This week I have returned to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. I am using themes from the Holmes short stories to illustrate broader application to components of a best practices compliance program. In this episode, I consider the theme of criminality and compliance.

In the story The Adventure of the Priory School, Watson meets a character, Reuben Hayes, who  believes to be the most “self-evident villain” he has ever seen. The tale revolves around the disappearance of a Duke’s son who is kidnapped by the Duke’s illegitimate son, James Wilder, who has in turn hired that most evil person Hayes to kidnap the lad. In pulling off the crime, Hayes had killed the lad’s tutor, one Heidegger, who had gone off in search of the boy. Holmes resolves the matter, while Hayes swings for his crime, the illegitimate son, Wilder is packed off to Australia.

Rarely do employees in companies begin with an intent to commit criminal acts. Yet by the time they have engaged in criminal fraud, there has usually been significant damage to the organization. One might only consider the recent criminal indictment of Elizabeth Holmes, founder and former Chief Executive Officer (CEO) of Theranos, Inc. and the company’s former COO, Sunny Balwani. I greatly doubt they originally planned to defraud investors out of millions of dollars or intentionally wrongly reported on the health of all those who were tested with their products. Yet the indictment alleges, at the end of the day, that they did so defraud a wide variety of stakeholders, customers and others. Now the company is down to just a few remaining employees.

But this type of massive fraud, perpetrated at the highest level, is a rarity in Foreign Corrupt Practices Act (FCPA) cases (although not unheard of). Yet, as the Association of Certified Fraud Examiners (ACFE) noted in its most recent Report to the Nations (Report), corruption represents one of the most significant fraud risks for organizations. This means that companies should understand the specific factors involved in corruption schemes so they can work to effectively prevent, detect and remediate them.

Some of the key findings in the Report around corruption were that 70% of corruption cases were perpetrated by someone in an organization who was in a position of authority; either a manager or senior executive. The top red flags in corruption cases were (1) an employee living beyond their means; (2) employees with unusually close associations with vendors or customer; (3) employees who were in financial difficulties; and (4) employees who had a ‘wheeler-dealer’ attitude when it came to doing business. Interestingly, corruption continues to be a worldwide problem. However, the part of the Report that will bring some of the most important insights to the compliance practitioner is the similarities between the fraud perpetrator and the employee engaged in corruption. They share the same profile. The mechanisms for concealing fraud are concealing or altering documents, creating fraudulent transactions and entries in the accounting system, altering transactions or files and override of internal controls to allow fraudulent transactions.

These observations point to the need for robust internal controls in every best practices compliance program. Such compliance internal controls can help detect and prevent fraud and corruption from occurring in a much more objective manner. For the reality is if the red flags noted as the top indicators of fraud appear in your organization, it is an objective sign that a more thorough investigation should take place.

I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind (Konnikova); the online site shmoop.comand its blog post, The Return of Sherlock Holmes (shmoop); and finally the most seminal print work on the entire Holmes canon, the three-volume The New Annotated Sherlock Holmes (Klinger) edited with notes by Leslie S. Klinger.