Perspectives

Effective fraud risk management

ME PoV Fall 2022 issue

An ounce of prevention is worth a pound of cure

Deloitte’s 2021 Middle East Fraud survey revealed that organizations in the Middle East region have started to take action against fraud risk but the degree and extent to which they have been successful is somewhat mixed. We have seen that an increase in emphasis on fraud is mainly attributable to increased scrutiny from regulators as well as a greater degree of integration into the global market, and with that, exposure to more exacting international standards of fraud risk governance. 

At the same time, we have seen a dichotomy between the more proactive organizations and the ones that are more reactive. The reactive companies tend to fall behind in the race mainly due to governance structures that grant a higher degree of management impunity with limited oversight. Unsurprisingly, when fraud affects these companies-especially incidents involving senior individuals-the shockwaves can be significant.

In our experience, there are certain other factors that undermine a company’s willingness to tackle fraud risk head-on. These include:

  • Culture: Some companies have senior management that are generally used to running businesses or functions with the sole objective of fulfilling, or exceeding, targets. This can lead to a culture where internal rules, as well as regulations and laws, could be broken.
  • Conflict of interest: There has been conflict of interest situations between organizations and their stakeholders, which pose threats that are not only financial but also extend into brand and reputation. These conflicts of interest typically arise when dealing with third parties, including suppliers, with whom the companies have business relationships (which may in fact be related parties to a stakeholder), or recruitment of employees within internal functions. Pre-existing conflict of interest, or comfort with them, may impair stakeholders’ willingness to embrace a more focused fraud risk management agenda.
  • “It’s just how business is done around here.”: In some companies, there is a lack of awareness especially when it comes to dealing with complex situations involving ethical dilemmas. Staff may receive mixed signals and have trouble identifying that something is wrong, and if so, what to do about it.  
  • Aversion to discretionary spend: Even certain companies that, on paper have certain fraud risk management program aspects in place, view it as a ‘tick the box’ exercise, where the investment and level of efforts involved in such exercises may not prove useful. It may be that, faced with tight budget decisions, these firms do not want to spend money on preventive measures and hope that bare minimum efforts can stave off significant issues.

The above points are clubbed with the fact that the Middle East economy is labour-intensive, as well as dependent on expatriates. There are many instances where stakeholders, such as employees, or even personnel from third parties, do not report incidents for fear of retaliation and the risk to their livelihoods since in most countries in the region, an expat’s visa is tied to their jobs. It is a challenging decision to raise one’s hand if you risk running afoul of a senior individual in the organization. These factors may lead to fraud not being detected at all or may not be resolved effectively. This is reaffirmed by Deloitte’s Middle East Fraud Survey 2021 wherein most of the respondents felt that the whistleblowing mechanism was not effective in dealing with the reported fraudulent incidents.

We have seen a positive trend in Middle Eastern firms conducting fraud risk assessments over the last 10 years, which we attribute largely to pressure from the regulators. However as per our recent survey results, the effectiveness of such exercises appears to be questionable as is the response plan that firms prepare and undertake following the exercise. This suggests a wider scope for regulator and industry cooperation, primarily to develop and disseminate clear best practices for companies to follow and provide guidance to them in aligning with regulatory expectations. Organizations need encouragement to invest in the measures to proactively prevent fraudulent incidents rather than waiting to
detect fraud or act after a fraudulent incident has been identified or reported.

The most effective way to achieve the objective of protecting enterprises from internal as well as external fraud is to implement a comprehensive fraud risk management framework. This essentially requires participation across the organization, starting from the oversight of the Board and disseminating to the senior management, other employees, as well as any third parties including vendors and business partners. There is a need to develop an anti-fraud vision for the firm and then focus on the key elements of an effective fraud risk governance structure, and then ensure they are not treated as a “once-and-done” exercise. It is necessary to regularly review and revisit the fraud governance mechanisms in order to be updated with the changing business and risk landscape.

To this end, the survey highlighted one encouraging trend around investments in preventive monitoring: organizations that have deployed fraud monitoring/detection technologies have been satisfied with the results. Smart analytics tools and technologies such as artificial intelligence (AI) and machine learning (ML) can help organizations streamline previously cumbersome monitoring efforts end increase the efficacy of proactive measures.

Given the advancements over the last 10 years, it will be exciting to watch how fraud risk management evolves in the Middle East over the next 10 years. We hope to see a groundswell of emphasis on proactive measures. Perhaps in the future, the Middle East Fraud Survey 2031 will even see a plurality of organizations include the area of fraud risk management as a strategic KPI for their management and other stakeholders. Further advancements will be critical as governments in the region seek to establish it as a safe ethically sound
ecosystem for conducting business.

 

By Collin Keeney, Partner, Prabodh Newar, Assistant Director and Gaurav Malhotra, Assistant Manager, Financial Advisory, Deloitte Middle East

Effective fraud risk management
Did you find this useful?