In order to prevent, deter and mitigate Corporate Fraud, organizations have to (a) assess their corporate fraud risk, (b) set-up and strengthen their corporate fraud risk management systems and (c) investigate allegations and indication of corporate risk.
There is no universal definition of fraud in law and definitions and scope what constitutes fraud vary from one jurisdiction to another. There are three main categories of fraud that affect organizations:
- Asset misappropriation, which involves the theft or misuse of an organisation’s assets.
- Fraudulent statements usually in the form of falsification of financial statements in order to obtain improper benefit.
- Corruption such as the use of bribes or acceptance of kickbacks, improper use of confidential information, conflicts of interest and collusive tendering.
Fraud perpetrators usually cannot be distinguished from other people on the basis of demographic or psychological characteristics. People that commit fraud are usually good people who consider themselves to be honest – they just get caught up in a bad situation as a result of pressure, opportunity and rationalization.
People commit fraud because of a combination of perceived pressure, rationalization and opportunity. The majority of frauds starts small as the result of an immediate financial need. Once individuals gain confidence in their fraudulent scheme, the fraud continues to get larger and larger until it is discovered. The fraud triangle provides a lens from which to examine any fraud. The fraud triangle is comprised of perceived pressure, perceived opportunity and rationalization. Fraud will only occur if all three elements of the triangle are present.
- Pressure is one of the three elements of the fraud triangle. Pressure is especially important because it is typically an immediate financial pressure that leads people to engage in fraud, e.g. money problems, gambling debts, alcohol or drug addiction, overwhelming medical bills.
- A perceived opportunity to commit fraud, conceal it, and avoid being punished is the second element of the fraud triangle. Opportunity is an essential part of every fraud because if fraud perpetrators don’t have the opportunity to commit fraud then fraud becomes impossible to commit. While eliminating all fraud opportunities may be impossible, reducing or minimizing the opportunity for fraud to occur can pay big dividends for organizations.
- Rationalization is one of the three elements of the fraud triangle. Rationalization is important because it is the mechanism that allows otherwise ethical individuals to justify unethical behavior. People rationalize to eliminate the inconsistency between what they do and what they know they should do.
Areas of Focus
eCommerce Fraud involves the use of stolen or counterfeit payment cards to make direct purchases or cash withdrawals. It also includes the use of stolen card data to buy items over the phone or via the internet. Fraud perpetrators will target retailers that sell goods and services online using stolen credit card details. Online business appeals to those fraud perpetrators, because there is no physical contact with the business or the legitimate cardholder. Businesses should be fully aware of the risks otherwise they are more likely to be targeted.
Fraud perpetrators hijack or set up an apparently legitimate business with the intention of defrauding both with its suppliers and customers. Those fraud perpetrators are happy to deal in any goods or services that have a market value, preferably those that are not traceable and easily disposable, for example electrical goods, toys, wines and spirits, confectionery etc.
Businesses now operate in a connected world. They sell across multiple channels and geographies. But as the number of channels and markets businesses operate in continue to rise, so does the risk of fraud. Fraud perpetrators are becoming more sophisticated. Fraud is increasingly difficult to detect. As a result standard fraud verification tools can prove to be insufficient.
Invoice Redirection fraud (or Mandate Fraud) occurs when your company receives a request to change a direct debit, standing order or bank transfer mandate, from someone purporting to be from another organisation to which regular payments are made, for example a business supplier. It generally takes place when a criminal impersonates your company and deceives the customer into making payment of the company’s genuine invoices to a fraudulent third party account instead.
Employees may be trusted with certain procurement responsibilities which can provide opportunities to commit fraud-related offenders. It’s difficult to identify the risks. A common sense approach is always essential.
Business Email Compromise (BEC) Fraud (or CEO Fraud) is similar to Invoice Redirection Fraud however in this case junior employees in the finance department of a company receive an email from a fraud perpetrator purporting to be the Chief Executive Officer stating that an important deal or some other urgent matter is pending and that a substantial payment needs to be processed immediately.
Email fraud (“Phishing”) involves fraud perpetrators making contact by email and can take a number of forms. The email may appear to be from a reputable company however when one clicks on the email or attachment or link within the email, malicious software (malware) is downloaded onto the PC or other device allowing the fraud perpetrator to track online activity and identify personal or financial information for fraudulent purposes. Both individuals and companies can be victims of this type of crime.
Telephone fraud involves criminals contacting you by phone (vishing) or by text (Smishing) pretending to be your bank, credit card issuer, utility company or often a computer company. During the conversation they will try and trick you into giving personal, banking or security information. Fraud perpetrators may also convince you to make a money transfer to them or inform you that you have won a prize and need to send money to release it. Their intention is to use this information to commit fraud against you or other parties in your name.
Fraud perpetrators may cold call you claiming there are problems with your computer and they can help you to solve them. Those fraud perpetrators often use the names of well-known companies such as Microsoft, Apple or IBM. They could even use the name of your broadband provider to sound more legitimate.
A substantial increase in your telephone bill is an indication your company could be the victim of Private Automatic Branch Exchange (PABX) fraud. Detailed billing will assist in identifying any potential unauthorised calls, usually International calls but they can also be National telephone calls. Another indicator is where customers trying to dial, in or employees trying to dial out, find that the lines are always busy.