The current crisis, with furloughed teams, remote working and management preoccupied with protecting the business, presents the perfect conditions for fraudsters.
Management teams of financial businesses in particular need to be on their guard right now.
In times of most global crises — whether a financial crash, economic slump or the current pandemic — a spike in corporate fraud typically tends to follow.
Figures from the Office for National Statistics showed that after the financial crisis in 2008 the number of people charged with fraud offences increased by 21 per cent in the following two years.
Key Points
- Business are vulnerable to fraud in times of stress
- There are steps companies can take to prevent fraud from happening
- Small businesses are just as much at risk as larger businesses
This occurred for a variety of reasons. First and foremost, there is increased opportunity for fraudsters.
Senior management teams of most companies are rightly focused on other things — trying to keep their businesses afloat and their staff in jobs for a start.
A perfect storm
In ‘good times’ fraudsters, in my experience, are motivated by greed.
A typical example is Alistair Greig, who owned and ran Midas Financial Solutions; as reported in FTAdviser last month, he helped himself to investors’ funds in order to fund his lavish lifestyle, with almost £6m going into his own bank accounts.
However, in times of crisis, motivation is driven more by need (or perceived need) due to the heightened concern over financial security.
This may lead to an increase in various types of frauds that financial businesses will need to consider:
- Employee fraud (eg, payment of a fictitious supplier invoice);
- Management fraud (eg, manipulation of results to boost profits);
- Third-party fraud (eg, external targeting of a ‘cash-rich’ business to extract funds); and
- Investor fraud – in the current low return environment, investors will be looking for alternatives. If the advertised returns are too good to be true, they usually are (FTAdviser reported on February 5 2020 that victims lost £339m to investment fraud in 2019).
In the current coronavirus lockdown with increased home working, especially in the financial services sector (with fewer people at work overseeing finance, security and operations) fraudsters will have more opportunity, with less scrutiny, more freedom and fewer questions asked.
Combined, all these factors make a global crisis the perfect climate for fraud to germinate and gather pace.
Fraud is likely to hit businesses even harder
Fraud was perceived as the number one financial crime in 2019 according to the Resilience Barometer 2020 – a recent global study of over 2,000 senior executives by FTI Consulting – with 24 per cent reporting exposure to it.
If we were to apply this percentage to the 2019 turnover of FTSE 350 companies and based on an average loss on 5 per cent of annual turnover, this would mean an enormous £28bn was lost to fraud in 2019 in the FTSE 350 alone.
Even if the 5 per cent figure was an overstatement and it was closer to 1 per cent, this would still be sizeable and indicative of a serious risk for businesses.
But one thing we can be certain about is that corporate fraud costs the financial sector a huge amount year on year, and the Resilience Barometer also identified that fraud would be the number one financial crime in 2020, with 28 per cent of executives believing their companies would be exposed to it (up 16 per cent on 2019).
How are companies handling investigations?
In buoyant financial markets, such as 2019, we saw many companies taking a commercial view on dealing with discovered frauds. Some investigated whether there was a high chance of recovery or if a regulator made it imperative. Others ‘moved the person on’ to stop any further losses.
Companies will be taking an even more commercial view in 2020. With finances tight, it is likely the investigation of fraud will fall down the list of priorities as businesses fight to survive.
This may increase the propensity for wrongdoing as fraudsters spot that managers are focused elsewhere and there is little chance of discovery, investigation or prosecution.
So what can financial businesses do to protect themselves from the escalating risk of fraud?
- Prepare for the worst: draft a fraud response plan and communicate it.
- Make your employees aware of the increased threat (including cyber).
- Protect vulnerable home networks: implement multifactor authentication.
- Be diligent: have a robust transaction approval process.
- Encourage whistle-blowers to step forwards.
- Use of temporary and contract staff should be monitored carefully.
- Complete a few basic checks when returning to office working.
Once normal life resumes and people return to the office, a few speedy checks will help to identify any suspicious activity:
- Review physical security: has anyone entered the office who should not have?
- Review IT access records: have there been any repeated failed attempts to access emails or systems?
- Enforce password changes to reduce the risk of exposure and keep confidential data safe.
- Review bank statements and perform any reconciliations as soon as possible.
- Be alert to any changes on master files.
- Follow up any unexplained absences: there may be a cover-up and the fraudster is merely putting distance between themselves and the scene of the crime.
- Scrutinise all IT security settings before returning them to normal.
Experience also tells me there is a heightened threat in businesses that operate across different offices.
The further away a site is from head office, the greater the risk. This is generally due to ‘out of sight, out of mind’.
The further away, the less likely it is that senior management, internal auditors and others will visit. Hence, as the lockdown is lifted, management should focus on distant sites first and work closer to head office as time progresses.
Smaller businesses are also at higher risk. This may be counterintuitive.
Although they have less to lose, they also have less effective segregation of duties and internal controls, and smaller compliance and internal audit functions. This could leave an open door for the less ‘needy’ fraudster.
Nowadays there is, rightly, a lot of focus on cybercrime and how to prevent it.
However, in my experience it is financial frauds that are most likely to bring down a business, and they are much more common than most people appreciate.
The crime statistics will show us in a year or two if they have risen, as I expect they will, in 2020. By acting now, you can minimise your chances of being one ofthese victims.
Andrew Durant is head of the forensic & litigation consulting team at FTI Consulting
Fraud: taking action
Once a fraud is discovered, taking the right steps quickly will ensure there is a higher chance of recovery of missing assets and a lower chance that losses will continue. Therefore:
DO | DO NOT |
Keep an open mind | Immediately challenge suspects |
Discuss this with as few people as possible | Make emotional or hasty decisions |
Plan a course of action | Limit the scope of any investigation |
Preserve all evidence by securing document and electronic evidence | Deface, annotate or damage any evidence
|
Remove access to computers and servers
| Turn on computers, phones and personal devices potentially used by the fraudster (as this potentially invalidates any evidence on them) |
Safeguard any assets that might be at risk
| Ignore the possibility that losses may still be occurring |
Andrew Durant is head of the forensic & litigation consulting team at FTI Consulting
