Michael has extensive experience within risk and internal audit spanning across Australia and South Africa. This experience cuts across multiple industry specialisations including financial services, government and utilities. In the last five years he has gained experience working on fraud and whistleblower activities.

Australia expected to follow French New Era of Corporate Governance

In light of the Australian government’s impending new anti-corruption and anti-bribery legislation to be enacted, ethics experts are asking whether we should be looking at what’s happening elsewhere for guidance on what might be in store for Australian businesses. New anti-corruption law recently passed in France is particularly interesting and relevant to Australia. France calls it a “Law on Transparency – the Fight against Corruption and Modernization of Economic life”, commonly referred to as SAPIN II – named after France’s Finance Minister who fought for its passage.

Why has new French legislation got our attention?

This piece of anti-corruption law – is said to be setting a new bar for anti-corruption while still being in-line with the strictest European and international standards.

As a result, French companies have had until June 2017 to implement whistle-blower compliance programs to comply with this new legislation, which is not a long time to implement the requirements of the legislation.  SAPIN II adds to the host of other legislation from first world economies in recent years, a clear recognition that anti-bribery and anti-corruption compliance are at the forefront of legislative and regulatory agendas globally.

SAPIN II also applies to bribery and corruption activities committed outside of France by French companies and French nationals, or to others who conduct business in France or within French territories.

Where is Australia up to?

In December 2016 the Minister for Revenue and Financial Services, the Hon Kelly O’Dwyer MP issued a consultation paper seeking public comment on whether corporate sector whistle-blower protections should be harmonised with that of the public sector whistle-blower protection laws (in recognition that Australia’s public sector protection laws are very stringent by international standards, but that corporate sector laws lag behind most developed nations). Around the same time, the Australian Senate referred an inquiry to the Joint Parliamentary Committee on Corporations and Financial Services into whistle-blower protections in the corporate, public and not for profit sectors with a report due back by 30 June 2017. This deadline has been  recently extended to 17 August 2017.

Consequently, experts expect new legislation to unfold from early to mid- 2018 as Australia races to look good and meet its G20 commitment for improving its corporate sector whistle-blower laws. This is expected to form part of the  Australia report to the G20 Summit in Buenos Aires in 2018.

What can Australia learn from SAPPIN II?

France’s new legal requirements of this compliance program include:

  • Developing and implementing a Code of Conduct which defines and illustrates the different types of prohibited behaviours, notably those relating to bribery and/ or influence peddling;
  • Implementing Disciplinary sanctions and consequences for non- compliance with the company’s code of conduct;
  • Implementing a Whistle-blower System that enables employees and others to highlight and report violations of this Code of Conduct;
  • The need to have in place regular and continuous Risk Mapping to identify, analyse and rank the organisation’s exposure to bribery and corruption related risk;
  • Requirement to assess and conduct Due Diligence of clients, providers and intermediaries associated with the organisation for bribery and corruption risk;
  • Implementing Accounting Controls designed to ensure the company’s financial accounts are not used to conceal acts of bribery or influence peddling;
  • Conducting regular and continuous anti- bribery and associated influence peddling training for managers and employees exposed to this risk;
  • Establishing an internal control system to regularly assess the design and effectiveness of the compliance controls of the program (i.e. including audits of the anti-bribery and anti-corruption compliance program within Internal Audit Plans).

In passing SAPIN II, the French government has established a new regulatory anti-corruption agency, the Agence Francaise Anti-corruption (AFA) to oversee and administer this law. For any company which fails to comply with SAPIN II, the AFA will in the first instance issue a warning letter to the Board and Executives and may refer the non-compliance for enforcement.

The implications of enforcement action range from fines against the Executive Officers of the company of up to €200,000 individually and up to €1million for the company, with possible compensation payments to the victims of corruption as well. Further consequences include more stringent monitoring by the AFA of the company prosecuted for up to 5 years (at the company’s expense). These are significant actions for any company caught foul of the Act.

In Australia there have been calls for a similar Australian federal agency to be established to oversee the new legislation under development. It is widely expected that this will occur.

How can your organisation prepare?

If Australia goes down the path of France and other developed nations such as the USA and Canada – experts expect this will be the case – then now is the time to start preparing your organisation for this new world.

Many experts argue that whether there is a compliance obligation or not, it makes good business sense to think about an organisation-wide Ethics Program and to implement a sound Whistle-blower approach in order to be recognised as a leading organisation.  Prosperity’s Corporate Assurance and dedicated Ethics experts can help organisations to understand their risks and to implement a sound and effective Ethics & Whistle-blower Program, including independent support for whistle-blowers and investigations.

To find out more, contact Michael Mahabeer on 1800 855 844.

