Francois Malan, vice-president of AMRAE, reviews the changing nature of fraud risk
Nowadays barely a week goes by without news of fraud affecting business or our daily lives.
We could be forgiven for dismissing this as a trend driven by a wave of digitalisation and “cyber risk”, but we would be wrong to do so.
It is however true to say that fraud used to be more concealed, as few businesses who were victims of fraud by dishonest employees or outside fraudsters were shouting it from the rooftops. We have become better at communicating and sharing information on this topic.
In addition, fraud which affects companies directly or which has had an impact on other economic stakeholders has led to a greater realisation of the issues. Hence the increase in vulnerability audits and the strengthening of preventive and internal control measures.
In the latest barometer published by AMRAE in 2015 (next edition due in 2017), the risk of fraud rose to third position in relation to other risks.
We have therefore seen a considerable increase in this risk. According to the Euler Hermes-DFCG 2016 survey, at least 93% of companies have fallen victim to a fraud attempt in the past year, compared with 77% in 2015. 20% even experienced more than ten fraud attempts!
The study also lists fraud types in order of prevalence:
1 Fake president fraud (55%)
2 Bogus suppliers (47%)
3 Other identity fraud e.g. bank, lawyers etc. (35%)
4 Cyber fraud (32%)
5 Bogus clients (28%)
Therefore, in addition to the embezzlement of assets which, according to a 2016 PwC survey is the most common type of fraud, there has also been an increase in “smart” crime and cybercrime, which are often linked.
“Smart” crime is often perpetrated by international criminal organisations who use social engineering to obtain information on the company and its employees, so that they can act at the right level and at the right time (e.g. organisation charts and diaries). Fraudsters will often target a company’s finance or accounts departments.
Most instances of fraud are committed by a person outside the company (55%) compared with 30% for internal fraud, while there is a greater uncertainty over the origin of some types of fraud.
In the majority of cases, internal fraud is performed by a qualified male executive with over 10 years of service.
Making a list of “new” fraud types is tricky as fraudsters are constantly changing the way that they operate, but they include fake ministry fraud and bank detail scams.
Fake ministry fraud has now replaced fake president fraud, which has become too well known. For example, a (very plausible) Ministry of Defence or its Chief of Staff might contact a Finance Director and ask them to help France to release a hostage by quickly transferring a cash sum, as the French authorities are unable to do so.
Also prevalent in modern times are bank detail scams. The fraudster contacts the company posing as a supplier and asks it to pay its future invoices to a new bank account (usually abroad and closed shortly after the transaction).
This type of fraud is also used for property rentals. The swindler poses as the lessor or their representative (management agent or manager) by sending letters or rent requests on forged headed paper, together with new bank details.
To prevent this fraud risk in all of its many forms, it is crucial to identify anything out of the ordinary (93% of attempts are foiled by human reactions), as well as implementing internal control procedures which can prevent 76% of attempts.
So, what should you do if you think you have been a victim of fraud? We advise acting quickly and contacting the police without alerting the fraudsters.
Large companies often task internal auditors with identifying fraud and calculating the amounts lost before filing a complaint. These companies sometimes take out insurance policies to cover the risk.