As Seen in CFO Studio Magazine Q4 2015 Issue
TIPS ON GUARDING CORPORATE COFFERS AGAINST NEW THREATS
CFOs today are increasingly being asked to safeguard their companies’ finances against a variety of malefactions, according to executives on a panel entitled “Crime Doesn’t Pay! Finance Executives as Corporate Fraud Gatekeepers and Investigators.” The event took place at the CFO Innovation Conference, attended by more than 440 CFOs earlier this year at MetLife Stadium in East Rutherford, NJ.
The threats aren’t limited to submitting bogus expense reports, but can also encompass hacking and other cybersecurity-related challenges. And attacks can originate internally or externally, according to the panelists. “In some cases, a CEO can pressure his or her subordinates to fudge numbers,” noted moderator Tim Anglim, Founder and President of YesCFO, a Bridgewater, NJ–based group that provides the services of chief financial officers and operating executives to organizations on an as-needed basis.
“Consider what you would do if the CEO asked you to prepare a false report,” said Matthew Boxer, Partner in the Roseland, NJ–based law firm Lowenstein Sandler, LLP. “We would encourage you to report the action to the audit committee, the general counsel, or the compliance officer.”
Sometimes an outside hacker will penetrate a company’s electronic defenses to lift consumer credit-card data and other sensitive information, added panelist Robert Kleeger, Founder and Managing Director of Digital4nx Group. The Marlboro Township, NJ–based company focuses on complex litigation and investigative matters involving electronically stored information.
He noted, for example, that the 2013 hack of Target Corp. —which exposed the credit and debit card information of an estimated 40 million customers —was traced to security gaps in a third party’s systems. “So think about your partners’ security measures,” warned Kleeger. “If a breach does occur, you have to act quickly but in a strategic and responsible manner.”
He said the CFO should coordinate efforts with other key officers, including the general counsel, compliance officer, and of course, IT security.
Intentional software breaches are top of mind for many executives, but the fact is that many data breaches “occur because someone was careless about important paper documents,” according to Christopher Santomassimo, a partner at the Paramus, NJ–based law firm Nicoll Davis & Spinella, LLP. “It could be as simple as someone who leaves his or her briefcase on a train. Employees need to be educated about document handling and document-destruction procedures.”
Publicity-shy companies want to keep quiet about a data or other security breach, but calling in law enforcement may be advisable, stated Douglas Veivia, Director of Corporate Investigations at Newark-headquartered Prudential Financial Inc.
“One question is whether there are other schemes going on that you don’t know about,” he said. “Also, if you don’t call in law enforcement agencies, other companies may be at risk, too — and the victims may be even angrier if they find out that you hushed it up.” —Martin Daks