The best way to combat fraud is to stay educated about the nature of threats. This International Fraud Week, we’ve been sharing our insights on how Covid-19 has created the perfect environment for fraud, how cyber security plays a role, and why it’s critical to keep employees educated and empowered to speak up.
Connect with us
- Find office locations kpmg.findOfficeLocations
- kpmg.emailUs
- Social media @ KPMG kpmg.socialMedia
Covid-19 and the Fraud Triangle
Pressure, opportunity and rationalisation. The Covid-19 pandemic has created a ‘perfect storm’ for the fraud triangle to thrive in. Lockdowns across the nation has significantly impacted some businesses and individuals by creating or contributing to financial constraints and pressures, which in turn may be a motivation for committing fraud. Opportunities to commit fraud may have arisen as a result of the changing nature of our work practices and suffering personal misfortune caused by the pandemic facilitates the rationalisation for committing fraud. Ensuring that employees, management, and the executives are aware of fraud risks in this challenging environment and understand what red flags to look for is an essential component of any fraud control program.
Video from Association of Certified Fraud Examiners
Fraud Risk Appetite Statement
All too often we see organisations that either have no or a poorly defined Fraud Risk Appetite Statement. Development of such a statement requires consideration of qualitative and quantitative metrics, supported by clear key performance indicators. Having a well-defined Fraud Risk Appetite Statement means that your organisation’s risk mitigations, whether they be tone-from-the-top, workplace culture or more formal controls, can work effectively to control the risk of fraud, while still allowing your business to operate efficiently and achieve its strategic and commercial objectives.
So it’s worth asking yourself: does your organisation have a well-considered Fraud Risk Appetite Statement that sets your tolerance for the risk of a fraud event occurring, as well as for any fraud that is uncovered?
https://www.fraudweek.com/-/media/Files/Fraudweek/PDFs/2021/ResponseToFraud
Fraud and technology
Technology has enabled the establishment of a wide variety of global communities which are no longer location or jurisdiction specific. These communities may promote noble objectives such as eradicating human trafficking, create platforms to advocate for political or social change, or can simply be a ‘meeting place’ for like-minded individuals that share similar interests. However, some of these communities have more nefarious objectives.
Criminal syndicates can be defined as individuals or organisations working together to promote their common interests and are no longer constrained by physical locations and borders. Digital developments mean that these groups do not have to be in close physical proximity to their targets, be it individuals or corporates. In addition, fraud is very rarely committed in a silo, but usually as part of a wider suite of economic crimes such as identify theft, digital or ‘in-person’ fraudulent misrepresentations, theft of property/funds and money laundering. Organisations must integrate their risk management response to cyber security, fraud and other financial crimes.
In more mature organisations, the operational environments between financial crime (typically regulatory driven), fraud (business driven and concerned with monetary loss and customer security) and cyber are converging. Shared data, analytics, insights and technology are being deployed in tandem to work on threats together. To understand how your organisation can achieve this, get in touch with our team or explore the report from KPMG Australia.
The courage to speak up
The financial and reputational damage from frauds that go undetected for long periods of time can be immense. Local and overseas experience tells us that an efficient whistle-blower reporting mechanism is one of the most cost-effective fraud detection tools. Our recent Fraud Barometer 2021 found that all the large fraud cases reported were discovered as a result of a whistle-blower, showcasing the business case for such a tool. Creating an environment where staff are encouraged to raise concerns in a safe and controlled manner protects both the organisation and the employee. New Zealand’s Protected Disclosures Act is currently being updated to ensure ease of access to reporting channels whilst enhancing the protection offered by the current act. Contact us for support in developing, enhancing and/or implementing effective and compliant whistle-blower policies, accompanied by a confidential and anonymous reporting line, FairCall. https://youtu.be/96WoQLpyckU
The keys to the kingdom
Since the start of the pandemic, cyber criminals worldwide have capitalised on the disruption caused. They have further industrialised the scale at which they can launch attacks. At the top of the list, offering quick returns, is ransomware.
Covid-19, lockdowns and a massive shift to remote working have seen a meteoric rise in ransomware incidents. According to the 2020 Harvey Nash / KPMG CIO Survey, 41% of organisations reported increased incidents while employees are working from home. With remote access to work from home, employees often hold the ‘keys to the kingdom’. Continual awareness and training on the various types of social engineering threats that employees may face is critical to help strengthen an organisation’s fraud risk management framework (including cyber risk).