While fraudsters are using technology – attacking banks in the virtual world for example – some have reverted to ‘paper and pen’ as organisations focus efforts on technology-driven defences. So says an audit firm which has brought out the latest in its bi-annual Fraud Barometers.
Hitesh Patel, UK Forensic Partner at KPMG, says: “It is certainly the case that we have seen fraudsters using very clever high tech frauds to attack banks, businesses and local authorities, but we have also seen some of the biggest frauds in more low tech scams. As old forms of transactions, such as cheques, are phased out, organisations are focussing on developing sophisticated lines of defence. Yet, rather than putting criminals off, many fraudsters are ignoring the challenge of triumphing over technology in favour of using simpler methods of deception.”
Fraudsters still rely on ‘old technology’ to do fraud, with a number of schemes in 2013 based on counterfeit cheques, said the audit firm, which has surveyed court cases prosecuted in the past year. In one simple case a local government employee processed cheques for legitimate payees, using disappearing ink. She secured the signatures of senior management for cheques reaching a total value of £162,000 and waited for the ‘payee’ details to disappear, before substituting them with her own name.
In another reported case worth £20m a businessman paid worthless company cheques into an account in the UK. He, and a gang, succeeded in transferring three-quarters of the funds into a foreign account before suspicions were raised and the account was frozen.
Another case involved a man who attempted to buy £1m of cars by visiting dealerships on six occasions, paying for an Aston Martin, Maserati, Ferraris and a Bentley by cheque. He was caught when the cheques bounced and one of the dealerships visited his home to reclaim the vehicles.
Fraudsters’ determination to focus on the so-called old-fashioned scams and avoid elaborate methods of deception is also evident says KPMG through a resurgence of cases involving tax rebates, loans and mis-selling. Combined, the three forms of fraud totalled more than £343m – up from £41m in the previous 12 months. According tot he audit firm it shows that, although the motivation to deceive comes in a variety of forms, many criminals are still prepared to rely on the traditional conman artistry of making financial gain through misplaced trust, attacking people’s vulnerabilities and sensibilities.
Meanwhile, there were cases where banks and businesses were attacked online, with fraudsters using computers, turning to robotics and malware in an attempt to avoid detection. One example involved eight people, arrested in connection with a £1.3m theft by a gang who took control of a bank’s branch computer system. They had placed a ‘keyboard video mouse’ and 3G router to one of the computers inside the branch when one of the fraudsters posed as an engineer, saying he was there to fix computers. The ‘fix’ enabled the criminals to control computers remotely using code and surveillance to find holes in the bank’s cyber defences and transfer money into bank accounts.
In another case fraudsters posted fake adverts for work at Harrods on a website as part of a £1m scam to trick job hunters of their savings. The con involved writing ‘Trojan’ malware which was hidden in job application pack downloads posted on the free website Gumtree. Once embedded on computers, the software copied bank log on and security details of those seeking work, before forwarding them on to the criminals who netted more than £1m.
Bribery and corruption
Despite organisations seeing a decline in internal cases of fraud (or at least cases that became public), the latest ‘barometer’ highlights the first prosecutions under the UK Bribery Act. In a case adding £23m to the total figure in this year’s Fraud Barometer and relating to the purchase of 6,000 hectares of land in Cambodia purchased through senior military officials based in the south-east Asian country, three senior executives have been charged with making and accepting a financial advantage in breach of the Bribery Act. As well as focusing on how they were able to purchase the land, the case examined whether the company mis-sold bio-fuel investment products, after the authorities were alerted to the possibility they were providing false information to clients.
Patel adds: “The pressure to compete lies at the heart of attempts to bribe and corrupt and the old adage of every person having their price is now much more likely to trigger criminal repercussions. The UK has seen its first corporate prosecution under the new anti-bribery legislation, and with it widely known that other cases are in development, fraudsters may begin to fear the ramifications of being caught. If guilty verdicts are returned and heavy punitive measures imposed, perhaps we will start to see people thinking twice before attempting to corrupt others in the pursuit of unfair advantage. ”
According meanwhile to the 2013 KPMG Cross-Border Investigations survey of sixty global executives, most – 90 percent – indicated that the number of cross-border investigations have either risen or remained the same over the last year.
Yet over half of these executives also reported that they have limited protocols in place and lack enough resources to do cross-border investigations. As global regulations, laws, and enforcement actions increase, companies with well designed cross-border investigation protocols will be positioned for more positive outcomes than those that are not prepared, the audit firm says.
Phil Ostwalt, Global Coordinator for Investigations for the Global Forensic practice at KPMG and Investigations leader in the United States, said: “Conducting cross-border investigations is no simple endeavour. Add the complexities of legal and cultural differences and you have one of the biggest challenges facing global corporations.”
Only 35 percent of respondents in KPMG’s survey indicated that their companies conduct cross-border investigation training each year, a decline from KPMG’s 2007 survey when that figure was 80 percent. And 42 percent of the executives believe their companies lack enough resources to handle cross-border investigations.
“Given the velocity with which compliance happens, management can never be prepared enough when it comes to its investigation protocols and procedures and yet our findings show that many companies are underprepared to meet this challenge,” said Ostwalt.
Data privacy laws
Foreign data privacy laws and regulations pose some of the greatest challenges to conducting cross-border investigations because of restrictions on the kinds of data that can be collected and transferred out of the jurisdiction. Many countries have enacted laws that place a priority on protecting personal data, including a fundamental legal right on the privacy of personal data, even if such data are contained on an employer’s system or computer. In fact, near half – 46 percent of the respondents in the audit company’s survey reported that their greatest challenge in conducting cross-border investigations is handling data privacy issues.
Cultural differences
Cultural differences remain one of the top three challenges in conducting cross-border investigations, which is up from 26 percent in 2007, to 37 percent in 2013. No longer can companies rely on procedures and resources used for domestic investigations. Instead, they must be customised to comply with different local laws and to respect diverse cultures and customs.
“You simply cannot conduct a cross-border investigation without people who know the intricacies and idiosyncrasies of certain jurisdictions,” added Ostwalt. “What may be acceptable to say or do in one culture may totally offend someone from another culture. Loyalties also differ by culture and some employees may be hesitant to speak out against a countryman for the benefit of a foreign company.”
His advice; develop case management and investigative procedures that align with the company’s values, standards, and principles and take into account region-specific or country-specific needs, customs, and practices. One size may not fit all, and procedures will need to be customised to meet a particular jurisdiction.
“We learned as children to stop, look, and listen before crossing the street, and the same prudence should be applied before taking any action with regard to an allegation of misconduct,” said Déan Friedman, leader of KPMG’s Investigations Network in the Europe, Middle East and Africa region for the Global Forensic practice. “Taking the time to assess the matter is critically important for the sake of confidentiality and privacy, as well as the credibility of the compliance program, the integrity of the investigation progress, and the reputation of those involved. Balancing the integrity of the investigative process with the legal rights that overseas subjects enjoy under local law is both an art and a science.”
Bribery and corruption most common
As far as the types of allegations that companies are conducting, bribery and corruption investigations was identified by a majority of respondents. This was closely followed by allegations of embezzlement or misappropriation, selected by nearly 65 percent of the participating executives, and conflicts of interest, which was chosen by 63 percent of respondents.
