Economic crime in Hungary
It could get worse before better
written by Kester Eddy

A survey by PriceWaterhouseCoopers has revealed that 39% of Hungarian companies suffered directly from economic crime last year, up a significant 12% from 27% two years ago. Of the victims, 53% reported "asset misappropriation" - principally some form of theft - as the No. 1 problem. In contrast with popular expectations that EU membership will help decrease the negative figures, experts anticipate an increase due to tighter checks and reporting.

At first sight these findings do not compare badly with Western Europe - where 34% of respondents admitted being hit by economic crime, and 65% of those put theft at the top of the list. In Hungary, however, over half of all detected incidents were discovered accidentally, compared to one-third in Western Europe. Similarly, risk management systems appear less effective in Hungary, where they are responsible for only 20% of detection, against 28% in the West. All these factors mean that the real statistics are likely to be significantly worse. "This is probably only the tip of the iceberg," Roger Stanley, head of PwC's regional investigations and forensic audit services, said when revealing the findings last month in Budapest.

The PriceWaterhouceCooper’s global report on economic crime sheds a rather bad light on Hungary

Furthermore, with Hungary joining the European Union next May, most companies in the survey thought accession would mean a cleaner business environment. Stanley thinks the data on reported crime will probably get worse, at least in the short term, due to tighter checks and reporting methods.

Out of sight, out of control
In another twist in the logic, and despite his statistical predictions, Stanley also thinks the latest figures, taken from a survey involving 108 companies in Hungary, show positive development. Crime may not necessarily even be increasing, he says, as the figures merely reflect greater awareness and better supervisory systems.
“The amount of fraud reported by companies relies on their ability to identify and detect it. Without proper procedures, controls and risk management systems fraud will still occur, it is just that it won’t be reported. For these reasons I believe this is an encouraging sign for Hungary.” In short, if it’s not revealed, management can’t begin to tackle it. The study also found that while 58% of respondents perceived corruption and bribery to be a major problem, only 14% actually encountered it. Stanley, however, warns that compared to theft of tangible assets, corruption is often much more difficult to prove. “I suspect the real level is somewhere between the two figures,” he said.
And while no companies perceived industrial espionage as a business threat, 30% reported incidents. Similarly, only 1% of companies considered cyber crime a major danger, while 16% reported incidents. Losses in Hungary due to crime are lower than in the West, where the average cost per reported incident totaled almost USD 2.2 million. In Hungary only 7% of companies surveyed reported loses in excess of USD 1 million. However, once again this is just the amount of detected losses, and does not count indirect or “collateral” damage as PwC terms it (see box).

EIU: biggest threat to corporate security is from within
Top executives believe resentful employees are more likely to launch a deliberate attack on their company than glory-seeking hackers, and security breaches usually arise from a failure of process rather than a failure of technology. These are among the key findings published last month in a report by the Economist Intelligence Unit (EIU) and sponsored by Nortel Networks. The report, entitled “Testing the defenses: facing up to the challenge of corporate security,” argues that while more companies are treating security as priority, many have failed to introduce effective risk management and controls. In a survey of 178 senior managers around the world, 68% of executives admitted they had not attempted to quantify the security risks their companies face. “Business leaders are more aware of security dangers, but need to do much more to prepare. As the research in this report shows, companies should not be deferring an issue like corporate security merely because the threats are hard to quantify. Instead, CEOs and boards should be considering the future cost of failing to act today,” says former New York City Mayor Rudolph Giuliani, chairman and CEO of Giuliani Partners LLC, a private equity investment firm and security and risk-assessment consultancy. The report also draws a number of conclusions for business leaders seeking to understand today’s complex security environment. Amongst those, the report concludes that, “executives struggle to measure and prioritize security risk.” Even though 71% of companies conduct a risk analysis of their security environment once a year or more, 32% do not know the cost of security breaches. Contradictory responses to some survey questions indicate high levels of confusion and uncertainty amongst executives about the nature and impact of the security threats faced by their companies,” the report states. “Testing the defenses: facing up to the challenge of corporate security” is available free of charge from the executive briefing website: http://eb.eiu.com

