Resilience in Fraud Risk Management
/If there’s one lesson anti-fraud professionals should take from the trials of 2020, Abed Bazzi, CFE, encourages people to grasp the importance of a robust fraud risk management plan. In his virtual 2021 ACFE Fraud Conference Middle East session, Bazzi, a partner in the Forensic Services practice at PricewaterhouseCoopers, emphasized how both fraud risk and actual fraud have increased within the past year, and he urged businesses to build resilience to be ready to respond during crisis moments.
Bazzi began by explaining how the Middle East experienced a “dual shock” in 2020 due to both the pandemic and lower oil prices. These combined occurrences affected the economic cycles, increasing financial pressures on citizens and companies and heightening fraud risk levels.
The unexpected changes to the controlled environment weakened many organizations’ fraud risk management systems. Bazzi said that preparation is key. “The aim of business leaders should be to contain and minimize the destruction from the dual shock and mitigate the risk while building capabilities,” he told attendees, “and adapting tactics for economic transformation and sustainable growth.” By recognizing the changes to the fraud landscape and creating a culture of resilience, organizations can more effectively address fraud risk in the future.
Identifying the emerging risks
Using the Fraud Triangle of pressure, opportunity and rationalization, Bazzi identified the types of fraud on the rise and explained the motives leading to their increase.
Some current pressures are:
Necessity to fast-track new suppliers without sufficient screening
Financial obligation to maintain revenue at a certain level in order to keep businesses afloat
Limited resource access, such as border closures, travel restrictions and supply chain disruptions
Urgency to cut costs, including eliminating jobs, unless employees meet quotas
Opportunities for fraud that are presenting themselves during the dual shock include:
Adjustments to controls to reduce their effectiveness
Lack of focus on controls while businesses address other pressing concerns, or sidelining controls in an ad hoc manner
Gaps in controls where companies were not fully prepared to switch to a new working environment
Moving to virtual and remote settings with employees located in various places
Overlooked red flags that would have been noticed in the business’s normal context
Unidentified red flags related to new risks for which proper controls or procedures don’t yet exist
Key types of fraud to expect
Bazzi explained that the types of fraud emerging during the dual crisis exist in these key areas: cybercrime, financial crime, supply chain challenges and internal fraud. Many scams in these areas capitalize on stress and distraction.
Cybercriminals, for example, have been able to identify gaps in company IT security now that many companies have switched to virtual settings. These gaps can lead to phishing attempts, business impersonation emails, virtual malware and malicious Wi-Fi hotspots.
In pressurized systems, some rules are suspended in order to make quicker decisions, leaving space for fraudsters to abuse government relief programs or create fraudulent investment opportunities and initiate money laundering ventures. Additionally, companies may mislead auditors, evade taxes and attempt bribery in order to present better results.
Unprecedented disruptions in transportation, manufacturing and other supply chain steps can lead to misappropriation of goods and supplies, a deceitful unfulfillment of contractual obligations and counterfeit or substandard products.
During a dual shock, certain profit markets can be lost, which can trigger managers to commit fraud in order to maintain banking opportunities. Employees may feel inclined to hit their sales targets by any means necessary, resulting in various fraudulent behaviors, such as creating fictitious vendors, misappropriation or vendor account takeover fraud.
Adapting to the heightened fraud risks
Bazzi offered suggestions for navigating the uncertainty of new fraud risks. He emphasized the importance of continuously revisiting the company’s fraud risk management framework and maintaining an openness to adaptation depending on the situation. “To prove long-term fraud resilience, organizations must have the confidence and readiness to move fast in response to a crisis in order to identify and mitigate against emerging fraud risks,” Bazzi said. Some of his key considerations for proper prevention, detection and response include:
Strong governance that oversees fraudulent activities and sets the tone for mitigation
Policies and procedures that are continuously updated and reinforced
Focus on keeping employees aware of the potential fraud risks and the protocols for reporting fraud
Training new employees to maintain a strong ethical culture and equipping them with analytical and data-driven tools
Creating a fraud risk assessment that is comprehensive enough to include all possible scenarios, and refreshing it when new situations arise
Defining a mitigation plan and modeling future scenarios
Assessing gaps and residual risks in internal controls
Being able to quickly respond to and investigate fraud incidents, especially in remote settings
“In a world where everything is suddenly different, unusual activity is happening without necessarily being noticed, and new resilience must emerge as organizations are dealing with unprecedented challenges,” Bazzi explained. He shared that recent reports show companies who have a dedicated fraud mitigation program in place spend 42% less on response and 17% less on remediation costs than companies without those frameworks.
Being prepared for potential fraud and having the ability to effectively detect risks are two of the most significant qualities organizations and individual employees can possess, Bazzi stressed, especially after a year as tumultuous as 2020. Bazzi left attendees with this advice: “The ability to adapt and manage fundamental shifts in business operations in a controlled environment is at the heart of fraud resilience.”