“A fool and his money are soon parted” goes the centuries’ old saying. In relatively recent times, reasonable and responsible persons have also suffered on account of newer forms of fraud that have emerged. Human ingenuity, coupled with a devious and deceptive mindset, has led to even technology being put to use to perpetrate fraud on unsuspecting persons. The ubiquitous cell phone, which has over time become a part of the anatomy of most persons, contains two sets of messages each day. One set comprises the exhortations from banks, financial institutions and other intermediaries, stating that their constituents should guard against frauds being committed because of negligence, or by parting with information to persons who had no legitimate need for that information. The longer set of messages are the very tempting and persuasive messages from fraudsters of different kinds, promising benefits in different forms, to those that respond to their messages. It is important for such persons, as are tempted by such messages, to remember that “grief” comes only a few pages after “greed” in the dictionary.

Prevention of fraud of all types, and at all levels, is a herculean task that is almost impossible of performance. No matter what checks and balances are put in place, there will be some ill-intentioned person trying to exploit systemic gaps that are some times visible only to persons with dishonourable intent. Notwithstanding this realisation, it is necessary that frauds should not only be sought to be prevented, but should also lead to quick and effective punishment that serves as a disincentive or a deterrent for persons similarly inclined.

In the corporate world, it is often said that most frauds take place in the subsidiaries of large parent companies. The reason is not far to seek. Parent companies, which almost always are listed, are subject to strict regulations and reporting requirements, that make it relatively more difficult for frauds to be perpetrated. Subsidiaries and associate companies, some of which might be unlisted, and therefore subject to a lesser degree of scrutiny and regulation, afford a potential fraudster more freedom of action, with a relatively higher degree of success.

Lawmakers and regulators have, over the years, and acting on the basis of experience derived from information, put in place a number of procedural and substantive requirements to address the possibility of prevention of frauds. There is no gainsaying the fact that prevention is always better than cure. However, when one starts with the assumption that prevention cannot be guaranteed, it becomes increasingly necessary to have the best curative practices.

Modern economies exist on the basis of disclosure regimes that factor in transparency and create trust. Disclosures are required to be complete and correct, and should on no account be delayed. Those tasked with providing leadership at the Board or the committee level, should act, on the information that is made available, in such a manner as to come down heavily on the perpetrators of the fraud. If the attitude of Boards and committees is lackadaisical, and is based on the misguided belief that the problem, if ignored, will disappear, the stability of the institution will be seriously threatened.

Responsibility and accountability are non-negotiable requirements on the part of those who are in leadership roles, individually or collectively. The law recognises this very clearly when it states that the Directors have to certify that they have put in place internal control systems that are adequate in the context of the corporate entity.

Every fraud, whether committed or attempted, should give rise to the basic question whether there was a loophole or a lacuna that was exploited, or whether there was human failure, connivance or collusiveness on the part of those tasked with fraud prevention. Corporates cannot afford the luxury of the fence eating the crop.

In a recent move that should ordinarily have far reaching implications, SEBI has mandated that whenever a forensic audit (by whatever name called) has been initiated by a listed company, a disclosure shall be made to the Stock Exchanges, indicating inter alia the reasons for initiating the audit. It has also been made mandatory for the final forensic audit report, along with the comments, if any, of the management, to be disclosed to the Exchanges. The words “by whatever name called” would seem to indicate that SEBI had anticipated that such audits would be undertaken, but would not be described as forensic audit, in order to avoid making the necessary disclosures. Even with this clarification, it is understood that some such enquiries undertaken by the managements, either by themselves, or through external agencies, remain undisclosed because they are not labelled forensic audits.

On whom does the responsibility lie for prevention of frauds? At the first level, prevention of frauds, by putting in place appropriate checks and balances, and control mechanisms, is the responsibility of the management. As stakeholders in ensuring both sustainable performance and the avoidance of reputational risks, managements must, on a continuing basis, examine whether the checks and balances need to be further strengthened, to improve the chances of fraud prevention. Internal audit is yet another mechanism to prevent frauds, by pointing to the lacunae that exist in the standard operating procedures (SOPs), and other similar prescriptive arrangements. The risk management function, while compiling the risk register, in collaboration with the business heads, should also be on the lookout for possible systemic weaknesses that can lead to frauds.

