How to spot, prevent and mitigate insider fraud during the current crisis

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.
  • As happens during many crises, instances of insider fraud are on the rise due to the effects of COVID-19 on the economy. But there are ways companies can better prepare and protect themselves against this threat.

  • Update your fraud risk assessment program and internal controls to deal with new or magnified risk factors related to the pandemic. 

  • Your organization can strategize to avoid insider fraud or minimize the cost of an incident. Companies with a dedicated fraud program in place spend 42% less on response and 17% less on remediation costs, PwC found.

Issues arising from COVID-19

The current environment is ripe for a spike in insider fraud. More than 300 CFOs surveyed by PwC in early April 2020 report the financial stresses their organizations face. About 3 in 4 say that the outbreak could significantly impact their business, and two-thirds are deferring or cancelling planned investments, according to PwC’s COVID-19 CFO Pulse Survey. More than 40% expect temporary furloughs, while 26% expect layoffs.

The nature of insider fraud is shaped by the context and the kind of crisis. Consider these examples:

2000-2001 tech bubble. Many newly public companies that had issued optimistic guidance were investigated by the SEC for falsifying their financial statements. Others artificially inflated their valuations, while some aggressively pressured sales teams to meet forecasts. Most of these frauds were perpetrated by one or more executives, in collusion with other internal actors  — from salespeople to members of the finance and accounting team.

Great Recession of 2007-2009. PwC’s Global Economic Crime Survey tracked a sharp rise in accounting fraud, with four in 10 of the global respondents explicitly stating that fraud risk had risen due to the recession. Respondents pointed to “financial targets being more difficult to achieve,” and “senior management wanting to report a desired level of financial performance.” 

Though fraud rose substantially during those two crises, in any given year, about 5% of an organization's revenue is lost to insider fraud. That represents a potential total loss approaching $4 trillion annually in the US alone.

The advantage of being prepared and responding promptly

Being prepared for a time like this pays off. Companies with a dedicated fraud program in place spent 42% less on response and 17% less on remediation costs, according to the 2020 PwC Global Economic Crime and Fraud Survey. Quickly investigating a fraud incident also helps: Sixty percent of those who conducted prompt investigations said they landed “in a better place.”

Prompt investigation of — and response to — the discovery of fraud can prevent a spiral of consequences we’ve seen in the past. The stakes are high for any company hit by financial reporting fraud: Consumers’ trust in the company, revenues and sales, employee morale and even potential further investigations are on the line. But with the right steps, companies that experience fraud from within can resolve the uncertainties of criminal, regulatory and civil matters expeditiously, and protect shareholder value.

Today’s fraud triangle: Why many executives and regulators are on high alert for internal fraud

Opportunities for fraud abound in the COVID-19 world. Controls on existing processes may not function as designed due to remote working, employer distraction, and operational or workforce disruption. In addition, control testing may be suspended or delayed due to operational and workforce disruptions. As a result, many newly created workaround processes may be uncontrolled or inadequately controlled. 

The $2.2 trillion Coronavirus Aid, Relief and Economic Security Act (CARES Act) — with additional stimulus packages being contemplated in the US Congress and other similar grants deployed around the world — can lead to greater opportunities and pressures for abuse. These include frauds involving medical and consumer products in short supply, insurance claims and charity relief funding. 

Pressures continue to intensify as COVID-19 ripples through the economy. Companies in financial distress may falsify financial statements to prop up valuations or maintain access to capital markets. They may also “hide” past sins (write-offs that should have been taken in prior periods) in COVID-19 disclosures or results. (Recent SEC Guidance discusses how to prepare disclosure documents during this uncertain time.) Pressure to bribe to access limited resources (contract manufacturing, shipping, raw materials, etc.) may be rising. Organizations also may increasingly engage in bribery and corruption to continue operating in lockdown areas and to circumvent related laws and regulations.

Rationalization of insider fraud is easy. Urgent financial and liquidity pressures may drive leaders to rationalize fraudulent measures in order to continue to pay employees, or simply stay in business, in the short term. Employees who sense an employer’s struggles may justify falsifying reporting in order to "save the company," and workers experiencing personal financial pressure may justify asset misappropriation as a short-term solution to their cash needs. 

