The fact that 51% of respondents to our 2018 Global Economic Crime and Fraud Survey said they hadn’t experienced fraud in the past two years (or don’t know if they have) suggests blind spots exist in many organisations. But why are the blind spots there, where are they – and what are organisations missing as a result?
It doesn’t seem that the blind spots result from a lack of investment in anti-fraud measures: 42% of respondents said their companies had increased their spending on combating economic crime over the past two years, and 44% said they plan to continue to increase it over the next two. The issue is more how this money is spent. The areas of a business that investigate fraud, manage fraud risks and report to the board or regulators are often disjointed and siloed. If everyone builds a programme based on their own perception of fraud, operational gaps arise. So it’s vital to ensure everyone understands the big picture of fraud risk management and how their own function fits into it.
As well as varying between different functions, perceptions and definitions of fraud also vary across the world – as shown by the regional variations in the animated graphic below. So how can international businesses adopt an approach that’s holistic and consistent both within countries and globally? The answer can lie in establishing centralised fraud detection teams that gather information from all possible sources – whistle-blowers, investigations, alerts, and more – and piece together the connections to support investigations, compliance and remediation.
This approach brings multiple benefits. As well as mitigating against the risk of bias resulting from people investigating their own area of the business, it also provides a broader view of how one localised fraud can affect other internal and external stakeholders, not to mention senior management and the board. A further benefit is that it can enable the sharing of lessons learned in one division or geography to benefit others, and facilitate proactive remediation.
But even with a centralised approach there are potential blind spots to guard against. The mere existence of an enterprise-wide fraud function may make some employees feel that tackling fraud is ‘someone else’s responsibility’. There’s also a need for the centralised function to remain alert to new or emerging frauds: our study indicates that consumer fraud and business misconduct have risen rapidly up the fraud agenda, with reports of the number one global fraud – asset misappropriation – seeing a corresponding decline.
It’s also vital to watch out for threats from ‘frenemies’ – people the organisation has invited to work with it. In our study, 52% of respondents said their most disruptive fraud was perpetrated by an internal actor, against just 40% who said it was external. But a sizable percentage of the ‘external’ group is made up of third-parties with whom companies have regular relationships: agents, vendors, shared service providers, customers and more. Everyone in the business must be vigilant about who it allows in to access its systems and processes.
Finally, across all anti-fraud activities, it’s important to remember that looking at fraud prevention from a strictly defensive, business-process perspective can create a false sense of security. The most sophisticated controls can be overridden and the most apparently impenetrable firewalls breached. Fraud never takes a break, and neither should the organisation – because when fraud happens, its aftershocks can be catastrophic.