The vital role of ‘whistle blowing’ in modern business cannot be gainsaid, however, managers responsible for preventing fraud risk may find themselves in the firing line

Danny McLaughlin Head of Fraud and Forensic - Grant Thornton UAE

CORPORATE FRAUD and other business misconduct regularly dominate the headlines worldwide, and the Middle East is not immune to such problems.

When a fraud incident occurs, it is invariably bad news for the business concerned. The effects can be widespread and damaging – the theft of cash, misappropriation of assets or the violation of sanctions are damaging for businesses. The reputation of a business that has been carefully nurtured for years, or even decades, may be undermined.

Fraud or misconduct can affect the business but also regrettably customers, employees and suppliers. Trust is lost, the brand becomes associated with the fraud and bad news stories may spiral out of control. Managers who were responsible for managing fraud risk may find themselves in the firing line for their failures and their jobs and personal credibility can be at serious risk.

Lack of effective control
Many if not most cases of fraud can be attributed to a lack of effective control. In the worst cases, subsequent investigations may in fact reveal there was little if any control in the first place.

Complacency and misplaced trust are gifts to potential fraudsters. The opportunity to commit fraud because of poor controls, ineffective segregation of duties and limited oversight combined with pressures on a fraudster, perhaps because of financial problems, peer pressure or inherent dishonesty are two facets of the so-called fraud triangle which helps us understand why frauds occur.

The third facet, the rationalisation helps us to understand why someone takes that next step and actually commits fraud – “no one will notice”, “they owe me”, “everyone else is doing it”, and it’s only a small amount”. But at the heart of these cold calculations by a fraudster is the fundamental belief that they can get away with it and no one will detect their activities.

Potential ‘Red flags’
So how do we change such mind-sets? I believe that fraudsters are themselves often very good risk managers. They coldly calculate the risks of detection as they get to know what gets checked and what doesn’t. They often have a backup story to explain their activities, if someone does raise suspicions.

Fraudsters will perhaps focus their fraud on non-core activities, those that are less well understood or of less interest to the owners. They may commit small frauds to start with so as to see what is possible. They often become greedier as they test the system whilst remaining undetected. They create an aura of honesty and portray themselves as someone beyond suspicion. Ironically, these behaviours are often what we might describe in the fraud prevention world as “red flags” or indicators of potential fraud.

When someone has worked in a business for a long time, they understand the weaknesses and the opportunities to commit abuse. When someone who is a good manager recognises such gaps in control, they will use this knowledge to put in place more effective controls, but without adding often useless bureaucracy. Does seven signatures on a Purchase Order mean there is greater or less control? They will work with the Audit Committee and both internal and external auditors to manage risk. If they are dishonest, then unfortunately there is potential for a much less pleasant story to unfold.

The fear factor
Many business owners are shocked and feel particularly betrayed when after a fraud occurs it is revealed that many people in the business actually did have suspicions but failed to report such concerns. Why would they not speak up?

The answer is fear. Writing in Ancient Greece more than 2600 years ago, Sophocles the Greek Tragedian said in his work called Antigone that “No one loves the messenger who brings bad news”. In 1598, Shakespeare referred to a similar concept in his plays Henry IV part 2 and Anthony and Cleopatra essentially saying that you “don’t shoot the messenger”.

Regrettably, people do fear being “shot” or in modern terms being terminated, retaliated against or otherwise victimised. It may be so much easier to keep your head down and say or do nothing.

Blowing the Whistle
The term ‘whistle blowing’ seems to me to be less familiar and less well understood in this region than it would be for example in the UK or US. The term itself was first used by consumer champion Ralph Nader in the seventies. He wanted something that was less emotional than the words snitching or informing.

These terms are frequently used in a pejorative way. Whistle blowing on the other hand should be seen as something done for good reason. In many countries, laws have been introduced to provide legal protection for those who decide to reveal their concerns.

We believe that whistle blowing is a key part of your fraud risk management strategy. It provides your employees (and customers or suppliers) with a confidential way for them to report concerns. The very best whistle blowing systems are also independent and run by a third party on your behalf.

The whistle blowing service contractor should provide you with a call centre operation that runs 24/7, can take calls in multiple languages and provide real time or near real time translation facilities as well as a range of alternative communication channels such as via the Internet (Website or email) and good old fashioned letters.

It takes great courage for someone to make that call and they need to be sure that they will be treated sensitively and that their confidentiality will be protected.

Grant Thornton recognises that there is an increasing demand for such services in the Middle East. Recently, the Dubai Real Estate Regulatory Agency (RERA) suggested in a draft law that real estate developers should implement whistle blowing. We regularly receive requests for advice on how to implement whistle blowing.

Grant Thornton are now in partnership with Whistle Blowing Security Inc, a Canadian firm, to focus on providing a whistle blowing service to the Middle East and North Africa. The service is in fact available globally for our clients with operations outside the region. Toll free numbers for callers can be set up (where available) or collect / reverse charge facilities. Whistle Blower Security Inc has worked with Grant Thornton UAE to ensure that clients have access to an Arabic language reporting website. Real time translation is available in more than 150 languages.

The service is keenly priced with an all-inclusive subscription charge based on staff numbers. There are no separate charges for producing a report on calls received and you have the added assurance of knowing that calls will be handled by an established call centre designed for this purpose.

Identity protection
Callers are provided with a unique ID and password to allow on-going communications whilst protecting their identity if they wish. Whistle Blower Security does not disclose details of calls to anyone but your designated representatives. We in Grant Thornton can provide you with investigation and fraud prevention services should you need these as a result of concerns raised on the hotline.

Fraud seriously damages businesses. Fraudsters thrive because they believe that they are safe from detection, and that colleagues, or others who have suspicions are too frightened to raise their concerns. By using this new service you can ensure that someone thinking of committing fraud in your business is likely to have second thoughts because the odds of detection will have changed substantially in your favour.