Forensic Focus on COVID-19 (Part 3)
Fortifying the frontline of defence against fraud
This is the third part in a Deloitte Forensic series around COVID-19 business impacts and steps you can proactively take to help respond to and recover from the outbreak and mitigate potential fraud and financial crime risks.
Fraud and employee misconduct thrive during a crisis. The last downturn taught us that fraudsters are quick to find loopholes when the chips are down. The COVID-19 outbreak poses new challenges at a time when global growth is already slowing, and now organisations must fortify their defences against such opportunists more than ever.
Businesses may have let their guard down as they focus to stay afloat, by relaxing control procedures, delaying internal audits, reducing headcounts, or implementing long-term arrangements to work from home. The change from ""business as usual"" creates vulnerabilities for companies and new pressures for workers as they worry about their futures and job security.
When the tide is out, we have historically seen an increase in long-running schemes or frauds getting uncovered as there is a shock to their existing modus operandi – as was evident in the Madoff investment scandal that unravelled off the back of the 2008 Global Financial Crisis.
The fraud triangle
Fraud typically occurs where opportunity, motive, and rationalisation converge. This is known as the fraud triangle, and the COVID-19 crisis creates a perfect storm for fraudsters to exploit:
- Lack of supervision and oversight: With social distancing measures in place, offices are now empty but nonetheless accessible. The usual lines of defence, such as management oversight, are also no longer present onsite, and fraudsters can now get away with misconduct without detection.
- Controls and processes overridden: As organisations quickly adapt to new ways of working, including virtual and remote work arrangements, many existing controls and procedures may be compromised, or even entirely disregarded.
- Management distraction: Reactive decisions made at short notice in response to the evolving COVID-19 situation may not have been adequately considered from a fraud risk perspective.
- Distressed employees: For employees, the thought of potential job losses and pay cuts in the gloomy economic landscape may be a source of mental distress.
- Projected prolonged economic downturn: In certain situations, people may commit fraud to safeguard themselves to weather a perceived impending storm.
- Pressure on financial results: As businesses fail to meet key targets defined prior to the COVID-19 outbreak, individuals may feel the pressure to safeguard bonuses, or avoid presenting unfavourable results that will drive down share prices.
- Feeling unfairly penalised: Employees may feel that they are entitled to better treatment as they had contributed to business success prior to the sudden disruption caused by the COVID-19 slowdown.
- Prioritisation of self-interest: During a crisis, the ‘every man for himself’ mind-set may become more salient.
Red flags to look out for during the COVID-19 crisis
Businesses have to remain vigilant and actively seek out red flags1 that may surface in this crisis, including:
- Theft of confidential data: Temporary or relaxed workarounds, including the sharing of remote log-ins, may create opportunities for fraudsters to steal confidential data.
- Payroll fraud: New and complex government COVID-19 support schemes that offer rebates and conditional payout may encourage fraud and manipulation.
- Bribery and corruption: With global supply chain disruptions, essential suppliers are demanding kickbacks or grease payments to facilitate cross-border shipments.
- False reporting: As the crisis wreaks havoc in the financial markets, some may see the opportunity to their camouflage non COVID-19 related losses.
Protect your people and your organisation
Against these headwinds, employees are an organisation’s first line of defence. A recent survey by the Association of Certified Fraud Examiners showed that 43%2 of fraud cases came to light through tip-offs, with half of them from employees.
Establishing safe channels – such as whistleblower or ""speak-up"" hotlines – for employees to step forward and ‘blow-the-whistle’ to expose sensitive issues in a confidential manner is therefore critical, and can be a simple, cost-effective way to enable companies to remain resilient throughout the COVID-19 crisis.
Designing an effective whistleblowing mechanism
For the last two decades, Deloitte has been designing clear, practical and implementable whistleblowing programs to support organisations in monitoring their policies and assessing the effectiveness of their controls to minimise workplace misconduct and strengthen governance.
Broadly, this process entails five key steps (see Figure 1 in the report):
- Select a solution
- Appoint a disclosure coordinator
- Refresh in-house assets
- Set up disclosure channels
- Create awareness
Deloitte Halo, our digital whistleblowing solution equips organisations with secure and confidential reporting channels layered with advanced security features. It also facilitates case management and provides insight using analytics across an organisation’s whistleblowing disclosures. Incidents are reviewed by trained analysts, and high-risk matters are promptly escalated for immediate action.