeepers, including auditors for violating independence rules and deficiencies related to audits of failed Chinese companies. To protect themselves against accounting malpractice claims, external auditors are likely to follow the SEC’s lead by evaluating anti-fraud controls and assessing risks with increased diligence.
Small Companies, Big Losses
The SEC’s enforcement staff has made companies’ anti-fraud controls the chief target in its fight against financial reporting fraud. Their efforts are primarily geared toward protecting public company investors against financial misconduct by making sure that senior management is properly supervising business units that may be more susceptible to fraud. But private companies are disproportionately victimized by fraud, possess fewer resources to rebound from fraud losses and often have weaker anti-fraud controls than their publicly traded counterparts, according to the Report to the Nations on Occupational Fraud & Abuse issued in 2014 by the Association of Certified Fraud Examiners (ACFE).
As accounting rules grow increasingly complex and rely on more judgment calls by management, the risks of fraud and financial misstatement will also grow. Public and private companies alike need to pay more attention to anti-fraud controls to avoid errors, misstatements and financial losses.
A Closer Look at Anti-Fraud Controls
Anti-fraud (or internal) controls are the policies and procedures companies use to protect assets, improve operating efficiency and ensure reliable financial statements. A strong internal controls program — including fraud training, proactive data monitoring and analysis, employee support groups, management review and whistleblower hotlines — can be essential in the war against fraud.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO), a joint initiative of five private sector accounting and finance organizations, lists five components of anti-fraud control programs:
Control environment. The ethical tone that management sets filters down the organizational chart. Relevant factors in the control environment include the integrity, ethical values, management operating style and delegation of authority.
Risk assessment. Companies should continually evaluate external threats and internal weaknesses. Once they’ve been identified, threats and weaknesses need to be eliminated — or at least reduced and monitored.
Information and communication. Strong controls allow employees to identify, capture and exchange information. Effective communication ensures information flows to the right people inside and outside the organization.
Control activities. Strong programs include formal policies and procedures to ensure management’s directives are carried out. Examples of control activities are authorization of transactions, accounting reconciliations, supervisory reviews of operating performance, physical security of assets and segregation of duties.
Monitoring. Risks factors continually change. Management should continually review and improve anti-fraud control performance.
How effectively does your company’s anti-fraud control program address these five components? COSO recommends that companies design their anti-fraud controls “to provide reasonable assurance [of] the achievement of objectives in the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with laws and regulations.”
Raising the Bar on Anti-Fraud Controls
In the wake of the SEC’s more stringent oversight, expect auditors to more closely inquire about and test their clients’ anti-fraud controls. If you’re currently aware of weaknesses in your anti-fraud controls, contact us as soon as possible to help brainstorm ways to help solidify your company’s control program. Beefing up anti-fraud efforts before year end can streamline the audit process in early 2015.
© Copyright 2014. All rights reserved.
Brought to you by: McClanathan, Burg & Associates, LLC