![Construction of corporate anti-fraud compliance system [Zhuhai Lawyer, Zhuhai Legal Consulting, Zhuhai Law Firm, Jingshi Law Firm, Jingshi Zhuhai] Author: Lawyer Luo Wenlong, Wang Yali, Jingshi Shanghai Branch, cheating refers to the act of internal and external personnel using i - DayDayNews](https://cdn-dd.lujuba.top/img/loading.gif)
[Zhuhai Lawyer, Zhuhai Legal Consulting, Zhuhai Law Firm, Jingshi Law Firm, Jingshi Zhuhai]
Author: Lawyer Luo Wenlong of the Shanghai Branch of Jingshi, Wang Yali
fraud refers to the act of internal and external personnel using illegal and irregular means to seek improper personal benefits and damage the legitimate company's economic interests; or seeking improper company economic benefits, while also bringing improper benefits to individuals. Anti-fraud compliance is a key area of internal compliance for enterprises. Large group companies such as ZTE , Tencent , Huawei , JD , Alibaba and other craft corresponding internal policies. The purpose of building an anti-fraud compliance system is to reduce the occurrence of fraudulent behaviors while dealing with various fraud risks that may occur at any time through complete internal regulations and response mechanisms. This article will briefly explain how to build an enterprise anti-fraud compliance system from three aspects: anti-fraud compliance management system , risk monitoring system and reporting and complaint system .
1. Anti-fraud compliance management system
Anti-fraud compliance management system is the basis for building the compliance system and is a typical pre-compliance. It is planned to reduce the occurrence of fraud through complete compliance systems, excellent corporate culture, etc. The compliance management system includes three parts: one is the compliance management organization; the second is the compliance system; and the third is the corporate compliance culture.
(I) Compliance management agency
Anti-fraud compliance As a key area of corporate compliance, a special anti-fraud compliance department or team should be established. When forming this department or team, the following two principles should be followed:
First, the principle of relative independence. Whether it is the underlying employees or the management, fraud may occur. The purpose of anti-fraud compliance is to ensure that the following measures can be achieved when necessary and the relevant fraud personnel can be punished, thereby safeguarding the overall interests of the company. Therefore, when establishing a department, the principle of relative independence must be followed to ensure that it can control fraud behaviors of all employees of the company, including management, and will not be subject to multiple constraints when carrying out anti-fraud work.
From the perspective of the entire organizational structure, the anti-fraud compliance system should be an integral part of the enterprise's large-scale compliance system. On the premise that the compliance management committee has been established, the anti-fraud compliance department should be affiliated with the compliance management committee. However, based on the differences between anti-fraud work relative to special compliance such as tax compliance, import and export compliance, it is necessary to ensure that its authority can cover all employees of the company, and the upper limit is not capped. Therefore, the department must be relatively independent. Many large group companies have specially set up first-level anti-fraud compliance departments. For example, Alibaba established the "Integrity Compliance Department" in 2012. The department specializes in corruption investigation, prevention and compliance management, and only reports to the group's chief human resources officer, and remains fully independent from other business departments and is not subject to its interference.
JD's "Internal Control and Compliance Department" is known as JD's most "ruthless" department. It directly reports to the group CEO, and has the independence and objectivity of reporting acceptance and investigation work in terms of governance structure. Tencent’s Anti-Fraud Investigation Department will also emphasize its independence when accepting reports. For example, the "Sunshine Committee" of Meituan , the "Supervision Department" of Xiaomi , the "Enterprise Discipline and Professional Ethics Committee" of ByteDance, the "Professional Ethics Construction Department" of Baidu , and the "Ethics Committee" of 360, in order to ensure the effectiveness of anti-fraud work, companies and enterprises will ensure that their authority is sufficient and relatively independent when setting up departments.
