The pandemic caused dramatic changes across every aspect of our lives, especially when it came to the way we work and conduct business. Companies were forced to embrace change and quickly adapt to a constantly evolving landscape to stay ahead. A key driver of change was the accelerated adoption of digital transformation strategies.
Although this transformation has brought about much needed change and automation it has also led to a rapid rise in digital fraud. According to a 2021 TransUnion report, fraudulent digital transaction attempts against South African businesses had increased by over 43%.
The uncertainty and disruption brought about by the pandemic has seen many businesses being put under pressure. Businesses adjusted their focus to business continuity as they looked to new ways of working. This often forced them to take action without conducting proper due diligences or following their standard procedures.
With the onset of remote working, employees are working under less supervision and with less security. All of these have led to an increase in digital fraud. It is now more important than ever for companies to review their anti-fraud and cyber security strategies.
Fraud risk – are you safe?
Fraud risk should be at the top of every company’s agenda. The reputational and financial risks associated with digital fraud continue to rise and companies are now paying more attention when it comes to assessing whether or not their current controls are sufficient.
Companies are no longer in strict control of their digital environments once remote working or hybrid working models have been implemented. Employees often work in less secure environments and the rapid rise in electronic communication has created the perfect storm for digital fraud.
Employees found themselves in a new working environment and were often performing in crisis mode. During those frantic, high-pressured times existing controls were sometimes circumvented on an ad-hoc basis in order to address urgent business requirements at the time. As the priority switched to getting the job done, those previous ‘exceptions’ slowly became the norm, and controls are now no longer followed as rigorously as had been in the past.
Assessing your current environment for fraud risk
As a business, you need to understand what your current key risks are, what controls can be implemented quickly and efficiently to reduce these risks and lastly, what can be done in the current environment if a fraud incident occurs.
Your audit and risk management internal or external providers are essential to your success when it comes to building an effective framework to mitigate fraud risk.
The first key step is to identify which processes and controls have been modified as a result of the pandemic. Once these have been identified, you are then in a better position to understand if this has led to any gaps within your processes and what new risks your business is now exposed to.
Collecting as much information around potential risks is imperative when it comes to planning and implementing a more structured approach and response.
Fraud risk controls
There are many practical actions you can take and easily embed within your control framework. As always, your employees are your first line of defence.
Once potential fraud risks have been identified you need to raise awareness across your organisation which can be done through focused communication and training.
Third-party interactions are often at the centre of fraud risk – the pandemic has led to companies taking on new providers and due diligence processes need to be adapted particularly when it comes to screening and monitoring to enable quick responses with limited risk.
Audit trails and incident reporting processes are instrumental to any fraud risk. Anti-fraud controls, procedures and policies need to be agile and flexible to some extent to ensure the business’s sustainability. It is always important to remember that these controls are not there to make working harder, they are there to safeguard your business’s longevity.
Businesses are generating more data than before the pandemic; which allows the automated solutions to mine through company data and transactions and can provide some value being foresights and insights. This now allows business another avenue to identify and predict fraud within the business.
Another example of good analytical procedures is the use of Benfords law.
A recent report recommends implementing continued automated monitoring of key processes. This enables red flags to be easily picked up, especially when it comes to payments.
Here are some of the examples they provided:
- Payments made outside of normal operating hours
- Multiple payments of below a particular amount to the same recipient over a short period, which may be indicative of someone seeking to circumvent payment thresholds.
- Payments to bank accounts not associated with vendors registered on the organisation’s vendor database. This may be indicative of payments being fraudulently rechannelled.
Automated systems can also provide valuable insights especially when it comes to trends. A fraud risk framework needs to be able to identify what types of behaviours or trends should be investigated and what controls can be implemented to prevent these going forward.
As we return to some sense of normality, companies need to seriously relook at how they are conducting there day to day business. Practices that are accepted during crisis scenarios should never become accepted daily practices. Many of these quick fixes have become part of many employees’ standard way of working and changing them can be challenging.
Fortunately, with the advent of the digital age, there are a multitude of tools available that not only automate your business, but also reduce risk. Simple things like the introduction of e-signatures and e-forms can be beneficial. Although many businesses wouldn’t want to acknowledge it, there have been some instances where employees quickly copied and pasted signatures from one document to another. Initially, examples like that were justified during strict lockdown but a simple action like that opens a giant door into that deep fraud risk pit.
Fraud risk has to be taken seriously, it’s time to review your business and close the gaps before you and your business is exposed to reputational and financial risk.