stamps spelling fraud on an invoice

And Striking the Right Balance to Fight It

The reality is that the vast majority of corporations have a fraud problem to some degree. It’s a growing problem – one indicator pointing to a rise in overall economic crime globally. Michael Volkov outlines various methods to detect and prevent fraud and gives us a peek into the mind of a corporate fraudster.

For the love of money is the root of all evil…” – 1 Timothy 6:10, King James Version, The Bible

Corporate bribery requires money. How is that for something obvious?

Companies face a variety of threats; one enduring threat is the risk of fraud or theft. Unfortunately, employee fraud is all too common.

PWC’s 2018 Global Economic Crime and Fraud Survey reported that “only 49 percent of global organizations said they’d been a victim of fraud and economic crime. However, we know this number should be much higher. So what about the other 51 percent?” PWC suggests that the other 51 percent of corporate organizations are blissfully ignorant and ignoring their obvious fraud problem.

In the new environment of aggressive enforcement, governance surveillance and stakeholder focus on corporate organizations, corporations can no longer view fraud as a simple cost of doing business. The risks and problems are increasing, and the consequences of ineffective fraud controls are significant.

There is no question that fraud awareness is increasing. Companies are recognizing that fraud is growing concern. The PWC survey result of 49 percent is the highest level of awareness over the last 18 years.

Companies are experiencing increased fraud as part of an overall increase in economic crime around the globe. Reported economic crime has increased over the last few years and is continuing to increase. As a result, companies face ever-increasing risks of fraud. In response, companies are increasing their spending on fraud prevention and detection strategies. The cornerstone of this effort is technology and data analytics. Companies are exploring the use of whistleblower programs to encourage reporting and detection.

Like many other risks, companies have to adopt proactive measures, beginning with a risk assessment. Many companies are beginning to conduct fraud or economic crime risk assessments on a regular basis. Such an assessment could easily be included in an anti-corruption, anti-money laundering and trade controls risk assessment.

Companies are not going to be surprised by the results of their risk assessments. Asset misappropriation, consumer fraud and cybercrime are likely to round out the top three risks.

The PWC survey confirmed what we already know: The incidence of economic crime committed by internal actors has increased to 52 percent. Interestingly, the proportion of economic crimes committed by senior management increased from 16 percent in 2016 to 24 percent in 2018.

Fraud, however, is not a problem limited to internal actors; it extends to a company’s third parties. Add that to the list of risks requiring due diligence and third-party risk management. According to PWC, 68 percent of external actors committing fraud are agents, vendors, shared services providers and customers.

The cost of fraud to an organization is much more than the theft itself. Secondary costs include investigations and other interventions. In response, companies are definitely increasing their spending on fraud prevention and detection. Forty-two percent of responding companies have increased their spending on economic crime and fraud.

Companies have access to a number of technologies to defend themselves against fraud; these are aimed at monitoring, analyzing and predicting human conduct, including machine learning, predictive analytics and other artificial intelligence techniques. Technology is expensive and difficult to implement across an organization.

Fraud Detection: New Technologies and Analytics

The battle against fraud is evolving, and technology is providing new and important tools to detect and prevent fraud. Companies are using a variety of techniques, including continuous monitoring, email monitoring, anomaly detection, pattern recognition and artificial intelligence.

Data mining and statistical analysis can also be helpful in detecting fraud. By using sophisticated data mining tools, companies can search millions of transactions to spot patterns and detect fraudulent transactions. These tools include decision trees, machine learning, cluster analysis and association rules and can generate models to predict fraud.

Before discussing sophisticated techniques for fraud detection, let’s start with basic anti-fraud controls; these include segregation of duties for authorization, custody of assets and recording or reporting transactions. In some cases, companies should ensure that their basic controls are in place and re-engineer business procedures to minimize such risks.

