Economic crime is harming businesses at a staggering rate throughout the world and, with digital innovation and technology giving rise to new attack surfaces for economic criminals and fraudsters, the rate of instances are growing at exponential levels.
According to PwC’s Global Economic Crime survey, 2018, just under half of organisations (49%) globally report that they have experienced economic crime in the past two years. But what about the other 51%? Have they avoided falling victim – or simply don’t know about it? Since fraud hides in the shadows, one of the most powerful weapons in a fraudster’s armoury is a lack of awareness within organisations. It is time for business to recognise the true nature of the threat: not just as a nuisance or cost of doing business, but a shadow industry with tentacles in every country, sector and functions.
The survey findings also show that South African organisations continue to report the highest instances of economic crime in the world (77%), followed in second place by Kenya (75%), and thirdly France (71%). Half of the top 10 countries are in Africa.
The broadest definition of fraud is criminal deception intended to result in financial gain. These acts of crime could be from customers trying to defraud a company, outsiders using technology to hack into to the company systems and from within the organisation itself – the employees.
Trevor White, PwC Partner, Forensic Services and South Africa Survey Leader warns that in our efforts looking for fraudsters outside the gate, the risk of being cleaned out from the inside looms large. Looking at the conditions that breed internal fraud go a long way towards understanding the kind of person who will commit fraud.
Enemy inside the gate
“Fraud risk has been seen to emerge with as much prominence from within organisations as it does from the outside. We are always on the lookout for the enemies at the gate, but what about the enemies already inside?” asks White. “And not just anyone: often it’s the ones with the keys to the kingdom. The conventional arsenal is not going to cut it, and a more holistic and collaborative view of the organisation is necessary.”
What is the profile of a fraudster? This isn’t an easy question to answer because of the diversity of human nature. The criminal nature of external theft is the subject of academic theses and studies the world over due to the complexity of the subject, which leaves bolting up the doors and installing security systems – both physical and cyber – vital. However, there are a certain set of conditions that need to be present for internal fraud to occur, and these can be dealt with effectively in an organisation’s holistic fight against economic crime.
The survey found that “when it comes to fighting fraud (and, in particular, internal fraud) technology investments invariably reach a point of diminishing returns”. The reason for this is surprisingly simple. That is because while technology has given fraudsters a powerful new toolkit, the “last mile”, as it were, in the act of committing fraud comes down to a human choice.
White says: “Focusing on human behaviour offers the best opportunity for preventing or reducing fraud because, ultimately, machines don’t commit fraud – people do.”
Conditions for fraud
When focusing on human behaviour the tendency may be to become overwhelmed. However, the PwC survey talks about a “fraud triangle” – a set of three conditions, or drivers, that influence an act of fraud. Dealing with these three environmental conditions, PwC suggests, will significantly reduce the potential for fraud to take place because it effectively works towards removing the environment that breeds a fraudster.
The report states: “The birth of a fraudulent act usually follows the following trajectory: It starts with pressure – generally related to an internal issue. Then, if an opportunity presents itself, the person will usually wrestle with it emotionally. The last piece of the puzzle, which enables them to move from thought to action, is rationalisation.”
“While the personal profile of a fraudster is a broad concept, the environment is easier to understand and defend against. Each condition, opportunity, pressure and rationalisation, needs a focused and detailed intervention that is holistic,” says White.
The antidote to opportunity is about far more than pouring resources into finding the culprits, it is about addressing the actual culture within the organisation. With pressure, organisations need to ask themselves what the drivers of pressure within the business are, and are expectations aligned with reality.
Rationalisation, the final ingredient, happens when a “person who decides to commit an act of fraud against their own employer has reconciled their planned actions to their own personal code of ethics”. This, according to White, once more speaks to corporate culture and understanding the environment that governs employee behaviour.
The solution
The report concludes that just as fraud does not happen through the agency of a single factor, but by a combination, businesses have to find the right mix of technology and people measures. Many businesses that have focused primarily on technology resign themselves to the belief that a certain amount of fraud is simply part of the cost of doing business.
“It doesn’t have to be like that,” says White. “When you consider the scale of losses caused every year by internal fraud, an investment in understanding and addressing your corporate culture may offer a surprisingly high return, assuming you already have a well-established control environment.
“Our survey results clearly suggest that this is where companies should now redirect some of their efforts.”