Author: Davinder Oberoi
Essentially, fraud involves avoiding a rightful obligation or obtaining a personal gain, by means of dishonesty. Lately, I have been thinking about fraud in its various guises, and its causes, impact and response options.
The evolving digital landscape brings the virtue of increased connectivity and efficiency, but also new challenges. A digital real-time world also means real-time fraud. As technology evolves, so do methods of fraud and companies now need to act proactively instead of reactively - particularly against internally-originated fraud.
Human error plays a major role in business’s cyber vulnerability, so organisations must ensure broad awareness across their employee base of fraud scenarios and threats - this is a key pillar of fraud prevention. What is also crucial is to leverage emerging technology that ensures that fraud detection occurs in real time and has enterprise-wide scope. This is what will make prevention possible.
Fraud in the digital age
Technology enables us to connect to a wider audience, share information instantly, and perform real time transactions. However, this shift has introduced new threats to security. The risk of fraud in the technology space is commonly characterised by deception for financial or personal gain, initiated by someone external or internal to an organisation. Common external fraud risks involve cyber criminals using various phishing techniques that gain initial access and lead into a series of other attacks. Critical data is stolen and the consequent damage to a company can be severe, financially, legally and reputationally. Fraud, however, is not only an external party phenomena. Investigations regularly uncover internal stakeholders and employees involved in perpetrating fraud against their company.
While technology is a beneficial tool for us, it has also become a tool for cybercriminals. They now have instant access to information about others without even having met them, because people display personal information online through things like social media. So, the increasing use of technology combined with a lack of understanding of its risks, means that a major vulnerability in terms of fraud is simply people. The recent Netflix TV series, “You”, really drives home the extent of personal harm that can be caused by using social engineering tactics to collect data and commit fraud.
Prior to the digital age, carrying out fraud via identity theft required physical access to specific equipment (eg, a four-colour printing press) and technical expertise. By contrast, a fraudster today can easily copy a corporate logo just by accessing the company’s website, obtain a CEO’s signature through an annual company report found online, and learn relevant details about an individual through social media platforms.
What should companies be doing to minimise fraud risk
The psychology of fraud is a richly studied topic and it is important to understand, as it informs the design and implementation of fraud control tactics. Effective fraud prevention mechanisms must target the underlying reasons for fraud. Grace Duffield from Australian Security Intelligence Organisation and Peter Grabosky from Australian Institute of Criminology identify three primary factors:
- Supply of motivated offenders,
- Availability of suitable targets, and
- Absence of capable guardians (control systems or monitoring “to mind the store”).
Worth remembering is that a large percentage of fraud is perpetuated (including involuntarily through scams) by an organisation’s own employees or direct connections. Also, that strong, ongoing internal audit procedures play an important role in prevention and detection.
Therefore, efficient fraud prevention measures span across four areas:
- Sound leadership practice - set standards of behaviour and develop a Principles and Ethics based on organisational culture. Implement rigorous and visible governance structures and operating procedures.
- Active evaluation/auditing, monitoring, and enforcement throughout the organisation.
- Active identification of critical internal and external interfaces which are susceptible to fraud. Continual Risk Management and Planning processes across the organisation, including continuous risk profiling of fraud scenarios and implementing controls and countermeasures.
- Well maintained operational processes for Fraud Prevention, Detection, Response, and Recording and Reporting across the organisation.
Fraud detection and prevention technology (“capable guardian” or “minding the store”) is a fundamental auditing tool to assess the efficacy, and adequacy of control procedures and countermeasures. When augmented by analytics, machine learning, and artificial intelligence technologies, Enterprise data streams are playing an increasingly huge role in effective implementation and enforcement of fraud prevention measures. This real time transaction monitoring capability (augmented and enhanced by modern machine learning capability), applied holistically to different areas such as: Anti Money Laundering (AML), Counter Terrorism Financing (CTF), Sanctions Screening, Transaction Fraud, and Identity Fraud (Know Your Customer), is a game changer in the fight against fraud.
Finally, due to the different skill sets in Audit and Investigations, an organisation’s internal fraud audit function must be separate from the fraud investigation function.
How can workplace culture mitigate the likelihood of fraud
Online Fraud Awareness training delivered regularly to employees is an effective way to increase awareness and reinforce the organisational anti-fraud policies and measures. This will educate staff on what constitutes a fraud and the red flags (internal and external) that signify fraud, as well as the processes around reporting it and the confidentiality protections in place for them.
Most importantly, honest and forthcoming leadership and workplace culture that supports and encourages ethical behaviour is a critical antidote to fraud. It encourages integrity and reduces or eliminates psychological rationalisation or justification for defrauding one’s company.
Fraud is extremely insidious and costly to an organisation - both financially and culturally. Stamping it out through the right operational and technology measures is an imperative in our digital age.
CGI provides Business and IT consulting service and technology solutions for fraud prevention, detection, response, and reporting as part of our anti-financial crime offering. To learn more, feel free to get in touch!