Wire Fraud Begins and Ends with People

By Brad Moody,

Wire Fraud Begins and Ends With People. #OurWork Lowers & Associates #Together

It’s hard to imagine that, on any given day, over $3 trillion dollars moves via electronic transfer.  Financial institutions make these B2B transactions happen seamlessly on a global scale, and we often take for granted the very simple instructions required (and accepted) between businesses that make single transactions of millions of dollars possible.  Since organizations perform these transactions almost exclusively online, the Internet of things has an inherit opportunity for malicious redirection when company employees become complacent with routine wire instructions.

Responsible organizations follow robust, documented and accepted practices in an environment that embraces process.  The culture of any high reliability organization allows employee intervention and systematic controls to prevent fraud opportunities.  It may feel as if these processes are tedious and repetitive, however, at the end of the day, human actions allow fraud to exist.

Since 2016, it’s estimated that over $26 billion in fraud losses has come from wire funds transfers as the result of business email compromise alone.  With the recent COVID-19 pandemic event, fraudsters have a new ability to exploit corporations, especially in highly impacted areas.  It is important for organizations to maintain a culture of process and have contingency plans in place to allow transfers to continue seamlessly.

On the Lowers & Associates LinkedIn, we’ll be highlighting a series of security insights that are applicable to ANY industry (the second bullet below should look familiar).  Specific to wire transfer fraud, here are a few additional actions employers can take to remove risk and eliminate potential for loss:

  • Strengthen screening and re-screening employment practices.
  • Integrate and document responsibilities of all parties authorized in dual controls into processes involving preparation of wire transfer instructions and authorizing and approving such transfers.
  • Ensure there is independent and frequent review of investment transactions by a knowledgeable party.
  • Conduct semi-annual audits of the wire transfer function. Ensure auditors review password requirements and controls during each examination.
  • Conduct annual penetration tests and annual security audits of web-based wire transfer applications that are hosted by the company or by a third-party application service provider.

BONUS: These are a few additional steps that businesses should think about adopting:

  • Email social engineering education.
  • Passwords should be at least 14 characters, must be complex (at least 1 of each): 1 Uppercase, 1 Lowercase, 1 Number, 1 Symbol and changed every 90 days.
  • Two-factor identification.
  • Appropriate insurance coverage for the business.
  • Monitor banking accounts regularly.

COVID-19 and the Fraud Triangle

By Lowers & Associates,

COVID-19 and the Fraud Triangle

In our work in high risk industries, we routinely uncover fraud and asset misappropriations. While it may seem counterintuitive, with the US and global economy currently at a standstill due to COVID-19 shelter at home directives, organizations should be on high alert for occupational fraud during this time. The Fraud Triangle provides a framework for explaining why this is.

Formulated in 1953 by criminologist Donald Cressey, the Fraud Triangle theorizes that fraud occurs when the fraudster feels financial pressure, they are presented an opportunity, and/or the person can rationalize the theft.

With record numbers of Americans filing for unemployment and organizations operating with skeleton crews, the circumstances are ripe for fraud to take place.

A “Perfect Storm” of Conditions

Today, with organizations shut down to outside visitors (including, in some cases, outside auditors) as well as many employees, we are seeing a virtual petri dish for fraud. Two corners of the Fraud Triangle – opportunity and rationalization – are getting bent pretty hard. The third corner, incentive, in the form of extreme pressure, is bent even further. People have less supervision, more opportunity, and way more financial pressure.

So while you’re dealing with this pandemic and the resulting disruption, now more than ever is the time to be vigilant.

Opportunity

The coronavirus pandemic has driven unprecedented change in the workplace. Many employees are either laid off, have taken a pay cut, and/or are working remotely. Those who remain, whether at the workplace or from home, may be working with less supervision than before. In fact, we are seeing many instances where key risk management procedures like dual controls have been weakened or suspended entirely. For example, instead of having two or more employees independently evaluate and compare financial records, now only one employee may be responsible. Or, that supervisory signature normally required on certain transactions? It’s no longer practical given our remote locations, so we’ll just “do it this way” in the interim.

