Much focus recently has been on fraudulent activity committed against individuals. In its November 2022 report, Fighting Fraud: Breaking the Chain, the House of Lords Fraud Act 2006 and Digital Fraud Committee said that, in the previous 13-month period, 89% of fraud victims were individuals rather than organisations or businesses.
But having said that, Andrew Northage, a partner in the Regulatory & Compliance team at Walker Morris still considers fraud to be a significant threat in corporate environments. He cites the UK findings of PwC’s Global Economic Crime Survey 2022 which “showed that 64% of businesses had experienced fraud, corruption or other economic/financial crime in the previous two years, up quite significantly from 56% in 2020.”
For Northage, “the pressures of the economic climate on both businesses and individuals, combined with factors such as the increasingly rapid rise of digitisation and the move to more remote working patterns, continue to provide internal and external fraudsters with the motivation and opportunities to commit fraud against corporates.”
And new technologies such as artificial intelligence making the commission of fraud easier, more targeted, and more convincing to unsuspected victims. It doesn’t help that some employees are turning to fraud to maintain their lifestyle.
Taking a chance
The opportunities for committing fraud in a corporate environment depend to a large extent on where the areas of weakness are in structures and defences.
For Northage typical frauds include cybercrime, business impersonation fraud, supplier/supply chain fraud, mortgage fraud, employee fraud such as payroll fraud and false accounting, and money laundering. He adds: “The increasingly rapid rise of digitisation has facilitated fraud across borders and can make it difficult to trace perpetrators.”
Another area of concern for Northage is the rise of ‘greenwashing’ – the practice of making often exaggerated claims about a business’ environmental credentials and the sustainability of its products, services, and environmental impact. Most wouldn’t think of this as out and out fraud, but it is and as he says, “with the focus very firmly on companies’ compliance with ESG requirements, this is certainly an area to watch.”
And then there are the risks that follow on from the move to remote working patterns; this has affected the value of typical fraud prevention and detection measures “if,” as Northage comments, “they haven’t been updated to reflect the change in working practices post-pandemic.”
It shouldn’t be forgotten that fraudsters have become ever-more sophisticated in recent years. Firms, reckons Northage, can be considered ‘at fault’ if they don’t put in place robust processes. He’s bothered that “not all companies have the necessary controls in place to effectively manage fraudulent activity from outside and from within.”
According to the Association of Certified Fraud Examiners (ACFE) Report to Nation 2022, in 29% of cases there was a lack of control measures and in 20% of cases control measures were overridden – almost half of frauds were self-inflicted because there may have been no control systems in place to prevent the fraud or those in place were not adequate and were overriden.
Discovery
The worrying part of fraud is that the majority aren’t ever discovered – at all. PwC’s Global Economic Crime and Fraud Survey 2022 noted that “51% of surveyed organisations say they experienced fraud in the past two years, the highest level in our 20 years of research.” But what of the other 49%? Are they really trouble-free?
Here Northage says that fraud “is typically discovered through the measures that businesses have in place as part of their internal controls – not necessarily related to fraud detection – such as audits, and also as a result of whistleblowing.”
Clearly there are more vulnerabilities in SMEs as they may not have resources to address potential attack risks. To say, ‘it will not happen to us’, ‘all of our staff are honest’, or ‘we are a family business’ is to be negligent.
A typical fraudster and fraud?
When asked about a typical fraudster and fraud, Northage focuses on internal or employee fraud. He prefers not to talk about a ‘typical’ fraudster as “even the most diligent employee can become a fraudster if the conditions are right”. Instead, he says that “there are certain indicators that companies can look out for, based on the ‘fraud triangle’ of opportunity, motive or pressure and justification or rationalisation.”
But for Northage, senior staff or those subject to less managerial or other oversight, and/or those with access to the company’s financial systems or key assets, are more likely to fall within the higher risk category, together with disgruntled employees or those working their notice period. He says that “behaviours to look out for include personal or financial problems or unusual spending habits, being secretive about work, working long hours and/or not taking holidays, paying more attention than usual to a particular company customer or supplier, and becoming aggressive when challenged.”
Devastating impact
Aside from financial losses caused by the fraud itself, Northage says that “the most damaging consequence tends to be the reputational damage caused to the company and the loss of trust of customers and third parties that it deals with. And fraud committed by a senior employee can exacerbate the damage.”
On top of that there’s the effect on staff morale and the significant time and costs involved in investigating and dealing with the incident and hiring new staff.
Lastly, it shouldn’t be forgotten that senior management risk criminal sanction for their (in)activity in this sphere. Indeed, Northage details that “depending on the nature and circumstances of the fraud and the extent of the director’s involvement in it, they could face regulatory investigations, disqualification, imprisonment, fines, claims brought by the victim or victims of the fraud, shareholder action – the list goes on.”
Ultimately…
At the end of the day, prevention is better than cure as it can be very difficult to prove dishonesty once it has occurred. But it’s worrying that businesses do not seem to have the appetite to gather evidence and prosecute – many deal with the matter internally and move the problem on. And that means fraudsters are out there.
Go to comments