Fraud causes billions in damages each year. Companies face, for example, fraudulent contracting parties, directors and employees. The management and supervisory board might play the most important role in a company when it comes to fraud prevention. In this newsletter we will give them some legal tools to prevent fraud.
The management and supervisory board might play the most important role in a company when it comes to preventing. Based on the administrative organization (A.O.) and internal control (i.C.), an accountant must flag risks and engage in conversation with the company (board, supervisory board and shareholders meeting) about these risks.
Entrepreneurs are obliged under the Works Councils Act to provide the Works Council with financial data, but in practice this often does not happen or happens insufficiently. This is why, starting this year, accountants conducting statutory audits must also provide a copy of their audit report to the works council “without delay” in situations of serious uncertainty about the continuity of a company.
In this issue we will discuss:
Fraud causes billions in damages each year. Companies face, for example, fraudulent contracting parties, directors and employees. In short, fraud entails wrongful or criminal deception for financial or personal gain. Motives could be material (money, addiction and amusement) and immaterial (status/prestige, the threat of losing a job and position).
Red flags that might suggest fraud in the board can be found in non-compliance with the articles of incorporation, conflicts of interest, administration and/or publication of annual financial statements that are incomplete or not transparent, and questionable financiers.
Articles of incorporation may entail:
Under the law the main rule is that the company is represented by the board of directors. Directors are incompetent to act outside the objectives of the company. It is important to be aware of which persons are authorized to represent the company and if the entries in the commercial register are up-to-date. By requiring two signatures, the company is verifying that both signers agree that the payment is proper and reasonable. The requirement of two signatures reduces the likelihood that one will write improper checks to themselves or writing checks to a fictitious company.
The articles of incorporation may provide that the board must act in accordance with the directions of a body of the company (like the supervisory board). Often, a list of decisions requiring approval from the supervisory board is included.
The management board is required by law to provide the supervisory board in a timely manner with the requested information necessary for the performance of its duties. The supervisory board has the right to be informed in writing at least once a year by the management board. It must be informed about the outlines of the strategic policy, the general and financial risks and the management and control system of the company.
The supervisory board is responsible for providing the general meeting with all requested information, approving and co-signing the annual accounts and management proposals for merger or demerger. The supervisory board is also responsible for appointing an expert to audit the annual accounts if the general meeting has not done so. The supervisory directors must also attend the consultation meetings of the Works Council.
Does a director withdraw if there is a (potential) conflict of interest? A management board member or supervisory board member shall not participate in the deliberations and decision-making on a subject if he has a direct or indirect personal interest that (in brief) conflicts with the interests of the company. If the management board is unable to take a decision due to all directors being conflicted, the decision shall be taken by the supervisory board. In the absence of a supervisory board, the general meeting shall decide, unless the articles of association provide otherwise, which may, for example, provide that the management board may nevertheless decide.
An indirect personal interest could occur when, for example, a decision has to be made on
The board of directors is obliged to keep an administration of the financial situation of the legal entity and of everything concerning the activities of the legal entity, according to the requirements resulting from these activities, and to keep the books, documents and other data carriers belonging thereto in such a way that the rights and obligations of the legal entity can be known at all times. The board shall be obliged to prepare and print the balance sheet and the statement of income and expenditure of the legal entity annually within six months after the end of the financial year. Lastly, the board is obliged to keep the books, documents and other data carriers referred to in paragraphs 1 and 2 for seven years.
Questionable financiers could be lenders with a special interest or directors with an agenda of their own when donating or investing with company funds. Be aware of the company’s agreements and practice. Check out the motives of your directors. What motives play a role in performing the work? Are personal motives involved?
To prevent fraud (in the board) it is important to discuss the risk management in your company with the board of directors and supervisory board.
Recent events have made risk management and compliance an essential part of internal control. Modern administrative organization (A.O.) considers the character of the organization. With control measures (I.C.), you achieve effective and efficient internal control. Modern Administrative Organization is more risk-based with a strong focus on IT and soft controls.
The internal control system itself contains measures that are in in place to control the organization as a whole. The content of the control system is the quality of the various control measures to ensure that objectives and standards are realized. Hard controls are formal and tangible. Examples include organizational structure, policies, procedures and segregation of duties. Soft controls are informal and intangible. Examples include tone at the top, ethical climate integrity, trust and competence.