Second, professional principle. types of professional fraud can be roughly divided into three categories: one is corruption, including bribery, illegal gifts, conflicts of interest, etc.; the second is asset embezzlement, which is often manifested as abuse of invoices to reimburse false expenses, embezzlement and resell company assets, etc.; the third is fraud in financial statements, such as recording false sales to increase income, exaggerating expense accounts to pay less taxes, etc. Most of the above behaviors are concealed and professional. When forming an internal team, it is necessary to ensure its professionalism. It can absorb professionals from former public security, former procuratorate, and audit, finance, procurement and other business departments to form a professional and compound team to facilitate the response to possible difficult and complex fraud cases. For example, Baidu's "Professional Ethics Construction Department", the core members of the department are professionals who have been engaged in the internal audit of , prosecutors, police, etc., and are highly professional.
When internal formation has shortcomings and obvious internal investigations are insufficient, it is necessary to introduce professional third-party institutions, such as professional anti-fraud lawyer teams. In the anti-fraud process, they are often more objective and neutral, and are more professional, skilled, more efficient, and easier to achieve results.
(II) Anti-fraud management system
If you want to achieve standardized governance of enterprises, you must formulate corresponding management systems, and anti-fraud compliance must also be followed. Anti-fraud management system generally contains the following seven aspects: (1) the purpose, concept and form of anti-fraud work; (2) the responsibility of anti-fraud; (3) the prevention and control of fraud; (4) the reporting, investigation and reporting of fraud cases; (5) the permanent institutions and functions of anti-fraud work; (6) the guidance and supervision of anti-fraud work: (7) the remedial measures and punishment of fraud.
anti-fraud management system is a framework-based and general provisions for the anti-fraud management of enterprises at the overall level. This provision should be provided in writing to all directors, supervisors, senior management personnel and other employees of the company, and should be archived in the internal office system of the company for all personnel to view at any time. At the same time, attention should be paid to public disclosure to the public through appropriate channels to facilitate partners, customers, and the public to know the relevant system content.
(III) Enterprise compliance culture
The ultimate goal of enterprises in carrying out anti-fraud compliance work is to actively prevent the occurrence of fraud. Reward reporting, conducting anti-fraud investigations, internal punishments or transferring them to judicial authorities can only be said to be post-remediation. From the perspective of safeguarding the interests of the company, preventing problems before they happen is far better than repairing the situation. To achieve active prevention of fraud, we must pay attention to corporate culture construction. Whether it is the "clean JD.com and zero tolerance for corruption" advocated by JD.com, or Huawei's "EMT Self-Discipline Declaration" are all corporate culture and corporate values. Regarding how to form a positive corporate value, the author believes that we should start from the following two points:
First, senior management attaches great importance to it. Anti-fraud compliance itself is top-down, and corporate values often come from the values of core leaders. Carrying out anti-fraud work also requires the support of senior management. Therefore, as corporate senior management, they must pay attention to corporate culture construction. They should formally and continuously express their opinions to all corporate personnel with practical actions (conferences, speeches, announcements, document signing, etc.). The so-called upper beam is not straight and the lower beam is crooked. If the core leaders of the enterprise themselves do not establish a correct value, the anti-fraud work will inevitably be difficult to carry out.
ZTE included "high-level attention" as one of the eight elements when building an anti-bribery management system. The high attention of senior management is not only reflected in its own compliance operations, compliance decisions, and responsibility for the compliance of the business under its jurisdiction, but also includes the improvement of compliance awareness and cultural cultivation, and the company's senior management practices. The construction of anti-fraud compliance culture must start from the top, and the top leaders of enterprises must realize that only in the sunshine can all things thrive.
second, anti-fraud training. training is the key to achieving full coverage of corporate anti-fraud values from top to bottom, including regular training for the board of directors, headquarters and branch management, strengthening corporate culture, professional ethics, conflicts of interest and reporting channels in new employee induction training, as well as anti-fraud-related training for external business partners, etc., to ensure that internal and external personnel understand the company's anti-fraud regulations and internal control measures. In the process of handling criminal cases, defense lawyers often emphasize the illegality of the suspect. Within the company, we must continuously strengthen the anti-fraud awareness of the company's management and employees, so that values such as "integrity", "openness" and "transparency" can be integrated into the company's management and culture.
