Fraud Week 2020: Lessons Learned from Real Life Stories of Fraud

By Lowers & Associates,

COFFEE BREAK SERIES: FRAUD WEEK 2020 Lessons Learned from Real-Life Stories of Fraud Neil Watson Director, Global Operations, Lowers & Associates

Think it’s too good to be true? (You’re probably right.)

This week, we have been proud to recognize and support the Association of Certified Fraud Examiners’ 2020 Fraud Week initiative with our special Coffee Break Series. Fraud Week is an annual movement organized by the ACFE to champion the need to proactively fight fraud and help safeguard businesses and investments from the growing fraud problem. We have shared a number of stories and lessons through the eyes of Certified Fraud Examiners and other fraud experts on our team, examining issues such as fraud detection, whistleblower programs, situational awareness, and cyberfraud.

For our final episode, we interviewed Neil Watson, Director, Global Operations for Lowers & Associates. Neil has more than 30 years’ experience in the insurance industry which includes over 20 years working within the Fine Art, Jewellery and Specie (FAJS) sector. It is through this lens that Neil shares three stories of FAJS insurance-related fraud and key lessons that can be applied to any industry:

1. Nickel Wire: Worth How Much?

In this story, Neil encounters nickel wire that was reportedly worth $300/meter and the owner was seeking to insure 6 million meters worth. If nickel wire was worth that much, wouldn’t we all be invested in it? Neil shares how some quick research revealed the ludicrousness of this attempted fraud.

2. Rubies: Really?

Neil has some great stories to tell about ruby gemstones. The usual quarterly sale of all rubies sold around the world is in the neighborhood of $40-$50 million. The highest value single ruby ever sold was $30 million. Here, he shares what it’s like to receive a fantastic photo of a stone someone is wanting to insure that is reportedly worth $250 million. Really?

3. Platinum Concentrate: Unearthing the Truth.

Neil tells the story of the great effort a group of fraudsters went through to present a compelling story of $5 billion worth of platinum concentrate they wanted to insure. The Lowers team went so far as to visit the facility only to unearth the truth of the matter.

Grab a cup of coffee and spend 8 minutes with Neil to hear three stories that will make you believe when something feels too good to be true, it probably is.

 

 

We hope you enjoyed this week’s special Fraud Week Coffee Break Series. You can access the full roundup of episodes here. At Lowers Risk Group, we’re intent on helping organizations protect their people, brands, and profits from avoidable loss and harm. If you think we can be of assistance to you, request a meeting and let’s get to work.

 

Fraud Week 2020: Cyberfraud and COVID-19

By Lowers & Associates,

Fraud Week 2020: Cyberfraud and COVID-19

Think You’re Not at Risk? Think Again.

Our special 5-part Fraud Week Coffee Break Series continues today where we invite you to spend 10 minutes each day learning about various aspects of fraud detection and prevention through the eyes of our Certified Fraud Examiners and other fraud experts.

For this episode, we interviewed Steven Schwartz, Chief Revenue Officer for Periculus and a recognized innovation leader in the fields of risk management and cybersecurity. Periculus is a digital risk company specializing in helping small businesses measure, understand, and protect against digital risks so they can pursue growth. Before launching Periculus, Schwartz led strategy and insurance at Cytegic, one of the industry’s leading cyber risk quantification platforms, playing a vital role in the company’s successful acquisition by MasterCard in June 2020.

In its September 2020 Fraud in the Wake of COVID-19 Benchmarking Report, the Association of Certified Fraud Examiners (ACFE) reported, “Cyberfraud (e.g., business email compromise, hacking, ransomware, and malware) continues to be the most heightened risk for organizations, with 83% of respondents already observing an increase in these schemes and 90% anticipating a further increase over the next year.”

Many experts believe that organizations were simply unprepared from a cyber perspective for the pandemic and its resulting shift to a remote work environment where employees are now operating outside the usual infrastructure and oversight of their organizations.

As Schwartz explains, “We’re in an interesting time right now, where we’ve never been so polarized, yet so connected. With the increase in digital connectivity comes an exponential increase in the vulnerabilities and threats. The doors are open for attackers to exploit.”

Grab a cup of coffee and spend 7 minutes listening to Schwartz’s view on cyberfraud during COVID-19 and how organizations can better protect themselves moving forward.