Are the (supervisory) board members familiar with and comply with the applicable Codes of Conduct? There are many codes of conduct that will often entail specific provisions about risk management and control systems to prevent fraud. Examples are the “Corporate Governance Code” for quoted companies, the “FIN-Code of Conduct” by the association of funds (“FIN”), Governance code Healthcare or the “Good health insurance practice Code of Conduct” by the branch association of Dutch health insurers and the “Pension Governance Code”.
Dutch political parties suggested a new law that says if companies do not conduct business ethically, they can be sanctioned (for example, the world cup in Qatar, clothing produced by ethnic minorities, child labor and environmental pollution).
The bill states that companies must write down abuses in their annual report and come up with a plan of action as to how they intend to resolve them. Supervision of this is then in the hands of the Consumer and Market Authority.
This reporting obligation applies to all companies with more than 250 employees and a turnover of 40 million euros. There will also be a duty of care, which smaller companies must also comply with. This means: If a company suspects wrongdoing, it must work on it. Each company thus also becomes responsible for the actions of all its suppliers.
Currently, there is a lot of criticism on the bill and it is not clear if and when this bill will come into force.
In short, have clear and transparent policies on the topics above. Both in the articles of incorporation or other internal regulations. Pay extra attention to bonuses, parties, “projects abroad” and favoritism. To prevent fraud it is important to have sufficient internal supervision. Make sure to be well informed and get expert advice!
Common forms of employee fraud include:
Each of these forms of fraud requires a different approach to prevent them.
The intellectual property of a business comprises of many facets, including, for instance, its innovations and inventions, but also its brand name and logos. A company relies on its intellectual property to set their business apart from other, similar, businesses, as well as to communicate their unique value to their customers. Any company director should make him- or herself acquainted with the most common types of intellectual property and ensure that these types of intellectual property are afforded optimal protection within their company. Intellectual property can be protected by patents, trademarks, trade secret protection or copyright protection.
While an important first step for company directors is to assess the intellectual property assets of the company, and ensure that these assets are afforded adequate protection through filing the appropriate applications, obtaining intellectual property protection will often not be enough to safeguard the most valuable assets of the company. This is in part due to the fact that not all sensitive information on the company will qualify as ‘intellectual property’. Information on, for instance, the customers or business strategies of a company may not qualify as intellectual property but can still be of great value to a company. Furthermore, it may take some time before applications for intellectual property rights, for instance patent applications, are decided upon by the relevant authorities. In the meantime, the invention will not be protected. Company directors are often unaware of the risk this poses, as any unauthorized disclosure of the invention after the application is filed but before the patent is granted may result in the patent application being denied on the grounds that the invention is ‘publicly known’. Non-disclosure agreements (NDAs) should therefore be concluded between the company and any party that has access to the company’s confidential information. Employees, too, must be bound by confidentiality obligations.
A non-disclosure agreement entails what information is secret, for what purpose it is provided and what the receiving party may and may not do. Be mindful of differences between jurisdictions. NDAs drafted based on U.S. models might not be recognized in the Netherlands. So, it is of crucial importance for companies seeking to impose confidentiality obligations to be mindful of these differences, and to draft these clauses in close consultation with local lawyers.
Although companies may ask their employees to sign separate NDAs, an employment agreement itself may also contain confidentiality clauses. We highlight three confidentiality clauses: a non-competition clause, a non-solicitation and a non-poaching clause. A non-competition clause prohibits employees of the company from being directly or indirectly active or involved in a business performing similar activities to the activities of a company for a certain period after the end of the employment contract. A non-solicitation clause, on the other hand, prohibits an employee from being active for or having contact with clients and business associates of the employer for a certain period after the end of the employment contracts. A non-poaching clause prohibits an employee from recruiting other employees to go with them to the new company.
Avoid (accidentally) employing fraudulent employees by screening them. Do they have a Certificate of Conduct (VOG)? Do their references check out and are their diplomas real? In addition, it is important to have a consistent policy about (preventive) monitoring of employees’ social media that must be known to all employees beforehand. Either via a works council or individually. Evidence collected from an employee’s social media might even be used in court. Furthermore, be on the lookout for personal risks like debt (for example, from gambling) as this might also motivate fraudsters.
For example, in early 2019, a U.S. Consulate employee was dismissed after it was revealed that she had not paid taxes in the Netherlands for 10 years. As a result, she had accumulated a tax debt of 175,000 euros. Seven years before, she also allegedly lied to the consulate that she was consulting with her tax advisor to resolve the situation. The employee did not agree with the dismissal and went to court. The court ruled in favor of the Consulate. The high tax debt could make the employee susceptible to corruption and blackmail. For example, according to the U.S. attorney, someone could offer to ‘help’ with her tax debt in exchange for favors, such as assisting in facilitating the visa process or passing on sensitive information.
