Crises rarely announce themselves in advance, and the coronavirus pandemic is no exception. It has proven to be the great disruptor of 2020, affecting the public and private lives of millions worldwide.
The International Compliance Association (ICA) is a professional membership and awarding body. ICA is the leading global provider of professional, certificated qualifications in anti-money laundering; governance, risk, and compliance; and financial crime prevention. ICA members are recognized globally for their commitment to best compliance practice and an enhanced professional reputation. To find out more, visit the ICA website.
Criminals, always unscrupulous, have seized the opportunity presented to them by the pandemic to exploit new technologies and existing products and services to carry out their illicit activities.
For counter-fraud professionals, such threats are nothing new. The spread of the coronavirus has merely elevated the visibility of fraud for the general public and exposed to senior management in firms the seriousness of the consequences of underestimating the fraud threat.
Europol, for instance, described the criminal response to COVID-19 as “very fast” and expects instances to rise further. How we respond to fraud carried out now will reverberate as and when we gradually return to business as usual.
That’s if we can indeed “go back.” The likelihood of increased working from home arrangements, and the certainty of ongoing criminal activity, mean the challenges we face during this current crisis will persist beyond COVID-19. The following are among the key questions that will need to be answered if we are to be prepared for the new normal.
1. How do I keep up with changing fraud typologies?
Criminals have responded with characteristic ruthlessness and speed to exploit COVID-19. One case in the United States saw the theft of hundreds of login details via CEO fraud (pretending to be the CEO of a firm); other instances have involved fraudsters posing as government agencies through SMS messages with a phishing link. In response, the U.S. Secret Service warned firms that email fraud has and will continue to grow during the pandemic.
The risk surrounding new products and services, always susceptible to fraud, must also be borne in mind during these unprecedented times. Connected cards—a card given by one self-isolating to a trusted friend or relative—have been set up by the U.K.’s Starling Bank, for example. The risk of fraud has been mitigated by limiting purchases to in-store only, setting a £200 (U.S. $250) spend limit and requiring the use of a PIN. These practical steps may not prevent fraud entirely but significantly narrow the window of opportunity for criminals.
Knowledge of new products and services, including their potential flaws and loopholes, is a vital defensive tool in any anti-fraud department.
2. Criminals are flexible—how do I adapt and respond?
Criminals are without qualms when it comes to exploiting others for their own gain. For their illegal schemes to work, criminals ensure they are flexible and act quickly as situations unfold. Counter-fraud professionals can, paradoxically, learn something from a criminal’s spontaneity. Though their methods change, their embrace of innovation tells us much about how criminals work; recognizing this helps anticipate and nullify new threats.
Equally, unsuccessful criminal activity is often hugely informative in exposing the methods and techniques that criminals adopt. Learning how criminals behave and think is crucial for counter-fraud professionals. Only by studying the behavior of criminals can their ways of operating be understood and, ultimately, identified and prevented.
3. How do I get staff to engage with counter-fraud controls?
Embedding a zero-tolerance approach to fraud is perhaps a counter-fraud professional’s No. 1 priority within a firm. However, an anti-fraud culture is more than just signing up to certain well-meaning mantras—it must be a thorough, practical, and easy-to-comprehend framework instilled across all levels of a firm.
To achieve this, an anti-fraud culture should be part of the wider culture of the firm. Positioning fraud beneath this wider umbrella underlines the danger it poses to everyone within a firm. After a data breach last year, Capital One’s stock dropped 5 percent, and the bank explained it expected recovery costs to be more than $100 million. Clearly this fraud affected the whole business, and by disseminating such examples to staff, the threat of fraud becomes far more vivid. The damage fraud can do to a firm’s profit margins is an excellent way of passing on your message.
With many now working from home, less obvious cases may need a little more reinforcement. Take using a company laptop for personal use, or vice versa, which is fraught with risk. IT controls standard in an office environment need to be implemented domestically, including ensuring ID&V (identity and verification) during onboarding is performed as robustly as it would have been in the firm’s office. Awareness of the challenges around onboarding must be circulated while staff adjust to off-site work.
Employees should be reminded that fraudsters will try to exploit any slackening of security brought on by a lowering of IT standards.
4. How do I get senior management to recognize the threat posed by fraud?
The COVID-19 pandemic has demonstrated how those most vulnerable among us can quickly find themselves dangerously exposed when society is convulsed by unexpected events. For senior management, the reputational risk of leaving vulnerable customers exposed is a potent one and something a well-informed and savvy general public is increasingly intolerant of.
If counter-fraud professionals can highlight this risk—and tie it to concrete numbers that show the amount that would have been lost had anti-fraud measures not been taken—then senior management is far more likely to recognize fraud as just as damaging a threat as money laundering and sanctions exposure (remember that real-life case studies are of inestimable value in demonstrating this danger). Making fraud part of the bigger risk agenda solidifies its importance.
A holistic approach is key here: Fraud must be brought under the financial crime compliance canopy, instead of just credit risk. UK Finance revealed that investment in advanced security systems in the financial industry prevented almost £2 billion (U.S. $2.5 billion) in unauthorized fraud in 2019, yet some £1.2 billion ($1.5 billion) was fraudulently obtained by criminals. Details such as this can help drive home the message to senior management and secure support for counter-fraud professionals.
Fundamental to overcoming the issues that confront counter-fraud professionals is learning and education; without it, none of the questions above can begin to be addressed. This can be as simple as setting up email alerts or taking part in LinkedIn discussions with other professionals (from whom much insight can always be obtained) to the more thorough experience of virtual classrooms and hot topic events to absorbing the latest reports and publications.
Senior management needs to be informed of the substantial threat fraud poses, and the surest way of engagement is for counter-fraud professionals to arm themselves with the facts on fraud, as well as the answers on how to mitigate the threat. Such learning must be continual; criminals are unceasing and persistent in their efforts, and counter-fraud professionals must be unceasing and persistent in turn, making us better equipped to navigate an ever-changing landscape.
The International Compliance Association is a sister company to Compliance Week. Both organizations are under the umbrella of Wilmington plc.