How Can Organizations Better Protect Against Cyberfraud?

As with any type of risk an organization faces, it starts with an assessment to develop a true understanding of the risks you face and how those risks might impact your organization. From that place of understanding, you can make decisions about how to effectively mitigate or transfer those risks.

Schwartz explains it this way: “If you just tell me my risk is a 3 out of 5 and that’s all you tell me, I have no idea what that means to my business. But if you tell me I’m a 3 out of 5 with a financial impact of 2 million dollars, it becomes contextualized. And if we take that a step further and we’re able to demonstrate the controls you should invest in because they’re going to have the greatest impact in reducing your risk and financial impact and this is how much you should consider transferring via insurance, we can start to make sense of it all.”

We hope you enjoyed this Coffee Break episode. Come back tomorrow to hear from Neil Watson and lessons learned from real-life stories of fraud.

Fraud Week 2020: Got Situational Awareness?

By Lowers & Associates,

Fraud Week 2020: Got Situational Awareness?

Looking at the Fraud Triangle During COVID-19

Today, we continue our special 5-part Fraud Week Coffee Break Series with another episode to address important fraud prevention topics with insight from our Certified Fraud Examiners and subject matter experts. Fraud Week is an annual movement, organized by the Association for Certified Fraud Examiners (ACFE), to champion the need to proactively fight fraud and help safeguard businesses and investments from the growing fraud problem.

For this episode, we interviewed Carlos Rivera, CFE, MAFF, Senior Vice President – Caribbean & Latin America of Lowers Forensics International and Grant Mizel, Financial Analyst, Emerging Markets for Lowers Risk Group. Rivera and Mizel offer their insight to help us understand the importance of situational awareness to an organization’s ability to detect and prevent fraud. They point to the Fraud Triangle as a model for understanding why fraud happens, but also recognize that without situational awareness, the Fraud Triangle is meaningless.

Grab a cup of coffee and spend 7 minutes with Rivera and Mizel:

Formulated in 1953 by criminologist Donald Cressey, the Fraud Triangle theorizes that fraud occurs when a perpetrator feels financial pressure, they are presented an opportunity, and/or they can rationalize the theft. For the Fraud Triangle to be valuable, organizations must be situationally aware. What’s going on in, around, and outside your organization? Which of these internal or external factors might be impacting the opportunities, rationalizations, and incentives that can lead people to commit fraud?

As Rivera points out, “Removing separation of duties and internal audit departments certainly creates the opportunity for employees to commit fraud. However, you have to consider the financial pressure and rationalization that goes along with a national catastrophic situation. In many instances, you’ll have employees who receive salary cuts that may not only feel financial pressure but also rationalize it by claiming what they believe is rightfully theirs, or you may see an employee rationalize through necessity which I believe can be just as powerful of a motivator.”

The COVID-19 pandemic has, unfortunately, led to situations where people have less supervision, more opportunity, and way more financial pressure than before.

As a result, in its September 2020 Fraud in the Wake of COVID-19 Benchmarking Report, the ACFE reported, “77% of respondents said they had observed an increase in the overall level of fraud, with one-third noting that this increase has been significant.” Furthermore, the ACFE reports, “Our findings indicate this uptick is likely to continue; 92% of respondents expect to see a further increase in the overall level of fraud during the next year, and nearly half expect that increase to be significant.”

Mizel remarks, “You talk about the Fraud Triangle and opportunity, when you give folks the opportunity, they are most likely going to take advantage. You can head that off by putting structures in place, rigor, documentation, automated processes… when you think about the employee, it’s not strange from a fraud examiner’s perspective that someone without oversight would take advantage of the situation.”

We hope you enjoyed this Coffee Break episode. Come back tomorrow to hear from Steven Schwartz, Chief Revenue Officer of Periculus, about cyberfraud during COVID-19.

Fraud Week 2020: Fraud in the Time of COVID-19

By Lowers & Associates,

Is the Pandemic Helping to Mask Fraud?

Fraud Week is an initiative of the Association of Certified Fraud Examiners (ACFE) to promote anti-fraud awareness and education. Today, we begin a special 5-part Fraud Week Coffee Break Series where we invite you to spend 10 minutes each day learning about various aspects of fraud detection and prevention through the eyes of our Certified Fraud Examiners and other fraud experts.