Sound familiar? The problem in these scenarios is that one small transgression that goes unnoticed has a way of snowballing into full-blown fraud.

Rationalization

When opportunity and incentive exist, people are better able to rationalize their fraudulent behavior. That couldn’t be more true than during this pandemic.  “I have to do this to provide for my family. I’ll pay it back later. My employer deserves it for laying me off.” These are some of the underlying rationalizations that turn a fraudster’s underlying thoughts into an actionable theft.

Incentive/Pressure

Financial difficulties are at the top of the list in terms of the pressures that can motivate people to commit acts of fraud. At no other time in modern history have so many people been under such financial strain as they are today.

At the highest of levels of unemployment following the 2008 financial crisis, there were 15.3 million jobless Americans. By the third week of April 2020, 26.5 million workers had filed jobless claims as a result of the coronavirus. An estimated 33 million people are currently unemployed, representing nearly 21 percent of the workforce and the highest unemployment level since 1934. Many who remain employed have agreed to accept pay cuts, work reduced hours, or take unpaid furloughs.

While the $2 trillion stimulus bill, Coronavirus Aid, Relief, and Economic Security Act (CARES), provided some short-term relief, it is likely not enough to stem the extreme financial worry being felt by many who don’t know how they’ll pay next month’s mortgage or cover their car insurance premium.

The pressure is extreme.

The Takeaway? Stay Vigilant

It may be tempting for organizations to be complacent when the world seems at a standstill, but the time to be diligent is now. Businesses should be on “high alert” and taking measures to ensure they’re keeping their operations secure. That includes double checking that access to IT systems and software has been blocked for furloughed employees or that virtual private networks (VPNs) have been created for remote workers. Internal controls should also remain in place, even if they have to be modified temporarily. For example, regularly scheduled phone calls or video conferences send the message that you’re still monitoring employees’ activities. Finally, if you haven’t already done so, it’s a good time to do an updated risk assessment for the entire organization. Asking your team where new vulnerabilities might exist, whether internal controls are still functioning as intended, and what gaps have been created are all part of mitigating the risk potential associated with the Fraud Triangle.

If you’d like help conducting any of these assessments, please reach out to us.

2019 Fraud Week Wrap-Up

By Lowers & Associates,

We were proud to join the Association of Certified Fraud Examiners’ (ACFE) 2019 Fraud Awareness Week as an official supporter. Saturday, November 23, 2019 will conclude a weeklong effort by the ACFE to minimize the impact of fraud by promoting anti-fraud awareness and education.

Companies lose an estimated 5% of their revenue annually as a result of occupational fraud, according to the 2018 ACFE Report to the Nations. It turns out, the risk of occupational fraud is much higher than many managers and leaders realize. Each case results in a median loss of $130,000 and with cases lasting a median of 16 months, fraud is something organizations of all sizes must take care to detect and deter.

In support of Fraud Week, we produced several informational articles, which are summarized here for easy reference:

2019 Fraud Week Series: How Technology is Helping in the Fight Against Fraud

How Technology is Helping in the Fight Against Fraud

The key to catching fraudulent actions before real damage is done is having systems in place to ferret out anomalies and report suspicious activities early. This means being equipped with tools like automatic monitoring, artificial intelligence, and anomaly detection protocols. For instance, surprise audits and data monitoring are a powerful combination in reducing fraud loss. Though only 37% of the companies examined in the ACFE  study used them, those that did got fraud cases under control in approximately half the time and reduced fraud losses by more than 50%.

Read the full post

The ACFE’s 5 Big Fraud Tips You Should Act on Now

The ACFE’s 5 Big Fraud Tips You Should Act on Now

As part of the 2019 International Fraud Awareness Week, the Association of Certified Fraud Examiners (ACFE) distributes information and training to help anti-fraud professionals reduce the incidence of fraud and white-collar crime. A recent ACFE publication, 5 Fraud Tips Every Business Leader Should Act On, spells out five ways organizations can work to prevent and minimize fraud in the workplace. We’ve paired their recommendations with the research-based actions you can take to achieve these aims.

