3 minute read 20 May 2020
Unravelling fraud risks during COVID-19

Unravelling fraud risks and restoring stakeholder confidence during COVID-19

Authors
Arpinder Singh

EY Global Markets and India Leader, Forensic & Integrity Services

Leading forensic accountant and veteran expert witness. Advising global clients on compliance, anti-corruption and corporate governance. Disruptive thinker. Technology aficionado. Author.

Mukul Shrivastava

EY India Telecommunications, Media & Entertainment, Technology, Forensic & Integrity Services Leader 

Advising global organizations on building robust compliance and anti-fraud frameworks by leveraging innovative technology

3 minute read 20 May 2020
Related topics Forensics COVID-19

The COVID-19 pandemic has made the business world a breeding ground for a plethora of risks, with vulnerabilities seeping across several industries.

The world today is in a state of emergency due to the onslaught of the COVID-19 pandemic. Prevailing uncertainties are radically altering societal norms, crippling business operations and impeding economic growth. Its long-term impact is unfathomable right now till a medical breakthrough aids a cure or eradication of the virus.

Unforeseen crises brewing fraud risks

Fraud, bribery and corruption have the tendency to thrive in chaos. The COVID-19 pandemic has made the business world a breeding ground for a plethora of risks, with vulnerabilities seeping across several industries. As companies grapple with operational pressure, disruption around cash management, working capital, supply chain and workforce issues; resorting to unethical shortcuts, fraudulent practices and management overrides may be construed acceptable in these extraordinary times.

The pandemic’s impact is comparable to the aftermath of the 2008 financial crisis where fraud and corruption increased significantly. According to the Association of Certified Fraud Examiners (ACFE), a study conducted after the 2008 recession highlighted that the majority of respondents saw an observable increase in the number of frauds. Almost 80% believed that fraud levels increase in times of economic distress. With a sharp fall in markets worldwide, plunging stocks and job losses, many factors then may be relevant right now, which might impact the global economy.

As the COVID-19 crisis evolves with time, organizations should identify high-risk areas that may emanate from the pandemic’s ill-effects on businesses.

  • Misappropriation and window dressing: perpetrators may bend the rules to project a better financial performance through non-disclosure of risks and uncertainties in annual or quarterly reports and unethical and unprincipled balance sheet adjustments. Organizations may also see management override or circumnavigate controls, embezzlement for personal use, related party transactions and diversion of funds for unauthorized or illegal purposes.
  • Lapses in integrity: disruption in work pattern and behavior may lead to a short-term rise in whistleblowing complaints. Layoffs can lead to employees indulging in kickbacks, collusion with vendors, insider trading or conflict of interest situations. From a corporate social responsibility (CSR) standpoint, implementation partners may misuse funds allocated for relief efforts and weak controls or governance, which may cause ethical lapses in the programs.
  • Counterfeiting: the pandemic provided counterfeiters with an opportunity, given the shortage in multiple product categories because of supply chain disruptions. The limited availability of essential and non-essential products may create a vacuum in the market, influencing counterfeiters to release fake products at a rapid pace after the lockdown is lifted.
  • Supply chain risks: some of the imminent risks in the supply chain include change in third party arrangements increasing the risk of exposure to unknown third parties, kickbacks for priority treatment, overcharging by logistics vendor taking advantage of the rise in demand and short supply, and diversion of company products to unauthorized channels.
  • Cybercrime, phishing and digital frauds: with remote working set-ups, email phishing, system breaches, malwares, ransomware attacks and social engineering attacks may compromise organizations’ confidential data and employees’ personal data.
  • Losses and damages: disrupted supply chain and distorted relationships with business partners are likely to bring commercial complications such as difficulty in recovery of invoices, unwarranted claims and unsolicited disputes.

Reinforcing stakeholder trust in the new normal

The world’s response to dealing with a pandemic 25 years ago would have been a stark contrast. Technology and digital proliferation have been a conduit in raising awareness and as ways to mitigate risks. From a compliance and governance standpoint, a technology-led preparedness model with a focus on current, imminent and long-term risk mitigation can tackle several challenges.

