Anti-fraud experts are seeing a rise in various types of fraud this year due in large part to the COVID-19 pandemic, according to a new report released Friday by the Association of Certified Fraud Examiners.
The new
“What we’re finding is that the uptick in fraud that our members are seeing is continuing,” said Andi McNeal, director of research at ACFE. “Seventy-seven percent of our respondents said they've seen fraud go up since COVID-19 came on the scene earlier this year, and they’re expecting that to keep going. Ninety-two percent expect they’re going to see even more fraud over the next 12 months. As we talk about the wake of COVID-19, we’re not just talking about the near future. We’re looking at over the next year. At least in terms of fraud risk, this is going to continue to have an impact.”
The percentage of CFEs reporting a significant increase has also grown significantly. In May, 25 percent of the CFEs polled reported seeing a significant increase in fraud, compared to 34 percent who are noticing a significant increase now.
More anti-fraud professionals are seeing fraud increase in nearly every category. The largest growth was in insurance fraud (12 percent increase), loan and bank fraud (11 percent), financial statement fraud (11 percent), identity theft (10 percent) and employee embezzlement (9 percent).
Cyber fraud remains the area where most anti-fraud professionals are perceiving the biggest growth, with 83 percent reporting an increase, and 90 percent anticipate an increase in the next 12 months. In the latest report, the ACFE added unemployment fraud and found that 73 percent of the respondents reported seeing an increase in that area (making it the second-most reported type of fraud).
“We asked specifically about 12 different categories of fraud risk, trying to identify those, some that affect all organizations and some that are a little bit more specific to individual parties or specific industries,” said McNeal. “Far and away among the top risks, cyber fraud just continues to be an area that organizations and individuals need to watch because that’s the one where we’re seeing the largest increase and that we’re expecting to keep continuing at the largest pace. Ninety percent said that over the next year they expect that cyber fraud is going to keep increasing. It ties into what we hear anecdotally. We hear law enforcement and corporations and individuals talk about how they’re getting more and more attempted ransomware attacks or business compromise schemes. Social engineering is occurring, so we know that’s a big risk for a lot of organizations and even individuals right now. We see payment fraud, fraudulent credit card payments or even digital currency payments are a top risk, and then fraud by vendors and sellers is a heightened risk right now for organizations.”
Insurance fraud has been on the rise as well. “We see 58 percent of respondents have already seen an uptick in insurance fraud, and 80 percent are expecting that to continue over the next year,” said McNeal.
The survey didn’t ask specifically about the Paycheck Protection Program, but that program, which is supposed to help small businesses survive the economic downturn from the pandemic with forgivable loans from the Small Business Administration, appears to be attracting fraudsters as well.
“We have loan and bank fraud as one of the categories we asked about, and that has an expected increase as well,” said McNeal. “Seventy-six percent are stating they expect to see over the next year more and more of the loan and bank fraud, not just specific to PPP but in general.”
The federal government has been tracking cases of PPP fraud, however. The Justice Department’s Criminal Division has charged 57 defendants with PPP-related fraud and has identified nearly 500 people suspected of COVID-related loan fraud, according to Assistant Attorney General Brian Rabbitt, who spoke at a press conference Thursday.
The ACFE also polled its members about financial statement fraud, where there has been an increase in recent months. “We have seen an uptick there as well,” said McNeal. “A lot of those cases that are making the headlines right now, we’re seeing those anecdotally, but from our research, 41 percent of respondents said they’ve already observed an increase in financial statement fraud, and almost three quarters, 72 percent, expect that to keep growing.”
Accountants can help safeguard against accounting fraud and encourage a more ethical culture at the organizations where they work. “Accountants have a responsibility to protect the public, put [its] interest above their own personal interest, contribute to a positive and ethical culture in an organization,” said Susan E. Bos, a member of the Institute of Management Accountants’ Committee on Ethics and deputy treasurer of Washtenaw County, Michigan. “Accountants are trusted, and they can use their credibility and their trust to introduce ethics more. You shouldn’t have to be introducing them. You should be talking about them all the time.”
Accountants can help companies avoid fraud and do things ethically even when managers are tempted to cut corners during the COVID crisis. “Usually the person who’s trying to achieve something has an end goal in mind and may suggest something unethical that you’re uncomfortable with,” said Bos. “As finance professionals, you can be resourceful to perhaps suggest an alternate way that would be ethical and legal and still achieve what they want to achieve. I’m not talking about profit and sales, but there are ways to do things that are ethical, and you can sleep at night and look at yourself in the mirror.”
With so many people working remotely now as a result of the pandemic, it shouldn’t be surprising that fraud is increasing when they are away from the eyes of their managers and co-workers and can access systems any time of the day or night.
“I think there’s a perfect storm brewing,” said McNeal. “With the remote work, it’s increasingly hard to ensure that the controls that were put in place are still operating appropriately or even still make sense. Thinking about protecting your intellectual property, customer lists and credit card information. When you’re in an office, you have physical security measures, so that’s a lot easier. But when you’ve got an employee at home who maybe has a shoulder-surfing roommate walk by behind them, they can certainly grab that information in a way that the company can’t really protect from all that well. Or a lot of organizations are feeling the urgency of the situation in a lot of ways, so transactions are being pushed through more quickly, or maybe they’ve had a staff reduction and so they have new people taking on certain roles, seeing where control gaps might crop up unexpectedly and that really opens an opportunity for fraud.”
Companies that are fighting to survive during the economic downturn may also be pushing the line on what they can do to stay in business. “We know whenever fast decisions are made, risk increases,” said McNeal. “You’re not taking the time to think through the risk assessment and risk tolerance when you’re moving quickly. Then, at the same time that is happening, for a lot of organizations, those with oversight responsibility may be deeply focused on just keeping the company going. What are our competitors doing, how is our employee workforce doing, what’s our culture doing as far as keeping everybody going remotely? I think there are a lot of factors at play that are really increasing the risks within organizations.”
Organizations can take some steps to mitigate the risk of fraud during the pandemic. “There are a few specific things that are incredibly important,” said McNeal. “If organizations have not already, I think they need to start by proactively doing a fraud risk assessment, updating their fraud risk assessment, understanding how what they previously understood was their fraud risks may have changed over the last six to eight months, because you don’t want them expending resources to solve a problem that maybe is not the one that needs to be solved right now. Think of it as a starting point making sure we’re keeping our eyes on our biggest areas of concern.”
McNeal also recommends that companies embrace technology to help safeguard against fraud. “With everyone remote, I think we’ve accelerated our use of technology in general, but make sure that you’re using those analytics programs that maybe you had already started, or monitoring programs for attempted cyber schemes,” she said. “Make sure that you’re keeping up on that anti-fraud technology investment and approaches.”
She also recommends that organizations stay in close touch with their remote employees. “Using technology is one piece, but the other side is going to be the human element, and that’s really understanding what employees are going through. A lot of times when we talk about preventing fraud, we’re talking about controls and opportunities, but we really also need to look at the pressure piece and recognize that a lot of employees are under an increasing amount of pressure. Make sure that we’re addressing that proactively, giving them the support they need, making sure the structures are in place to acknowledge them and the resources are there for them so that we can address those legs of the fraud triangle. But there’s also employee awareness. Right now, with everybody dispersed, we don’t have the ability to walk by and see somebody who maybe is displaying red flags that we would have in an in-person setting. That means it’s even more important for people to know that we all still need to be vigilant. We need to be watching for red flags of fraud, misconduct and noncompliance, and here’s what to do if you see things. If you come across a transaction that doesn’t seem right, here’s what to do about it. Don’t just assume things are OK for right now.”