The rising threat of fraud: Key questions to ask
The views expressed in this article are of the author and do not necessarily represent the views of KPMG International or KPMG India
Corruption tends to operate at a higher level in an organization, the office of the chief executive or owners in case of Indian organizations
Corporate fraud is a persistent challenge for leaders, executives and board members. Managing the risk of fraud has grown more complex as new techniques and tactics of fraud perpetration are developing at a rapid pace, with no let-up in the more traditional forms of wrongdoing. Interconnected supply chains, disruptive technologies and an environment where paperless transactions take place add to the increased vulnerability to fraud.
While working through our recent publication, Global Profiles of the Fraudster 2016, published by KPMG International, which surveyed over 750 fraudsters world-wide, we came across some pertinent questions regarding traits, behavioral patterns, and modes of such fraudsters.
As the global scourge of fraud continues to harm reputations and cost millions, these themes may be worth considering within your environment as well. Understanding this fluidity can enable organizations to protect themselves better against fraud and help improve their ability to identify fraudsters, many of whom execute their crimes over long periods.
The potential fraudster
Tech savvy, high performers, well-respected – a lot of the fraudsters may be hiding in plain sight. Many of them also work within entities for a couple of years without committing any fraud before an influencing factor such as personal gain, greed, desire to look superior, or simply an opportunity to commit fraud tips the balance. A typical perpetrator tends to be male between the ages of 36 and 45, working with the victim organization for more than six years, holding an executive position in operations, finance or general management. However, the growing number of perpetrators in the one to four year career bracket highlights a distinct trend – fraudsters in our country are younger andinitiate acts of fraud much earlier in their careers, compared with their global counterparts.
Fraud, as with any crime, requires a motive and the overwhelming reason for committing fraud is predominantly found to be greed. Misappropriation of assets is one of the most common form of frauds, of which embezzlement and procurement fraud are frequently employed.
Who are more dangerous? – Lone wolves or fraudsters who hunt in packs?
Fraudsters operating in groups are more than twice as common as those perpetrating the crime solo. Globally, and in India, 62 percent of the fraudsters colluded with others and this number is on the rise. To add, larger the group, bigger the damage – the frauds that are committed in groups end up being far more damaging than those committed by lone wolves. Women tend to collude lesser than men, although this difference is narrowing over time.To add, fraudsters who collude tend to be more senior employees who have worked longer at the victimorganization than the solo fraudsters.This shows how vulnerable organizations can be to collusion.
Fraud and corruption usually go hand-in-hand and regulators around the world are increasingly focusing on anti-bribery and corruption controls. Additionally, corruption tends to operate at a higher level in an organization, the office of the chief executive or owners in case of Indian organizations.
The threat within vs. outside
Organizations need to be aware of the possibility that a lone fraudster on the inside may be working with a sizeable group of people on the outside. However, the financial harm caused by purely internal fraudsters is greater than either the mixed or the purely external groups. To add further, there is much greater incidence of financial reporting fraud in case of a purely internal group, apart from there being a marked difference in the manner in which it is detected. In case of a purely internal group, almost half of the fraudsters were detected through whistle-blowers and tip-offs, compared to the one-third for mixed groups. There are many permutations organizations must guard against and design anti-fraud mechanisms that look both ways, inside and outside.
To add to the complexity, organizations get exposed to the risk of internal fraud very early in the hiring process. Resumé fraud is a significant threat and a rising trend observed in India. Nearly 13 percent of resumes screened by KPMG’s Verifications practice during the period 2013 to 2015 indicated discrepancies. This trend is observed to be common amongst both genders, with females fast catching up to their male counterparts. Primary areas of fudging include education certifications, addresses and past experience.
Hiring the right candidate
“Am I hiring the right candidate?” is a question that has crossed all our minds while finalizing a candidate. There is more to hiring the right candidate today than just filling up a position with the first applicant who meets the job requirements. The need for stricter background checks and pre-employment verifications is now being felt more than ever.
Factors facilitating fraud
Weak controls are a large and growing problem, and contribute to 61 percent of the fraudsters. Infact, the number of fraudsters who committed these acts because an opportunity presented itself due to weak internal controls or a lack thereof, is growing. Simply put, fraud is less likely to occur in organizations where there are robust internal controls and monitoring.Other drivers of fraud include the ability to override controls in the system and collusion to circumvent controls. Several fraudsters are also simply able to disregards controls, despite facing the risk of getting caught.
Is technology enabling fraud?
As we see younger, tech-savvy employees rise through the ranks, the incidence of technology-related fraud is also increasing. In India, over a third of the fraudsters rely on technology, consistent with the trend of perpetrators being younger in our country. Gaining unauthorized electronic access to confidential information, posting an accounting journal entry to camouflage misappropriation and providing misleading information via email are some commonplace examples of technology enabled frauds.
About a fourth of the technology-enabled frauds committed are detected accidently. In some ways, accidental detection is a sobering reminder that controls are ineffective.
Organizations, corporate or otherwise, are struggling to keep pace with the growing technological sophistication of hackers. To add to this, cyber frauds continue to emerge as a threat. Many organizations are aware of the threat but do not think they will be targeted. KPMG in India’s Cyber Crime Survey 2015 reaffirms this lack of preparedness, as 74 percent of corporates in India indicated not having adequate cyber risk assessment frameworks in place. Cyber threat from insiders and outsiders is a growing challenge faced by all organizations.
However, technology is a double-edged sword. Technological advances provide defenses against fraud, as well as a means of finding areas of vulnerability for the fraudster to penetrate. Given the size of organizations and their geographical diversity, data analytics can act as an important tool to combat fraud. Organizations today should adopt anti-fraud analytic approach and leverage technology to combat fraud. The use of threat-monitoring systems is increasing and can highlight anomalous or suspicious behavior by monitoring personal behavior, analyzing computer usage, public records and social media.
How can organizations hope to keep up?
As technologies and businesses evolve, so do fraudsters and their methodologies.The types of fraud they perpetrate are continually changing amid a business environment in constant flux. However, few organizations are using technology to combat fraud. They are often eager to reap the potential benefits of data analytics and its ability to sift through huge amounts of information they accumulate but end up buying off-the-shelf solutions that do not integrate well and are eventually scrapped. It is far better to look for a more extensive approach that can cover most of an organization’s important surveillance and detection needs.
Apart from fighting back with technology, one of the best mechanisms to defend against emerging fraud risks is a regular fraud risk assessment,conducted as a part of an enterprise-widerisk assessment process. Such formal assessments should be conducted annually and updated more frequently.
Given the speed of change in cyber-security, it is vital to compare experiences with organizations facing similar threats, usually in the same industry. Cyber security assessments may, if the organization so chooses, be done separately, but they should be integrated into the overall fraud risk assessment. As organizations extend their reach across the globe, they become increasingly reliant upon these third parties who act as distributors, sales agents, and local country representatives. Conducting risk-rated due diligence at the time of entering into a business relationship is encouraged as a best practice. Most importantly, organizations should aim at developing a strong culture in which employees are aware of the risks of fraud and understand how to respond. Employees must be encouraged and trained to use the organization’s reporting mechanisms, such as a hotline.
Many of the aspects addressed above highlight not only the scale of the management challenge for organizations, but also the need to combat them. These steps by themselves may not be capable of putting a stop to fraudsters,but an analysis of the constantly changing nature of fraud and the fraudster can help organizations stiffen their defenses against these criminal activities.Besides the need to stay sharp, businesses need to ensure that adequate levels of due diligence and third party intelligence are factored in, which can help organizations assess risks regularly.
Forewarned is forearmed.