Corporate Governance

Fraud & Corruption Control Policy

1. EXECUTIVE SUMMARY

1.1 Introduction

In line with the Australian Standard on Fraud and Corruption Control, the objectives of this policy are:

  1. the elimination of internally and externally instigated fraud and corruption against Dark Blue Sea Ltd and its subsidiaries ("the Company");
  2. the detection of all instances of fraud and corruption against the Company in the event that preventative strategies fail;
  3. the recovery for the Company of all property dishonestly appropriated or secure compensation equivalent to any loss suffered as a result of fraudulent or corrupt conduct; and
  4. the suppression of fraud and corruption by the Company against other entities

1.2 Definition of fraud

Dishonest activity causing actual or potential financial loss to any person or Company including theft of moneys or other property by employees or persons external to the Company and whether or not deception is used at the time, immediately before or immediately following the activity. This also includes the deliberate falsification, concealment, destruction or use of falsified documentation used or intended for use for a normal business purpose or the improper use of information or position.

1.3 Definition of corruption

Dishonest activity in which a director, executive, manager, employee or contractor of an Company acts contrary to the interests of the Company and abuses his/her position of trust in order to achieve some personal gain or advantage for him or herself or for another person or Company.

1.4 Statement of attitude to fraud and corruption

The Company is committed to establishing a positive organisational culture which does not tolerate fraud and corruption within the organisation and which provides an effective system for identifying and reporting such activity.

The Company is committed to ensuring that the senior management has a high level of understanding of how to identify the risks of fraud and corruption within the Company and that management fulfils their responsibility for establishing controls and procedures for prevention and detection of such activities.

1.5 Relationship with the company’s other policies

This policy is to be read in conjunction with all other Company policies.

2. SUMMARY OF FRAUD AND CORRUPTION CONTROL STRATEGIES

2.1 Appointment of a Fraud Control Officer

The Company’s Corporate Counsel shall be appointed as the Fraud Control Officer (unless otherwise appointed by the Board).

The Fraud Control Officer shall be responsible for implementation and ongoing monitoring of this policy, to coordinate the fraud and corruption risk assessment process, to record and collate fraud and corruption incident reports and to conduct or coordinate the Company’s investigations into allegations of fraud and corruption.

2.2 External assistance to the Fraud Control Officer

Senior Management of the Company (including the Chief Executive Officer, Chief Financial Officer and Chief Operating Officer) and Department Managers/Supervisors shall provide all necessary assistance to the Fraud Control Officer.

2.3 Fraud risk management (including fraud risk assessment)

The Company shall conduct periodic reviews and assessment of fraud risk and the strategies implemented to combat such fraud in accordance with section 3 below.

2.5 Fraud awareness

The Company shall provide appropriate fraud awareness information (including a copy of this policy) to all personnel upon commencement of employment with the Company, or as soon as practicable thereafter.

2.6 Fraud detection

The Company shall implement a system aimed at quickly identifying instances of fraud and corruption in the event that prevention strategies fail.

The Company’s Fraud Detection Program shall consist of the following:

  • targeted post transactional review;
  • strategic use of computer systems including effective data mining and real-time transaction assessment to identify suspect fraudulent transactions; and
  • analysis of management accounting reports.

2.7 Fraud reporting

It is important that all instances of fraud and corruption detected within, against or by the Company are reported to senior management and separately to each member of the Board, via the appropriate communication channels.

It is also important that all Company personnel have alternative means by which to report matters of concern involving allegations of unethical or illegal behaviour. This will involve avenues through which employees and others with concerns or allegations may report their suspicions.

Reports of behaviour or activity involving possible fraud or corruption may be communicated to Senior Management:

  • through the normal reporting channels, ie directly to Senior Management;
  • outside the normal reporting channels but within the Company (ie. via the Fraud Control Officer, either in person or anonymously); and
  • through reporting channels external to the Company.

The objective of having alternate reporting mechanisms is to ensure that:

  • all actual or potential fraud and corruption control system failures are identified and rectified in an appropriate way; and
  • systemic and recurring problems of non-compliance are reported to those with sufficient authority to correct them.

2.8 Investigation of fraud and other improper conduct

All reported incidence of actual or suspected fraud and/or corruption shall be investigated in accordance with section 7 below.

