Previous economic downturns coincided with increases in financial crime and fraud, and it seems history is repeating itself now as the COVID-19 pandemic wreaks havoc with economies worldwide.
The warning signs are out there. In July, UK Finance, a banking and finance industry trade group based in London, released a study of the top ten COVID-19-related scams that included COVID-19 financial support scams, health equipment frauds, and fake government emails. The US Treasury's Financial Crimes Enforcement Network has issued multiple warnings about coronavirus-related crime and frauds in recent months.
Now is the time to start ensuring your organisation has safeguards in place, said Tim Langton, a UK-based senior risk and compliance executive for Ethics Works Ltd. and a board member at the Institute of Business Ethics.
"Financial crime is one of those risks you cannot take your eye off," Langton said. "Previous experience has shown us that financial crime is increased not just during a recession but also in the aftermath."
Here are some key actions organisations can take right now to mitigate the impacts of financial crime.
Understand different fraud schemes
There is no one type of financial crime, and organisations need to be cognisant of the many risks posed to businesses.
Internet fraud is one major risk, and the past few months saw a rise in phishing and spoofing attacks.
Organisations also need to be aware of employee fraud, with many people around the world facing increased financial pressures, said Sudheera Senaratne, ACMA, CGMA, regional counter fraud adviser for South Asia at the British Council in Sri Lanka.
"For some it is about survival," Senaratne said. "The threshold of what a normal person considers unethical conduct might be lowered during this time."
Whilst some forms of fraud such as inflating expenses may be well understood, other forms can be more subtle. This includes overly enthusiastic forecasts with employees presenting inaccurate reports of the company's financial health — particularly relevant in downturns when businesses may be merging or changing structures. While inaccurate reporting may be done with the best of intentions, finance leaders have a duty to ensure stakeholders receive accurate information.
Other key areas to be aware of are money laundering and terrorist financing, Senaratne said. "We can definitely envisage an increase in attempts by criminals to use organisations of all kinds throughout the world as vehicles for illicit activity," he said.
Understand your risk profile
Not all organisations face equal financial crime threats, nor do they require the same mitigation plans. CFOs and finance leaders in larger organisations need to understand the specific risks to their business while smaller businesses may turn to external accountants for advice.
Langton suggests beginning a risk assessment by working through these questions:
- What size is our organisation?
- What fraud prevention resources do we have available to deploy?
- Do we have an understanding of our fraud risk and financial crime risk up to now?
- How is the pandemic changing our risk profile?
Another key aspect for finance managers to consider is the regulatory environment. Much like the financial crash of the late 2000s, the pandemic is causing a major shift in the risk landscape and also in regulation. "What that means for a CFO is you have to turn up your horizon scanning capability," Langton said.
Finance leaders must also consider whether existing controls to prevent financial crimes work in today's environment. Changing working patterns, such as increased remote working, may create opportunities for criminals to exploit weak spots. "Procedures and controls that were in place pre-COVID might not be relevant or applicable going forward because the ways of working and managing organisations have changed," Senaratne said.
Get the basics in place
When it comes to minimising risk, key measures to have in place include a board-approved anti-fraud policy with buy-ins from senior management and a fraud champion at the board level, Senaratne said.
It is vital to ensure that employees and external parties have clear ways to confidentially report concerns.
Additional measures to mitigate risk may include re-examining authorisations for expenditures and requiring finance professionals to oversee forecasting and sign off on financial reports. The commitment management accountants have to integrity and objectivity under the CIMA Code of Ethics and the AICPA Code of Professional Conduct makes them well placed to be involved in evaluating these processes.
Financial crime has become increasingly sophisticated as technology has advanced, and organisations must ensure they are not being left behind.
"If you don't have AI and machine learning in your processes, you are becoming more exposed by the minute," Langton said. He advised CFOs to spend time with their chief information officers and security specialists to understand the organisation's capabilities and potential weaknesses.
Smaller organisations may rely on individuals to spot changes in behaviours and patterns that may indicate something is amiss.
"People with experience will become experts in recognising changes in data and transaction patterns," Senaratne said. "Letting go of a person with this expertise is a huge nonfinancial cost and increases the fraud risk to the organisation which leaders must mitigate."
Preventing fraud saves money
Many organisations will be looking closely at budgets right now, but reducing compliance spending may open the organisation up to huge risk. Companies lose on average 7.15% of their annual expenditure to fraud, according to a 2019 UK study by Crowe and the University of Portsmouth. Fraud prevention is money well spent, Senaratne said.
"Only a small fraction of fraud happening is detected or reported. If you dedicate more resources to detecting and preventing fraud, this can save a lot going forwards," he said.
- "International COVID-19 Fraud Reporting Resources", FM magazine, 30 April 2020
FVS Section and ABV credential
For AICPA members, membership in the Forensic and Valuation Services (FVS) Section provides access to specialised resources in the forensic and valuation services discipline areas. Visit the FVS Center at aicpa.org/FVS. Individuals with a specialisation in business valuation forensics may be interested in applying for the Accredited in Business Valuation (ABV) credential. Information is available at aicpa.org/ABV.
Bryony Clear Hill is the associate manager—Ethics Awareness for CIMA and is based in the UK. To comment on this article or to suggest an idea for another article, contact Drew Adamek, an FM magazine senior editor, at Andrew.Adamek@aicpa-cima.com.