COVID-19: The potential for fraud

How can you keep fraud at bay during uncertainty?

There are many aspects of business that we need to keep in mind during the COVID-19 crisis, the risk of fraud being one of them. Criminals love uncertainty and disruption and COVID-19 provides an abundance of both. 

Our latest UK findings from the Global Economic Crime Survey found that 56% of organisations had experienced fraud in the past two years – the highest level ever recorded – but our expectation is that this will be eclipsed in the coming months. Employees and management are distracted and anxious and have been thrown into a completely new working environment. And in a world where everything is suddenly different, unusual activity that could indicate fraud won’t necessarily be noticed.

Financial institutions, for example, have seen a huge spike in false positive alerts from their monitoring software, simply because the behaviour of customers has suddenly changed. Compliance systems with machine learning capabilities are beginning to adapt, but the pressure is on to address red flags and recalibrate systems to reflect this unusual working environment.

Four key areas to keep in focus

Opportunistic attacks

COVID-19 is a huge distraction for management and employees and large numbers of employees are now working remotely; criminals use sophisticated analysis to seek out weak spots and will take advantage of flimsy controls and poor IT security. One organisation we work with saw a 40% increase in attempted cyber attacks in the space of a week. We have also seen an organisation where external fraudsters have sought to exploit people working from home by impersonating senior people and instructing payments to be made.

Our new cyber security whitepaper looks at how COVID-19 has created new opportunities for cyber threat actors and the steps that organisations should take to mitigate these risks. 

Internal fraud

Revenue and profits targets will be missed and some companies may be looking for additional cash options; we know from experience that this often drives an increase in banking covenant and working capital-related fraud. Internal fraud can oftentimes lead to a rise in financial reporting discrepancies, particularly around revenue recognition. Payroll is another vulnerable area – huge government packages to support furloughed employees have been rapidly put together, absence rates are soaring, and monitoring of timesheets is haphazard at best. This is fertile ground for fraud and mistakes.

Supply chain and third parties

Supply chains are breaking down and employees are under pressure to keep businesses running. It’s easy for normal supplier controls to be bypassed and important due diligence to be missed which heightens the risk of fraudulent activity perpetrated by either third parties or employees working in the purchase to pay cycle.

Broader financial crime

Broader financial crime risks, often subsumed under the banner of fraud, remain, be these rules that relate to tax evasion, failure to prevent tax evasion, accounting misstatement, misleading an auditor, bribery and corruption. In such a fast-changing environment some rules have been suspended but this is the exception rather than the rule. The pressure to make decisions first and ask questions later should be resisted insofar as it runs the risk of brushing off such rules unintentionally or otherwise. 

Four pillars of effective fraud risk management

Governance

Are the right messages being sent from the top of the organisation? Are policies and procedures being followed? Have crisis management controls been activated? Are staff aware of the heightened risk and what to look for?

View more

Risk assessment

Most organisations are adept at assessing risk but this process will need to be adapted for the unique circumstances of COVID-19.

View more

Monitoring and detection

Do your capabilities and systems to identify fraud reflect the COVID-19 risk assessment?

View more

Investigation and response

Is it feasible to investigate an issue remotely? Can your processes be adapted and can you access the data to undertake the investigation?

View more

At PwC we are adapting our fraud risk maturity tool to reflect the current and emerging fraud impacts of COVID-19 and to start to answer the question of how companies can respond effectively. If you’d like to know more please get in touch.

Here is also a list of useful resources that provide guidance on similar subjects: 

Contact us

Jonathan Holmes

Jonathan Holmes

Partner, PwC United Kingdom

Tel: +44 (0)7809 755613

Harriet Aldridge

Harriet Aldridge

Director, PwC United Kingdom

Tel: +44 (0)7841 568995

Stuart McMeechan

Stuart McMeechan

Director, PwC United Kingdom

Tel: +44 (0)7483 422762

Steven Bewick

Steven Bewick

Partner, PwC United Kingdom

Tel: +44 (0)7725 706095

Follow us
Hide