Now: Addressing concerns on the current fraud landscape to the next three months

  • Crisis management: this can encompass commercial agreements, establishment of a cross functional COVID-19 task force and constant assessment and monitoring the effects of the pandemic. The business continuity plan should have a specific emphasis on regulatory matters, supply chain disruptions and an adequate response plan.
  • Virtual safeguards during remote working: focused efforts should be made to revisit work from home guidelines, additional controls should be incorporated to plug loopholes in data leakage, breach of confidentiality and work efficiency. Companies may consider implementing employee efficiency and sentiment analytical tools to guide, help and monitor staff. 
  • Supply chain management: organizations can check the viability of key third parties through risk assessment based on new or changed parameters such as liquidity, operating abilities, change in ownership structure, borrowings, workforce, availability of resources.
  • Cyber incident response: businesses should mandate protocols for employees such as using secure internet and Wi-Fi connections, virtual private networks (VPN) to connect to company’s secured network when accessing company data, and double-checking external emails to avoid phishing, ransomware, malware or spoofing attacks.
  • Reviewing contracts: businesses need to relook contracts with external parties including the force majeure clause to (re)interpret contractual obligations given the current scenario, to understand how the clause could be used in favor of their business interest or to save them from performing any obligations. They should also assess their insurance cover to the extent to which their losses may be covered.

Questions for consideration

  • Has your organization’s existing anti-fraud framework been tweaked to adjust to a new business model during the disruption?
  • Does your organization have adequate access and anti-fraud control measures built into IT systems?

Next: Dealing with potential fraud risks amidst limited business operations in the next three to six months

  • Conducting a fraud risk assessment: businesses should re-look at identifying fraud risks, re-assess the state of regulatory compliance, and tighten anti-fraud and compliance frameworks.
  • Revisiting technology infrastructure: the workplace of the future is digitally driven. Modernizing the existing cloud environment, enterprise collaboration, network and physical security, and upgrading cyber forensics for enhanced agility and safeguarding the company will be key.
  • Relooking third party risks: the due diligence process will need to be broader to cover background checks, market reputation and allegations of fraud. Automation of vendor onboarding processes through robotics can mitigate possible non-compliance.
  • Digital training capsules: as remote working would continue, organizations will need to shift to digital training, including refresher courses to reinforce the integrity agenda and foster a culture of ethics.
  • Building resiliency: organizations will have to enhance governance and transparency by integrating the primary touchpoints across various business functions. This will create a holistic model for a rapid crisis management, enabling the organization to respond to risks and build trust.
Organizations will have to enhance governance and transparency by integrating the primary touchpoints across various business functions.
Arpinder Singh
EY Global Markets and India Leader, Forensic & Integrity Services

Questions for consideration

  • Are your new employees and vendors aware of and trained on Indian and global bribery and corruption regulations?
  • Does your organization use data analytics and predictive modeling to identify red flags?

Beyond: Managing compliance in a post COVID-19 world spanning six months and beyond

  • Focusing on sustainable ethical growth: management and boards will need to create and nurture a culture of integrity, encompassing governance, culture, controls and procedures, and data-based insights. The tone at the top should emphasize on the importance to mitigate risks and drive ethical growth.
  • Leveraging emerging technologies: automation, Artificial Intelligence and Machine Learning for process improvements, use of dashboards in compliance frameworks, enhanced cybersecurity and data privacy can prepare organizations to ward off the threats of tomorrow.
  • Continuous assessment and update in insurance coverage: organizations will have to assess insurance cover around pandemics, possible loss of profit and bio wars in their business continuity plans. They will also include measures to resume adequate production capacity levels and augment the supply chain.
  • Re-examining legal agreements: this should cover contract governance frameworks, organization structure and associated processes, contract benchmarking, risk assessment, compliance and monitoring.
  • Prioritizing compliance in CSR efforts: integrity and ethics should form the core of CSR programs. Organizations will need to maintain compliance with the law and internal policies, choose execution partners after due diligence and identify as well as address risks in implementation.

Questions for consideration

  • Has your organization devised a strategy for future risks?
  • Is your organization able to maintain trust and promise integrity to its stakeholders?

Summary

From a compliance and governance standpoint, a technology-led preparedness model with a focus on current, imminent and long-term risk mitigation can tackle several challenges.

About this article

Authors
Arpinder Singh

EY Global Markets and India Leader, Forensic & Integrity Services

Leading forensic accountant and veteran expert witness. Advising global clients on compliance, anti-corruption and corporate governance. Disruptive thinker. Technology aficionado. Author.

Mukul Shrivastava

EY India Telecommunications, Media & Entertainment, Technology, Forensic & Integrity Services Leader 

Advising global organizations on building robust compliance and anti-fraud frameworks by leveraging innovative technology

Related topics Forensics COVID-19