2. Risk monitoring system
Risk monitoring system is one of the three pillars of building an anti-fraud compliance system, mainly including the following three aspects:
First, identification and early warning of fraud risks. Risk identification refers to the process in which an enterprise finds whether there are risks and what risks are there in each business unit, important business activities and their important business processes. Enterprises should comprehensively and systematically sort out the fraud risks in business management activities, systematically analyze, identify and predict the possibility of risks, impact degree, potential consequences, etc., and issue warnings in a timely manner for typicality, universality and risks that may have serious consequences.
Enterprises should comprehensively consider the internal and external environment and main business aspects to which they belong to to identify key areas where fraud risks may occur. If necessary, they can entrust external consulting agencies, law firms or accounting firms to assist in effectively identifying fraud risks.
Second, monitoring and evaluation of its own compliance effectiveness. enterprises should regularly monitor the effectiveness of their anti-fraud compliance management, comprehensively consider changes in the internal and external environment of the enterprise and the fraud loopholes found, and correct and optimize the anti-fraud compliance management system. This kind of monitoring is often done through risk assessment, which can be carried out by the internal compliance management department of the enterprise, or external third-party professional institutions can be hired to conduct the assessment, and the enterprise management will take policy or procedural remedial measures for the compliance risks found in the risk assessment.
Third, take timely and effective control and disposal measures for the occurrence of fraud risks. The core issue of this part is "accountability", which includes both internal punishment and external judicial transfer.
internal punishment mainly starts from two levels: One is appropriate internal rewards and punishments. The departments and employees who have discovered fraud will be punished as necessary, and the decision will be made on whether to adopt disciplinary measures will be made. The contract can be terminated if necessary. At the same time, the departments, employees and reporting personnel who comply with the compliance plan will be rewarded and encouraged; the second is the correction and update of the internal compliance system. Analyze and evaluate the fraud that occurs, determine the main causes of it, and continuously monitor the effectiveness of the compliance system through self-assessment, internal audits, internal and external reporting, regularly review the entire anti-fraud framework, discover loopholes and correct them in a timely manner. For the correction of the compliance system, enterprise employees and external relevant personnel should be trained and communicated in a timely manner.
External judicial transfer is an option but not a necessary option. Enterprises can decide whether to transfer the relevant responsible persons to judicial organs based on their own needs and specific fraud circumstances. External judicial transfer has always been the focus and difficulty of anti-fraud work. Professional personnel need to be involved in the collection of evidence and good communication with local public security, procuratorial and judicial organs. When forming a compliance team, enterprises must consider the professional capacity building of the team and can hire external lawyers to strengthen if necessary.
33. Anti-fraud reporting and complaint system
Reporting and complaints are one of the most efficient ways to obtain fraud clues. The 2020 ACFE (Association of Certified Fraud Examiners) anti-fraud investigation report shows that 44% of fraud cases were discovered through the reporting hotline, 15% of case clues came from internal audits, and 11% of case clues came from managers’ review. Therefore, the reporting and complaint system is a key link in building a complete anti-fraud compliance system. The following will discuss how to formulate a complete reporting and complaint system from three questions:
(I) How to set up a reporting channel?
When setting up reporting channels, the principle of taking both internal and external into consideration and openness and smoothness should be followed. Enterprises can set up appropriate reporting channels based on their own work patterns, communication practices, etc., to ensure that whether they are internal employees or external relevant personnel, they can report or complain through corresponding channels when they discover or suspect clues of fraud. When setting up reporting channels, pay attention to the flexibility of reporting channels, information confidentiality, anonymity and ease of use. Currently, the most common reporting and complaint channels are set up for special reporting and complaint emails, complaint websites, WeChat official accounts, reporting hotlines, mailboxes, etc.