For this episode, we interviewed Mark Lowers, CFE, Founder and CEO of Lowers Risk Group, and Brad Moody, CFE, CFI, EVP of Operations for Lowers & Associates.

In its 2020 Report to the Nations on Occupational Fraud, the ACFE looked at common types of fraud and popular ways perpetrators conceal their activities. A related study from the ACFE explored the reported increase in fraud during the COVID-19 pandemic. What’s behind the increase? And how can organizations better protect themselves from becoming victims? We begin here.

Grab a cup of coffee and spend 8 minutes listening to the experienced voices of Mark Lowers and Brad Moody:

According to the ACFE, there are three primary categories of fraud: Asset misappropriation (seen in 86% of reported cases), corruption (43% of cases), and financial statement fraud (10% of cases). Within those broad categories are a number of fraud types:

The Fraud Tree:


Source: ACFE Report to the Nations

Considering that organizations lose 5% of their revenues to fraud each year, it’s helpful to understand how fraudsters are able to conceal their activities. Here’s what the ACFE report found:


Source: ACFE Report to the Nations

“(Bad actors,) especially in the IT world, one thing that they’re very good at is they’re very patient so a lot of the systems that have been impacted have been inside the corporate networks for a long time in order to gather information in order to perpetrate the crime,” explains Brad Moody.

Adding in the COVID Layer

We also have to look at how the COVID-19 pandemic crisis has impacted fraud. The ACFE is reporting increases across the board in nearly every type of fraud during COVID and expects these impacts to continue to have an impact for some time to come.

Mark Lowers explains it this way: “It’s really not that surprising (to see an increase in fraud right now) on the basis you have a tremendous remote workforce today. And those that are in designated work environments, you’re working with reduced staff because not everybody is considered essential. So, the layers of controls and the layers of operational controls that have historically been in place, in some cases people are doing workarounds to get work done. Anytime you do those workarounds, you have an opportunity for fraud to occur.”


Source: ACFE, Fraud in the Wake of COVID-19: Benchmarking Report

As the ACFE explains, “Travel bans, employees working remotely, and an increased reliance on technology and economic uncertainty have become the reality for many organizations around the world. And while these and other hurdles present numerous logistical and operational challenges, they also open the door to the increased pressure, opportunity, and rationalization that can lead to fraud.”

In fact, the ACFE report found increases in cyber fraud (social engineering, phishing, ransomware schemes), financial statement fraud, payment fraud, and employee embezzlement. Just about every category of fraud has been on the rise during the pandemic.

Lessons Learned from the Financial Services Industry

Cash is the culprit in many asset misappropriation schemes (theft of cash on hand, theft of cash receipts, fraudulent disbursements) and these cash-related fraud schemes can last a median duration of 14 months or more. The longer a fraud remains undetected, the greater the financial loss.

Here at Lowers Risk Group, we work extensively with the financial services industry and specifically with the cash servicing industry. As Mark Lowers and Brad Moody explained, while the industry, on the whole, is doing a great job during these extremely tough circumstances to protect their people and assets, the industry also provides a perfect backdrop for organizations of all types looking for ways to shore up their own internal controls.

We hope you enjoyed this first Coffee Break. Come back tomorrow to hear from Sergio Negreira, CPA, CFF, JD about the critical role of whistleblowers and auditors in your fraud prevention program.

 

5 Places Where the Human Element of Risk Rears Its Ugly Head

By Lowers & Associates,

5 Places Where the Human Element of Risk Rears Its Ugly Head

A perfect storm of human errors — six of them to be exact — caused the biggest nuclear accident to date, the Chernobyl disaster in 1986. An IT mistake prompted 425 million Microsoft Azure users to experience 10.5 hours of downtime. Lack of communication between maintenance crews caused what would have been a simple fix to, instead, lead to the crash of a 1.4 billion dollar stealth bomber.

While there are many sources of enterprise risk, probably the most dynamic and difficult to contend with are those driven by or otherwise impacted by human capital — that is, people. The fact is, most risks start and end with people. The decisions people make, how they perceive situations, how closely they follow policies and procedures… these and other human-driven factors can significantly influence how risks are identified, managed, and addressed.

