COVID-19 pandemic exposing businesses to heightened fraud risk

23 April 2020

There is no doubt the COVID-19 pandemic has brought the global economy to a standstill and has the potential to result in a recession even worse than the 2008 global financial crisis (GFC). History repeating itself.

The 2008 GFC sparked a surge in fraud which is most likely to recur in today’s economic downturn. According to the U.S. Securities and Exchange Commission (SEC), the prosecutions for misconduct that led to or arose from the GFC generated roughly $3.76 billion in disgorgement, penalties and other monetary relief[1]. And in Australia and New Zealand, a KPMG survey showed the average cost of fraud to each organisation surveyed doubled from $1.5 million in 2008 to $3 million in 2010[2].

“While not conclusive as to all or any organisation, the evidence nonetheless tends to show that some forms of corruption and serious misconduct become more prevalent during periods of significant disruption and economic downturn” - NSW ICAC, Managing corrupt conduct during the COVID-19 outbreak, April 2020

Today, UK’s National Fraud & Cyber Crime Reporting Centre’s statistics show Coronavirus-related frauds increased by 400% in March. They estimate U.K. consumers have lost approximately £970,000 to COVID-19 scams since February[3].

During periods of disruption and uncertainty such as these, there are several common forms of fraudulent activities that can occur in your business.

1. Phishing and social engineering scams.

Phishing scams generally take the form of emails and texts with malicious links claiming to be from the company’s IT department, government, banks, not-for-profit organisations, etc. A recent phishing scam sent an SMS advising the recipient they had been identified as being in contact with someone who had tested positive to COVID-19 and to click the link for more information.

2. COVID-19 related investment scams.

Businesses are approached to invest in companies who claim its products or service can be used to stop the coronavirus outbreak.

3. Accounting and financial reporting fraud.

Disclosure fraud may increase as business declines. Immediately after the 2008 GFC, financial statement and accounting fraud constituted the single largest category of actions filed by the SEC[4].

4. Corruption in procurement.

Businesses may undergo changes in procurement such as purchasing emergency goods and services, negotiation of contract variations, and changes of payment terms to suppliers. The changes in practices can be associated with corrupt conduct.

The fraud triangle

The well-known fraud triangle shows financial pressure, opportunity and rationalisation are conducive to fraud. Urgent demands in response to a changing environment introduce vulnerabilities that otherwise would be mitigated by basic controls.

For example, to accelerate the onboarding of staff to meet certain organisational challenges, background due diligence when hiring may not be adequately undertaken. Or risk assessments may not be performed to the degree they usually would as a means of fast-tracking decisions.

The economic impact of COVID-19 and the changing environment in businesses have intensified all three elements of the triangle making organisations more vulnerable to fraud during this period. As you navigate this challenge, remain vigilant for:

Higher cyber security risk caused by social engineering schemes.

Business’s IT security systems not only need to remain strong to maintain business continuity but need to be strengthened to confront increased risks of cyberattack. According to the Australian Cyber Security Centre, since early March 2020, there has been a significant increase in COVID-19 themed malicious cyber activity across Australia[5].

It is self-evident that distributed working arrangements entail a loss of interaction and consultation with colleagues, which can lead to workers making decisions on their own. As a result, socially engineered cyber frauds are more likely to succeed.

Risk associated with isolated work environments.

When operations are not “business-as-usual”, an organisation’s control and normal levels of supervision may weaken. Employees may feel less supervised and those who lack integrity may choose to bypass controls which have been designed to remediate business operation risks.

“while the majority of employees are honest and trustworthy, there remains the possibility in any organisation for unscrupulous employees to take improper advantage of diminished control or supervision” - ICAC, Managing corrupt conduct during the COVID-19 outbreak, April 2020

To help your business prepare for the heightened fraud risk resulting from COVID-19, review your fraud control plans and reassess your fraud risk profiles. A fraud risk health check is a good way to help think through the heightened fraud risk.

If you would like Findex to conduct a fraud risk health check on your business or you require any further information on protecting yourself from fraud, get in touch with the Audit and Assurance team today.

Findex has developed a Government Stimulus Health Check and free Business Wellbeing Toolkit to help businesses manage potential risks and take full advantage of eligible stimulus assistance. Book your Health Check here.

[1] https://www.sec.gov/spotlight/enf-actions-fc.shtml

[2] https://www.abc.net.au/news/2010-11-08/financial-crisis-sparked-surge-in-fraud/2328494

[3] https://www.cps.gov.uk/cps/news/beware-fraud-and-scams-during-covid-19-pandemic; https://blogs.thomsonreuters.com/answerson/covid-19-scams-frauds/

[4] https://www.sec.gov/spotlight/enf-actions-fc.shtml

[5] https://www.cyber.gov.au/sites/default/files/2020-03/ACSC-Threat-Update-COVID-19-Malicious-Cyber-Activity-20200327.pdf