At the same time, the choice of the recipient of the report information is particularly important. If the choice is improper, it may directly lead to the invalidation of the entire reporting system. When selecting a message recipient, you should pay attention to the following two points:
First, the person receiving the reported information should have sufficient independence , and the person with the personnel in the high risk of fraud should absolutely avoid direct or indirect interests of the person with the personnel of the department with high risk of fraud. When ensuring that they can be protected from improper intervention after receiving the information, they can consider managing it on multiple lines to ensure that they can handle it properly after receiving the relevant information;
Second, the person who performs this function must have relevant legal knowledge or financial background, and have undergone systematic training to be competent for the work. If necessary, you can choose to set up an external independent reporting channel, with a professional team of lawyers as the recipient of the reporting information, and lawyers as professionals can conduct more accurate and professional assessments and plans for the legal risks that may be involved in the clues, and after obtaining the clues, they can conduct in-depth explorations to eliminate other improper interventions. For example, ZTE specially hired external law firms to provide special reporting services as independent third parties.
(II) How to collect and process reporting information?
First, you can formulate a standardized format for reporting information to improve the efficiency of information collection and organization. companies can set corresponding formats for reporting information according to their own specific circumstances, such as the basic information of the reporter, the type of reporting incident, the project information that may be involved, the relationship with the company, the corresponding evidence materials, etc. Of course, this formatting requirement should not be mandatory, otherwise it will put the cart before the horse, hindering the company's acquisition of fraud clues.
Second, establish a registration book for fraud matters and conduct preliminary screening, classification, and hierarchical registration of fraud matters and clues you have. starts from the principle of confidentiality, and strictly implements the confidentiality system for the registration book. Only access channels are opened for specific personnel within a limited scope to avoid information leakage and premature alarm.
Third, analyze the fraud clues and determine the specific action plan. For reported matters, the corresponding anti-fraud agencies should conduct a comprehensive analysis and evaluation, focusing on the importance and sensitivity of the matter. Before determining the specific action plan, the corresponding person in charge should be reported to the size of the case, the level of the employee involved, the sensitivity of the matters involved, etc., and then the action should be taken after the internal case is filed.
(III) How to protect the whistleblower?
According to the provisions of the "HTM3 Basic Standards for Internal Control of Enterprises" formulated by the Ministry of Finance, together with the China Securities Regulatory Commission, the Audit Office, and the China Banking and Insurance Regulatory Commission in 2008, enterprises shall establish a whistleblower protection system and shall promptly convey it to all employees. Protection of whistleblowers is the key to ensuring the effective operation of the reporting and complaint system. Enterprises must pay attention to and strictly protect the safety of whistleblowers. Overall, whistleblowers can be protected from three aspects.
First, strictly keep the whistleblower information confidential. can hire external independent third-party institutions to store confidential information, and strictly restrict internal personnel and related personnel from accessing such information.
Second, reward legitimate reporting behavior and provide full protection for the whistleblower. companies can give rewards to whistleblowers based on specific circumstances, such as issuing bonuses, promotions, etc., and decide to publicly or not to publicly commend and rewards based on actual circumstances. In addition, for external personnel reporting, they can also be provided with corresponding guarantees or rewards based on actual conditions.
Third, retaliation or improper treatment of whistleblower is strictly prohibited. When the whistleblower and his family face harassment, discrimination, inappropriate labor handling, improper civil lawsuits or criminal complaints for the reporting behavior, the enterprise should intervene in a timely manner and severely punish it. If it touches the law, it should be handed over to the judicial authorities for handling. If necessary, the whistleblower should be compensated accordingly, mental health consultation services should be provided, etc.
lawyer introduction
Lawyer Luo Wenlong, member of the Management Committee of the Shanghai Branch of the Beijing Shipping Branch, executive director of the Professional Steering Committee of Criminal Cases, director of the Criminal Civil Intersection Legal Affairs Department, and director of the Corporate Compliance Research Center of the Criminal Committee of the Beijing Shipping Branch.
