Fraud risk lessons from the pandemic

March 2022  |  SPECIAL REPORT: MANAGING RISK

Financier Worldwide Magazine

March 2022 Issue


Crises rarely announce themselves in advance, and the abrupt, unanticipated arrival of coronavirus (COVID-19) was no exception. Taking every government by surprise, its impact on health, jobs and the global economy has been seismic, affecting the lives of hundreds of millions worldwide.

Ever unscrupulous criminals have, not surprisingly, seized the opportunity presented to them by the chaos and uncertainty caused by the virus. Over the last two years, they have persistently sought to exploit new technologies and existing products and services to carry out illicit activity.

For counter fraud professionals, such ruthless criminal enterprise is nothing new. The spread of COVID-19 merely elevated the visibility of fraud for the general public and exposed to senior management in firms the often profound consequences of underestimating the fraud threat.

In early April 2020, just weeks after the pandemic began and governments began imposing lockdowns, Europol had already described the criminal response to COVID-19 as “very fast” and expected instances to rise further.

How firms responded individually to fraud carried out during the virus’ nascency has undoubtedly meant that some businesses have had to learn lessons the hard way. Now, as we appear to be on the cusp of a gradual return to business as usual, it is time to reflect on the nature of the challenges posed by COVID-19 and fraud.

That is, if we can indeed ever ‘go back’. The likelihood of increased working from home arrangements and remote working – and the certainty of ongoing criminal activity – means that the problems we face during this current crisis will persist beyond COVID-19.

There is, therefore, some reflecting to be done, and some key questions that need answering, if we are to be prepared for the new normal, or even a similar event happening again.

So, what did we witness as the pandemic began?

We saw criminals respond with characteristic ruthlessness and speed. In one case in the US, hundreds of log-in details were stolen via ‘CEO fraud’ (pretending to be the chief executive of a firm). Other instances involved fraudsters posing as government agencies through SMS messages with a phishing link. In response, none other than the US Secret Service was forced to contact US firms warning that email fraud has and will continue to grow.

The risk surrounding new products and services, always susceptible to fraud, was also heightened, and must be borne in mind as we go forward. Connected cards – a card given by one self-isolating to a trusted friend or relative – were set up by the UK’s Starling Bank, for example. The risk of fraud was mitigated by limiting purchases to in-store only, setting a £200 spend limit and the use of a PIN. These practical steps may not prevent fraud entirely, but significantly narrow the window of opportunity for criminals.

This was a wise preventative step. Knowledge of new products and services, including their potential flaws and loopholes, is a vital defensive tool in any anti-fraud department.

Criminals are without qualms when it comes to exploiting others for their own gain. For their illegal schemes to work, they must ensure that they are flexible and act quickly as situations unfold. Counter fraud professionals can, paradoxically, learn something from a criminal’s spontaneity. Though their methods change, their embrace of innovation tells us much about how criminals work; recognising this helps anticipate and nullify new threats.

Equally, unsuccessful criminal activity is often hugely informative in exposing the methods and techniques that criminals adopt. Learning how criminals behave, and how they think, is crucial for counter fraud professionals. Only by studying the behaviour of criminals can their ways of operating be understood and, ultimately, identified and prevented.

Embedding a zero-tolerance approach to fraud is perhaps a counter fraud professional’s number one priority within a firm. However, an anti-fraud culture is more than just signing up to certain well-meaning mantras – it must be a thorough, practical and easy to comprehend framework instilled across all levels of a firm.

To achieve this end, an anti-fraud culture should form a key part of the wider culture of the firm. Positioning fraud beneath this wider umbrella underlines the danger it poses to everyone within a firm. After a data breach last year, Capital One’s stock dropped 5 percent, and the bank explained it expected recovery costs to be more than $100m. Clearly, this fraud affected the whole business, and by disseminating such examples to staff, the threat of fraud becomes far more vivid. The damage fraud can do to a firm’s profit margins is an excellent way of passing on your message.

With many now working from home, less obvious cases may need a little more reinforcement. Take using a company laptop for personal use, or vice versa, which is fraught with risk. IT controls standard in an office environment need to be implemented domestically, including ensuring identity and verification during onboarding is performed as robustly as it would have been in the firm’s office. Awareness of the challenges around onboarding must be circulated while staff adjust to off-site work.

Employees should also be reminded that fraudsters will try to exploit any slackening of security bought on by a lowering of IT standards.

The pandemic has demonstrated how those most vulnerable among us can quickly find themselves dangerously exposed when society is convulsed by unexpected events. For senior management, the reputational risk of leaving vulnerable customers exposed is a potent one, and something about which a well-informed and savvy general public are increasingly intolerant.

If counter fraud professionals can highlight this risk – and tie it to concrete numbers that show that the amount that would have been lost had anti-fraud measures not been taken – then senior management are far more likely to recognise fraud as just as damaging a threat as money laundering and sanctions exposure (remember that real-life case studies are of inestimable value in demonstrating this danger). Making fraud part of the bigger risk agenda solidifies its importance.

A holistic approach is key here: fraud must be brought under the financial crime compliance canopy, instead of just credit risk. UK Finance revealed that investment in advanced security systems in the financial industry prevented almost £2bn in unauthorised fraud in 2019, yet some £1.2bn was fraudulently obtained by criminals. Detail such as this can help drive home the message to senior management, and secure support for counter fraud professionals.

Fundamental to overcoming the issues that confront counter fraud professionals is learning and education; without it, none of the questions above can begin to be addressed. This can be as simple as setting up email alerts or taking part in LinkedIn discussions with other professionals (from whom much insight can always be obtained) to the more thorough-going experience of virtual classrooms and hot topic events or absorbing the latest reports and publications.

Senior management need to be informed of the substantial threat fraud poses, and the surest way of engaging them is for counter fraud professionals to arm themselves with the facts on fraud, as well as the answers on how to mitigate the threat. Such learning must be continual. Criminals are unceasing and persistent in their efforts, and counter fraud professionals must be unceasing and persistent in turn, making us better equipped to navigate an ever-changing landscape.

 

Jake Plenderleith is editorial manager at the International Compliance Association. He can be contacted on +44 (0)121 355 0900 or by email: jake.plenderleith@int-comp.org.

© Financier Worldwide


©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.