Blowing the whistle
Tackling the problem should therefore clearly be a priority. What should companies do when faced with this challenge? Prevention is better than cure, says Stanley, who urges a broad-based, strategic approach. Take training for fraud. While 50% of companies in Hungary say, in effect, the buck stops with management, only 7% have specific management training sessions to combat the problem; only 5% have run staff awareness training. Similarly, although 47% have a corporate code of conduct, this is lower than in the West, where the figure is 60%. However, it is not clear if this is always communicated properly. “For such a code to be effective, it is important that it should be visible to all employees, and not given the same significance as a doorstep. In fact, it would not be going too far to insist that each employee should verify that they have read and understood the code by signing such a confirmation,” PwC said in its report on the Czech Republic. This is all the more important in Central Europe, where misuse of state assets and bribery was typically more accepted under communism, and indeed was often seen as the only way to get things done. Such a culture can only be improved by long-term measures. PwC urges management to undertake risk assessment projects to identify fraud risks, and to monitor the results on a regular basis. Within the monitoring process, Stanley also urges companies to establish “whistle-blowing” systems - to encourage and protect insiders who reveal criminal activity within a company. An estimated 27% of companies in Western Europe employ such systems, against a mere 4% in Hungary. “Whistle blowing is an effective tool against crime elsewhere. Perhaps it’s not yet fully accepted here,” Stanley said. “Fraudsters thrive on a mixture of motive and opportunity, and a clearly perceived benefit of reward over risk of punishment. It is unrealistic to expect the problems to decrease of their own accord. It needs action,” he said.

Not just for the high life
Fraud can have emotional and cultural drivers, warns Charlie Patrick, forensic auditor for international services firm KPMG. While fraud and white-collar crime in many cases can be put down to greed, the reasons are not always so straightforward, says Patrick. Often the trigger can be personal: “If somebody above you is of low ability, or you are passed over for promotion, some people take it out on the business,” Patrick says. Similarly, while some people arouse suspicions by living a lifestyle beyond their means, others simply defraud quietly and without showing any external trappings of illegitimate incomes. According to Patrick, a Briton with several years experience operating in Central Europe, investors should be aware that personal relationships and family ties count more in this region. This surfaced in one example at a manufacturing plant in the Czech Republic, where the managing director turned out to be married to the sister of the accountant. “He was stealing from the company and she was passing accounting entries to cover for this. This went on for a number of months until the (foreign) parent company questioned the accounts and investigated further,” Patrick says.

Collateral damage - the indirect cost of economic crime
A persistent problem in fighting fraud, especially aspects of corruption and bribery, is the public perception that it is a “victimless” crime. This is not the case, says PwC’s Roger Stanley. “It allows funds and talents to be misappropriated. It affects profits, and that in turn affects investment decisions by the company and tax revenues in the country concerned. It [therefore] denies the country as a whole of much needed funds,” he says bluntly. Apart from these more measurable effects, economic crime has been found to damage a whole range of “soft” factors within corporations.
In the Hungarian survey, 67% of respondents said it degraded staff morale, a much higher proportion than in Western Europe, where the figure was 40%. In Hungary incidents of fraud were also perceived to harm reputation (40%) business relationships (33%) and brand image (17%). “These are critical factors for any business. When all these factors are considered, collateral damage can be more costly than direct financial losses. And once it occurs, it can be a persistent problem unless corrective measures are taken [to reassure staff that management is concerned,]” he says.

Cultural differences count
While the overall loss in this case was less than EUR 30,000, that can be enough to send a small company to the wall. “Investors are far more likely to encounter nepotism, favors for friends, and corruption/bribery than in most Western countries. None of this may be overt - for example if people are cousins, or there is a married sister then it may be difficult for the outsider to understand the links,” he says. Against this, he notes that connections and ties have often been necessary for companies to function. “Sometimes the relation or friend is used [without due tender process], but this is because they can guarantee quality or supply. I try not to be judgmental. It is not always as cut and dried as it seems,” Patrick cautions. One of the most difficult areas of concern have been parallel businesses, where a factory produces 25,000 units on an order for 20,000, with the extra “going out the back door.” This is especially difficult when management is involved, in sectors like electronic products manufacturing, with multiple outlets. Nor is it always local management that is at fault. “We had a Western guy running a parallel business in one agricultural case I investigated,” Patrick says. It is in such cases that whistle-blowers are most effective. “I think 30- 50% of my investigations come from tip-offs. Many prove to contain false allegations, or misunderstandings, the anonymous letter or email is quite a tool for the mischief maker, but nearly all have some basis in the end,” he says. But, he warns that any whistle-blowing system must not only be independent (i.e., protect the identity of the whistle blower) but seen to be independent, and management must act on the information, or the effort is counter productive and damaging to company morale.

Corruption data
Hungary ranks 40th out of 133 countries in terms of corruption, with the index dipping from 4.9 in 2002 to 4.8 this year, according to the latest report by Transparency International. Although in 33rd place last year, Hungary’s slide down the table is mainly due to new countries joining the list. Central Europe overall fared worse in this year’s rankings compared to the year prior. Of the EU countries, only Greece ranked below Hungary, in 44th place.