Corporate America can learn a lesson or two from the legal battle unfolding between Netflix and one of its former executives, accused of carrying out a complex kickback scheme while employed at the streaming-media giant. The case is the latest cautionary tale of what can happen to a company when proper internal controls are not in place.
In a lawsuit filed last month in California Superior Court, Netflix alleges that Michael Kail, former vice president of IT operations, breached his fiduciary duties and duty of loyalty, and engaged in fraud, when he secretly received “commissions” ranging from 12 to 15 percent of total invoice amounts paid by Netflix to two vendors for IT-related products and services. Kail funneled these payments to himself through a consulting company called Unix Mercenary that he established.
According to the complaint, Netflix discovered the kickback payments after Kail left the company in August to assume his current role as chief information officer for Yahoo. In the complaint, Netflix said it paid the vendors, Vistara and NetEnrich, a total of $3.7 million since 2012; that would put Kail’s potential kickback earnings from $450,000 to $560,000.
Kail’s personal arrangements were not limited to two vendors. After Kail departed Netflix in August 2014, Netflix also discovered that Kail may have received other benefits from companies that contracted with Netflix, including but not limited to stock from such companies, the lawsuit stated. Since Netflix filed the lawsuit, Kail has remained tight-lipped.
“This is a classic case of poor internal controls,” says Joseph Spinelli, managing director at Navigant Consulting. “The fact of the matter is that if Netflix had the proper internal controls in place, this would have been picked up immediately.”
Instead, Kail was able to perpetuate his kickback scheme over a long period of time. “I really find it hard to believe this is the first time that this guy has done anything like this,” says Lee Buby, a practice leader at Haskell & White, an accounting, auditing, and tax consulting firm. Setting up a consulting company as a conduit for kickbacks doesn’t occur overnight, he says.
One of the biggest mistakes Netflix made was giving Kail carte blanche to both negotiate and execute contracts for IT-related products and services on behalf of the company—a no-no in segregation of duties. “Kail was a trusted, senior-level Netflix employee, with authority to enter into appropriate contracts and approve appropriate invoices,” the complaint stated.
“This is a classic case of poor internal controls. The fact of the matter is that if Netflix had the proper internal controls in place, this would have been picked up immediately.”
Joseph Spinelli, Managing Director, Navigant Consulting
Specifically, Kail’s job responsibilities included approving invoices for payments that third parties would request related to IT products and services purchased by Netflix, and he “did so without disclosing to Netflix that he was receiving commissions on the amounts that Netflix paid to these third parties,” the complaint stated. After Kail approved these invoices, Netflix would pay the third parties.
The wider lesson that Netflix’s situation brings to light is the importance of having an extra set of eyes to review contracts, and having those contracts go through multiple signatures, Buby says. “All significant contracts should be reviewed by legal counsel.”
Furthermore, contracts should be reviewed by a senior-level executive, ideally by somebody who understands the service or product being offered, and who would know whether the terms of the contract are appropriate, Buby says. This person should not also be responsible for processing the payments, however.
Nature of the Action
Below is an excerpt from the case summary in Netflix v. Kail.
Plaintiff Netflix hired defendant Michael Kail in 2011. Kail worked at Netflix until August 2014 and his final position at Netflix was as vice president of information technology operations. Kail was a trusted, senior-level Netflix employee, whose job responsibilities included negotiating and executing contracts on Netflix’s behalf for products and services supporting Netflix’s information technology (IT) management.
After Kail departed Netflix in August 2014, Netflix discovered information indicating that, on information and belief, two third-party companies were paying Kail ‘commissions’ on the invoice amounts for products and/or services that Netflix paid to these third-party companies.
Netflix is informed and believes that these two third-party companies were paying Kail commissions that ranged between approximately 12-15% of the total invoice amounts paid by Netflix. Netflix is informed and believes that these two third-party companies were paying these commissions to, at least Kail’s personal consulting company, defendant Unix Mercenary LLC.
Netflix is also informed and believes that, during his employment with Netflix, Kail recommended and/or advocated within Netflix that Netflix enter into many of the agreements and contracts with these third parties pursuant to which the third parties later paid commission to Kail.
Netflix is also informed and believes that, for many of these invoices, Kail was the Netflix employee responsible for approving these third-party invoices for payment by Netflix. Netflix is further informed and believes that Kail did approve many of these invoices and did so without disclosing to Netflix that he was receiving commissions on the amounts that Netflix paid to these third parties. Netflix is also informed and believes that, for many of these invoices, Netflix paid these invoices to the third-party companies on the basis of the fact that Kail provided approved for Netflix to pay such invoices.
After Kail departed Netflix in August 2014, Netflix also discovered that, on information and belief, Kail may have received other benefits from companies that contracted with Netflix, including but not limited to stock from such companies.
In light of such findings, Netflix brings this lawsuit to obtain compensation and restitution for the damages and harm inflicted on Neflix as a result of Kail’s actions.
Source: Netflix v. Kail.
Netflix’s situation also speaks to the importance of having in place continuous monitoring and testing of internal controls. “This is something that should have been caught by internal audit or compliance when they were monitoring and testing their internal controls, which should be done continuously,” Spinelli says.
Internal auditors should be able to recognize red flags. “Auditing is one thing, but auditing with the eyes of a fraud investigator is another thing,” Spinelli says.
Red flags that may suggest a potential kickback scheme include undocumented payments not governed by any contract, payments made in cash, and services in excess of their fair market value.
Beyond internal controls, companies should also have appropriate policies in place regarding vendor and customer relationships, Buby says. Make sure employees are aware of those policies, including knowing what a kickback is.
And, he adds, “A whistleblower hotline goes without question here.” That hotline should further be available to all employees, vendors, and customers, he says.
Most large companies should already have internal controls in place to detect a scheme like the one perpetuated by Kail. “It’s surprising to me that something like this happened at such a high-profile company,” Buby says. A kickback scheme of this type is more apt to happen at a small to mid-size company, he says, which tends not to have as many, or to have less-developed internal controls than large ones.
Despite the unusual circumstance of Netflix’s situation, the reality is that any company can fall victim to a kickback scheme perpetuated by one of its employees. “Arranging for kickbacks is probably one of the easier frauds to perpetrate and to cover up,” Buby says.
For certain industries that may face a higher risk of fraud, “it might make sense to have a policy in place that says, ‘No vendor will be used for X percent of our business,’” Buby says. If an employee then does engage in a kickback scheme, at least the damage should not be severe.
Cultural considerations also must come into play when establishing effective internal controls. “Any time you’re doing business with companies in a foreign culture that might have a slightly more acceptable view of this sort of practice, you need to have a little more diligence and an extra set of eyes on these things,” Buby says.
Companies should also take care to ensure they’re not incentivizing inappropriate behavior. Aligning each executive’s incentives with the company’s goals, and awarding them with appropriate compensation for achieving new business opportunities is of “utmost importance,” Buby says. “If cost-of-sale is not in line with the budget or competitors are achieving better margins, that should reflect in the executive’s compensation.”
With appropriate checks and balances in place, companies can significantly reduce the likelihood of falling victim to a kickback scheme, and avoid suffering the same fate as Netflix.