Over the past few years there have been at least two lawsuits filed, where an asset manager had committed fraud, either with a Ponzi scheme or some other means, and where the firm had claimed compliance with GIPS(R) (Global Investment Performance Standards). When someone suffers, financially or in other ways, it is often the case that they use a "shotgun" approach to be compensated for their loss: that is, they will sue whoever they can, even if their relationship to the crime/infraction/accident is tenuous. And so, it is perhaps not surprising that in these cases, the claimants have gone after the firms' GIPS verifiers, for failing to detect the fraud.
When this first surfaced I was asked by one publication what my thoughts were. While recognizing that fraud detection isn't part of the verifier's mandate, if a verifier stumbles upon something that looks improper or illicit, I suspect it would be reasonable to expect them to pursue the matter and report it to the appropriate authorities. Consequently, if fraud is discovered or suspected, it would be appropriate and, arguably expected, that the verifier take some action. A representative from the CFA Institute responded that verification isn't designed to detect fraud, which is almost a black-and-white statement, which I do not disagree with.
The defendant in one lawsuit is seeking a "summary judgment," meaning they are arguing that the plaintiff lacks enough of a case for the suit to move forward. They have raised several points, including a claim that they are not liable for "professional negligence," since the they are not responsible for detecting fraud.
The plaintiff, on the other hand, argues that based on the work the verifier is to do in the course of the verification, that they should have discovered fraud. Further they state that the fact that they weren't hired to detect fraud (who would be?) doesn't excuse them from the responsibility to report it.
The legal authority who is reviewing these materials decided that the defendant's argument, that fraud discovery was beyond the scope of the engagement, is inappropriate, and the defendant appears not to have been successful, at least in this point, to achieve their goal to have the case dismissed.
For verifiers this may ultimately be a "landmark case," if they hold that the verifier has an expected responsibility to detect fraud. Granted, this is a suit that is filed at the state, not federal, level, and so its appropriateness in other cases, in other states or countries, may be weak from a precedent standpoint, though I suspect that future plaintiffs and their attorneys will at least reference it in their arguments.
It's time for the GIPS verifier subcommittee to address this topic outright: to state clearly what the verifier's responsibility is for fraud detection. Without such a formal statement, verifiers may have little to stand on.
I, for one, feel that verification should not be expected to detect fraud. That being said, I also feel that the verifier must be sensitive to the potential for fraud, and if they discover it, to take appropriate action. I am confident that the subcommittee can come up with language that is appropriate. To do nothing, especially given this and other cases which are currently being pursued, would be a disservice to our industry.