The recent financial crisis has proved a powerful reminder of the need to manage all business risks effectively. As businesses continue to review and update their risk management strategy, fraud and integrity threats are key areas which must also be considered with increasing scrutiny. Two separate PwC publications issued recently highlight the complexity faced by management when considering fraud and integrity risks:
The results of the Global Economic Crime Survey 2009 survey show that fraud has continued to be a pervasive threat in the economic climate over the past 12 months. It has resulted in not only declining financial performance for many UK organisations, but also an increased level of fraud. Almost half of UK respondents to the survey reported higher incidences of fraud compared to almost a third of other global respondents. Whilst it is encouraging that there are signs indicating UK organisations are taking positive and successful action to prevent and detect economic crime, there is still considerably more that organisations could do.
Dominant factors identified by respondents leading to greater risk of fraud in the current climate were:
A significant contributor to the dominance of these factors would be any instance where organisations have either neglected to factor in the current economic climate or have been over optimistic about recovery from the downturn when setting their financial targets. The consequential increased pressures to meet these targets results in increased potential for fraud. This is illustrated by the types of economic crime suffered by those respondents who reported experiencing crime in the last 12 months:
Types of economic crime
Of the most prevalent types of fraud, asset misappropriation, accounting fraud, bribery and corruption, money laundering, tax fraud and insider dealing are all very relevant to the local financial services industry, and are perhaps more prevalent than the cross industry findings presented in the chart would suggest.
Within offshore financial services centres such as ours, the complexity and number of parties involved in financial transactions further increases the risk of fraud. To mitigate this threat, organisations must ensure that they monitor their businesses and their procedures and also those of other institutions to which they rely on for services and information. Cutbacks in resources, particularly where these affect people for fraud prevention and detection, such as finance, compliance or internal audit, may leave a company in an exposed position which a fraudster could exploit.
So how can organisations address this issue? This survey shows fraud risk management processes and internal controls are the most effective tool for identifying potential fraud threats and also for identifying and controlling system weaknesses that create opportunities to commit fraud. Frequent fraud risk assessments are essential for identifying potential fraud threats and weaknesses in controls. Businesses without these processes and controls might be surprised to discover that almost two thirds of frauds reported by UK respondents were detected by risk management processes, controls or from the organisations internal anti-fraud culture.
From this survey, 22% of respondents reported that their organisations had not performed a single fraud risk assessment in the past 12 months and another 38% had only performed an assessment on one occasion, leaving organisations exposed to potential risk, as without regular assessments, frauds are more likely to go undetected.
How often should organisations perform a fraud risk assessment? This is a question each organisation must answer for themselves, but given that the financial services industry is subject to evolving fraud threats and is continually targeted by external fraudsters, financial institutions should be looking to perform assessments on a continuous basis.
It is key that organisations display an appropriate ‘tone at the top’, to articulate the organisations expectations and level of tolerance where fraud is concerned. This applies to all key stakeholders, both internally and externally. The messages should be conveyed regularly and filtered through from the CEO and Board to the most junior staff members.
This drive for integrity within an organisation needs to pervade all activities, internal codes of conduct and communications within the organisation. This was the finding in the PwC report – ‘Realising the full value of compliance’.
Participants in this study see the ‘sheer and increasing complexity of the regulatory environment’ as the most challenging compliance risk for their organisations. That combined with the increased fraud risk will raise the expectations on the compliance function. The report looks at ways of assessing the overall effectiveness of the compliance functions and suggests how these expectations can be best managed going forward. Some of the key findings were:
The PwC surveys indicate, as does our own experience in the Channel Islands, that financial organisations are becoming better at assessing their own control environment.
Many Boards have reviewed their internal controls as part of producing AAF 01/06 (the successor to FRAG21) and SAS70 reports. These reports have the effect of ensuring that management have reviewed their organisation’s business. The key considerations, however, are perhaps whether fraud or compliance risk was adequately covered as part of this review and importantly whether these risks are continually re-assessed.
Organisations need to ensure they continue to consider the complex risks posed by an increased threat of economic crime, as management navigate their business through these current challenging times. Full details of both publications quoted in this article are available at pwc.com/jg/en/forensics.