Fights over toilet paper, security guards protecting supermarkets, rationing of basic goods and medicines due to panic buying – has the world gone crazy? In uncertain times, ’rational’ people can do irrational things driven by a fear of the unknown.
With the world stock markets losing more than 30% in just over a week, forced business closures and a predicted unemployment rate not seen since 1932, the only certainty is that we are in unchartered territory and the way we do business today is very different to past financial crises. However, we do know from previous economic downturns people do ‘bad things’ during times like this, including an increase in fraud and corruption. Studies have shown that where individuals perceive a decision through a ‘business lens’ they are more likely to approve a questionable payment or contract, as they are willing to do bad things to keep the business going.
Trusting family, friends and work colleagues is an innate value we uphold and anticipate in return. There are numerous times we have had to explain to staff why a close work colleague has committed a fraud. Often motivated by an ‘unknown pressure’ such as gambling, alcohol addiction, matrimonial problems, living beyond one’s means, ‘good’ (and bad) people have been driven to commit fraud but all the more likely in times of economic turbulence such as during the GFC of 2008. The consistent theme being ‘financial uncertainty’ and with individual debt levels at record highs, the pressure is on now.
According to white-collar crime expert, Professor Clinton Free from the University of Sydney, “research in criminology has consistently shown that perceived crisis can lead otherwise law-abiding citizens to do something that they consider to be wrong in order to deal with something that threatens them, their families or their companies”.
However, unlike previous downturns, the current crisis leaves businesses more exposed than ever with workforce losses and a layer of control evaporating, strict working from home measures being implemented and workplaces giving unprecedented remote access to systems, in some cases never tested before and in some instances relying on external IT service providers, which increases cyber risk (refer to our Cyber-attacks through outsourced IT providers for more information).
Professor Paul Andon (an occupational fraud specialist at the UNSW Business School) also warns that remote systems access increases temptation for employees in tough times. “Remote access will amplify a potential fraudster’s psychological distance from their offending. They’ll feel like they’re not being watched, and behavioural research has shown that fraud by electronic means is less emotionally daunting than physical misappropriation of cash or other assets”.
American Criminologist, Donald Cressey, developed a framework, “The fraud triangle” to explain the motivation behind an individual’s decision to commit fraud. The fraud triangle outlines three components that contribute to increasing the risk of fraud and bad behaviour (1) Pressure, (2) Opportunity and (3) Rationalisation.
Never before has there been a time where all three components of the fraud triangle have been so prominent across so many people. With remote working resulting in less physical controls coupled with increased financial concerns, opportunity and pressure have never been greater.
Business is undergoing enormous transformation right now, everyone is impacted and just working out how to keep the wheels turning, but we need to ensure ’we don’t forget our day job’ and these are some of the risks we do need to be alert to:
- Misappropriation of funds and assets;
- Banking controls being loosened as staff work remotely;
- Fraudulent representations to banks and creditors;
- Cyber-crime – increased email and online attacks;
- IP theft – redundancies, staff taking IP out the door;
- Property theft – laptops, IT equipment; and
- Market misconduct & Insider trading.
How to limit risks
- Quickly undertake a fraud control and prevention risk assessment to consider the change in business operations – a fraud event at this time could be catastrophic for a business;
- Consider the ‘remote’ controls can be put in place. What internal controls are largely driven by sitting next to someone in an office? Can exception reports be created to monitor activity that we are no longer privy to on a day to day basis?
- Regularly communicate risks with employees, colleagues, customers and suppliers as we are all in this together;
- Increase customer due diligence and bank account confirmation details; and
- Enhance IT monitoring of employee computer activity. Systems like FDetect provide insight into employee activity and early warnings of Cyber-crime and IP theft.
It is not a time for panic but for a controlled response and considered planning. Ensuring that your organisation is fraud resistant will protect the business and your staff.