Clear internal regulations in an employee handbook or code of conduct prevent ambiguity and favoritism. Rules may include:
Adding sanctions for non-compliance may discourage fraudsters even more.
The employer should consider setting up employees’ business accounts according to the company guidelines. An employer could also include whether, and if so, which social media sites can be accessed during work hours and to what extent they may be used. This often will depend on the position of the employee and the type of company. A sales manager of a software company will be allowed more social media activity than an accountant of a food wholesaler. In this regard, an employer may also take into consideration how often and to what extent emails and telephone calls are permitted for private purposes. This should not only apply to the use of company property but also to private devices such as smartphones, tablets, computers, etc.
Should a dispute arise between employer and employee about appropriate social media use, the Dutch courts will weigh the fundamental right of freedom of expression of the employee against the legitimate interest of the employer.
Employers are advised to make arrangements on whether LinkedIn contacts will have to be deleted or may be kept. Employers might also arrange that they have a say in the management of business-related social media. For instance, by having the passwords.
Limit access to company knowledge by only giving employees what they strictly need to do their job. If they only need certain information for a specific project, take away their access at the end of said project. Make sure temporary access is indeed temporary. Lastly, set IT alerts in case of unusual data traffic (such as, emails with large attachments).
It is important to have these regulations signed by employees and perhaps even adopted in individual employment contracts.
There may also be signs of fraudulent behavior in employee behavior. Employees that never seem to work with colleagues or always with the same colleague, have a lifestyle that does not fit their income, are always first in and last out of the office or often have ambiguities in their billing administration. Conduct a risk analysis of business processes and/or set up camera surveillance to limit the risks.
The Works Councils Act gives the works council (OR) a number of rights. These powers are: advisory right, right of consent, right of initiative and a right to information from the employer. Every company with fifty or more employees must have a works council. Companies with more than fifty employees must also have a whistleblower policy. The risks of fraud by members of the works council overlap with those of employees. For example, taking orders for the competitor, confidentiality clause violations or billing fraud might also occur in the works council. Because of its role, the works council has considerable knowledge of sensitive issues. Moreover, there is a significant role for prevention, due to their involvement with procedures for control of employees, malpractice and whistleblowers.
Making clear agreements about the process in advance helps in the cooperation between the Works Council and the board or management. Important subjects, when it comes to the right of consent, are the whistleblower policy, complaint policy, appointment of a new confidant and the health and safety policy.
The Prevention of Money Laundering and Terrorist Financing Act (Wwft) aims to combat money laundering and terrorist financing. Money laundering involves making illegally obtained assets legal so that their illegal origin is no longer visible. Terrorist financing occurs when assets are used to facilitate terrorist activities. The Wwft applies to accountants and to financial institutions, such as banks, money exchange offices, casinos, trust offices, investment institutions and certain insurers, notaries, lawyers, tax advisors and administration offices. The Wwft also applies to sellers of goods, intermediaries in the purchase and sale of goods, brokers and intermediaries in immovable property, appraisers of immovable property, operators of pawn shops and domiciliation providers.
Client due diligence provides information on who you are doing business with. You (and your company) must do this research before you conduct a sales transaction or brokerage assignment or before you enter into a business agreement with your client and provide services. You must ask for your client’s identity information and verify this information, record it and keep it for the next 5 years. What client due diligence looks like depends on the client you are dealing with and whether you suspect an increased risk of money laundering or terrorist financing in advance. Pay attention here to unusual transaction patterns and transactions that pose a higher risk of money laundering or terrorist financing. What measures is your company taking to apply to the Wwft?
In general, attention must be paid to representation authority, liquidity and solvency. It is possible to commit insolvency fraud by taking on debt while knowing you will never be able to pay off the loan or paying of loans of a specific creditor, knowing it will send you in to bankruptcy. Other important questions to ask are: What do the assets consist of? Are these assets subject to (conservatory/executory) attachment? Check the internet and your network. What are the experiences with the third party? Not only the sender but also the content of messages may point towards fraud. The documentation might be forged and/or incomplete.
You must always report if you suspect that a transaction or proposed transaction is related to money laundering or terrorist financing. You report an unusual transaction using the reporting program on the website of FIU-the Netherlands (Financial Intelligence Unit). You must register once before you can report a transaction.
Extra attention must be paid to cybercrime. Be careful when opening files or emails as they could contain malware. Be aware of phishing, CEO fraud and boiler room-organizations.
