Dr. Maria Tsennykh, Managing Director at Weaver
Could increased disclosure and whistleblower protections for private companies prevent another fraud scheme like Theranos?
Classic free-market theory holds that buyers and sellers act as if they are guided by an “invisible hand” that help produce the best outcome — a better outcome than government oversight could ever produce.
While economists debate the scope, scale and specific roles for appropriate government intervention, fraud continues. One recent high-profile case is the trial over allegations against a private company, Theranos, founded by Elizabeth Holmes — but this is far from the only case.
A simple internet search for “American fraudsters” or “Americans convicted of fraud” reveals more than 200 large scandals during recent decades. Even if you exclude small-scale fraud and non-white-collar crimes, there are approximately 90 large business-related fraud scandals since 1970.
In the wake of the Enron and WorldCom scandals, Congress passed the Sarbanes-Oxley Act (SOX) in 2002. It offered protection for whistleblowers at public companies, encouraging people to report suspected fraud. In addition, the Supreme Court has ruled that people performing services for public companies, even if they’re not employees, are also protected by SOX. However, SOX does not apply to private companies. There has been ongoing debate, but so far there has been no action to apply similar protections to private companies that sell services or products directly to consumers and attract investor capital.
Protecting whistleblowers and building cultures of transparency
For public companies, whistleblower hotlines provide compliance departments with opportunities to prevent potential legal issues. In my experience working with private companies, I have found that many do not have a hotline. In addition, many companies require employees to sign Non-Disclosure Agreements (NDAs), and employees often fear that reporting fraud will lead to being sued for violating the NDA. In companies without a strong culture of compliance, transparency and trust — including regular compliance training — employees may stay silent to protect their careers and prevent lawsuits.
Until all potential whistleblowers feel safe within private organizations, American society and investors remain vulnerable to future fraud and large scandals.
In most cases, the Chief Compliance Officer (CCO) reports to the CEO or General Counsel. For example, even if Theranos had a robust compliance department, the CCO leading the team would most likely have reported to Elizabeth Holmes directly — giving her the opportunity to bury any evidence of fraud. To be effective, CCOs should have owner-type stake in the company or should be able to report to a broader range of stakeholders — such as the board of directors and independent board members. That way, it would be more difficult for a rogue CEO to hide fraud.
In the wake of the 2008 financial crisis, the SEC adopted additional whistleblower rewards programs that also apply to private subsidiaries of public corporations. For example, private subsidiaries are now subject to some of the whistleblower requirements under the Dodd–Frank Wall Street Reform and the Consumer Protection Act. However, there is a collective sentiment that these requirements are not sufficient. For real reform, the SEC should adopt stiffer requirements and clearer penalties, as well as provide greater clarity about violations that may result in sanctions for cases of less than $1 million.
Performing pre-investment and ongoing external compliance evaluations
Although most investors are aware of the risk-versus-return tradeoff, they should always perform uniform due diligence procedures over external compliance before investing in any private business — especially in the healthcare or technology industries. Such evaluations should be performed to the same standard as commercial due diligence and repeated annually.
“Tuning” risk management processes to economic cycles
Looking at the 90 large fraud cases over the last 50 years, the majority of fraud was caught within one year before or after a major market crash. That doesn’t mean the fraud only occurred then — just that market downturns exposed vulnerabilities and made the fraud more apparent. This proximity to market crashes points toward a problem with risk management, since they were discovered when investors were more focused on their investments.
Such a pattern indicates that if a more robust risk management process had existed during upward economic cycles, more fraud could have been identified in its earlier stages. Therefore, one lesson to learn from recent recessions is to tune risk management processes to be more aggressive during high-growth years.
A Warning to Private Companies
Should there be a new SOX–style regulatory framework for private companies? If fraud continues to increase in scope, impact and publicity, business leaders should expect increasing political calls for more regulation. Private company leaders who want to head off such requirements should take steps to demonstrate they can regulate themselves by protecting whistleblowers, engaging in routine external compliance audits and building cultures of transparency that consumers and investors can trust.
SOURCE: ACFE Insights – A Publication of the Association of Certified Fraud Examiners