To support our IHL community, on 21 April we hosted our latest webinar on “Fraud” where we discussed the recent upsurge in fraud due to home working, general awareness of fraudulent activity and what businesses can do to protect themselves. Here are the key takeaways:
What types of fraud are you seeing at the moment?
- The world is a turbulent place right now, and therefore the perfect time for fraud and illicit activity to thrive. COVID has played a significant role - fraud is opportunistic and opportunities to exploit areas for personal gain has never been higher.
- Two features of all frauds are pressure and opportunity. These two factors are currently in abundance.
- The amount of cash flowing through the various schemes and weakened structures is currently making fraud and illicit activity easier.
- Since beginning of the outbreak, there has been a significant increase in reports to Action Fraud – up 400% in early 2020.
- There is evidence to show some businesses relying on overseas travel are doctoring COVID tests and producing fake certificates and businesses should be vigilant.
Have any issues come out of home working?
- Business need to be resilient. Most businesses will by now have adapted. Most businesses only planned to work from home for a short period of time and so there’s a continued strain on the workforce, oversight of the supply chains and the risk of corruption has never been higher. Even if employees are not directly responsible, there’s still a risk to the business if there is an issue in your supply chain.
- When we talk about remote working, we have to look at it in the context of resilience and for an extended period of time it can be far from perfect. Risk factors include other people working in the house and working with children nearby. There is possibly more room for error and there needs to be a requirement for another layer of security.
- More recently we have seen that people are being paid by fraudsters for sending out fictitious emails to exploit loop holes.
How can we monitor staff?
- All emails and instant messaging services can be monitored, and a lot of businesses will block out certain websites, Facebook etc. maybe to support productivity but it is very difficult to monitor what people are physically doing while they’re at home. The issue is not knowing who employees are sharing their home with, for instance in a flat share making business calls can be a difficult position to be in.
- Businesses are aware they have a weakened system due to home working, but certain things can be implemented and considered. For example, two factor authentication to access systems, emails etc. can be a significant enhancement to security.
- Other areas to assess include whether employees are able to perform tasks remotely. Another area is the propensity for potential theft of data and looking into how to prevent employees home working from taking data from systems, including disabling USB ports etc.
Greater risk of employee fraud working from home?
- There is certainly an increase in the ability and capability of people to conduct that sort of behaviour. There is always a risk of employees committing offences, however the pandemic has made it more opportunistic/easier to do it.
- Sometimes employees will commit fraud to benefit the business, and inflate figures in order to apply for loans etc.
- In the last few months, there has been a general increase in reports of collusion with disreputable companies to keep the business going and not carrying out the same vetting checks they would have ordinarily done.
Fraud around grants, loans, furlough payments?
- Job retention scheme implemented quickly and the government had to push through a staggering amount of money in a very short space of time. As a result there is no way every loophole could have been covered in that amount of time.
- There have been plenty of news reports around instances of furlough fraud. There will inevitably be investigations where there has been a significant fraud. There will be companies that have claimed furlough and kept their workforce in place. But there will have also been mistakes and oversights and so investigations may be started.
Fraud from outside the business?
- If the police knock on the door something may have been reported that you may not have been aware of. Police knocking the door will sometimes come with no warning. You may be a victim of fraud and will need to liaise with the police in order to assist their investigation.
- If your business thinks it may have been victim to a fraud, then there is the option to call the police. If you are a regulated business, then you may discuss it with your internal money laundering officer. You may also submit a suspicious activity report even if you’re not a regulated business.
Authorised push payment scams
- There is a significant element of social engineering where employees have been coerced or persuaded to make a payment or go down a course of action which they don’t think is fraudulent. An authorised push payment is e.g. for conveyance fraud , email intercepted, bank account details changed and monies for completion sent to the wrong bank account. Banks are now ensuring payee details are verified.
- Having a very good base of policies and procedures is fundamental. This comes down to your risk assessment, has your business has changed, how do you need to adapt to ensure the risks you are exposed to are reduced to as low as possible.
- Has your reliance on third parties increased and how are you going to address that?
- Monitoring and supervision. If you have a good risk assessment, then your comprehensive monitoring and supervision should flow from there.