Should CFOs and other high-level executives be able to prevent and spot fraudulent practices within finance and other parts of the organization? Not all the time, and not every fraud. But they can establish a culture that makes law-breaking harder to accomplish.
At last week’s Strategic CFO Forum in New York, hosted by StrategicCFO360, David Kotz, the former inspector general of the Securities and Exchange Commission from 2008 to 2012, offered finance executives advice on the mindset required to do so.
Kotz is famous for his investigation into why the Securities and Exchange Commission failed to spot the multibillion-dollar Ponzi scheme run by Bernie Madoff. Madoff, arrested 15 years ago yesterday, conducted a long-running investment securities scheme that eluded detection by the SEC despite multiple whistleblower complaints.
A lot of the mistakes by the SEC in the Madoff case hold lessons for CFOs — bad actors still commit audacious but relatively simple financial scams that leave regulators, the public, and perhaps their co-workers wondering, “How were they able to fool so many people?” and “How did they get away with this for so long?”
To combat fraud, finance executives must have the right mindset, explained Kotz. SEC investigators never believed Bernie Madoff, former chair of Nasdaq, would commit fraud, said Kotz. They also had tunnel vision when they examined Madoff’s funds, concentrating on catching violations of front-running (a popular type of SEC case at the time) rather than looking for other likely fraud.
In addition to the policies and controls to prevent fraud, an organization’s executives “have to really be on guard all the time for potential fraud, and never let [their] guard down,” Kotz said. Management must always maintain skepticism, even if everything is going well within the organization. “You have to look for red flags and err on the side of being a little more skeptical rather than going with the flow,” Kotz said.
The CFO needs to be aggressive in establishing a culture of ethics and compliance, setting codes of conduct, building internal controls, and conducting reviews, Kotz said. “Everybody does that stuff, but it’s the level of aggressiveness the CFO has, even to the point where maybe people feel you’re overdoing it. But if you’re overdoing it, then you eliminate or reduce the risk of a problem down the road,” said Kotz. “It’s worth being a little bit of the bad guy.”
Pay attention to internal whistleblowers. The SEC incentivizes employees to report violations of securities laws and other malfeasance internally — to the audit committee, chief legal officer, or other appropriate official — before going to the SEC. Boards of directors and compliance personnel need to take such complaints seriously.
SEC staff “discounted the claims of whistleblowers who came forward” to accuse Madoff, said Kotz, in some cases because they were Madoff competitors. The SEC ignored or only performed cursory investigations of information provided by securities industry executive Harry Markopolos, who alerted the commission to Madoff’s Ponzi scheme as early as 2000.
It’s best not to prejudge a whistleblower or the form of their tip or accusation, said Kotz. At the SEC, Kotz received a whistleblower complaint about a senior official allegedly hiring relatives for big jobs at the commission. The complaint was very detailed and included exhibits. But none of it was true. On the other hand, Kotz said, in a complaint that looked like it was written in crayon and was barely legible “[the whistleblower] turned out to be exactly right.”
“You need to look at the complaint's substance; it’s irrelevant where it came from,” concluded Kotz. Similarly, a whistleblower may have suspect motivations, but their information may be accurate.
Don’t think throwing money at the problem is the answer. Kotz testified before Congress about Madoff, Bear Stearns, and other misses by the SEC. Members of Congress asked him if the answer to the problem was to give the SEC a bigger budget.
“The SEC had the resources necessary to uncover [the Madoff fraud], said Kotz. “They didn’t need any more money; they needed to not be incompetent.”
In the same way, an organization can have highly sophisticated internal controls and compliance systems but not have a culture willing to investigate misdeeds when tipped off by an employee. “An internal or external complaint may be met with a lot of skepticism or not seriously considered,” Kotz said.
“Just because someone is registered or something’s examined or investigated … it should mean nothing in terms of your own responsibilities."
Former SEC inspector general
CFOs, other finance executives, or even employees outside finance should be prepared to get pushback when reporting fraud. People they highly respect or have worked with for a long time may ask them, “Why are you looking into this?” or “When is this going to be over so we can get this behind us?”
Overall, CFOs and other management personnel must raise their game to prevent and spot fraud on their watch. With U.S. enforcement agencies like the SEC responsible for policing more areas of company reporting and securities markets, organizations can’t rely on the government to catch illegal behavior, said Kotz.
“Just because someone is registered or something’s examined or investigated … it should mean nothing in terms of your own responsibilities,” Kotz told the audience.