May 18, 2024
Subscribe Now
Practice Directory
LN BUTTON
New Membership

An efficient response to fraud

Accuracy’s Rae Lawrie on the risks of delaying internal investigations during COVID-19, with an insight into key questions business leaders should ask if they are considering a ‘wait and see’ approach.

It is not news that the continuing impact of COVID-19 is still being felt by businesses around the world, with the pandemic offering bad actors many more opportunities to commit fraud. For instance, 79 per cent of respondents to ACFE’s Fraud in the Wake of COVID-19, December 2020 edition indicated that they have already seen an increase in fraud whilst 90 per cent expected fraud to increase in the next 12 months. Further, anecdotally at least many companies are continuing to delay or choosing not to investigate allegations, potentially sending the wrong message and failing to deter these bad actors.

Within this context, let us consider the three following questions:

What has caused the increased risks to companies?

COVID-19 has caused many companies to adapt, including dramatically changing certain business practices. Many such changes were implemented quickly and often as short-term solutions, without the usual level of review and testing. As a result, there have been profound impacts to the control environments at businesses. Examples include dramatic increases in remote working, updated IT access rights and security protocols, updated know your client checks and reviews, a reduction in management oversight and reduced segregation of duties. All of these changes potentially impact the effectiveness of controls, leading to an increase in the risk of fraud from both internal and external threats.

Further, businesses’ internal audit and compliance functions have had to learn to operate remotely due to travel bans and office restrictions, with many having a reduced headcount due to staff furloughs, company reorganisations and staff redundancies as business have looked to control costs.

Why are bad actors taking more risks?

Even as companies’ control environments have become weaker, COVID-19 has increased commercial pressures on companies and their employees, particularly in some specific business sectors, e.g., travel and hospitality. Most notably, there is currently heightened pressure for business leaders to keep businesses operating at any costs, increasing the risks that bad actors, including affected companies, their business partners and employees will seek to obtain a financial benefit by fraudulent means. The Council of Europe’s Group of States against Corruption (“GRECO”) recently published guidelines highlighting the increased risk of financial crime due to large amounts of money being infused into the economy generally. Further, increased financial support to businesses made available by governments (often with few or inadequate government-imposed controls) creates more opportunities for bad actors to commit fraud.

Why are companies choosing not to investigate?

Normally the increased risk of fraud identified above would lead to an increase in both internal and external investigations, with companies maintaining a heightened sensitivity to potential issues in order to mitigate potential losses or liability. However, during this COVID-19 period this has not always been the case.

Instead, companies have either been choosing not to investigate or actively delaying initiating investigations unless pressured to do so. In the main, this has apparently been due either to the costs (reduced compliance budgets), or the perceived difficulty with investigating remotely. Even regulators and/or law enforcement bodies, including the US DOJ and UK SFO appear to have delayed their own investigations due to COVID-19 restrictions. These restrictions have been associated with an inability to obtain evidence quickly and interview witnesses and suspects in person (with video conferencing technology acting as an imperfect substitute) and have resulted in delays in court processes, slower response times to investigative requests, and difficulties among regulators and law enforcement bodies in reviewing evidence and coordinating appropriate investigative responses.

Recommendations

While many business leaders are taking a pragmatic “wait and see” approach with regard to investigations, such an approach may be risky, and leaders should consider the following in connection with decisions of whether to investigate:

  1. Is there a regulatory/compliance issue that may include a duty to report?
  2. If the issue is made public prior to the business understanding the true impact, what happens (e.g., Abraaj Capital and Wirecard)?
  • Can the issue(s) be resolved by investigating now (likely involving much of the work to be undertaken remotely)?
  1. If an investigation is delayed or foregone entirely, what is the potential impact?

In connection with the last question, if business leaders choose to delay or forego an investigation, they should ensure that they have considered the risks associated with such a decision, including:

  1. Does such a decision increase potential (civil or criminal) liability?
  2. Should the company obtain a legal opinion from either internal and/or independent external counsel (depending on complexity) to ensure, for example, that the company does not have a duty to report?
  • Could the decision lead to increased losses (e.g., the dissipation of assets and/or the suspect absconding, making recoveries and/or conviction of the suspect more difficult/impossible)?
  1. Has the company documented the issue and the reasons they chose to delay and/or not investigate, particularly if the company is listed and/or regulated?
  2. Will key evidence and witnesses be available if the investigation is delayed?
  3. Relatedly, who are the potential “key” witnesses? If such witnesses decide to leave the company prior to an investigation being initiated, are processes in place to identify such departures and ensure that the witnesses can be interviewed?
  • What steps can be initiated to reduce the risk of compromising any future investigations, including preserving key evidence such as relevant hard copy documents, electronic data including laptops, phones, server data and portable media?
  • Should an early case assessment be initiated to ascertain whether the investigation should proceed?
  1. Should the company conduct a brief investigation/review to better assess the potential financial and business impact, as well as its ability to answer the questions posed here?

Conclusion

Just as during the financial crises of the 1990’s and the 2008 financial crash, many companies may not feel the full impact of fraud until many years after the current pandemic. COVID-19 has presented unique opportunities that bad actors are willing to take advantage of, particularly as they may feel there is no real deterrent when companies choose not to investigate. Therefore, business leaders should realise that by delaying and/or choosing not to conduct an investigation, they may be increasing the risk of financial losses and/or reputational damage due to fraud. However, by carefully considering such risks, including asking questions around the potential impacts of delaying or foregoing investigations, business leaders will be in a much better position to address the inevitable impact of fraud that is likely to result from COVID-19.

Text by:

The-Oath-April-2021-Forensics-Rae-Lawrie

 

 

 

 

 

Rae Lawrie, director, Accuracy

Previous Editions

Privacy Policy © 2016 The Oath All rights reserved. Developed by 360 Inc