Read the full post

Recovering Fraud Losses: What the Numbers Reveal

Recovering Fraud Losses: What the Numbers Reveal

Losses from occupational fraud topped $7 billion in 2017, according to the Association of Certified Fraud Examiners’ (ACFE) most recent global study on occupational fraud and abuse, 2018 Report to the Nations. The median loss for all cases in the study was $130,000 USD, yet a full 22 percent of companies lost $1 million or more. To add insult to injury, only 15 percent of businesses that experienced fraud were able to fully recover their losses.

Read the full post

7 Must-Haves for Occupational Fraud Prevention

7 Must-Haves for Occupational Fraud Prevention

These seven fraud prevention strategies, drawn from the 2018 Report to the Nations by the Association of Certified Fraud Examiners (ACFE), will go a long way in fortifying your organization against the conditions that can facilitate occupational fraud at the workplace.

Read the full post

We hope you have taken some time this week to think about your 2020 fraud prevention programs and strategies and how you’ll build early fraud detection and proactive prevention into your processes.

No company is immune to fraud.

Recovering Fraud Losses: What the Numbers Reveal

By Lowers & Associates,

Recovering Fraud Losses: What the Numbers Reveal

Losses from occupational fraud topped $7 billion in 2017, according to the Association of Certified Fraud Examiners’ (ACFE) most recent global study on occupational fraud and abuse, 2018 Report to the Nations. The median loss for all cases in the study was $130,000 USD, yet a full 22 percent of companies lost $1 million or more. To add insult to injury, only 15 percent of businesses that experienced fraud were able to fully recover their losses.

Recovering Fraud Losses: What the Numbers Reveal

The common theme in the report is that, while it’s often worthwhile to pursue remedial action against perpetrators, victims will usually not be made whole. Here are three factors negatively impacting these recuperation efforts.

1. Failure to Report

After a fraud has been discovered and investigated, a case might proceed to prosecution, civil litigation, both, or neither. In its annual study, ACFE researchers tracked the percent of cases that were referred to law enforcement or resulted in a civil suit being filed for each year dating back to 2008. They found that the rate of criminal referrals has been gradually decreasing over that time, from 69 percent in 2008 to 58 percent in 2018. In contrast, the rate at which civil suits are filed has stayed consistent, ranging from 22 percent to 24 percent within the same timeframe.

There are many reasons why victim organizations might decide not to refer cases to law enforcement and therefore forego any additional recuperation of the loss that may result. The top five cited reasons are:

  1. Fear of bad publicity: 38%
  2. Internal discipline sufficient: 33%
  3. Too costly: 24%
  4. Private settlement: 21%
  5. Lack of evidence: 12%

2. The Greater the Loss, the Less Likely the Recovery

There is an inverse relationship between the amount that victim organizations lose to fraud versus what they are able to recover. So, even if the organization decides to pursue legal action, they are not likely to achieve full recovery. Here’s how the numbers panned out:

  • Losses of $10,000 or less had a 30% chance of recovery
  • Losses of $10,000 to $100,000 had a 16% chance of recovery
  • Losses of $100,001 to $1,000,000 had a 14% chance of recovery
  • Losses of $1,000,000 or more had an 8% chance of recovery

3. Desire to Avoid Fines

A third reason recovery efforts can be hampered is the knowledge that organizations may receive monetary fines from authorities for having inadequate controls in place and thus enabling fraud to occur.

Of the three types of occupational fraud – asset misappropriation, corruption, and financial statement fraud – the latter had the greatest likelihood of fines, at 17 percent. And, fines were imposed regardless of the size of the loss. For example, organizations that lost $10,000 or less were fined 14 percent of the time while those that lost $1,000,000 or more were fined 20% of the time.

At a median of $100,000 per fine, these penalties were no small matter.

An Ounce of Prevention

Given that recovery is an uphill battle, the takeaway is this: organizations should do what they can to prevent fraud from happening in the first place. Internal controls, codes of ethics, recognizing red flag behaviors, and the availability of reporting mechanisms are all tried-and-true methods for realizing that goal.

