Combatting the rise of opportunistic fraud amid pandemic

January 12, 2021 10:35
Photo: Reuters

The COVID-19 pandemic has forced organisations globally to adjust to a “new normal” requiring employees to work from home which has inevitably led to an increase in opportunities for fraudsters. It is crucial for organisations to formulate a structured approach in identifying and reducing fraud risks, as well as remediation upon the detection of fraudulent activities.

The most common type of fraud is technology-based fraud. In Hong Kong, the number of technology-based crimes more than doubled in the first half of 2020 to around 6,400, with monetary losses totalling around HK$1.52 billion .

A general increase in fraud has been observed across sectors and industries this year. A recent poll conducted by Simmons & Simmons reveals that a majority of participants observed either higher or around the same level of fraud cases and /or attempts to commit fraud in 2020, as compared to 2019.

Reasons for an increased risk of fraud

The key reasons for an increased risk of fraud arising out of the current situation and economic downturn include:

• Opportunities for fraudsters to impersonate. Practical challenges of verifying email senders and third-party identities in a remote or virtual setting may create more opportunities for fraud through impersonation, such as email fraud.

• Less oversight on employees. Higher rates of staff turnover and increased pressure to meet targets, may lead to fraudulent behaviour. Employees who have been made redundant may also be tempted to misappropriate assets before departing.

• Shift in focus and priority. Companies have largely prioritised maintaining business services, instead of providing adequate training and oversight to employees on the risks associated with remote working.

• Controls not robust enough. Enterprise-wide controls to prevent and detect fraud, network breaches, cyber controls, employee surveillance, and internal investigation mechanisms may not be operating at full capacity or be optimised for remote working.

• Cyber security vulnerabilities. The increased use of unsecured communication channels and networks, as well as that of unsecured third-party platforms (e.g., WeChat and WhatsApp) for business communications also gives rise to hacking risks. Computers are also more vulnerable to cyber-attacks when connected to external networks.

Common types of fraud cases

Email fraud

• One type of email fraud is where the fraudster pretends to be someone within the organisation. For instance, requesting the accounts department of a company to make urgent payments to a third-party bank account by impersonating a member of the company’s senior management.

• Another type is where the fraudster pretends to be someone with a business relationship with the organisation. The firm recently advised on the recovery process for a client who had fallen prey to a fraudster who was impersonating one of its suppliers.

Employee fraud

• The increased pressure for employees to meet financial targets may incentivise some employees to engage in fraudulent behaviour to boost their performance.

• With redundancies being made due to the economic downturn, disgruntled employees may be tempted to misappropriate assets or confidential information before they depart. Alternatively, remote working may lead employees to feel like they are subject to less scrutiny.

Social media scams

• The SFC has recently warned the public of an increase in fraudulent investment schemes on social media platforms such as WhatsApp and WeChat, such as the ‘ramp and dump’ scheme which operates under the premise of a stock trading group chat.

Fraudulent misrepresentations

• Organisations under financial difficulties are increasingly becoming unable to fulfil their contractual obligations. For instance, suppliers are failing to supply equipment even after entering a contract and obtaining money from the client.

There has also been an uptick in fraud committed by various oil and commodities traders, many of which were only discovered because of the significant fall in oil prices in early 2020.

Immediate steps organisations can take when fraud is discovered

There are five broad steps an organisation can take once fraudulent activity is detected:

1. Conduct a fact-finding exercise. This could involve collecting and preserving data, performing fieldwork, reviewing documents and conducting interviews of the relevant personnel. However, traditional data collection methods may be more difficult to conduct in a remote working environment.

2. Take prompt action. The organisation must take prompt action to recover any sum of money paid to the fraudster. Loss recovery measures involve freezing the bank account in the first instance, and obtaining a court injunction to freeze the account if the sum is significant.

3. Consider reporting obligations. The organisation may be required to comply with reporting obligations to the Police, Joint Financial Intelligence Unit and/ or the Securities and Futures Commission.

4. Check insurance coverage. The organisation should check its insurance coverage as it may have fidelity insurance to protect the business against losses it may suffer directly and against compensation payments it may have to make to third parties because of any employee’s dishonesty.

5. Further legal assessment. The organisation needs to assess follow-on legal risks arising from the fraud, and whether the fraud might result in the organisation’s inability to fulfil its contractual obligations to its customers.

According to the poll, 64% of the Participants already have in place a formal response plan to address an allegation or the discovery of potential fraud.

The importance of anti-fraud controls

Although most countries in Asia have started to see signs of economic recovery, the health risks posed by the COVID-19 pandemic and resulting need for social distancing means that the “new normal” will likely last well into 2021.

Against this backdrop, there is a continuing risk of fraud, especially in the cybercrime space. It is therefore paramount that organisations improve their anti-fraud controls and provide training on their policies.

The article is co-authored by Sara Troughton, Supervising Associate at Simmons & Simmons.

-- Contact us at [email protected]

 

 

Consultant at Simmons & Simmons