Welcome to the 2019 McGrathNicol Advisory Forensic Forecast. The year ahead presents a number of challenges for organisations, driven by significant legislative and regulatory change. With upcoming state and federal elections, a slowing global economy and a technology driven ‘cold war’, there are unprecedented issues for businesses and government agencies to manage. We predict that the following seven topics will require attention from boards and management: Counter Foreign Interference, eDiscovery, Risk & Governance, Legislative Changes, Occupational Fraud, Cyber and Litigation.
01Counter Foreign Interference
01Counter Foreign Interference
TOP-TIER NATIONAL SECURITY RISK
Sweeping new foreign influence and foreign interference laws require action from businesses
Countering foreign interference has become a top-tier national security risk across developed countries, with particular focus on Russia, the People’s Republic of China and other authoritarian states. Interference, as distinct from legitimate and transparent forms of influence, involves activities that are covert (or deceptive), corrupting or coercive. Board members, executives and risk officers need to closely and systematically review their international collaborations and decision-making processes.
In June 2018 Australia introduced sweeping new foreign influence and foreign interference laws. The Foreign Influence Transparency Scheme Act (FITS) aims to ensure foreign government influenced activities are adequately disclosed. Board directors who engage in political influence while accepting money from foreign government related entities may have to register under the FITS scheme, depending on the structure of arrangements and the nature of activities. Similarly, individuals associated with university Confucius Institutes may have to register if they are engaging in political lobbying or public commentary. Penalties for failing to comply could be as high as seven years jail.
The National Security Amendment (Espionage and Foreign Interference) Act introduces a new crime of “foreign interference” and a series of tiered criminal provisions for espionage including economic espionage.
The two new laws are designed to complement each other and will add an important new dimension to the risk management frameworks of internationally-engaged businesses.
In 2019 there will be increased activity in managing related risks and organisations will be required to enhance their due diligence procedures. In preparation, over the past two years McGrathNicol has developed a specialist team to assist companies and agencies understand who they are dealing with.
FINDING THE NEEDLE IN THE HAYSTACK
Capturing and examining large data sets can be costly and arise with very little warning
In 2017 and 2018, McGrathNicol Advisory assisted 14 clients who were required to respond to Regulator Notices, Royal Commissions or Commissions of Inquiry. Of the 140 terabytes of data and 80 million documents collected and processed, less than 0.5% was relevant.
The key to identifying the 0.5% is a robust workflow managed from end-to-end, starting with initial data identification and scoping at one end, to delivery to the Commission or Regulator at the other. The most effective way to certify compliance with your obligations is to attest to the strength of the process undertaken. You can only have confidence in the final delivery if you have confidence at every stage.
We are already seeing organisations respond to the Aged Care Royal Commission, while others are also preparing for additional anticipated Royal Commissions. Regulator Notices are being issued more frequently and it is clear that the expectation on organisations to use eDiscovery processes and disclose documents appropriately is not changing. To ensure your organisation is prepared in 2019, we advise organisations to:
- understand your obligations;
- know where your information is and preserve metadata;
- use advances in analytics, machine learning and artificial intelligence as it will be faster, cost effective and more accurate;
- have access to resources and technology to meet tight deadlines; and
- engage experts with experience in dealing with Commissions and Notices.
The use of technology in investigations and disputes relies on a similar methodology. In the year ahead there is greater expectation that businesses will be capable of responding with accepted processes.
03Risk & Governance
03Risk & Governance
ROYAL COMMISSION, WHAT IS AHEAD
Minimalist approach to governance, risk and compliance places organisations under the spotlight
One of the key learnings from the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry was that good corporate governance and compliance are not mutually exclusive from an organisation’s ability to hit financial targets and meet shareholder expectations. Several iconic financial services brands have been placed under the spotlight and, as a result, have suffered because they demonstrated a minimal approach to governance, risk and compliance.
The findings from the Royal Commission should be applied to the broader business sector. What is clear, is the importance of ethical conduct. For example, does the remuneration framework encourage ethical behaviour? Is there active engagement between risk functions and the Board, and does the Board have visibility and oversight of engagement with key regulators such as the ATO, ASIC and APRA?
The challenge for Boards is to be able to demonstrate proactive oversight of their organisation’s risk culture. Boards should be placing more focus on “people risk”, and the hidden attitudes and behaviours of employees and managers that are often found at the heart of recent corporate scandals.
Organisations that do not have the appropriate focus on risk culture may be exposed to significant financial and reputational damage.
While many organisations have relied on internal resources to plan and execute frameworks, the regulators are now relying on independent assessment and reports, which provides additional comfort to Boards and Executives. We see this theme continuing throughout 2019 in response to increased regulatory activity.
MAJOR UPDATES TO LEGISLATION
Important legislative changes that companies will need to address in 2019 that have not had significant publicity
The headlines from the Financial Services Royal Commission throughout 2018 saw legal and compliance practitioners focussed on the hearings and subsequent findings. With a final report now issued, we await subsequent legislative changes. Other important legislation that has not had the same level of publicity will also have an impact on businesses in 2019.
Modern Slavery: Australia’s Anti-Modern Slavery Legislation is fundamental to the eradication of human rights abuses within the workforce and entities with annual revenues of more than $100 million are now required to publish annual modern slavery statements. Gaining full transparency over complex, multi- tiered, multi-jurisdictional supply chains can be tricky. A strategic anti-modern slavery compliance framework, which includes enhanced due diligence procedures and clear communication protocols, is required.
