When in December last year Grant Thornton, one of the biggest accounting firms in the world, conducted a survey among 250-odd CXOs and business heads in India on perception of fraud risks, it threw up some nteresting findings. Sample these:
* Over 40 per cent of the respondents said, incidences of fraud in corporate India have increased in the past two years.
* Respondents said, bribery and money laundering (41 per cent), financial reporting fraud (24 per cent), tax evasion (17 per cent), siphoning of assets/ funds (9 per cent) and information theft/ data integrity (9 per cent) were the most common frauds in India.
* The survey said that a large proportion of respondents are yet to implement whistleblower policy and appoint compliance personnel.
Such a lackadaisical approach to fraud detection and deterrence may cost corporate India dear in the coming months.
Come October 1, as per Securities and Exchange Board of India's (Sebi) listing agreement, all listed companies have to put in place a vigil mechanism to report fraud by employees and directors.
The new company law makes it mandatory for all companies, which accept deposits from public and those that have borrowed money from banks and public financial institutions in excess of Rs 50 crore ( Rs 500 million), to have a whistleblower policy.
The vigilance mechanism has to be duly displayed on the company website and its activities reported in annual report. Moreover, it has to be backed with adequate safeguards against victimisation of whistleblowers.
Independent directors and the audit committee are mandated to ensure that the vigil mechanism is "adequate" and "functional".
Not stopping at that, auditors are duty-bound to report instances of fraud to central government within a stipulated time frame.
This indirectly makes them responsible for functioning of the vigil mechanism within the company.
To dissuade frivolous complaints, however, the Act has authorised companies to take suitable action against repeat offenders.
The Whistle Blower Protection Act, 2011 that got the Presidential assent in May applies to corruption, misuse of power, or criminal offence by a public servant.
The Act is expected to become effective in course of this year. Till date, the demands for higher level of internal controls have evoked mixed responses from India Inc. Most prefer to man any such vigil mechanism internally.
"Indian companies are defensive when it comes to reporting frauds," says Inder Mohan Singh, partner in law firm Amarchand Mangaldas.
Even when the management of the vigil mechanism is managed by third-party external agencies, the results have not been very encouraging.
Take for instance, the case of the ethics hotline service managed by KPMG in India for 50-odd Indian clients. Of 600 calls that the Gurgaon-based centre gets in a month, hardly 15-20 per cent turn out to be genuine.
"Around 75 per cent of the complainants want to stay anonymous," says Sandeep Dhupia, partner and head of forensic services at KPMG in India.
Many companies ignore these anonymous complaints. Legal experts point out that most of the time employee grievances get mixed up with a company's fraud detection strategy.
For any vigil mechanism to be effective, companies need to encourage whistleblowing as a part of corporate culture and work ethic, points out Anand Mehta, Partner with law firm Khaitan & Co. A reward system to encourage whistleblowing and regular external audits of the vigil mechanism would help create confidence in the system.
Among the gaps in the current legislative mechanism, legal experts point out that Indian regulations are limited to employees and directors of the company, leaving out vendors or suppliers.
In a representation to the Ministry of Corporate Affairs, industry body CII said that the government must prescribe what constitutes "adequate" safeguards to protect victimisation of whistleblowers.
Currently, the rules leave it to the company to devise their own vigil mechanism.
The effectiveness of any vigil mechanism is tested when frauds get reported. "Proof the pudding is in the eating," says Singh. It's still early days to measure corporate India's whistleblowing track record.
Sebi Listing Agreement
*Mandatory for all listed companies to have a whistleblower policy, under Clause 49 (by October 1, 2014).
*Put in place mechanism for employees and directors to report concerns on unethical behavior, actual or suspected fraud or violation of the company’s code of conduct or ethics policy, to management.
*Safeguards against victimisation of whistleblowers
*Direct access to the chairman of audit committee in exceptional cases.
*Display details on the company website.
Companies Act, 2013
*As per Section 177 (9), read with rule 12.5, a whistleblowing mechanism is mandatory for
All listed companies
* Companies that accept deposits from public
* Companies that have borrowed money from banks and public financial institutions in excess of Rs 50 crore.
*Independent directors and the audit committee are mandated to ensure that the vigil mechanism is “adequate” and “functional”.
*It is the duty of auditor to report fraud by employees of the company to the central government within a prescribed time.
Whistle Blower Protection Act, 2011
*The Act seeks to protect whistleblowers, ie, persons making a public interest disclosure related to an act of corruption, misuse of power, or criminal offence by a public servant.
*Any public servant or any other person including a non-governmental organisation may make such a disclosure to the central or state vigilance commission.
*Every complaint has to include the identity of the complainant.
*The vigilance commission shall not disclose the identity of the complainant except to the head of the department if he deems it necessary. The Act penalises any person who has disclosed the identity of the complainant.
*The Act prescribes penalties for knowingly making false complaints.