No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Fraud

A New Generation of Fraud Actors Cut Their Teeth During COVID-19. Businesses Need to Act Now to Get a Step Ahead.

Preparing for the “Next Normal” in Fraud Activity

by James Ruotolo
August 17, 2021
in Fraud
Illustration of a masked fraud actor using his smartphone.

Fraud thrives in chaos. The past 18 months revealed new opportunities on massive scales for fraud actors to take advantage of unsuspecting people and businesses. Successful criminal operators will only continue to refine their skills. Don’t wait to boost your defenses until it’s too late.

Any time businesses change the way they operate, fraud actors see opportunities. And, as we all know, the last year-and-a-half was full of opportunities.

The COVID-19 pandemic created a major shift in consumer behavior as well as work arrangements for most people. Cyber-enabled fraud risks like ransomware, business email compromise and account takeovers were all on the rise before 2020, and legions of remote workers have only expanded the attack surface. The pandemic also delivered soft fraud targets in the form of government stimulus funding, which was rolled out urgently and without fully realized fraud controls. Unfortunately, we’re now seeing widespread reports of fraud within the Paycheck Protection Program (PPP), Economic Injury Disaster Loan (EIDL) and unemployment insurance programs.

The impact of these fraud attempts is felt by both the government agencies that provide pandemic stimulus funding and the commercial entities involved in processing those funds.

The Impact of Pandemic-Related Fraud

First, let’s unpack PPP fraud. While the Small Business Administration runs the PPP program, individual banks and lenders are responsible for processing the loan applications. This has put a strain on a variety of institutions to maintain their normal services for their existing customer base while scaling up to handle a massive increase in applications. If that wasn’t already a big enough challenge, the fraud rate in those applications also appears to be much higher than normal. The result is a spike in the number of fraud attempts and, unfortunately, many successful thefts of funds.

Fraud actors are also stealing the benefits received by legitimate applicants. In some cases, these actors use social engineering methods to trick unsuspecting beneficiaries into providing their credentials, allowing the bad actors to abscond with their precious benefit funds. But the impact of fraud doesn’t stop when the act is successful.

Financial institutions also need to deal with the after effects of fraudulent activity. Regardless of the scam, fraud actors often need to move funds and launder the proceeds of their crimes. In some cases, this involves using “mule” accounts to pass illicit proceeds through a web of transactions to obscure their true source. Account holders are sometimes complicit in the fraud, but in other cases, they may be unwitting accomplices duped into moving money for reasons that sound legitimate — like sending funds to a pandemic relief charity that they don’t realize is bogus.

An Identity Crisis

One particularly nefarious aspect of these rising fraud scams is the rise in identity crime. Identity theft — stealing the identity of someone else — is a common way criminals can apply for multiple benefits simultaneously, dramatically increasing their payday. Over 20 percent of identity theft victims who contacted the Identity Theft Resource Center in 2020 about a COVID-19-related identity issue indicated that someone stole their stimulus benefit. Nearly a quarter indicated that that someone had fraudulently filed for unemployment benefits in their name. Other scams may use synthetic identities — an identity created by combining legitimate credentials like a valid social security number with fake information like a name and address.

Synthetic identity crime can be especially challenging. Since the fraud actor created the identity, they have all the answers to any potential questions. This means they can circumvent fraud controls like knowledge-based authentication or multi-factor authentication codes. These scams often use the legitimate credentials of children who have valid social security numbers but whose names are not yet being used in the banking ecosystem, creating an entire population of unsuspecting victims who often only find out their information has been stolen when they first apply for credit as a young adult. By that point, fraud scams tied to their identity may have been occurring for more than a decade.

The evolving nature of these different types of fraud behaviors represents new threats and new variations on old ones. Banks, retailers, insurance companies, government agencies and organizations of all kinds need to deal with the traditional fraud attempts they have always seen while simultaneously reacting to the new wave of fraud brought on by the pandemic.

More Risks on the Horizon

Worse yet, data indicate more risks are coming down the pike. I believe a new generation of fraud actors whet their appetites on the gateway drug of stimulus program fraud and are now ready to focus their energy on new targets. My firm, Grant Thornton LLP, and the Association of Certified Fraud Examiners (ACFE) recently released a fraud risk benchmarking report that captured some striking data. Specifically, we found that a whopping 71 percent of companies expect fraud to increase over the coming year. The report also revealed several factors that may play an important role in the next wave of fraud. But most importantly, it helped us understand how companies can best prepare for that wave.

