The sudden shift to remote offices means that many employees are now working in a less-secure environment, with a dramatic increase in electronic communications. Remote workers who are unhappy or unfamiliar with approved telework solutions may install their own software or make greater use of personal devices for business purposes, increasing security risks.
Employees are often coping with new challenges, such as increased workloads, spouse unemployment, childcare demands and illness. Workers who have lost compensation and benefits may feel justified in defrauding employers. Regular procedures have been disrupted, and working remotely makes it easier to create fake signatures, falsify invoices or other accounting records, and request fraudulent payments. The interruption of controls and face-to-face interactions make detection more difficult. In addition, as companies focus on business continuity and adjusting to new ways of working, this diverted attention can lead to weaknesses in their control framework and usual procedures.
Remote workers have also proved more vulnerable to cyber attacks, such as phishing attempts that trick recipients into downloading malware or innocently yet unwittingly providing sensitive company information. These attacks, often using sophisticated social engineering techniques, rose dramatically during the pandemic. Workers receive emails or texts from cybercriminals that appear to be from trusted organizations or even their own colleagues. Scammers also solicit fake donations for those impacted by COVID-19.
Another major source of risk is supply chain disruptions, which have led many organizations to begin new third-party relationships without typical due diligence. Just one-third of respondents to the EY 2020 Global Integrity Report said they were “very confident" that their third parties demonstrate integrity in the work they do. Corruption and bribery stemming from external relationships increase the risks of litigation, regulatory fines and reputational damage. Unvetted vendors can also compromise supply chains and pose risks to customers. The European Anti-Fraud Office has identified hundreds of companies acting as intermediaries, or traders of counterfeit or substandard products linked to the pandemic.2
The struggle for business survival leads to increased avenues for fraud
Businesses that have suffered significant losses due to the pandemic are at particular risk for both traditional and new types of fraud and financial crimes. Common avenues include:
Fraud related to government funding
The urgency of supporting struggling companies has led to widespread theft of taxpayer money. When governments quickly distribute vast sums of corporate aid with limited controls, fraud is bound to occur. For example, dozens of people have been charged with trying to steal a total of US$175 million from the US Small Business Administration coronavirus loan program.3
Tax fraud
Many governments have offered tax relief measures to both large companies and small entrepreneurs. But, as with loan programs, controls have been lacking in order to provide quick relief to businesses.
Insider trading
COVID-19’s dramatic impact on share prices led to an apparent surge in insider trading. The US Securities and Exchange Commission saw a 71% increase in tips and complaints from March to September 2020 over that period in 2019, resulting in more than 150 COVID-19 related investigations.4
Bankruptcy fraud
Leaders of companies suffering from declining revenues may resort to asset misappropriation and diversion of funds or goods to keep their organizations afloat.
Insurance fraud
Claims may be inflated or fabricated to profit from the crisis.
Leading practices to mitigate fraud
As businesses navigate their way amid pandemic surges, lockdowns and uncertainty about how quickly vaccines can restore normalcy to our lives, it’s critical to assess fraud risks and move quickly to reduce them. Organizations with a comprehensive anti-fraud program should re-evaluate and update it to reflect impacts from the pandemic. Many existing policies and controls may need to be redesigned and enhanced.
The following leading practices can help any business tackle fraud more effectively, no matter how mature its current efforts are:
- Identify areas that are most likely to be impacted by fraud and prioritize them for improvement, such as third-party controls and lack of cybersecurity for remote workers
- Maintain a strong culture of corporate integrity, understanding that adjustments may be needed to engage and support a remote workforce
- Review COVID-19’s impact on cybersecurity and determine how data protection and governance can be improved
- Update cybersecurity and integrity training for employees and contractors
- Consider investing in artificial intelligence, advanced analytics and automation to stay ahead of sophisticated cyber threats, and detect patterns that indicate wrongdoing
- Evaluate changes to third-party risk due to COVID-19, considering new controls, contracts and other measures to improve data protection and stem corruption
- Implement new methods and tools for effectively conducting remote conduct reviews and investigations
- Provide clear, regular two-way communication on policies and practices to workers, third parties and other organizational stakeholders that effectively supplants face-to-face communication
- Make anonymous whistle-blower reporting available to employees, contractors, suppliers and customers; monitor effectively and follow up on tips
- Stay abreast of evolving regulations to maintain compliance and reduce penalties should data breaches and/or wrongdoing occur
- Develop proactive strategies for dealing with proven cases of fraud, such as communicating to the media, customers and third parties; making financial disclosures; and managing contractual obligations
All organizations, even those that find themselves on the brink of bankruptcy, must make the time to tackle the growing risks from fraud. Otherwise, wrongdoing by embattled company leaders, anxious employees or corrupt third parties could cause even greater damage than COVID-19 generated disruptions.