Whistleblower protection: The Treasury Laws Amendment (Enhancing Whistleblower Protections) Act will take effect in mid-2019. This significant piece of legislation requires public and large private companies to develop and communicate a Whistleblower Protection Policy and provides a defence for Corporations that have a Whistleblower Protection Policy. Getting it wrong now has more than just a reputational cost.
Foreign Bribery: The Crimes Legislation Amendment (Combatting Corporate Crime) Bill 2017 remains before the Senate, with an expectation it will pass in 2019. It strengthens Australia’s foreign bribery offence and introduces a new corporate offence of failing to prevent foreign bribery and a Deferred Prosecution Agreement (DPA) scheme for serious corporate crime.
Foreign Interference: Foreign Interference legislation is discussed at Article One.
FRAUD RESEARCH HELPING MANAGE RISK
Understanding rationalisation is providing businesses with knowledge to enhance fraud and risk management
An understanding of how fraud offenders rationalise their behaviour is critical for comprehensive fraud and corruption risk management. Auditors, Board members, Executives and those charged with mitigating and investigating fraud will benefit from a working knowledge of how offenders rationalise initially, how rationalisations change over time and the types of organisational interventions that may undermine the ability of offenders to rationalise their behaviour.
Over the past five years McGrathNicol’s Financial Crime Exchange (FCX) has collaborated with the University of New South Wales (UNSW) in a major research project into occupational fraud, the results of which will be published in 2019.
The research investigates the nature of rationalisations employed by workplace fraud offenders. First-hand accounts of how and why frauds were committed from convicted workplace fraud offenders are providing critical information to Professors Clinton Free and Paul Andon who have conducted interviews with over 50 fraud offenders.
While rationalisation is one of the three foundational elements of the fraud triangle (together with opportunity and motivation), it is the least understood and has received little attention in past research. The preliminary results reveal that the common rationalisations used by offenders in practice are either an intention to “pay it back” (temporary loan), the opinion that “no one will get hurt” as a result of their offending (harm minimisation) and “blaming others” for their behaviour, typically suggesting others coerced, provoked or enabled the fraud.
In conjunction with UNSW, our FCX will provide updates throughout 2019 and clients can request briefings.
Join the eXchange at mcgrathnicol.com/fcx.
GETTING THE BASICS RIGHT
Cyber is now out of the shadows, is your business prepared?
In 2018 the Director General of the Australian Signals Directorate, Mike Burgess, took a significant step in bringing cybersecurity out of the shadows and into the mainstream. During a public address in Canberra, Burgess debunked the “only for the technical” myth and focussed on the importance of getting the basics right and knowing the value of your data. He also mentioned that most incidents could have been avoided if cyber risk management was taken seriously.
So, why are so many businesses in Australia still not doing the basics well, or even at all?
- Distraction: pursuit of transformation, innovation and disruption without empowering a good cyber hygienist as part of your team, fearing a “roadblock” scenario.
- Complacency: an over-confidence in being able to deal with issues as they arise, without attempting to protect information or avoid preventable and repeat incidents.
- Visibility: allowing the proactive voice of cyber-reason to be drowned out by the many other voices that feature in any competitive business landscape, only to single out blame when an incident occurs.
- Leadership: not having regular, informed discussions about the impact of potential cyber related issues at the most senior and influential levels in your business.
The challenge is to enable Boards and senior business leaders to discuss cyber with meaning and ask the hard questions that drive accountability and demand forethought.
Cyber very quickly lands in the boardroom when connected to an incident. With continued cyber attacks expected in 2019 it is critical to understand what your business is doing to prevent and manage cyber risks.
REGULATORY FOCUS TO ALTER LITIGATION LANDSCAPE
Heightened regulatory focus and financial stress will change the volume and mix of litigation
We expect to see increased litigation following the findings of the Royal Commission, which coincided with calls for ASIC to take a harder line in its regulation of the industry.
The rapid growth trajectory of class actions in Australia may be moderated somewhat, should the Australian Government implement the 24 recommendations arising from the Australian Law Reform Commission’s recent Inquiry into Class Action Proceedings and Third-Party Litigation Funders. Many of those recommendations support more extensive court oversight of representative proceedings and litigation funding arrangements, while another calls for a review of the substantive law in relation to continuous disclosure obligations and misleading and deceptive conduct.
Under the current legal regime, class actions could surge if companies’ earnings guidance and other disclosures fail to keep pace with economic reality in the event of a downturn. Many commentators are pointing to indicators of looming economic stress in Australia, ranging from international fallout from “Brexit” and a US-China “trade war”, to local drivers such as tighter lending criteria, mooted changes to negative gearing, and downside risk to real property values.
Previous periods of market turmoil have seen increases in many types of disputes, including those related to insolvency, insurance, shareholders and commercial disputes between parties.
Integrity concerns were at the heart of both the Royal Commission and the ALRC Inquiry. Lessons learned will cause regulators, courts, and parties involved in disputes to place a higher value on independence when it comes to the selection of experts. Experts’ objectivity may be questioned where the business relationships of audit, tax, legal or consulting arms of their firms create actual or perceived conflicts of interest.