Prepare for the “Next Normal” of Fraud

Many companies are either headed back to the office or implementing a hybrid approach to work. But before they do, they would be wise to consider the activities detailed above. Just as importantly, business leaders need to know how to respond to this “next normal” of fraud activity.

Here are some recommendations.

Update Your Fraud Awareness Training

This includes identifying new fraud schemes and red flags — especially for those employees who are no longer working in the office. According to the ACFE, tips to an ethics hotline have historically been the most common way to identify occupational fraud. But as more workers have gone remote, those tips have declined. The likely reason: fewer people are in the office, so fewer people can see questionable behavior in person. In the next normal, we need to teach employees how to identify internal and external fraud threats and promptly report suspect activity, even when operating remotely. Dusting off last year’s anti-fraud training might check the compliance box, but it is woefully inadequate for most organizations in today’s new fraud risk landscape.

Enhance Your Fraud Risk Assessment

Many organizations update their fraud risk assessments on an annual basis, but fraud actors don’t follow a 12-month timetable. Major changes like a merger or acquisition, a new product launch, a new payment channel or entrance to a new market can significantly change your fraud risk. Plus, new procedures such as remote or hybrid work may impact the way existing controls are executed. Some organizations have had to circumvent their controls in order to work remotely or handle unprecedented workloads. In these instances, there may be an increase in residual fraud risk. Be sure to consider how processes are operating in the current environment — not just how they are documented in the policy manual.

Upgrade Your Anti-Fraud Technology

We often think of technology as a solution to a problem. While it can be a tremendous asset, it also requires ongoing monitoring and attention. In fact, our research shows that technological challenges are expected to increase over the course of the next year. In a survey of CFOs just published by Grant Thornton, 64 percent of the leaders surveyed said they will be spending more money on anti-fraud technology in the year ahead. I recommend updating your anti-fraud technology systems and making plans to revise those programs over the coming months as your organization eases into the next normal. Furthermore, you should practice good cyber hygiene by requiring strong passwords with multi-factor authentication, implementing a regular backup and recovery process and maintaining timely antivirus and patching protocols.

Trust the Fundamentals

There is no silver bullet to stop fraud, but there are helpful practices. I strongly recommend revisiting the five pillars provided in the Committee of Sponsoring Organizations (COSO) fraud risk management guidance: governance, risk assessment, controls, investigation and monitoring. When you act according to those pillars, you’ll have a strong anti-fraud program that will help you remain agile within this new fraud landscape.

Lastly, if your organization wants to fully understand the intricacies of fraud prevention, I recommend the Anti-Fraud Playbook published by the ACFE and Grant Thornton. The Playbook is a tangible guide with real-world suggestions for implementing each of the five pillars above.

Armed with this knowledge, your organization can upgrade your fraud risk management program and prepare for the next normal. And when you’re prepared, the risks ahead won’t seem so daunting. You — and your company — can thrive.


Tags: Risk AssessmentTraining
Previous Post

Shield Named ‘Best Complete Communications Compliance Platform 2021’ by Wealth & Finance International FinTech Awards

Next Post

VigiTrust Launches VigiOne Cybersecurity Compliance Platform for Managed Security Service Providers

James Ruotolo

James Ruotolo

James Ruotolo is a Certified Fraud Examiner and a Fraud & Financial Crimes senior manager at Grant Thornton LLP.

Related Posts

credit score gauge

Sales at All Costs? Unified Credit Risk Management Can Squash Bad Deals Before They Happen

by Matthew Debbage
March 15, 2023

The collapse of a business doesn’t usually happen all at once. There are warning signs. Late payments, legal filings and...

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

2023 EEOC and Employers: Investigating Harassment and Discrimination

2023 EEOC and Employers: Investigating Harassment and Discrimination

by Aarti Maharaj
March 14, 2023

With employment discrimination on the rise, EEOC encourages employers to provide anti-harassment training to their employees and managers and to...

Onboarding Best Practices for Millennial and All Employees

Onboarding Best Practices for Millennial and All Employees

by Aarti Maharaj
March 14, 2023

Reducing turnover and fast-tracking new employees to productivity is a key business imperative. The reality is that about 30 percent...

Next Post
illustration of cybersecurity concept

VigiTrust Launches VigiOne Cybersecurity Compliance Platform for Managed Security Service Providers

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT