In the United Kingdom alone, an estimated seven percent of annual turnover is lost to fraud schemes that might involve, variously, kickbacks, insider trading, financial statement and invoice fraud, bribery, and even the simple skimming and misappropriation of assets. It is estimated that fraud costs business in the UK around UK£110 billion per year.
Fraud, like any serious disease, spreads if not treated early. It saps corporate reputations and finances—and, in the worst cases, can prove fatal to an organisation. Though most companies can survive the financial impact of fraud, the reputational damage can be devastating. A loss of confidence by shareholders, customers, suppliers, and regulators, as well as the potential of litigation in the wake of a fraud, can lead to a drop in share price from which a company may never recover. In addition, if it can be shown that a company’s directors and management have neglected their fiduciary responsibilities, criminal and civil charges could be brought against them.
Too Many Symptoms: All the Data, None of the Resources
For internal counsel and other corporate fiduciaries, it is a nightmare scenario to discover they have not put the necessary controls in place to combat fraud and corruption. However, determining where and how to deploy the proper preventive measures and early detection mechanisms can prove challenging and implementing such measures internally can prove both inefficient and costly.
Technology has given companies an overwhelming supply of internal data to analyse, but the information is usually held in multiple locations and in systems that do not interact. Supplier and customer master files rarely cross paths with accounts receivable and payable files, while few companies have the internal staff resources and expertise to adequately analyse the data to identify the ever-growing array of frauds that plague organisations.
Many companies rely, to some extent, on their audit process to find fraud. But an audit only examines part of the picture, namely the accuracy of a company’s financial statements, and may not connect enough data points to allow a company to uncover a long-running or well-hidden fraud.
Finding the Right Doctor: Independent Assessments
Just like an annual physical, a regular, independent fraud risk assessment provides a focused checkup of a company around fraud issues—one that marries data with investigative skills to help flag potential problem areas unique to that organisation or industry. Experts in fraud risk know which data sets to look at, tests to run, and the outside intelligence is needed to identify red flags and ferret out the corrupt actors. With a better understanding of where and how fraud can occur, organisations can implement targeted internal controls and greatly improve their ability to spot future frauds before they cause significant damage.
Having the right anti-fraud programme in place to help detect corruption as early as possible can protect assets, minimise risk, as well as improve the chances of recovering stolen assets. Finding a fraud as it is happening dramatically increases the likelihood of a significant recovery. Even if the programme does not detect a specific fraudulent transaction, a company can demonstrate to regulators and the public that it did everything reasonably possible to put policies and procedures in place to detect and deter fraud.
Developing a Treatment: Data and Expertise
With companies now drawing a huge amount of data from a number of different sources, many find that performing a proper risk assessment—one that combines vast data sets and uses data analytics and data mining tools to identify patterns that indicate fraud and corruption—is beyond their resources and abilities.
Such a risk assessment will leverage bespoke technology to gather, link and test the data as well as utilise industry experts to determine which tests to run and what types of results point toward fraud. These assessments involve experienced teams composed of fraud examiners and forensic accountants, former law enforcement professionals, prosecutors, and compliance professionals. Each risk assessment is unique to the company being analysed and is designed to identify red flags within the organisation, enabling the company to investigate and shore up its anti-fraud programs and procedures accordingly.
The good news is that no matter how much a party tries to hide fraud, patterns tend to emerge. People have to authorise payments, invoices must go into systems, companies and accounts are created, and cash has to move. Each step leaves a trail that can help identify if a transaction was corrupt.
As an added benefit, because the examination is aimed at detecting patterns of behavior and anomalies in corporate processes, companies can also weed out accounting irregularities that may have nothing directly to do with fraud. A large organisation, for example, may be recording double payments for goods or services because of a bad entry in the billing system.
Reviewing the Symptoms: Red Flags
Just because a transaction exhibits multiple red flags does not mean it is part of a fraud. But the issues identified during a risk checkup do provide companies with strong clues about areas to investigate. Here are just a few of the most common red flags identified during a checkup:
- Invoices that use vague keywords (like “consulting services,” “marketing,” or “entertainment”), or that lack essential details like contact information or details about the supplier;
- Unusual invoice numbers and sequential invoicing. Fraudulent invoices can have invoice numbers invented by the fraudster. And a series of sequential invoices from a supplier may suggest over-reliance between the company and the supplier, increasing risk of fraud or business stoppage;
- Invoices that share a bank account, a next of kin, a phone number, or other data with a company employee. These can be flagged by cross-referencing HR, payroll, and other company information;
- Invoices that include offshore account information, as well as invoices with false tax and VAT numbers;
- Invoices that are just below authorised spending limits or that are divided to avoid limits. For instance, a manager is authorised to spend UK£5,000, and his or her invoices consistently come in just below that amount. Tests may also catch efforts to divide a large, single payment into two payments to get around control limits;
- Invoices paid more quickly than usual. In a fraud, the parties often try to move fast. For instance, a company may have 30-day payment terms, but analysis shows that invoices for a particular supplier are paid in one or two days.
Diagnosis and Prevention
Using subject-matter experts to follow up on red flags can yield substantial results. A dedicated team of fraud hunters, located across the world, with expertise in a broad range of industries, brings a unique perspective to examining transactions, people, and companies. They leverage customised data analytics tools to handle more information, more efficiently. Not only does this provide insight into current wrongdoing, but it also gives a company direction on where to improve their controls.
For instance, K2 Intelligence investigated a fraud involving a maintenance supplier for a large hotel chain. During the initial check, investigators flagged a certain maintenance supplier that had a name that struck the investigators as odd for a company in its industry. Further research revealed that the company had invoiced the hotel chain in round numbers and that the invoices were sequential, which suggested that the company only had a single client. In addition, the price of the units it was supplying—towels—was very high compared to other suppliers. Those red flags led to a deeper investigation and investigators identified that a shareholder of the company was the wife of one of the hotel’s procurement managers. They had scammed the hotel out of approximately UK£350,000 during a six-month period.
In another investigation, K2 Intelligence helped a state-owned company based in the Middle East recover US$450 million after a check of its data flagged discrepancies in the price of raw materials. It was later discovered that a bogus procurement system had been developed to defraud the company.
This combination of technology and experience can be a game changer for companies looking to root out corruption. In isolation, a single transaction may not raise an eyebrow. Yet when looked at in context with other data, the transaction may prove to be a single strand in a web of corruption. And performing a regular checkup can ensure that fraud is identified before it can do significant damage. It’s preventive medicine that will help ensure the company’s reputation and finances remain healthy.
It is important to understand that a company’s risk areas will evolve alongside an ever-expanding landscape of fraud schemes. Semi-annual or annual examinations ensure peace of mind for a company’s board and management—and also take a bite out of losses that affect revenues and profits. An organisational risk checkup—followed by a deeper investigation if potential corruption is detected—is a relatively low-cost way of achieving a substantial increase in profitability.
This article originally appeared in Fraud Intelligence (31 July 2019).