Republished by permission. Dan Edstrom is the senior forensic analyst of Livinglies.
By Daniel Edstrom
DTC Systems, Inc.
October 19, 2016
The purpose of Sarbanes-Oxley legislation is to put in place financial controls in order to not only reduce fraud, but to identify risks so that the controls can be expanded or new controls put in place. Large companies such as Wells Fargo Bank have compliance departments and ethics lines where questionable conduct (unlawful or not) can be reported “safely” in order for the company to take action to stop and/or remediate the questionable conduct. This is done so that a business operates safely and soundly, and is the perfect source for implementing new controls, enhancing existing controls, testing the effectiveness of the controls, or at least disclosing material deficiencies that can be identified and corrected at a later date.
Risk Management would entail identifying the risk, and then prioritizing, such that the highest priority risks can be mitigated first. Assuming that early on this conduct was identified, the risk could have been low, leaving it to be addressed at a future date. Its fair to say now that it appears this conduct was effectively suppressed from any risk management.
Based on current reporting, it would appear that the compliance and ethics lines were used against those who reported questionable conduct. This is the exact opposite of the purpose for which Sarbanes-Oxley legislation was imposed, and if true, represents the creation of non-reported internal controls that do the exact opposite of what the legislation imposes. The exact opposite because the controls are put in place to reduce fraud, and require that senior officers such as the CEO and CFO, provide an oath that they have established appropriate internal controls, and then certify that they “have evaluated the effectiveness of the company’s internal controls”. Presumably they would need to disclose information related to material deficiencies.
It is fairly obvious (now) that they had no controls to inhibit, detect or report these issues even though they presumably had actual knowledge of the conduct (or reports of the actual knowledge, which if investigated appropriately would have led to actual knowledge of the conduct). This, if true, would seemingly mean that when these officers gave their oath, they were knowingly concealing material information that should have been disclosed (no internal controls to detect this activity, fraud, false accounting, and no controls put in place to make sure if this conduct was reported, that it would be appropriately investigated, etc.). They seemingly also knew that their controls were defective, insufficient, and that there were material exceptions that they were knowingly withholding from disclosure. And even worse, it appears they may have implemented “secret” controls, policies and procedures to specifically target and retaliate against those who actually did make an effort to report this “questionable” conduct (i.e. opening accounts for their customers without the customers request in order to receive bonuses, and then, presumably, closing these accounts). But these “secret” controls were not disclosed at all, nor mentioned as a material exception.
But who was the target of the fraud? The customer? No, although they were a victim. This was all targeted at the stockholders in order to falsely inflate their stock value through false and fabricated financial transactions that simulated the “flow” of money in order to give the appearance that money was moving and that fees were being generated.
According to Wikipedia from this URL: https://en.wikipedia.org/wiki/Money_laundering
According to the United States Treasury Department:
Money laundering is the process of making illegally-gained proceeds (i.e. “dirty money”) appear legal (i.e. “clean”). Typically, it involves three steps: placement, layering and integration. First, the illegitimate funds are furtively introduced into the legitimate financial system. Then, the money is moved around to create confusion, sometimes by wiring or transferring through numerous accounts. Finally, it is integrated into the financial system through additional transactions until the “dirty money” appears “clean.”
This could have started out as bad acts by one or more employees opening these accounts to get paid extra money. Or it could have started out designed from the top as a complete scheme and artifice to defraud. But either way is now irrelevant. Once it was happening and once known at the highest levels, it became a standard and practice. If it wasn’t a control fraud early on, it became one when ethics and compliance officers, managers or employees failed to act (or worse, retaliated or allowed others to retaliate). The final nail in the coffin came when senior officers decided retaliation was appropriate instead of enhancing their internal controls, disclosure controls and reporting. Once they knew or should have known of the conduct, it became their business processes, whether they controlled it directly or not. Closing your eyes so as not to learn the truth is an affirmative act.
How does Sarbanes-Oxley work? Here is a small sampling on Section 302: Disclosure Controls from Wikipedia, available at this URL: https://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act
Sarbanes–Oxley Section 302: Disclosure controls
Under Sarbanes–Oxley, two separate sections came into effect—one civil and the other criminal. 15 U.S.C. § 7241 (Section 302) (civil provision); 18 U.S.C. § 1350 (Section 906) (criminal provision).
Section 302 of the Act mandates a set of internal procedures designed to ensure accurate financial disclosure. The signing officers must certify that they are “responsible for establishing and maintaining internal controls” and “have designed such internal controls to ensure that material information relating to the companyand its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared.” 15 U.S.C. § 7241(a)(4). The officers must “have evaluated the effectiveness of the company‘s internal controls as of a date within 90 days prior to the report” and “have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.” Id..
The SEC interpreted the intention of Sec. 302 in Final Rule 33–8124. In it, the SEC defines the new term “disclosure controls and procedures,” which are distinct from “internal controls overfinancial reporting.” Under both Section 302 and Section 404, Congress directed the SEC to promulgate regulations enforcing these provisions.
External auditors are required to issue an opinion on whether effective internal control over financial reporting was maintained in all material respects by management. This is in addition to the financial statement opinion regarding the accuracy of the financial statements. The requirement to issue a third opinion regarding management’s assessment was removed in 2007.
A Lord & Benoit Report: Bridging the Sarbanes-Oxley Disclosure Control Gap was filed with the SEC Subcommittee n internal controls which reported that those companies with ineffective internal controls, the expected rate of full and accurate disclosure under Section 302 will range between 8 and 15 percent. A full 9 out of every 10 companies with ineffective Section 404 controls self reported effective 302 controls in the same period end that an adverse Section 404 was reported, 90% in accurate without a Section 404 audit.http://www.section404.org/UserFiles/File/Lord_Benoit_Report_1_Bridging_the_Disclosure_Control_Gap.pdf
Filed under: foreclosure | Tagged: identity theft, Internal Controls, Money Laundering, Sabanes Oxley, SEC | 2 Comments »