COVID-19: Keeping an eye on evolving fraud risk
The uncertainty and disruption caused by COVID-19 also creates opportunity for crime and fraud. Our latest Global Economic Crime and Fraud Survey published in early March 2020 found that economic crime and fraud incidents suffered by Singapore based companies were at the highest level ever. The current crisis has the potential to further exacerbate fraud incidents as businesses try their best to manage the disruption and stay afloat.
There are various reasons for it.
New opportunities for fraudsters arise
Priority focus is not on controls
- The avalanche of business emergencies captures employees’ and management’s attention. Thrown into a completely new working environment, they may not perform controls as rigorously as usual and may miss fraud risk “red flags”.
- Existing controls may be deliberately circumvented in an ad-hoc manner in order to address urgent needs of the business in a timely manner, thereby exposing the business to known risks that have been mitigated in the normal course of business.
Unavoidable adjustments to existing controls reduce their effectiveness
- As health safety measures (work-from-home, travel restrictions, remote interaction with customers and suppliers) are urgently implemented, organisations have no choice but to adapt their business and control processes to the new environment. In practice, some controls may need to be modified, relaxed or abandoned and some unexpected gaps may appear, without even being immediately noticed.
- Some business continuity plans may include solutions relying on the transfer of key business processes to a different geographical location. However, the actual scenario where virtually all locations are impacted by business disruption at the same time may create additional challenges. For these cases, urgent alternative business continuity solutions need to be identified and implemented, including controls.
Automatic surveillance systems are “drowned” by a tsunami of false positives
- Automated transactional surveillance systems, widely used in some industries, may suddenly lose their effectiveness. These controls are typically focused on patterns that denote unusual activities associated with fraud or other anomalies. But in the new environment where everything is suddenly different, the surveillance systems may quickly become overloaded by a wave of false positives.
People factors: pressures and rationalisation
- Pressure is an important element in pushing employees to commit a fraud. The impact of the COVID-19 crisis exacerbates pressures on some employees. Some of it may come from an organisation itself: a drop in financial performance, difficulty in meeting KPIs, adverse changes in remuneration, or the risk of losing jobs. When combined with external factors, such as a sudden financial need of an employee caused by losses on investments or precarious situation of relatives, pressures may become untenable. What would normally be considered a redline may be crossed.
- Moreover, if during this crisis the employees perceive organisations do not provide support, do not treat employees fairly or do not recognise their efforts, such perceptions can become the subjective “rationalisation” factor allowing to justify fraud, even potential collusion with external actors.
Fraudsters know well that COVID-19 related disruption brings new opportunities and new targets: business processes are more exposed and people are more vulnerable.
What type of frauds can surge?
Cybercrime: capitalising on stress and disruption
As employees connect remotely, new infiltration opportunities arise. Sophisticated social engineering techniques leverage on increased stress levels. IT teams and IT infrastructure systems come under pressure.
Use of unsecure
WIFI hotspots
Business impersonation techniques
Phishing attempts
Evolving financial crime
While fraudsters uncover and take advantages of loopholes in government relief packages, criminals alter their modus operandi in light of the Covid-19 outbreak to increase their illicit gains.
Abuse of government relief programs
Money Laundering
Fraudulent investment opportunities
Supply chain challenges
Organisations face unprecedented supply chain disruptions, i.e. transportation restrictions, manufacturing interruptions and defaults on contracts. Companies are compelled to find alternatives and perform fewer controls due to the urgency.
Misappropriation of goods/ supplies/ payments
Counterfeit/substandard products
Inadequate due diligence on new vendors
Deceitful unfulfillment of contractual obligations
Internal fraud rides on relaxation of controls
Standard processes and controls in sensitive areas such as approvals, pre-transactional reviews and processing and release of payments are relaxed, with post-transactional reviews being less effective.
Asset misappropriation
Payroll fraud/
reimbursement fraud
Accounting fraud
What an organisation can do quickly to reduce fraud risks?
In such environment, organisations need to have a clear understanding of:
- What are the key risks as of now;
- What can be done quickly and efficiently to reduce the known risks;
- What can be done in the current environment if a fraud incident occurs.
Practical action points
Practical actions that can be embedded in day-to-day control framework:
Raise the awareness on new risks (with prompt and focused communications and trainings) across employees, clients and suppliers.
Adapt your due diligence to the heightening third party risks (screening and monitoring).
Remind your incident reporting protocols to all relevant stakeholders (employees, clients and suppliers).
Keep as many audit trails as possible and plan for post-transactional reviews, focused on risk of fraud.
Formulate a structured approach to identify, reduce, and remediate fraud risks as part of your COVID-19 response so you can protect your business, people, customers and other stakeholders.