2.9 Internal control review following discovery of fraud

In each instance where fraud or corruption is detected, the Fraud Control Officer and Senior Management should reassess the adequacy of the internal control environment (particularly those controls directly impacting on the fraud incident and potentially allowing it to occur) and consider whether improvements are required.

Where improvements are required, these should be implemented as soon as practicable. The responsibility for ensuring that the internal control environment is re-assessed and for ensuring that the recommendations arising out of this assessment are implemented should be allocated in advance. A summary of recommendations or requirements for the modification of the internal control environment should be provided to the manager of the department concerned.

3. FRAUD AND CORRUPTION RISK MANAGEMENT

3.1 Regular program for fraud risk assessment

The Board shall carry out a detailed fraud risk review and assessment every two years.

In addition, at least every twelve months, all business units (or at least all business units with an apparent disposition to fraud) should ensure that strategies developed during the course of the most recent fraud risk assessment are reviewed for effectiveness and amended where necessary.

The Fraud Control Officer should be allocated responsibility for co-coordinating compliance with the twelve monthly reviews of fraud mitigation strategies in addition to the biennial fraud risk assessment by the Board.

3.2 Ongoing review of fraud control strategies

The Company’s fraud control strategies shall be reviewed annually by senior management (in conjunction with the Fraud Control Officer), taking into account such things as any organizational or operational restructuring, staff turnover, changing technology and environmental changes.

3.3 Fraud risk assessment

One of the primary objectives of the risk assessment process is the creation and maintenance of a ‘Risk Register’, being a prioritized listing of all potential fraud and corruption risks facing the Company or at least facing those elements of the Company that are considered to be at high risk relative to other business units.

The Company should periodically conduct a comprehensive assessment of the risk of fraud and corruption within its business operations as set out below.

The Company should periodically review the effectiveness of the action items arising from the most recent fraud and corruption risk assessment. An analysis of each action item should be carried out to ensure all have been implemented. Any that have not been fully implemented should be considered for relevance and likely impact on the risk it was intended to mitigate.

The Company should consider the involvement of external expertise in the review of fraud and corruption control strategies, for example, expertise in IT or legal compliance.

The Company should also consider benchmarking its own performance in this area against other entities operating in the same industry sector. The benefits flowing from each action item should be compared with the intended benefits and any necessary adjustments made.

The fraud and corruption risk assessment should be conducted in accordance with the principles set out in AS/NZS 4360.

In relation to each risk identified, AS/NZS 4360 contemplates an assessment and consideration of:

  • likelihood of the risk occurring; and
  • consequence for the Company if the risk did occur.

In addition, the Company, when carrying out an assessment of fraud and corruption risk, should ensure that the assessment:

  • reflects the risk across the range of the Company’s operational and administrative functions;
  • is capable of adequately measuring the risks in a comparable way;
  • is capable of providing a supportable rating of the risks of fraud;
  • is amenable to fine-tuning as appropriate; and
  • is capable of being replicated.

The Company shall carry out an assessment of fraud and corruption risk using a facilitated or consultative workshop approach involving maximum input of personnel from the business unit being assessed to identify and assess the risks relevant to that business unit.

3.4 Implementation of proposed actions

Based on the level of residual risk for each risk identified and assessed, the Company shall develop one or more proposed actions aimed at achieving one or more of the following:

  • Alteration to existing internal control procedures.
  • New internal control procedures.
  • Procedures aimed at detecting fraud.
  • Fraud prevention strategies.

Proposed actions may also be developed in relation to risks assessed as being of a lower level of residual risk.

All actions proposed by the risk assessment team should be validated with management or senior management as appropriate prior to implementation.

The Company should also to develop a strategy that will ensure comprehensive implementation of the proposed actions and provide for a periodic check of progress.

4. PROCEDURES FOR REPORTING FRAUD AND CORRUPTION

4.1 Internal reporting

The Company should implement a policy for the active protection of whistleblowers and should ensure that the policy is well understood by all personnel.

In order to encourage the prompt reporting of concerns and suspicions, the Company should adopt a policy of encouraging staff that have knowledge of fraudulent or corrupt conduct to come forward. Staff should feel able to report a fraud or corruption concern directly to their manager or supervisor and should also have alternative means of raising concerns and suspicions outside the usual channels.

