Opinion article by Mihail Bucheru, Director, and Emil-Ioan Borza-Dediu, Senior Associate, Financial Advisory, Forensic Services, Deloitte Romania
Last years’ disruptive events have significantly altered the global socio-economic paradigm, which has entailed the need for innovation and new approaches in terms of business strategies, staffing and operations. At the same time, Artificial Intelligence (AI) based technology and tools have seen rapid growth and a wide adoption rate by both business and private users, and whilst innovation and adaptability have been paramount during these times of distress and rapid change, they have also brought forward new operational vulnerabilities for companies, as well as evolving fraudulent methods.
According to the Association of Certified Fraud Examiners (ACFE) 2022 Report to the Nations, with regard to the effects of pandemic-related factors on occupational fraud, staffing and operational changes, internal control reshuffling, remote work, changes to strategic priorities, technological challenges and changes related to anti-fraud programs have been identified as top facilitators for fraudulent schemes, with 52% of the respondents, companies-victim, noting that at least one of these factors were present in their case. Similarly, Deloitte Insurance Fraud Survey 2023 finds that remote work, increased digitization and weakened internal controls have been the top reasons for the increase in insurance fraud. Additionally, the UK’s Office for National Statistics latest report regarding fraud highlighted that fraud and computer crime have increased substantially from 2020 to 2022, with the proportion of fraud incidents that were cyber-related increasing from 53% to 61% in the same timeframe, possibly due to behavioural changes generated by the pandemic.
Supply chain disruptions or even breakdowns, due to international sanctions and resource scarcity, in the context of geopolitical tensions and the war in Ukraine, bring additional pressure to this already troubled background.
Bearing in mind this challenging context, whilst also considering the “Fraud Triangle” developed by Dr. Donald Cressey, an American sociologist and criminologist, wherein a person is more likely to commit fraud if they are subject to financial pressures, perceive an opportunity for committing a wrongdoing, and respectively finds a motivation for the action itself to become acceptable, let us take a deeper look at the potentially perceived opportunities by the fraudsters and at the anti-fraud solutions available.
Perceived opportunities by fraudsters
Whilst the classic profile of occupational fraud, which includes corruption, asset misappropriation and financial statement fraud, has seen some changes in the last decade, with frauds being identified faster, and causing losses lower by some 16%, according to the aforementioned ACFE study, risks are still present, as fraudsters are continuously pursuing and exploiting opportunities to commit fraud.
The rise of AI creates additional anti-fraud challenges for businesses and professionals alike, as fraudsters may be tempted to make use of these tools to improve and intensify phishing attempts through adaptive learning, for example, to create fraudulent documents through image creation solutions, and to even bypass video verifications using deepfake. According to a recent survey conducted by Regula, an entity active in the field of identity verification solutions, 37% of organizations have already experienced deepfake voice fraud, with 29% falling victim to deepfake videos.
Moreover, considering the economic distress that some companies may face, they might find themselves tempted to lessen or not enforce their existing internal controls at all, in order to streamline the contracting procedures in a swifter manner and not to encumber their suppliers or clients with various checks. Given the potential decrease of the available budgets, companies and their representatives may also unwillingly come into contact with grey or even black-market vendors in their efforts to reduce their expenditures with certain goods or services, thus increasing their risks of contracting with fictitious or illegal suppliers, and consequently being exposed to non-compliant or not delivered goods or services.
Businesses should consider both proactive and reactive solutions.
The proactive solutions, with focus on fraud prevention and deterrence, range from ensuring that the company has a proper tone at the top, to the implementation of a robust internal control environment, fraud monitoring compliance function, performing fraud risk assessments and providing training to the relevant personnel for growing the awareness on the underlying fraud risks within the organization. All these tactics should be tailored to the operational requirements and realities of the business, as there is no one-size-fits-all solution that is readily available for implementation, whilst also meeting the highest KPIs, ethics and integrity standards.
Nevertheless, in case of crisis, companies must resort to reactive solutions, such as performing forensic investigations to identify and stop ongoing fraudulent schemes. In such instances, businesses should strive to collaborate with professionals in the field, so that both the frauds and underlying root-causes are fully detected, and compliance with chain-of-custody requirements is ensured.
Forensic professionals use various IT tools, specifically for data collection, processing, analysis and visualization and for performing Electronic Discovery (eDiscovery) procedures. In a nutshell, eDiscovery is the process through which forensic investigators collect both structured and unstructured data from various digital sources for further analysis and safe keeping. Currently, a wide range of specialized eDiscovery tools is available for collecting, processing and reviewing data, all in a forensic sound manner. Considering today’s large electronic data volumes (from email or chat communications to cloud data repositories), eDiscovery has become a necessity on one hand, for the performance of every forensic investigation, and on the other hand, for comprehensively reviewing and testing the internal controls, as well as the overall compliance and resilience to fraud risks of the organization.
Fraudulent methods are always evolving and fraud itself may never be eliminated. Consequently, businesses should consider to always improve the awareness within the organization, as well as the internal control environment, so that they are able to mitigate the risks that even the newest fraudulent schemes may generate. On the flip side, during crisis instances, it is imperative for businesses to have a comprehensive crisis management strategy in place, including a well-structured response protocol and action plans customized to address the unique aspects of each situation.