How do we manage the return to the workplace? How do we prepare for the new reality post-COVID-19? These are just some of the questions that organisations have been asking us as they emerge from the pandemic.
But one question that they should be asking is: How can I prevent and detect fraud?
KPMG’s recent Fraud Barometer showed that the crisis has put enormous pressure on law enforcement and the justice system in the UK, where limited court capacity has led to significant backlogs of fraud cases, which means that significantly higher volumes of fraud are expected in the future. The current environment threatens a higher fraud risk, including abuse of government incentives such as the Job Retention Scheme.
COVID-19 has created a perfect storm in which fraud can thrive. It triggers all three elements of the classic fraud triangle that forensic professionals often use to explain fraud: motivation, opportunity and rationalisation. In this new reality organisations need to focus on fraud and find ways to better manage emerging risks.
There’s plenty of motivation
The economic impact of the pandemic has provided plenty of motivation for fraud. Many people are facing an uncertain financial future – they may be on furlough, have received a pay cut or risk losing their jobs. While most people would never commit fraud, the current environment certainly increases the risk that a small minority will.
The extent of internally perpetrated fraud we’re likely to see could range from employees submitting fraudulent expense claims to altering invoices, or even setting up false suppliers and making payments to themselves. But the motivation for fraud isn’t always individual gain.
Many companies are under extreme financial pressure due to the lockdown. For instance, retailers with reduced footfall still have sales targets to hit. Employees might feel compelled to falsify records or manipulate balance sheets to show an improved profit position. In this case, the fraud could be about maintaining the status quo rather than making a direct financial gain.
There is increased motivation for suppliers to commit fraud too. We have seen lots of media attention on companies cancelling orders and putting their supply chain under huge financial and operational pressure. This could open the path for varied forms of fraud in the supply chain (especially with Brexit back on the immediate horizon). For example, it could be as simple as overbilling, or it could be that suppliers “bend the rules” to make the business run more efficiently. In the most extreme cases, they could pay a bribe to maintain competitive advantage.
This view is supported by the recent ‘Association of Certified Fraud Examiners Fraud in the Wake of COVID-19 19: Benchmarking Report’ where 93 percent of respondents expect a slight or significant increase in their organisations overall level of fraud.
There’s more opportunity
COVID-19 has also created greater opportunity for fraud. Before the lockdown, some people worked from home. Now, in some companies, everyone is – and that could continue for some time. In fact, working from home for significant chunks of the working week is likely to become the norm. That’s very different from what companies would have envisaged.
As companies have previously adapted their working practices at pace, they haven’t always had the time to set up new controls – or ensure their existing controls are still operating effectively. Where headcount has been reduced, there may also have been a reduction in the segregation of duties for key roles – in particular, in finance, accounts payable and payroll. This may create an opportunity to commit fraud by granting individuals greater access than they may previously have had. Importantly, you may not have realised that this is the case until it is too late.
Think of something as simple as signing a paper authorisation slip. One of our clients recently flagged how they felt less comfortable with electronic signatures. Without adequate controls, electronic signatures could be used fraudulently by employees, or be stolen by cybercriminals. This can easily become a point of failure and companies need to create a robust system to cut down on such risks.
There is also a greater risk of falling prey to fraud. In the office, an employee can easily ask a colleague to take a look at a suspicious looking email. But with a new working schedule and the ongoing stress of the situation, people may not give the same level of attention and scepticism to things they would normally spot.
There’s an environment where fraud can be rationalised
The third component of the fraud triangle is rationalisation. If people can rationalise what they’re doing, they’re more likely to commit fraud. Economic uncertainty and the impact of this has created a situation where individuals may find it easier to rationalise fraud.
The signs are all around us. In the last few weeks, we have seen many companies announce job losses. If people feel uncertain about their future and their loyalty to the company is tested, it becomes easier for them to rationalise committing fraud. Some companies have also announced pay cuts, indicated that prospects of promotion are slim and suggested bonuses are also likely to be off the table – and that can all add to that ability to rationalise.
What can you do?
We recommend that companies consider the following three key aspects:
Communicate and raise awareness
Employees are the first line of defence when it comes to spotting and preventing fraud. Organisations can help reduce fraud by refreshing training on how to be aware of the risks at hand. This should include educating employees about the fraud they are likely to experience in their roles, ‘red flags’ to look out for, and information about cyber risks and best practice while working from home.
Previous research tells us that almost half of all fraud cases are first flagged by whistleblowers. Organisations should review and confirm their whistleblowing policies and ensure their hotline, or other services, are easily accessible. Employees need to know who they can contact, if they can remain anonymous and what protection they will receive if they do blow the whistle.
Review your fraud risk assessment
Fraud risk assessments need to be reconsidered though the lens of the COVID-19 environment. There are a handful of key questions decision-makers need to ask themselves — How have risks changed? Where does money go out now? How has segregation changed? Where is the biggest lack of oversight?
In our experience this is best done involving a range of employees across all levels and divisions in the entity to obtain a comprehensive view of where the risks could be.
Look for exceptions
Be diligent with the basics such as the review of high-value transactions and changes to supplier and employee bank account details to uncover irregular historic transactions or red flags.