4.2 Reports by members of staff

Reporting of suspected cases of fraudulent or corrupt conduct by Company personnel can be made either personally to either their manager or supervisor or to Fraud Control Officer. Reports can also be made anonymously, by leaving an unsigned/unidentified copy of the report in a sealed envelope at the office of the Fraud Control Officer (either on their desk, or under their office door, if the office is locked).

4.3 Protection of employees reporting suspected fraud

Employees reporting suspected cases of fraud and/or corruption shall be protecting from retribution, vilification or other consequences pursuant to the terms of the Company’s Whistleblower policy (if applicable), irrespective of the method used to report suspected cases of fraud or corruption.

4.4 Reports to the police

Employees should not report suspected cases of fraud and/or corruption to police, without first referring the matter to senior management and/or the Fraud Control Officer, who will investigate the matter before determining whether there are sufficient grounds for reporting such activity to the Police.

4.5 Recovery of the proceeds of fraudulent conduct

The Company shall take all reasonable steps (including the institution of criminal or civil proceedings) to recover property of the Company that has been misappropriated or otherwise been obtained as a result (either directly or indirectly) of fraud or corruption.

5. EMPLOYMENT CONDITIONS

5.1 Pre-employment screening

Pre-employment screening should be carried out by the Company for all new employees.

Consideration should be given to the following pre-employment screening:

  • Verification of identity (eg. birth certificate, driver’s licence).
  • Police criminal history.
  • Reference check with the two most recent employers – this will normally require telephone contact.
  • A consideration of any gaps in employment history and the reasons for those gaps.
  • Verification of formal qualifications claimed.

For prospective employees with particularly sensitive position descriptions, a more thorough process may be required.

In order to carry out the pre-employment screening referred to above, it will be necessary to have the prior express permission of the candidate.

6. CONFLICT OF INTEREST

6.1 The impact of conflicts of interest

A conflict of interest involving personnel of the Company may result in the person acting in his or her own self-interest rather than the best interests of the Company.

6.2 Register of interests

Personnel of the Company must immediately disclose all actual and potential situations which may involve a conflict of interest as soon as the person becomes aware of such circumstances.

6.3 Conflict of interest policy

All Company personnel must sign an annual statement to the effect that they have complied with all necessary corporate policies in connection with conflicts of interest, disclosure of confidential information and other codes of conduct.

7. PROCEDURES FOR FRAUD INVESTIGATION AND PROSECUTION

7.1 Internal investigations

All reported cases of suspected fraud and/or corruption shall be investigated by the Fraud Control Officer and/or senior management.

Information provided anonymously should be subject to a preliminary examination and investigation of the available evidence in order to confirm the veracity of the allegations, with a more complete investigation only undertaken if the information received from anonymous sources is appropriately supported by evidence.

All investigations should be conducted by appropriately skilled and experienced personnel who are independent of the business unit in which the alleged fraudulent or corrupt conduct occurred.

This independent party may be an external law enforcement agency, a manager or other senior person within the Company itself or an external consultant operating under the direction of an independent senior person within the Company.

Any investigation and resulting disciplinary proceedings should be conducted in an atmosphere of transparency at all times ensuring that the rules of natural justice are observed.

The overall guiding principles of any investigation into alleged improper conduct are independence and objectivity.

An investigation should comply with all relevant legislation in the jurisdiction in which action will or could be initiated.

A person conducting an investigation into allegations for misconduct should ensure that information arising from, or relevant to, the investigation is not disseminated to any person not required by their position description to receive the information.

An investigation will potentially involve some or all of the following steps:

  • Interviewing of relevant witnesses including obtaining statements where appropriate including witnesses internal and external to the Company.
  • Reviewing and collating documentary evidence.
  • Forensic examination of computer systems.
  • Examination of telephone records.
  • Enquiries with banks and other financial institutions (subject to being able to obtain appropriate Court orders).
  • Enquiries with other third parties.
  • Data search and seizure.
  • Expert witness and specialist testimony.
  • Tracing funds/assets/goods.
  • Preparing briefs of evidence.
  • Liaison with the police or other law enforcement or regulator agencies.
  • Interviewing persons suspected of involvement in fraud and corruption.
  • Report preparation.

