The two standout financial crimes of 2020 were cyber-attack and corruption. While each was common prior to COVID-19, the pandemic has raised the threat level of both across all sectors.
Cyber-attacks frequently reported during the year included: business email compromise, phishing, ransomware and insider threat.
Cyber-attack drivers in 2020 included:
- Pervasiveness of IT within business and the general population;
- Inexorable pursuit of internet-based interaction with external parties;
- Continuous modification of IT systems to meet changing operational needs;
- Adoption of cloud-based systems and shadow IT; and
- Increased sophistication of organised crime.
Organisations that embrace a systematic approach have a reduced risk of cyber-attack but the risks can never be eliminated. To further mitigate cyber risk, organisations should:
- Accept that cyber incidents are inevitable and implement measures to reduce the impact when they do occur;
- Benchmark their cyber-resilience against appropriate guidelines (ISO or NIST);
- Deliver tailored cyber-awareness training and test awareness through ‘mock-phishing’ campaigns; and
- Consider risk exposures associated with the organisation’s supply chain.
Corruption cases reported in 2020 included:
- Favouring one vendor over others for financial reasons (kick-backs) or non-financial reasons (favour for relatives or friends);
- Senior executives acting in their own self-interest;
- ‘Nepotism’ and ‘cronyism’ where the appointee is unqualified for the role; and
- Misuse of position for personal gain.
Government sector corruption has been particularly conspicuous during the year with several high-profile public examinations around the country. Drivers for corruption cases highlighted during 2020 included:
- Poor organisational culture;
- Lack of management oversight;
- Inadequate pre-employment screening; and
- Inadequate corruption and fraud prevention frameworks.
The psychology of some of the public sector corruption cases reported in 2020 is astounding. It appears from evidence given in public hearings that senior public servants engaged in serious misconduct at a time when reports of corruption were being exposed by public hearings that were well-covered by the mainstream media. In spite of the public exposure of previous corruption incidents, it appears that a significant number of senior public servants continued with their corrupt conduct when they must have known their chances of discovery and exposure by the relevant anti-corruption body was high.