Major fraud usually involves senior management, especially those with the authority to override controls. Employee fraud schemes often involve theft by exploiting control weaknesses, such as stealing cash before it has been recorded, fictitious expense reimbursement claims and/or stealing assets from the organization (e.g., computers, iPads, phones). On average, fraud schemes last 18 months before being detected.

Fraud awareness training and communications are important aspects of a fraud prevention program. Every employee should be made aware of the risks of fraud and corporate policies prohibiting such activities. Employees who may be considering engaging in theft can be deterred from such conduct when they learn about robust fraud detection and enforcement policies. Other employees who are committed to honest conduct can be essential allies in reporting suspected fraud to their supervisors. Employees, customers, vendors and related persons can become important sources of tips and information leading to exposure of fraud schemes.

Data analysis is a straightforward strategy for detecting fraud. The objective is to analyze the entire set of data (e.g., transactional data, master vendor data and application control settings) to identify indicators of fraud. Data analysis techniques can vary from statistical analysis for transactions outside the norm to analytic tests for identifying specific circumstances indicative of fraud. Statistical analysis identifies transactions for closer examination. Another type of statistical test is to look for the presence of certain matches (e.g., employees and suppliers identities, addresses and bank accounts).

Fraudsters are adept at taking advantage of weaknesses or gaps in a company’s internal controls. A perfect example of such a weakness is when business systems do not share or cross-check information. Specific tests for matches of database fields can be an effective way to uncover potential anomalies. Some types of analytic procedures are fairly simple – looking for duplicate payments of an invoice. Data analytic tests, however, have to be carefully designed to avoid an excessive number of exceptions that may overwhelm fraud detectives.

Data analysis software is available for audit, fraud detection and control testing. These tools usually include pre-established analytic tests, such as classification stratification, duplicate testing, aging and match-and-compare. In implementing a software solution, a company has to ensure that the software logs all procedures performed and audit trails to support fraud investigations.

Data analysis can address control gaps that often exist in ERP systems. While most ERP systems have certain fraud prevention and detection capabilities, these internal tests are insufficient. In many cases, an ERP system turns off controls when running certain operations to function more efficiently. As a result, it is important to conduct independent data analysis to examine transaction details across a broad range of data. In doing so, an independent examination can include combination and comparison of data from different systems within the company.

After establishing a roster of effective data tests, companies should employ such testing on a continuous or regular basis, depending on the nature of the transactions (continuous for daily payments and periodic for regularly scheduled payments). Continuous monitoring detection should generate a dashboard and reports. Most companies maintain fraud detection in business processes (e.g., purchase to pay, payroll, travel and entertainment) or areas that are high risk.

The Mindset of Employee Fraudsters

Technology and computer analytics are important tools in the fight against fraud, but they are not a magic and exclusive bullet. Fraud is committed by humans and investing in the human element, while difficult to measure, is an important part of every fraud prevention strategy.

The fraud triangle is an essential framework for understanding fraudster behavior. The fraud triangle is no panacea, but it is a powerful tool. It begins with an incentive, an expectation to perform in an organization, followed by an opportunity and an internal rationalization. All three of these drivers must be present for an act of fraud, and each can be addressed.

Companies have to reduce the opportunities for fraud. Building effective internal accounting controls is a critical aspect to reducing fraud opportunities. Technology is important here in designing, revising and maintaining effective internal controls. Companies are not devoting significant resources to counteract incentives and rationalizations. Incentives and pressure continue to push employees toward committing fraud.

Internal fraud usually involves gaps in a company’s internal controls and culture. An effective set of internal controls can be effective but should not be relied on as the only strategy for preventing fraud. Controls can be evaded and circumvented, and human actors have the authority in certain situations to override or rely on exceptions to controls.

Financial incentives can create opportunities for fraud. However, financial incentives are important for motivating positive sales and related conduct. Human nature searches for and relies on incentives.

At the root of fraud, however, is human rationalization. This is exemplified by a focus on the self – meaning a rationalization for why an individual is justified in engaging in misconduct, usually because of some perceived slight or mistreatment. A narcissistic employee who is passed over for a specific promotion can feel justified in stealing from the company because of such mistreatment.