Any investigation into improper conduct within the Company should be subject to an appropriate level of supervision by a responsible committee within the Company having regard to the seriousness of the matter under investigation. In serious cases, it is contemplated that the relevant committee will be the audit committee, the ethics committee or the Board of Directors.

7.2 External investigative resources

If an external party is engaged to assist with the conduct of the investigation, all persons engaged should be appropriately qualified to deliver the work contemplated by reason for formal qualifications and relevant experience. It is important also that any investigation accords with acceptable practices within respective jurisdictions and any person conducting such an investigation is an acceptable person within the jurisdiction(s) in which the investigation is being conducted.

An "acceptable practice" refers to affording fairness and propriety to possible suspects so that their rights are not impinged upon. That also means that any evidence obtained during the course of an investigation from whatever source complies with jurisdictional requirements in order to guarantee the sufficiency of evidence should charges result.

An "acceptable person" refers to the individual integrity of employees engaged to investigate relevant matters. Do they undergo police checks or other vetting process when they are recruited? Have ex-police officers who have been dismissed (or given the opportunity to resign) been employed as investigators? Has the investigator ever been discredited as a witness?

External parties engaged to assist in investigations on the Company’s behalf should be required to enter into a binding agreement in relation to the release of confidential information coming to his or her possession during the course of the investigation.

External consultants need to have appropriate expertise when conducting investigations. They may also need to have access to other resources to deal with technical queries or legal issues as they arise.

7.3 Disciplinary proceedings

The ultimate outcome of disciplinary proceedings related to any case of fraud or corruption shall be at the discretion of the Board and may involve the admonition, termination, demotion, fining or reduction in seniority of an employee or other internal person.

7.4 Prosecution

The Company should ensure that they have a policy on whether and how allegations of fraud and corrupt conduct should be reported to the police or other law enforcement agency.

On reaching a finding that there is evidence of fraud or corruption in respect of an allegation or series of allegations, the Company should undertake a formal process to form a view as to whether the matter is one that ought to be reported to the relevant law enforcement agency for investigation and therefore, potentially, prosecution.

In the event that a decision is made to refer the matter to the appropriate law enforcement agency, the Company should give an undertaking to the law enforcement agency that it will do all that is reasonable in assisting the law enforcement agency to conduct a full and proper investigation. This may involve the Company committing financial and other resources to an investigation either for or independently of the law enforcement agency.

As a minimum, the Company should provide the following items to the law enforcement agency (the Company should elicit from the law enforcement agency particulars as to how this material should be presented to ensure minimal duplication of effort):

  • A summary of the allegations.
  • A list of witnesses and potential witnesses.
  • A list of suspects and potential suspects.
  • Copies of all statements, depositions or affidavits obtained to that point including and in particular, any written statement made by the subject of the investigation.
  • A copy of the transcript of any interview conducted with a person suspected of involvement in the matters alleged.
  • A copy of any electronic media on which such interviews have been recorded.
  • Copies of all documentary evidence obtained to that point (ultimately the law enforcement agency will probably require the original documents in which case copies should be retained by the Company).
  • Any charts or diagrammatical summaries of the allegations and evidence that the Company may have produced.
  • Contact details.

7.5 Documentation of the results of the investigation

Adequate records must be made and kept of all investigations, disciplinary proceedings and prosecutions. These records should be kept in accordance with relevant privacy legislation and other relevant best practice guidelines.

8. INTERNAL AUDIT STRATEGY

8.1 Internal audit capability

The Company recognizes that the internal audit function can, in the context of addressing all business risks, be used effectively to prevent and detect fraud and corruption.

Senior Management should ensure, through the annual internal audit plan (endorsed by the Audit Committee) that the internal audit resources available to the entity are applied to best effect in terms of preventing and detecting fraud and corruption against the entity.

8.2 Internal audit fraud control function

The Audit Committee, in the context of addressing all business risks, should be used effectively to prevent and detect fraud and corruption. Management should ensure, through the annual internal audit plan (endorsed by the Audit Committee, if applicable) that the internal audit resources available to the Company are applied to best effect in terms of preventing and detecting fraud and corruption against the Company.

9. REVIEW OF FRAUD CONTROL ARRANGEMENTS

This policy shall be reviewed by the Board (on recommendations from the Audit Committee) every two (2) years.

Adopted by the Board on 26 April, 2006

Policies