Due diligence is essential to stem the rise in fraud claims
The market is braced for a surge in claims as state agencies, despite the challenges of COVID-19, step up measures to enforce corporate fraud and corruption laws.
Incidents of fraud and corruption are on the rise. That will come of little surprise to those who have traded through previous recessions and times of economic hardship, when cash strained businesses are often unable to maintain focus on their routine compliance and due diligence. But the coronavirus pandemic, as well as being the cause of the economic downturn, is also creating a perfect breeding ground for fraud and corruption, whether related to the huge sums of government money being spent on procurement, or other factors like job insecurity and the sudden wholesale shift to home working for many office-based workers. With nearly half of the businesses surveyed in a 2020 PWC report on global economic crime and fraud reporting that they had been a victim of fraud over the previous 24 months, the upwards trend is likely to envelop more businesses in the coming months as the economy worsens.
Early in the pandemic, companies were called on to respond fast to demand for personal protective equipment (PPE), for example, and hospital equipment like ventilators. Procurement pressures across Europe, according to the British Medical Journal, led to health authorities entering into contracts with companies that often failed to deliver or provided sub-standard products. In April, Europol reported the arrest of a man in Singapore who had taken the identity of a legitimate company and advertised the availability of FFP2 surgical masks and hand sanitisers. A French pharmaceutical company fell victim to the fraud, losing €6.64 million ($7.8 million) for items never delivered.
With nearly half of the businesses surveyed in a 2020 PWC report on global economic crime and fraud reporting that they had been a victim of fraud over the previous 24 months, the upwards trend is likely to envelop more businesses in the coming months as the economy worsens.
In Brazil, similar reports have emerged of procurement failures involving the government. A report by Reuters contains allegations that top officials “sought to pocket up to Real400 million ($72.2 million) via corruption schemes that steered inflated state contracts to allies during the pandemic.” The contracts included a deal for 1,000 ventilators “most of which never arrived”.
It's not just high-profile public expenditure that’s been a target for fraud. Hiscox has already seen an uptick from last year in claims made by clients that have taken out its Security Incident Response* cover which responds to fraud and corruption allegations. Problems are being seen in the Middle East and Asia with businesses reporting frauds involving a staff member paying fake invoices, or paying an inflated invoice in collusion with the recipient. This issue can be exacerbated when close family ties are involved. According to PWC, 20% of reported fraud incidents were a result of collusion between internal and external individuals.
The widespread shift for many office-based businesses and workers to remote working makes this type of fraud easier to execute. Based in a physical office location with fellow workers working in proximity creates a natural barrier to wrongdoing. Take that barrier away and workers might feel more inclined to take advantage of the physical remoteness from other employees.
Remote working also presents more vulnerabilities to cyber hackers and their ability to exploit organisations through social engineering techniques to defraud companies.
Often the problem will become known thanks to a company whistleblower at the firm making an allegation which will oblige the organisation to initiate an investigation. Investigators will then take a forensic look at the staff member’s background and profile, and any personal ties they have to suppliers, as well as taking a similarly forensic look at the company’s invoicing.
In addition, remote working also presents more vulnerabilities to cyber hackers and their ability to exploit organisations through social engineering techniques to defraud companies.
Lax due diligence
One problem for businesses is that the normal due diligence procedures they would usually rely on to filter out much of the fraud are often bypassed or not strictly adhered to in times of crisis, or in the face of extreme business pressures such as high customer demand. Say you are a business moving to remote working for the first time and urgently need 100 laptops. If it means keeping the metaphorical lights on, few will care how those laptops were acquired, what the procurement process was and even if a few laptops went missing in the process - circumstances which can provide the perfect opportunity for fraud.
Over the next six to 12 months, fraud and corruption is likely to increase as unemployment rises, and personal finances become stretched for many, which means that managing the risk should be a high priority for businesses, not just because of the potential financial losses they might experience but also because of what fraud and corruption can do to a company’s reputation.
One place to start is by considering how an organisation’s own compliance rules and regulations have been adapted to reflect the new environment. Where a compliance policy might have been designed to reflect a largely office-based workforce, for example, is it still appropriate for a remote workforce?
There is also a new logistical challenge for multi-national companies who may not have compliance and audit teams in each location. Travel restrictions may hinder the movement of teams, which means a firm must rely on contracting out investigations and audits to a dependable third party on the ground; however, locating the necessary expertise may not be straightforward.
Despite the challenging environment, there is no sign governments will ease off on the policing of anti-fraud measures.
Despite the challenging environment, there is no sign governments will ease off on the policing of anti-fraud measures. In the US, for example, the Department of Justice and the Securities and Exchange Commission recently updated their joint guidance on the Foreign Corrupt Practices Act. Businesses should recognise therefore that they are vulnerable and must take steps to mitigate the risk within their organisation. Not only can they work to stop a problem happening, but if they do experience an incident of fraud, regulators will look far more favourably on organisations that self report any violation and demonstrate they have taken robust action to make sure the problem cannot happen again.
*Security Incident Response is a Hiscox provided insurance and response policy that provides crisis management, strategic advice and recovery services.
This article was first published by the Insurance Day on 11th November 2020: