There is a not so obvious link between the COVID-19 pandemic and occupational fraud and, by extension, the corporate investigation services. The coronavirus pandemic has changed many aspects of our daily lives and we all have had to adapt to what is so often called the “new reality.” From personal life, family life and hobbies to work, business and business issues, all facets of our lives have been affected, one way or another.
Some businesses have suffered, others have adapted or even prospered – especially entertainment streaming companies (games, movies, music), delivery or courier companies and video conferencing platforms. There is, however, a category of “entrepreneurs” who have intensified their activity, but who, most of the time, are ignored in the media and in the public consciousness. This omission often has disastrous consequences. We are talking about fraudsters, who found an unexpected ally in all this confusion generated by the pandemic. Corporate investigators warn that the pandemic has created new opportunities for these illegal operations.
We will not talk here about frauds against individuals, although they did evolve significantly. Even the ACFE president (Association of Certified Fraud Investigators) stated that he was the target of several convincing fraud attempts during this period. But we will address the frauds that pursue companies, investors and businesses in any field of activity and we will also focus on prevention measures, respectively the activity of professional business investigations, which can dismantle this phenomenon.
The above-mentioned association (ACFE) published a global study which reveals that 79% of specialists in corporate investigations and dismantling occupational fraud have noticed an increase in the illicit phenomenon since the beginning of the pandemic. Moreover, 90% of business investigation experts believe that the next 12 months will bring an even greater increase in business fraud. Last but not least, the study shows that the pandemic significantly affected the ability of professionals to combat the fraudulent phenomenon; 77% of investigators concluded that the pandemic had seriously aggravated fraud prevention efforts; 71% consider it more difficult to detect the illicit phenomenon and 77% noticed that the process of corporate investigations was made more difficult, meant to expose and destabilize the structures involved in fraud.
The restrictions and limitations imposed by the global health crisis brought new challenges to business intelligence, to which private investigations agencies have been forced to adapt quickly, in order to help their clients in fraud scenarios. First, reduced mobility and the need to limit traveling affected investigators’ ability to promptly respond to partners’ calls and reduced their field. Also, the reduced interpersonal interaction and social distancing rules prevented private investigations agencies from conducting in-person interviews or discussions, accessing certain documents or evidence, which delayed and, in many cases, even prevented the necessary investigative actions for the benefit of the company. Last but not least, telework (or homework) has been a serious challenge for business investigations, human relations and collaboration with various internal departments underlying the examination work.
The pandemic has globally imposed a new type of work – remote work, telework – which has put many businesses’ IT systems in front of unprecedented vulnerabilities. Until now, the IT security departments could build internal firewalls and IT ecosystems in order to control, to a large extent, the flow of information to and from the company’s servers. This unprecedented situation in the recent history has created the need to move the workforce out of the business environment, so that the flow of information and access to confidential company data has become more difficult to supervise. It has also become more complicated to detect possible information gaps and follow important leads. Remote work presented serious challenges to both IT security departments and corporate investigation agencies.
These challenges are not to be overlooked, given that a company loses an average of between 1 and 2 billion dollars annually, due to occupational fraud. It is estimated that fraudulent activities steal about 5% of an organization’s revenue annually. In 2020, the level of global losses due to fraud was, according to studies of business investigation associations, around $ 3.6 billion, an average of almost $ 29 million per country. Taking into account the average period of 14 months – how long did it take, on average, to detect a fraud – there is an severe need for business intelligence worldwide.
According to an annual study on occupational fraud and abuse of office, in 2020, Romania ranked 4th in the region (out of 23 Eastern European and Central Asian countries) in the number of cases of fraud, after Serbia, Russia and Turkey. Also, in our area, business investigation studies indicate corruption and forgery as the most common models of illicit actions.
An interesting feature in Eastern Europe is the ratio between the fraudster’s degree of authority within the company and the caused damage. Thus, in Western Europe, employees without a management position commit the majority of frauds (47%), followed by managers (35%), with the last place being the top management, such as executive branch (18%). On the other hand, in Eastern Europe, the ratio is somehow balanced, with employees committing 35% of total fraudsters, managers, 38%, and top management, 27%. Another difference between “the two Europes” is the fraudulent amounts. If, in Western Europe, the amounts do not differ much between the employee ($ 100,000 on average) and the manager ($ 150,000), in Eastern Europe, there is a noticeable difference; the damage caused by the employees is $ 49,000, that of the managers amounting to $ 150,000. Interestingly, these values bring us closer to the United States and Canada than to Western Europe. A useful hypothesis for the corporate investigation activity in Romania could be that, in Eastern Europe, the middle management branch has access to more sensitive components of a business than in the West.
Despite these grim conclusions and worrying predictions for 2021, there are some actions companies can take to protect themselves from occupational fraud next year.
Here are 6 of them.
- Understanding the danger of fraud
The main action that businesses should take is to familiarize themselves with the existing fraud risks. These can be both internal (fraud committed by their own employees) and external threats (fraud committed by elements or persons outside the company). The better the decision makers in the company understand the risks and possible fraud scenarios, the better they will be able to analyze the vulnerabilities that the organization faces. In fact, a high degree of risk awareness among top management is an asset in collaborating with a corporate investigations agency.
- Creating an environment as controllable as possible
As we said before, business investigators have concluded that one of the causes for the intensification of the fraudulent phenomenon, during a pandemic, is remote work. Telework decreases the company’s degree of control over the activity of employees and reduces their degree of responsibility. In this context, internal fraud is facilitated, but the risk of external fraud also increases. An organizational health measure is the creation of an IT ecosystem, meant to control, as rigorously as possible, the flow of data from and to the company’s systems. This method has the effect of both discouraging internal fraud (if correctly communicated to employees) and better monitoring the activity. In addition, it provides documentation of the flow of confidential files within the business. Thus, in case of a fraud, it will be easier for investigators to discover clues that could help uncover the perpetrators.
- Checking the level of access of employees
One piece of advice that business intelligence professionals offer companies is to limit the employees’ access to company resources. In other words, to allow employees working from home to access exclusively the resources they need to carry out their work. It can often happen that an employee has, at some point, needed certain access to a platform, and it has never been revoked. It is recommended that the IT security department (or IT department that deals with the security and integrity of IT systems) check the level of access of each employee and investigate whether it corresponds to the level of access in reality.
- Monitoring the company’s activity
The business activity needs to be monitored so that irregularities and actions that do not fit into the usual behavioral patterns are detected early and investigated. A corporate investigation is much easier to undertake if signs of fraud are detected in time.
- Educating employees about the risks of fraud
Employees need to learn basic rules to protect against corporate fraud, so that they become a resource in the fight against fraud, not a vulnerability. An untrained employee is a breach in the company’s security system. Regardless of the degree of protection, this old saying applies: “No chain is stronger than its weakest link.”
- Collaboration with a corporate investigation agency
Last but not least, a partnership with an agency specializing in business investigations is recommended. Business intelligence specialists can provide knowledgeable advice on protecting the business from fraud, having experience both in detecting and combating fraud, and in preventing it.