The COVID-19 outbreak has wrought huge changes in short order, transforming business practices, and provoking a steep economic downturn – so adding greatly to the risks of fraud and other financial crime.
Sadly, this COVID-19 pandemic has not heralded any outbreak of honesty.
Extended working from home has eroded long established checks and balances and management has failed to adapt to the new threat environment.
Companies need to be proactive and to implement measures to mitigate fraud risk and to robustly respond to malfeasance as it occurs, with a key focus on swift response to such incidents.
The new risks
The pandemic led to a sudden, and lasting, shift towards remote working, which has meant that many staff now rely on insecure internet connections on shaky home systems. This dependence on inadequate infrastructure, and most especially on insecure video communication mediums, poses huge risks.
An increasing concern is “business email compromise”, whereby hackers gain access to communications, and monitor these over times for data related to payments. Intruders then try to arrange payment for a seemingly legitimate reason: a lack of proximity means staff working from home cannot readily check on the veracity of such urgent demands.
Companies currently have much diminished control over their employees’ handling of sensitive information, posing the threat of significant loss. Risks relating to staff decamping with commercial information are also enhanced at traditional times of departure, such as Chinese New Year, or if they fear redundancy.
Act in haste…repent at your leisure
In addition to cyber-risks, governments’ knee-jerk reactions in response to the pandemic seem sure to result in a new crop of frauds – perhaps linked to efforts to claim funds from, or underwritten by, nations, such as furlough allowances for non-existent staff, or fake requests for soft loans via banks.
In time, the scale of these losses will become clear – but the cost will be large. The United Kingdom government in September 2020 mooted that some £3.5 billion of “furlough” claims were paid in error, or were fraudulent, and California’s authorities estimated that some US$11 billion of unemployment claims were probably fake, as of January 2021.
The tide goes out
The broader economic malaise heralds different risks. Sudden withdrawal of credit always exposes questionable practices or incentivises company directors to cheat.
Accounting fraud seems sure to rise, as some desperate companies seek to inflate receivables, or to overstate asset values. In some cases, the use of complex structures or financial instruments may initially hide the real scale of losses – as with Luckin Coffee, a Chinese coffee business that overstated earnings on a massive scale.
As if this were not enough, a further problem is the rising tide of economic nationalism, complicating enforcement measures.
Despite many warning signs the German regulatory authorities deliberately played down allegations against Wirecard, a significant internet payment system, in 2020 causing huge losses. Other governments may yet seek to protect national champions, particularly if in strategic sectors, or if targeted by foreign opponents.
Companies must act now. In particular, Management should bolster internal compliance mechanisms, so as to identify such fraudulent activity early, and thereby limit losses. Dependence on audit – external or internal – will not protect companies from fraud.
Key steps include: strengthening the integrity of data systems; implementing tighter control over staff approvals; and bolstering protections for confidential information.
Staff must also be trained, so as to ensure they understand the need to act cautiously, in releasing payments or critical data.
Companies must adhere to robust due diligence standards, even if under pressure to contain costs. Boards should require detailed transaction due diligence by independent investments organisations or partnerships and ensure that oversight measures are in the hands of the general counsel, or of another relatively “neutral” party, rather than a local deal team. “Virtual Due Diligence”, done by Zoom, will only result in real failures.
Appropriate Responses to Fraud
Pre-emptive measures will only go so far, though. Companies must also act decisively on the discovery of red flags. Key triggers might include the unusual involvement of third parties, a dubious transaction structure, or excessively high fee levels, amongst other issues.
Companies should make sure to undertake a thorough investigation into any suggestions of fraud, and to report findings in full. Attempts to “sweep matters under the carpet” will only lead to bigger problems in time. SVA is often called in to assess quickly the damage caused, and methodology used, in any suspicious activity.
Finally, companies should always retain professional investigators like SVA to help recoup stolen funds.
Such asset recovery initiatives are frequently complex, and there is a need to identify assets hidden in offshore jurisdictions – often structured through hidden corporate or trust structures.