Have you got a risk management strategy?

With the commencement of a new financial year, now is the time to stop and think about how your organisation has weathered the risks in the year gone by and plan ahead for the future. If you are one of those businesses that has fared well in 2017, then it could be down to a case of good risk management or good luck. Sound and effective Risk Management is the best way to manage your risks rather than relying on good fortune, especially as you try to navigate through the challenges ahead in 2018.

Risk is not only about threats but also about forgone or lost opportunities.

With change being a constant, businesses need to be agile to be able to respond to the challenging and evolving risk landscape. In the year ahead, being prepared + proactively adjusting + timely response = agile.

Risks to look out for in 2018

To be agile, you need to consider risk management a priority and devote appropriate time to risk management activities. Some of the top risks likely to be faced by businesses in 2018 include:

  • New technologies (increased connectivity, nanotechnology, artificial intelligence, drones etc.)
  • Disruptive business models & innovation coming to market (e.g. Uber and the taxi industry, Airbnb and the hotel industry)
  • Macroeconomic developments and government policy directions
  • Cyber incidents and privacy breaches
  • New regulations
  • Negative events that can damage a reputation.

Risk Appetite Statement and Enterprise Risk Management Framework

Having in place an effective Enterprise Risk Management Framework supported by a Risk Appetite Statement should be an integral part of your business. Embedding of a risk culture within your organisation is the next step towards business success. A mantra that should permeate across your organisation should be: “Risk is everyone’s business – not just the management team”.

The risk appetite underpins your group’s strategic and business planning process. It involves the board of directors or owners setting the risk appetite within which management operates, highlighting those decisions outside of risk tolerances which need escalation to the board or owners. This could mean management is not authorised to accept risks that are assessed as “Extreme” or “High” which requires board/owner approval. For example an offshore expansion or a new product development.

An Enterprise Risk Management Framework refers to the overarching structure by which the organisation organises itself for managing risks. These include things such as:

  • Defining the Risk Response Strategy (determining appropriate actions such as avoidance, reduction, taking alternative actions, sharing or insuring or just accepting the risk)
  • Articulating risk definitions and risk rating criteria
  • Developing and actively maintaining a Risk Register
  • Defining accountabilities and responsibilities for risk management
  • Defining the risk management process for your organisation and
  • Using watch lists to monitor emerging risks etc.

The key is ensuring that the level of risk management sophistication is appropriate to your business and seen as a value adding aspect to running your business. It should never be a ‘tick the box’ approach or be in isolation to the core activities of the business.

Negative Events and Reputation Risk – Ethics Management

Managing your organisation’s reputation and brand as well as demonstrating your commitment to being a good corporate citizen means having in place the necessary systems to enable this. It is very much a part of sound risk management.

One of the neglected areas in managing business risks is considering the impact of negative events on your reputation and on your business, especially in the area of ethics. All it takes is for a small issue or event to snowball out of control and the next thing you find is that you are embroiled in controversy and embarking down the road of managing an ethics-related media crisis.

The last twelve months have seen a number of high profile reputations damaged through ethical misconduct matters raised by whistleblowers. These organisations failed to put in place an appropriate mechanism for wrongdoing to be appropriately raised, especially from an anonymous source, with the result that some whistleblower’s took the last resort which was to air their grievances through the media and bring events to a head.

Good governance on ethics starts at the top, and should pervade through an organisation, becoming an embedded part of your culture. Consideration towards introducing an external independently managed hotline for individuals to raise concerns should be a key consideration in the year ahead.

Reasons why Ethics and Ethics Risk Management should be on your agenda

  • Sweeping new legislation is on the way. A Parliamentary Inquiry is currently underway looking at legislation change around Whistle-blower systems and protections;
  • Engaging your people as an employer of choice. Active policies and procedures backed up by a hotline supports and encourages reporting of wrongdoing;
  • Providing assurance to your stakeholders that you have the required systems in place for identifying damaging allegations within a safe environment and that these are properly managed before they snow ball out of control, thus protecting your brand;
  • Demonstrating that you are a good corporate citizen who values the input from your staff and others relating to wrongdoing even if it means some short term pain.

Now is the time to consider your risk management, and Ethics management response for the year ahead. For help in understanding your risks and developing appropriate strategies, including an independent whistleblower system, contact Prosperity Advisers on 1800 855 844 for a confidential discussion.

Cyber Security and WannaCry

In the news recently there has been coverage of a large global computer attack, infecting computers with a ransomware program called WannaCry. This attack has raised questions for SME businesses on what can be done to protect against these types of attacks.

Ransomware attacks can cause unnecessary stress and affect productivity, in addition to hurting your wallet. It’s important your business responds quickly if affected, and you make sure your systems are protected from these types of attacks.

