One of our customers calls T&E “the window into the soul of a company.” Viewed from a corporate compliance perspective, particularly through a bribery and corruption lens, T&E is potentially the soft under belly of a company. Tom Fox’s April 22 blog, “Gifts, Travel and Entertainment under the FCPA – Part I” outlines the ongoing debates on handling gifts and entertainment. 1) Pre-approvals based approach on rules for spending, or 2) a values-based approach supported by training and monitoring.
T&E is arguably the easiest path for employees to take cash out of a company. While controls are in place based on the controls of corporate credit card programs and expense management systems supplemented by management approvals, the reality is that T&E systems are meant to be flexible to the needs of employees and efficient in the reimbursement process. Most organizations place a heavy reliance on management approval to control expenses and ensure compliance with corporate policy. Many supplement this control with manual audit and review efforts that review anywhere from 10% of an organization’s expense reports to 100%. This is a costly and inefficient approach since over 95% of the work is effectively false positives since reviewers are looking at compliant transactions in their quest to uncover non-compliant transactions.
All organizations have policies covering T&E and most also have at least de facto values-based reviews by approving managers. From an anti-bribery and corruption compliance perspective, the only difference is whether to add an additional compliance layer of pre-approval beyond limits or concentrate efforts around training and monitoring of values-based management. In either case it makes sense to inspect what you expect.
Rules are the basis of every corporate T&E program and travelers are accustomed to them. Preferred lodging and car rental providers are embedded into the rules as are regulations regarding the class of airline service, receipt limits, corporate credit card policies, etc. Our customers find that policy violations go down as much as 70% in the first six months of monitoring and analysis at the transaction level. Much of this gain is due to the “Hawthorne Effect”. People behave differently when they know they are being observed. But there is also an impact from company follow up on violations that were not identified by the approving manager. Misclassifications like the Coach handbag that is expensed as a train ticket, the same dinner expensed in two different reporting periods, and the weekly grocery shopping trips on Sundays are easier to identify and address.
Rules-based approaches to compliance have a tendency to become self-fulfilling prophecies. The Chief Compliance Officer (CCO) of a global oil field services company recently shared with me a failed rules-based approach his company implemented a few years ago. This company had suffered from the use of agents and facilitators in high-risk countries. To address this issue, the Chief Financial Officer (CFO) required that all new vendors categorized as “agents” or “facilitators” would need to be approved by the CFO. Not surprisingly, there were no new vendors categorized as “agents” or “facilitators”. The CCO was confident that the root cause had not been addressed since enterprising employees would choose a different vendor type. Similarly in T&E, requirements for pre-approvals will largely result in transactions falling below the threshold for pre-approval. The purchase of 12 World Cup tickets will be split into three purchases of four tickets apiece. The condominium rental in Sao Paulo for World Cup attendees will be split into multiple transactions and classified as “lodging”. And out-of-pocket expense claims will increase in order to generate cash to provide to World Cup guests. Automated monitoring and analysis will identify these circumventions of policy. Pre-approval policies may not.
Tom wrote two additional blogs on this topic, “Gifts, Travel and Entertainment under the FCPA – Part II” and “Gifts, Travel and Entertainment under the FCPA – Part III”. These blogs include guidance and examples. This additional information is instructive and useful, but I think it’s most useful when a company can benchmark the theory of its policies against the realities of its transactions and then compare the results to guidance. Automated monitoring and analysis solutions provide this benchmarking of theory and reality like nothing else can. Knowing what is expected is one thing. Knowing what has actually happened is another. That’s why our mantra at Oversight is, “Inspect what you expect.”
Solutions like these have impacts on anti-bribery and corruption programs, compliance programs, and day-to-day operations of T&E programs. The same analysis can be consumed by resources viewing the results through different lenses. The key is that everyone is looking at the juiciest, most interesting transactions. And the costs to perform this review are small, particularly when compared to the consequences of non-compliant behavior. Why aren’t all companies doing this?