The regulation paradox, fraud triangle and honor system
By JIM NORTZ - 4/3/2009
On the day when Bernard Madoff pleaded guilty to one of the largest swindles in world history, I had the pleasure of speaking with a local radio newsman. One of the questions he asked was whether I thought additional regulations would help prevent similar scandals in the future. Although it may have sounded a bit strange coming from a compliance and ethics professional, I said I did not think additional regulations would be likely to make much difference.
In support of this conclusion, I cited the Sarbanes-Oxley Act of 2002, known as SOX, and the billions spent by both the public and private sectors in responding to its mandates. I was directly involved in implementing SOX financial controls at two multinational corporations, and I think that when properly implemented, such controls can materially reduce a company's fraud risks. However, we now have more than six years of data regarding SOX's impact on corporate fraud on a national level, and the results are not encouraging.
Every two years, the Ethics Resource Center performs a national business ethics survey. The most recent survey report, issued in 2007, observed that misconduct levels in U.S. businesses were back to pre-Enron levels. The data also show no change in the level of observed occupational fraud since 2000.
Further corroboration of SOX's failure to materially reduce levels of occupational fraud can be found in the Association of Corporate Fraud Examiners' 2002 and 2008 reports to the nation. In its report in 2002, the year SOX was enacted, ACFE estimated that U.S. businesses would lose 6 percent of revenue that year as a result of occupational fraud. Applied to the U.S. gross domestic product, this translated into losses of roughly $600 billion. In its 2008 report, ACFE estimated that U.S. organizations would lose 7 percent of annual revenue to fraud for the year, amounting to losses of approximately $994 billion.
This result is both disappointing and paradoxical. How could sweeping regulation have yielded no measurable reduction in the kind of fraudulent activity it was designed to prevent? The answer might be found in additional data on the manner and extent to which SOX controls have been implemented in U.S. corporations. However, until this data is gathered, I think some insights can be found by a consideration of the "fraud triangle" and by a recognition that business operates on the honor system.
The fraud triangle
The "fraud triangle" is a term used to describe key conditions for the occurrence of fraud: need, opportunity and rationalization.
In fraud prevention, it has long been recognized that it is possible to control only one of these three conditions. There will always be people who perceive a "need" for more money, and there is no way to control the human mind's innate ability to rationalize almost any course of action. All that can be done to reduce fraud risk is to take away the opportunity to commit it.
Given this reality, more regulations are not likely to help. No matter how well crafted, new rules are likely to be no more effective in preventing fraud than additional speed limit signs on I-490 are likely to get people to drive 55 mph. The problem is not that fraudsters don't know the rules. The problem is that regardless of what the rules say, there is always ample opportunity to violate them, because business generally is conducted on the honor system.
The honor system
Because the vast majority of us respect the law and play by the rules, we tend to overestimate the law's power to regulate behavior. Just as a commuter on I-490 can violate the speed limit with impunity for decades with a very low probability of being caught, business people can do the same with regard to virtually any law. Although regulations play a vital role, they generally have an impact only on the behavior of the law-abiding, who choose to operate their businesses honorably even when no one is watching. More regulations are unlikely to stop the next Bernard Madoff, someone bent on breaking the rules for his own advantage.
Even though more regulations may not be the answer, there are concrete steps that can and should be taken to reduce corporate fraud risk. Just as state troopers with radar guns have a greater impact on drivers than speed limit signs, "cops on the beat" at work have the most impact on would-be fraudsters.
Additional enforcement resources on both the state and federal levels might help. But by far the most effective "cops" are educated employees, managers and directors. The ACFE reports that tips from employees account for nearly 50 percent of all detected corporate frauds. By comparison, only 3 percent are detected by regulators.
If you are interested in reducing the risk of fraud at your firm, you need not wait for Washington or the state Attorney General's Office to act. You can start right now by educating your directors, your management team and your employees about how to recognize and report occupational fraud. This work is more important than ever, because hard economic times such as these present elevated risks of both individual and systemic efforts to defraud companies and investors.
Jim Nortz is compliance director at Bausch & Lomb Inc. and is a member of the Rochester Area Business Ethics Foundation. The opinions expressed in this article are Nortz's alone and may not reflect those of Bausch & Lomb or the RABEF. For more information about the RABEF, visit: www.rochesterbusinessethics.com. Nortz can be reached at 260-8960 or firstname.lastname@example.org.
04/03/2009 (C) Rochester Business Journal