What is ransomware?

Ransomware blocks access to a computer system or files until a sum of money is paid. It works by encrypting your data and demanding payment for its release, threatening the deletion of the data if the payment is not made.

How is ransomware deployed?

Ransomware can be deployed via phishing emails, attachments to emails and by exploiting weak network defences. Once a machine has been infected, the ransomware will attempt to spread to other computers.

How do I protect against an attack?

While it depends on the strain of ransomware, you can help to protect your system by:

  • Keeping your systems up to date – this attack takes advantage of a critical hole in older versions of Windows. Microsoft released a patch to cover the vulnerability in March 2017, so businesses with up to date software will not be affected.
  • Backing up your files – ransomware encrypts your data and demands payment for its release. An attack will be less concerning to those businesses who frequently back up their data. SMEs backing up their own systems need to ensure those systems can’t also be compromised if an attack spread.
  • Educating yourself and your staff – small businesses lost over $2 million to scams in 2016, so it’s important to educate yourself and your staff on cyber security.

Do you have your cyber security under control?

Prosperity Advisers can assist you to develop and implement a cyber security plan, which covers:

  • Conducting regular scheduled system checks, including penetration testing and using your external auditor to assist.
  • Changing your security levels as required.
  • Identifying cyber security and forensic experts that you can call on when the need arises.
  • Implementing a breach plan, including a cyber security incident response plan which involves law enforcement agencies and regulators, and a press release statement.
  • Considering limiting the impact by putting in place cyber insurance cover which can provide both indemnity and liability cover.

For further reading on managing your cyber security risk, please refer to the Australian Cyber Security Centre (ACSC).

We recommend that you review your procedures and systems and if you are at all concerned about your cyber security, please get in touch with your Prosperity Adviser. To receive our Free Cyber Security Checklist and request one of our directors contact you to discuss your situation, please send an email by clicking here.

Organisations need ‘to step up to speak up’

Encouraging employees to report wrongdoing (‘blow the whistle’), and protecting them when they do is an important part of fraud and corruption prevention and creating an ethical culture in any organisation. With a joint parliamentary committee set to report in June – now is the time for organisations to act.

Audit committees, boards and executive teams ignore at their peril the danger of ineffective or non-existent ethics and whistleblower programs in their organisations. New rules are likely in Australia soon and are anticipated to be wide-reaching, affecting companies and not-for-profit organisations alike.

Prosperity has answered the call for professional and independent support. We offer a unique service in the Australian market – Ethics Matters – developed in conjunction with leading Canadian ethics and whistleblower specialist, WhistleBlower Security (www.whistleblowersecurity.com).

Designed to be intrinsically independent, Prosperity’s Ethics Matters and WhistleBlower Security approach provides support for organisations to create policies and procedures and then deploy an organisation-wide ‘speak up’ hotline with online portal and independent case management system, along with support for investigations and effective reporting.

Organisations with programs already in place often struggle to ensure independence as well as satisfy stakeholder demands for detailed reporting, trend analysis and quantification for the impact that fraud, corruption and wrong doing is having on their organisation.

Globally recognised provider, WhistleBlower Security, is now available exclusively in Australia through Prosperity Advisers. Their state of the art hotline and case management system facilitates anonymous and confidential dialogue between the reporter and an organisation’s representative – whether initiated through a call centre, fax, and email or online. Each report is assigned a unique number and password, facilitating anonymous and confidential dialogue. Fast case management and resolution can happen in a protected environment and reporting can be detailed and in real-time.

Australians don’t need to go far to find damaging examples of poor detection and management of wrong doing in organisations. Recent cases such as the David Jones sexual harassment allegations against the former CEO, high profile cases at Seven News, Queensland Health, University of Queensland, NSW Health and Leighton/CIMIC, are all memorable examples.

Michael Mahabeer, Prosperity’s director in charge of Ethics Matters says, “From my experience on the other side, working in a large and complex corporate organisation, the implementation of an effective and independent program gave a voice to issues which would have gone undetected. It gave visibility to the Board and stopped issues escalating, effectively minimising the long-term financial impact from wrongdoing.”

Soon legislative changes in Australia are likely to drive companies and not-for-profits to implement programs and potentially report on wrong doing too. Australia could end up following the United States in this regard.

Directors of boards have a responsibility to shareholders for ensuring their organisation is protected. Avoiding brand damage which can have a lasting impact, affecting revenue and profitability must be a key consideration. Pulling the curtains back and providing support for employees to ‘speak up’ is going to be a key agenda item for boards across Australia in coming months.

For more information on Ethics Matters and WhistleBlower Security click here.