The human mind can be difficult to manage when it comes to the mix of emotional and so-called rational thinking patterns. Employee fraudsters are good at rationalizing their misconduct. They perceive their misconduct as victimless – no one is hurt, it is just money. Employees rely on such rationalizations for committing human resources fraud, asset misappropriation, procurement fraud and accounting fraud.

Employee fraud that is directed at advancing a corporate objective – meeting a sales target for a company/revenue goal – can be easier to rationalize because of the importance of satisfying a corporate objective (while earning a personal benefit such as a bonus).

In balancing these concerns, a corporate culture of ethical conduct is an essential aspect of any anti-fraud program. An effective culture will reduce opportunities and instances for employee rationalization while promoting employee reporting of potential misconduct.

Companies have to find the right balance between technology and human behavior. Fraud is a difficult and intractable problem. Proactive strategies are essential to combat and minimize a company’s exposure to fraud risks.

This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.

Michael Volkov

Michael Volkov

Michael-Volkov-leclairryanMichael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.  He can be reached at [email protected].  His practice focuses on white collar defense, corporate compliance, internal investigations, and regulatory enforcement matters. He is a former federal prosecutor with almost 30 years of experience in a variety of government positions and private practice.

Michael maintains a well-known blog: Corruption Crime & Compliance which is frequently cited by anti-corruption professionals and professionals in the compliance industry.Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues.

Michael has assisted clients with design and implementation of compliance programs to reduce risk and respond to global and US enforcement programs.

Michael has built a strong reputation for his practical and comprehensive compliance strategies.Michael served for more than 17 years as a federal prosecutor in the U.S. Attorney’s Office in the District of Columbia; for 5 years as the Chief Crime and Terrorism Counsel for the Senate Judiciary Committee, and Chief Crime, Terrorism and Homeland Security Counsel for the Senate and House Judiciary Committees; and as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice.

Michael also has extensive trial experience and has been lead attorney in more than 75 jury trials, including some lasting more than six months. His clients have included corporations, officers, directors and professionals in, internal investigations and criminal and civil trials. He has handled a number of high-profile criminal cases involving a wide‐range of issues, including the FCPA and compliance matters, environmental crimes, and antitrust cartel investigations in countries all around the world.

Representative Engagements

  • Successfully represented three officers of a multinational company in two separate criminal antitrust investigations involving a criminal antitrust investigation in the District of Columbia and the Southern District of New York.
  • Defended pharmaceutical company before the Food and Drug Administration and Senate Finance Committee relating to application for approval of generic drug.
  • Conducted internal investigation which exonerated company against allegations of false statements in submissions to the FDA and against improper conduct alleged by Senate Finance Committee.
  • Represented company before the US State Department on alleged violations of ITAR which lead to voluntary disclosure and imposition of no civil or criminal penalties.
  • Advised several multinational companies on compliance with anti‐corruption laws, and design and implementation of anti‐corruption and anti‐money laundering compliance programs.
  • Advised hospitals, pharmaceutical companies and medical device companies on compliance issues relating to Stark law and Anti‐Kickback law and regulations.
  • Conducted due diligence investigations for large multinational companies for anti‐corruption compliance of: potential third party agents, joint venture partners and acquisition targets in Europe, Africa, Asia and Latin America.
  • Represented individual in white collar fraud case in Alexandria, Virginia and secured dismissal of criminal charges and expungement of criminal record.
  • Represented company before Congress and Executive Branch in effort to modify Justice Department regulations concerning use of federal funds.
  • Advised and assisted World Bank in review of global corruption policies, enforcement programs and corruption investigations and prosecutions.

Related Post

Got Compliance News?

We do!  Sign up for CCI’s free weekly eBlast to get GRC news, views, jobs & events delivered to your inbox once a week.  Cancel anytime.

Click to Subscribe.