Business unusual: Why today's fraud requires an unconventional approach
By Graham Reid, skills, development and training manager, Sebata Municipal Solutions.
Fraud is not new or unusual. But with the evolution of technology, its definition has changed.
Fraud is no longer just about misappropriated money. It now includes HR fraud, IP and data theft, and a new category defined by PwC as "business misconduct", when companies intentionally deceive the market or the general public.
This broader definition suggests that businesses need new and unusual methods to detect, combat and prevent fraud. Ironically, while technology can help businesses to manage all kinds of risk, fraud is one threat often better detected by humans, says Graham Reid, skills, development and training manager, Sebata Municipal Solutions.
Machines don't commit fraud; people do. That's why people tend to be more effective at detecting suspicious behaviour. In fact, the Association of Certified Fraud Examiners (ACFE) found that in 2018, tip-offs were the single largest source of fraud detection, at 40%.
Knowing your employees can help you identify potential fraud risk. When people intend to commit fraud, they display certain behaviours. Most of the time these are unusual, like:
* Living beyond their means;
* Having either a sudden dedication to work or a marked lack of ambition;
* Strongly objecting to procedural changes related to financial, inventory or supply matters;
* Known personal problems such as debt, gambling problems and drug and alcohol addiction;
* Having external and undeclared business interests;
* Preparing for retirement at an unusually young age;
* Being big talkers, blatant liars and finger-pointers; and
* Having questionable friends, networks and acquaintances on social media.
According to the ACFE, a whopping 85% of fraud perpetrators were reported as displaying at least one of the 18 possible red flags surveyed. So you can't say you didn't see it coming.
You've come across suspicious activity; technology can help to analyse how deep the rot is, how long it's been festering and how to stop it from happening again.
This can be as simple as monitoring photocopier history or as complex as adopting blockchain and machine learning to uncover patterns in historical data and predict the likelihood of them recurring.
1. Most office printers store copies of anything that's printed, scanned, faxed or copied. Check this regularly to see if anyone is accessing documents they shouldn't be. This will also help you to identify internal processes and controls that need to be tightened.
2. Blockchain, artificial intelligence and machine learning offer more sophisticated methods for uncovering fraud.
In procurement, for example, blockchain can increase the visibility and transparency of the entire supply chain. Since the ledger is distributed among many computers on a peer-to-peer network, anything from product movement, to asset transfers, to legal contracts can be tracked and validated. It's nearly impossible to alter or delete a record from the chain, unless the majority of peers on the network collude to make it happen.
Sophisticated machine learning algorithms automatically detect and flag anomalous behaviour, like someone changing registration information or banking details on an invoice. The more you "train" the software, the better it becomes at picking out the bad apples.
3. Ethical hacking is another unconventional way to uncover fraud and manage risk. Either hire someone or train your own people to find weaknesses in your systems. Make a big deal about rewarding staff who expose weak spots, so everyone knows that you're serious.
When something doesn't feel right...
...it usually isn't.
Another trait machines don't have is gut instinct. Common sense and logic play a significant role in uncovering crime. Unfortunately, the idiom that "it takes a thief to catch a thief" could not be more true in terms of fraud. We must think like criminals to stay a step ahead.
Alarm bells should be ringing if any of this sounds familiar to your business:
* You win contracts or business you never tendered for or enquired about;
* Certain employees seem to meet with clients or customers more frequently than necessary;
* CIPC staff checks reveal employee holdings or memberships of registered companies that were never disclosed; or
* You get excessive or unprecedented discounts from vendors or suppliers.
Tried and trusted
Any new method of fraud detection should not be considered in isolation, but should augment existing processes and procedures to further strengthen your business's defence.
These could include:
* Incentivising whistle-blowers by allowing honest employees and suppliers to anonymously report suspected fraudulent behaviour;
* Implementing a gifts and benefits register to monitor employee-client relationships;
* Following through with enforcement and making an example of those found guilty of even petty fraud;
* Regularly educating employees on your fraud risk policy and its consequences;
* Implementing internal controls and segregation of duties;
* Having an open door company culture; and
* Promoting ethical decision-making.
Remember the fraud triangle: Unethical behaviour starts with pressure, like gambling problems or feelings of perceived injustice caused by the business. People then start to rationalise the behaviour, like feeling hard done by because they were passed up for promotion. Then, when an opportunity presents itself, they'll take it.
A business's best defence is to remove temptations by putting policies and procedures in place to ensure early detection. It might cost more initially, but it could be far less than the financial, legal and reputational damage associated with a successful hit.