The ACFE’s 5 Big Fraud Tips You Should Act on Now

By Lowers & Associates,

The ACFE’s 5 Big Fraud Tips You Should Act on Now

As part of the 2019 International Fraud Awareness Week, the Association of Certified Fraud Examiners (ACFE) distributes information and training to help anti-fraud professionals reduce the incidence of fraud and white-collar crime. A recent ACFE publication, 5 Fraud Tips Every Business Leader Should Act On, spells out five ways organizations can work to prevent and minimize fraud in the workplace. We’ve paired their recommendations with the research-based actions you can take to achieve these aims.

1. Be Proactive

A code of ethics for management and employees sets the tone that your organization is committed to conducting business honestly and fairly. Fortify your commitment with internal controls around areas of the business that are vulnerable to fraud.

In its 2018 Report to the Nations, the ACFE studied nearly 3,000 incidents of fraud across 125 nations. Here are the top 10 most common anti-fraud controls they found among the organizations in the study:

  1. Code of conduct: 80%
  2. External audit of financial statements: 80%
  3. Internal audit department: 73%
  4. Management certification of financial statements: 72%
  5. External audit of internal controls over financial reporting: 67%
  6. Management review: 66%
  7. Hotline: 63%
  8. Independent audit committee: 61%
  9. Employee support programs: 54%
  10. Anti-fraud policy: 54%

The study found that weaknesses in internal controls were responsible for nearly 50 percent of all fraud cases.

2. Establish Hiring Procedures

Background checks will continue to be one of the best practices any workplace can implement, yet surprisingly, a full 96 percent of fraud perpetrators had no prior fraud conviction, according to the AFCE’s 2018 report. Therefore, understanding the behavioral red flags displayed by fraud perpetrators can help organizations detect fraud and mitigate losses. The AFCE found that 85 percent of fraudsters displayed at least one of the six red flags listed below and 50 percent of them exhibited multiple red flags.

Six Red Flags of Fraud:

  1. Living beyond means
  2. Financial difficulties
  3. An unusually close relationship with vendor/customer
  4. Control issues, unwillingness to share duties
  5. Divorce/family problems
  6. “Wheeler-dealer” attitude

3. Train Employees in Fraud Prevention

Looking for signs of fraud isn’t top of mind for most employees, but having a code of ethics and internal controls create a strong workplace culture that’s attuned to the possibility of fraudulent activity. Employers can take this awareness a step further by educating employees on how to recognize fraud in their day-to-day lives.

Here are the top eight concealment strategies used by fraudsters:

  1. Created fraudulent documents: 55%
  2. Altered physical documents: 48%
  3. Created fraudulent transactions in the accounting system: 42%
  4. Altered transactions in the accounting system: 34%
  5. Altered electronic documents or files: 31%
  6. Destroyed physical documents: 30%
  7. Created fraudulent electronic documents or files: 29%
  8. Created fraudulent journal entries: 27%

4. Implement a Fraud Hotline

Now that employees know some of the signs to look for, employers should also provide a clear means for reporting suspected fraud. The top three ways that fraud is detected are through tips (40%), internal audits (15%), and management review (13%).

Employees are responsible for reporting 53 percent of occupational fraud cases with the remaining coming from outside parties, such as customers, vendors, or shareholders.

Having a fraud hotline has proved to be instrumental in detecting fraud. In fact, 46 percent of cases detected by tips in the AFCE’s study had hotlines versus 30 percent coming from tips where no hotline existed.

5. Increase the Perception of Detection

Keeping the risk of fraud both top of mind and at the forefront of your organizational policies and practices is key to preventing, recognizing, and mitigating its impacts. In addition to having employees sign a code of conduct, make sure you’re regularly communicating to staff about anti-fraud policies. Remind them of the methods available to report suspicions of misconduct and the potential consequences (including termination and prosecution) of fraudulent behavior.

Though 42 percent of the organizations in the 2018 Report to the Nation offered hotlines to report fraud tips, other mechanisms are also readily available. They include:

  • Email: 26%
  • Webform/online: 23%
  • Mailed letter: 16%
  • Other: 9%
  • Fax: 1%

To learn more about helping your organization combat fraud, stay tuned here for the rest of our our 2019 Fraud Week Series. If you need help formulating your fraud prevention program, request a meeting with a risk management expert at Lowers & Associates.