Not surprisingly, both the US SEC and Department of Justice have signaled that they will be actively investigating COVID-19-related frauds, while continuing to monitor compliance programs. The IRS Criminal Investigation has also cautioned taxpayers about scams related to COVID-19 economic impact payments.

Six steps to stop or mitigate insider fraud risks

Update your fraud risk assessment and incorporate new factors emerging from the COVID-19 crisis

The fraud risk universe triggered by this pandemic — just like its epidemiological risk — is still not fully known. Even the leading anti-fraud programs should be updated for the new risk factors arising from pandemic responses: the sudden and swift shift to remote work, the use of COVID-19 as topical lure for social engineering campaigns, and new procedures for monitoring employees’ health status or productivity. In addition, new business processes are being designed and implemented as part of a COVID-19 response, and these may magnify existing internal fraud risks, while also potentially adding new ones. 

View more

Identify, rank and address your risks

It’s time to turbocharge your data analytics and visualization techniques to gain visibility into heightened fraud risk areas. Fraud-risk monitoring tools can help you identify risk issues sooner.

View more

Upgrade your internal controls, policies and procedures

Weakness in internal controls account for nearly half of insider fraud. It’s important to assess existing internal controls, policies and procedures to determine whether responses to COVID-19 like remote work, supply chain adjustments, employee health status monitoring or contact tracing should cause an update. Recommend changes for management to consider that align with the fraud risk assessment’s results.

Internal audit executives play an essential role in assessing the most critical risks that COVID-19 has either created or magnified. For example, internal auditors detect about 15% of insider fraud incidents, second only to tips from employees or external parties (40%). More importantly, controls put in place by internal auditors are considered to be among the most important anti-fraud techniques.

View more

Communicate and engage the business, audit committee and auditors

Rally them together for a stronger fraud-fighting culture. By setting the proper tone during the crisis, CEOs and corporate directors can temper any pressures and justifications for insider fraud.

It’s essential to proactively engage your audit committee and auditors in discussions about your responsibilities for preparedness and notification of fraud under Section 10A of the Securities Act. It is also critical to maintain the market’s confidence in the reliability of financial reporting information. Audit committees need to focus on that during a crisis, especially one of this magnitude.

View more

Investigate internal fraud incidents promptly

A leading practice to avoid getting embroiled in a new fraud is to investigate and learn from the last one. Yet, according to the Global Economic Crime and Fraud Survey, half of US companies and 44% of all global companies failed to conduct an investigation after their most damaging recent fraud — and barely one-third reported it to the board.

View more

Report early

Disclosing a fraud early can sometimes result in a more favorable outcome with regulators and potentially lessen downstream liability. Regulators frequently give credits (from reduced penalties to declination) to companies that  self-report incidences of internal fraud, while organizations that try to conceal evidence of misbehavior face the full brunt of the law.

View more

Emerge stronger after the crisis

Nearly 40% of companies in our survey planned to spend more on fraud prevention over the next two years, according to PwC’s latest Global Economic Crime and Fraud Survey. They also said they might  focus on technologies that can make fraud management more efficient and effective. 

The future of managing both internal and external fraud requires a combination of established and emerging technologies to automate trust — artificial intelligence (AI), internet of things (IoT) and blockchain — along with digitally upskilled risk managers. To be ready to automate trust, your organization should increase the integration of data with AI and analytics systems. That requires moving to a test-and-learn approach, using algorithms that are continually learning and data that’s constantly being refined. It’s also essential to put together anti-fraud risk teams that are “multilingual,” meaning they encompass multiple tech and business skills.

Contact us

Brian Castelli

Partner, PwC US

Charles R. Hacker

Partner, PwC US

Sandra Maria T Parrado

Partner, PwC US

Kristin Rivera

Partner, Global Forensics Leader, Global Crisis Consulting Leader, PwC US

Sean Joyce

Global and US Cybersecurity, Privacy & Forensics Leader, PwC US

Joseph Nocera

Cyber & Privacy Innovation Institute Leader, PwC US

Mike Maali

Internal Audit, Compliance & Risk Management Solutions Leader, PwC US