A guide to making M&A work: part four – Watching out for fraud
This fourth and final article in our M&A Mini Series deals with the issue of fraud. In our first article, we went over the two major deal types being used in the market today:
A share deal where the entire company is taken over
An asset deal where on certain accounts and employees are acquired.
In the second article we addressed the importance of culture, with the third article focusing on executing a successful integration.
Now let’s look at fraud. Why? Acquisitions often cause chaos within an organisation – and chaos is fraud’s best friend. These frauds normally involve collusion and taking advantage of unclear roles and responsibilities. And of course in some cases, an organisation that has been taken over may already have an ongoing issue with fraud (even though this should have been picked up as part of the due diligence process).
Here’s the dirty dozen you need to consider.
1. Chaos breeds opportunity
Whether it be a share deal or an asset deal, all of a sudden, business as usual (BAU) is no longer so usual. There are new bosses, old bosses, new procedures, old procedures, people coming and people going. The environment which was once known and well controlled now becomes a confusing landscape of many moving parts. This situation is the perfect storm for fraud to occur.
2. Not everyone with be happy with the deal
As in any change, there will be some people who are very happy about the new landscape and some that are not. This can even go as far as people feeling betrayed and looking to ‘get paid’ for all their hard work and loyalty, one way or another. This is especially true if a number of employees will be let go as a result of the transaction and are essentially working their notices. As a buyer, you would hope that your newly acquired organisation and employees will be honest and keep working as they had. Unfortunately, you cannot assume that this will be the case.
3. Trust, but verify
It is important to trust and show that you have faith in the people that are joining the new combined organisation, but you cannot trust blindly; this is fair neither to them nor to yourself. From the outset of the acquisition, you must communicate that there will be additional controls and oversight during this period. These additional controls are done to protect both buyer and seller so that if anything untoward should happen, both organisations must share the responsibility of running a clean business. If these controls are not put in place and a fraud, or large error, were to occur, the buyer could be accused of being negligent and the seller of letting, or even making, it happen.
4. Additional controls
The most effective controls for this sort of period are those that mirror those of the buyer’s entity. That means when there are large transactions, payments and risk sign off, these are done in tandem with people designated by the buying firm. There will be push back and comments such as “you don’t trust us” or “we aren’t criminals” – but once again, this is to protect both buyer and seller. Also check bank reconciliations. I know of one organisation where the payments team had understood that the only items that were investigated were those over 90 days old or over 100K in value. During an outsourcing project that was structured as a sale, the payments team had been promised good bonuses as they worked hard during an integration. The bonuses never materialized, and they ended up paying themselves the bonuses and hiding the amounts in the bank reconciliations. This fraud took years to discover, because so many people were working in concert. These are the most dangerous kind of frauds.
5. Outsiders see chaos as well
This is an area where the communication, transparency and control mantra of our previous third article is critical. During the implementation period, many ‘bad actors’ will be paying close attention to your merger. It will be during this period where phishing attempts will occur: individuals claiming to be new management will call and try to pressure employees into making payments or divulging sensitive information. All employees should be encouraged to take their time, question requests and not be pressured into any hasty transaction. When anything out of the ordinary occurs, this should be communicated up the chain of command, it should be shared (made transparent) and then controlled. The best defence against these fraudsters is efficient communication and empowered employees who are allowed to question situations and act accordingly.
6. Does fraud already exist in the new organisation?
If a fraud is already in existence in the newly acquired company, it is rather difficult to unearth. One of the things I would do at the very outset of these periods was – literally – to ‘walk the parking lot’. Why so? To see whether employees had cars that were in line with their stated compensation. Of course, you will find the occasional car nut that spends all of their money on cars but sometimes (whether it be cars, holidays, jewellery or handmade shoes) people who take money like to spend it. Other behaviours to look out for are teams that never transfer people in or out of their department or are very protective of their turf and even aggressive if asked to explain or show their different control procedures and checks. In one particular case I worked on, 30 employees out of 120 were working in concert to defraud the bank. And the head of the department was very, very proud of his hand-made shoes. Of course it would be ideal to have a top to bottom audit of any new operation acquired but this is rarely possible in that there is a need for speed in most integrations. Although unpleasant, new management has to do a thorough top to bottom review of every department and of all controls. People will not like it but it is what will protect both parties if there is an eventual issue.
7. What to do if you find a fraud
If you uncover a fraud, it must be escalated immediately, and a dedicated team needs to be assigned in order to get to the bottom of it. This is not something that can be done part-time. Needless to say, it must be done by trusted employees and, unfortunately, only people from the buying party should be involved. Although the acquired company may actively want to help (and they can, by answering questions) they cannot be in the investigation itself: if any evidence were not to be found or ‘lost’, even the most honest of the new employees may be suspected of collusion. This dedicated fraud team, should update management daily and propose courses of action.
8. How to communicate
Once the fraud has been found out and the investigations begin, staff of the affected areas need to be informed of the issue and that they will be interviewed in due course. It goes without saying, that all employees should feel free to offer information and those who have nothing to hide should not fear any ramifications. Updates on the investigations will be made as and when there is something to report.
9. Procedure is your friend
During this period, slow down. Follow procedures to the letter. This puts every transaction under a microscope and vetted until released. Whether these are trades, accounting entries, or payments, frauds are all based on exploiting weaknesses in the system. Follow procedures and question anything that strays from the norm. This is the only way to ensure that business going forward stays clean.
10. Take your time
Once the fraud is discovered, put in the controls to stop the fraud and then take your time to go through the issue thoroughly and look at all of what is around it. This includes culture, familial ties etc.
11. When you think it is over, it never is
One of the big reasons you need to take your time, is that once you think you have reached the end of your investigation, the end moves down the road. Sadly, I have never worked on one of these cases that was finished with what was on the surface. What normally tips us off that a fraud is occurring is just the very tip of an iceberg. If you think you have reached the end of your investigation, present your findings to a colleague and then brainstorm what other issues could have happened in this situation. There are also specialised firms that can be brought in for these situations.
12. How to use this as an example
Once the investigations is over – and it will be over one day – you must not waste this opportunity to communicate this to your organisation. This is a golden opportunity (good can come out of this) to tell your employees what happened, what sanctions were taken and what values are important for the organisation and what we expect from all our employees. By communicating the issue, by being transparent about what happened and putting the controls necessary in order to avoid the issue in the future, your new employees will see that not only have they joined a professional organisation but also one that ‘walks the talk’ of corporate values and communication.
This concludes our Sionic Wealth Management Mini Series on how to succeed in M&A. We looked at different deal structures, the importance of getting the corporate culture right, the importance of a successful integration and finally the danger of fraud during these periods of transition. Whatever stage you’re at in your M&A journey, we are experts with rich professional experience in wealth management and private banking, as well as leadership and culture, and financial crime and fraud prevention, across all parts of financial services.
If you would like advice on any aspect of your preparation or execution of your next transaction, please contact me.