Malware or malicious software is software used to disrupt computer systems, collect sensitive information or gain access to private computer systems.
Phishing is a form of internet fraud. It is the fraudulent practice of sending emails or other messages purporting to be from reputable companies (often banks) in order to induce individuals to reveal personal information, such as passwords and credit card numbers. It usually contains a (banking) website, which is a copy of the real website, in order to have you log in there unsuspectingly – with your login name and password or your credit card. This gives the fraudster access to these data with all the consequences this entails. The fraudster poses as a trusted entity, such as a bank.
A common form of phishing that occurs in companies are emails supposedly from the CEO/CFO. They’ll ask a financial employee by email to transfer money urgently. You can hardly tell from the email message that a fraudster is behind this. This is also known as CEO fraud.
A boiler room-organization is a collective of fraudulent persons and organizations that, with slick salespeople, approach potential investors by phone with a “great” investment offer. Usually, it is not clear to the investor being called how the caller got his data. If you ask about that, the answer is usually evasive.
In case of fraud both criminal and civil prosecution is possible. Criminal charges might be forgery, embezzlement, swindling, bank breaking, fencing and money laundering. A civil procedure could lead to a warning, suspension or dismissal of employees/directors. With civil proceedings, injured parties can also seek annulment/dissolution of contracts or compensation for their damages in court. The civil court will oblige the fraudster to compensate the injured party’s damages. On the basis of the division of tasks alone, directors cannot exculpate themselves (even the articles of association are not enough, it is about the factual circumstances of the case).
An aggrieved party can also join the criminal proceedings and claim compensation in this way. The criminal court will impose on the fraudster an obligation to pay a sum of money to the state, the state then pays this to the injured party.
Fraud does not happen accidently, intent is a key element of fraud. When an employee makes a mistake (for example, transfer a sum of money to the wrong account), it’s not necessarily fraud.
Taking out fraud insurance is recommended. This could save a lot of money and trouble. Insurance might cover external fraud like CEO fraud and theft by third parties as well as internal fraud like criminal activities of employees. They might also cover costs of the consequences of fraud like a court procedure. But don’t leave the door open if you don’t want to get robbed!
In summary, internal control in the form of internal regulations, NDAs, confidentiality clauses and the presence of a supervisory board prevent ambiguities and favoritism and discourage fraudsters. Have a close look at the applicable regulations and authorizations: are the rules being followed and could they be better formulated to minimize the risk of fraud? Screen employees (including directors) and pay attention to possible personal motives and conflicts of interest. Risk assess business processes to prevent leakage and check out trading partners. Last but certainly not least, be mindful of the growing risk of cybercrime. Make sure your company is well informed and insured.
It is important to seek legal advice at an early stage in order to seek the best solution when you are dealing with fraud. Furthermore, we could offer a helping hand in drafting articles of incorporation, employment agreements, employee handbooks, NDAs and confidentiality clauses.
Please contact us:
Ruim een kwart van de bedrijven is nog niet klaar voor de ESG-rapportage, de duurzaamheidsverslaggeving die vanaf 2025 verplicht is. Aan welke regels moeten ondernemingen gaan voldoen? En welke eisen gelden nu al?
Per 1 januari 2024 wordt de 30%-regeling, de belastingvrijstelling voor expats, verminderd, zowel wat betreft de duur als de hoogte ervan. Hoe ziet de nieuwe regeling eruit? En wat betekent de wijziging voor expats die nu al in Nederland zijn?
Moet je werknemers toestaan te werken vanuit een ander land? Deze vraag legde Jolein de Rooij voor de NRC voor aan Jan Dop en Farhana Mahabali van Russell Advocaten.
Per 1 januari 2024 verandert de hoogte van het wettelijk minimumloon en het minimum jeugdloon. Ook wordt het minimumloon vervangen door het wettelijk minimumuurloon, dat niet langer afhankelijk is van de omvang van het voltijds dienstverband. In deze blog vindt u de nieuwe bedragen.
Het wordt nog makkelijker om in Nederland een bedrijf te starten. Vanaf 1 januari 2024 kan het oprichten van een bv geheel online. Wat verandert er?
Een op de drie werkgevers in Nederland bindt werknemers aan een concurrentiebeding. Dat is echter lang niet altijd nodig en belemmert werknemers in hun vrijheid om een nieuwe werkkring te kiezen. De regering wil daarom dat het concurrentiebeding aan strengere eisen voldoet. Wat betekent dit voor werkgevers? Onder welke voorwaarden blijft een concurrentiebeding geldig?