In our work in the realm of human capital risk, we see many areas where people have the potential to positively or negatively impact the organization from a risk management standpoint. Unfortunately, when people fail, they sometimes fail in big ways. Here are some of the places where human capital risk can rear its head, causing damage to people, brands, and profits:

1. Cybersecurity

Staying secure goes beyond technology (think servers, network, firewalls, etc.); it requires the aid of humans to maintain that secure digital environment. And while most employees get some degree of IT security awareness training in the course of their jobs, mistakes still happen.

IBM estimates the average number of records lost to data breaches annually to be 25,575, and the average cost per breach of USD $3.92 million. Social engineering, malware, and phishing attempts continue to pay dividends for the fraudsters who deploy them. We all know we’re not supposed to click on that link or divulge sensitive information over the phone, but still, people do it. Lapses in judgment, failure to follow a process, having a sense of overconfidence or the feeling that it won’t happen to them, whatever the reason, humans have the ability to sidestep even the strongest cybersecurity protocols.

2. Occupational Fraud

Risk doesn’t always stem from human error; sometimes it’s the result of deliberate actions by employees. Common types of occupational fraud include asset misappropriation, corruption, and financial statement fraud. In 2017, these types of fraudulent activities resulted in $7 billion in losses, according to ACFE’s 2018 Report to the Nations.

When the workplace lacks internal controls, fails to have separation of duties, or neglects to invest in data monitoring and technologies that could flag anomalies, unscrupulous employees see their opening.  Bookkeepers set up fictitious employees in payroll systems in order to cut checks, executives find ways to alter records and financial statements, and line workers take home company property for personal use. These incidents have a median per-loss cost of $114,000, as noted in the ACFE Report.

3. Physical Security

Check with most workplaces and you’ll find they have certain security protocols in place or at least policies that address physical security. Visitors may be asked to check-in at a front desk, employees might be required to wear ID badges, and doors might be required to be locked at all times.

Unfortunately, over time, employees become complacent and policies become outdated. People forget, or simply choose to ignore, the basics they’ve been taught. They leave doors propped open, inviting strangers to come in the building. They neglect to report a broken lock or missing lightbulb. They forget to keep up their annual emergency exit drill schedule. Or, they fail to log off a computer just as someone else decides it’s okay to let a guest circumvent the front desk sign-in because they “know this person.”

These small, but meaningful, errors in judgment often mean the difference between a workplace that remains physically secure and one that opens itself to the risks of theft, data breaches, or even active shooter situations.

4. Workplace Violence

Workplace assaults resulted in 18,400 injuries and illnesses and 458 fatalities in 2017. Assaults range in severity from threats and verbal assault to stabbings, rape, and intentional shootings. In fact, mass shootings at workplaces, schools, and public venues have become the new norm with an average of at least one happening per day in the United States.

We can’t always know which employees are at high risk for engaging in workplace violence, but experts have begun to identify the behaviors that often precede events like these. They include the inability to focus, crying, social isolation, threatening behavior, concerning posts on social media, or complaints of unfair personal treatment. A sudden change in behavioral patterns, or in the frequency or intensity of these behaviors, is also a red flag.

5. Negligent Hiring and Retention

Exercising due diligence in hiring is the best line of defense against negligent hiring and retention lawsuits. Background checks, of course, are the first course of action in rooting out applicants who might disproportionately introduce risk into the workplace. Gathering criminal background records, doing drug testing (as appropriate), and verifying references and credentials are all critical to mitigating your hiring risks.

Beyond background checks, organizations need to have effective fraud detection methods in place. This is particularly relevant considering 96 percent of fraud perpetrators had no prior fraud conviction, and fraudsters who were employed for more than five years stole twice as much, $200,000 vs $100,000 for newer employees! They need to understand the elements of human risk that can be an early indicator of fraudulent activity, including employees who live beyond their means, are experiencing financial difficulties, or have an unwillingness to share job duties.

Manage Your People, Manage Your Risk

Humans are, well, human. They introduce a spectrum of risk into any workplace, from purposeful criminal behavior on one side to unintentional, garden-variety mistakes on the other.

Managing those risks is an ongoing challenge, particularly when it’s difficult to pinpoint the precise human factors that contribute to failures. If you’d like help identifying those areas in your organization that are most susceptible to the human element of risk – whether it’s your cybersecurity program or your hiring processes — request a meeting with a risk management professional.

 

  Category: Risk Management
  Comments: Comments Off on 5 Places Where the Human Element of Risk Rears Its Ugly Head