Audit Committees (ACs), do not by themselves, have any way of being among the first recipients of information relating to frauds. To address this, a robust whistleblower mechanism should be put in place, so that persons, who have the interests of the company at heart, reach out to the AC, or to the Chair of the AC, with detailed information regarding the possibility of a fraud. A guarantee that the anonymity of the whistleblower would be protected, would lead to more whistleblower complaints, with more reliable and verifiable information. On receipt of information, whether through the whistleblower mechanism, or otherwise, it is incumbent on the AC to undertake a detailed fact-finding exercise, if necessary, by engaging outside experts for the purpose. Urgency should be attached to this matter, and on receipt of the findings, the concerned persons in management should be tasked to take effective remedial action, both by way of systemic improvements, and by way of severe punishment being meted out to the perpetrators of the fraud.

Statutory auditors, in their standard presentations, require the management to bring to their notice, any frauds that are either suspected, or have already taken place. However, they should not passively wait for such information. In their interaction with the finance teams, and some of the business functionaries, they should keep their eyes and ears open for any leads that they might pick up regarding potential or completed frauds. Sitting back, and waiting for information on frauds to come to them, is inconsistent with high professional standards. Ex-officio cynicism should lead them to identifying potential frauds.

The role of the Board cannot be overemphasised. As the custodians of Corporate Governance, and as the conscience keepers of the corporate entity, the Board of Directors should ensure that adequate attention is given to both fraud prevention and fraud detection. As the collective entity that is responsible for promoting a culture of compliance, the Board should articulate and reinforce zero-tolerance of shortcuts, leading to mishaps and worse. Directors, both executive and non-executive, are also responsible, in their individual capacity. Every Director has the responsibility of acting in the interest of the company and its various stakeholders. Clearly, looking out for possible frauds, identifying them, if possible, at the incipient stage, and reporting them promptly, is one aspect of acting in the interest of the company. Turning a blind eye could invite disaster. As for Independent Directors (IDs), they need to look no further than Schedule IV of the Companies Act, 2013 for their guidance. The duties of IDs, inter alia, require them to “report concerns of unethical behaviour, actual or suspected fraud, or violations of the Company’s code of conduct or ethics policy”.

The prevention of frauds is critical for the healthy existence of any corporate entity. Both the financials and the reputation of the entity could be severely impacted if a fraud takes place. Serious frauds might sometimes have the effect of threatening the existence of the company.

Fraud prevention is not a matter in which any stakeholder in the system can pretend that it is the responsibility of some other stakeholder. This is a responsibility that must be commonly owned and shared. It is conceded that “everybody’s business is nobody’s business”. That should not however translate into locating this responsibility in one or two entities or functions, with others completely oblivious of their role in the matter. The strongest chain is as strong as its weakest link. A single fraud of significant proportions will erode trust and mutual confidence, and will create an atmosphere in which business cannot be carried out as it is intended to be.

THE STORY SO FAR…
Some provisions relating to fraud

THE COMPANIES ACT, 2013

Section 134 – Financial statement, Board‘s report, etc.

(3) There shall be attached to statements laid before a company in general meeting, a report by its Board of Directors, which shall include
(ca) details in respect of frauds reported by auditors under sub-section (12) of section 143 other than those which are reportable to the Central Government

(5) The Directors‘ Responsibility Statement referred to in clause (c) of sub-section (3) shall state that—
(c) the directors had taken proper and sufficient care for the maintenance of adequate accounting records in accordance with the provisions of this Act for safeguarding the assets of the company and for preventing and detecting fraud and other irregularities;

Section 143 – Powers and duties of auditors and auditing standards

(12) Notwithstanding anything contained in this section, if an auditor of a company in the course of the performance of his duties as auditor, has reason to believe that an offense of fraud involving such amount or amounts as may be prescribed, is being or has been committed in the company by its officers or employees, the auditor shall report the matter to the Central Government within such time and in such manner as may be prescribed.

SEBI LODR REGULATIONS, 2015

Regulation 17(8)

The following compliance certificate shall be furnished by chief executive officer and chief financial officer:
B. There are, to the best of their knowledge and belief, no transactions entered into by the listed entity during the year which are fraudulent, illegal or violative of the listed entity’s code of conduct.
D. They have indicated to the auditors and the Audit committee
(3) instances of significant fraud of which they have become aware and the involvement therein, if any, of the management or an employee having a significant role in the listed entity’s internal control system over financial reporting.

Regulation 18(3)

Part C: Role of the Audit Committee and review of information by Audit Committee

A. The role of the audit committee shall include the following:
(15) reviewing the findings of any internal investigations by the internal auditors into matters where there is suspected fraud or irregularity or a failure of internal control systems of a material nature and reporting the matter to the board.

Regulation 30

A. Events which shall be disclosed without any application of the guidelines for materiality as specified in sub-regulation (4) of the regulation (30):6. Fraud/defaults by the promoter or key managerial personnel or by listed entity or arrest of key managerial personnel or promoter.