How to Manage Fraud and Integrity Risks on a Global Scale
Fraud and economic crime rates have boomed amid the COVID-19 pandemic as organisations have been forced to rapidly adjust their long-established processes. Uncertainty has led to vulnerability, and the surge has impacted companies both in the UK and internationally.
This month we hear from Fran Marwood, head of PwC UK’s Digital and Forensic Investigations team, who shares his perspective on the current landscape of international fraud and integrity risks.
To give a general summary, what does your role as a forensic accountant at PwC entail?
The expertise we have in the team helps our clients to regain stability and trust, and to emerge stronger when the unexpected happens. That can be fraud, accounting misstatement, or some other matter where the extent and financial consequences are unknown.
I have been fortunate enough to advise on a lot of the most prominent fraud and accounting misstatement investigations in recent years. The role involves bringing together the different experts and technology we have to establish exactly what has happened, often within tight timescales.
We have seen many of these cases before, but our clients are often experiencing these for the first time in their careers. Often a huge amount rests on the clients’ shoulders to get the response right and one of the most rewarding parts of the job is helping them to navigate the challenges that arise. These often involve interactions with regulatory and law enforcement bodies, the company’s auditors and other stakeholders, and helping the client to avoid common pitfalls.
Can you give us a layman’s explanation of the fraud and integrity space?
The fraud and integrity space includes a surprisingly broad range of wrongdoing, which is increasingly perpetrated in a coordinated manner by organised crime. Most businesses have experienced losses as the result of this wrongdoing, and the cost to the wider UK economy is huge, often estimated to be in excess of £200 billion.
Fraud and economic crime rates are currently at record highs, impacting more companies in more diverse ways than ever before. There are daily references to it in the press, and for businesses who get it wrong, the consequences are significant. Not only do they face disruption and often reputational damage, but fines of several billions are not unusual.
The fraud and integrity space includes a surprisingly broad range of wrongdoing, which is increasingly perpetrated in a coordinated manner by organised crime.
These sorts of issues often stem from problems with related control environments. A key lesson is to make appropriate investment in identifying fraud risks and ensuring appropriate fraud prevention and detection measures are in place. Counter-fraud technology is playing an increasing role in this area and is something we have invested heavily in as a business. It is also especially important that appropriate integrity, diligence and healthy scepticism is applied to business partners and transactions.
How has fraud changed over time? Is there greater pressure on companies to mitigate potential fraud?
Technology is a continuing theme. Advancements in technology have allowed malicious actors to penetrate many companies’ control frameworks or security infrastructures, so it is unsurprising that cybercrime is one of the most common and disruptive types of fraud experienced by UK companies. We have all heard the stories of fake payment requests being sent to finance teams and many more businesses have fallen victim to this than is reported in the press.
Interestingly, technology presents both a fraud risk and a great opportunity for companies to strengthen their anti-fraud controls. At PwC we use a number of disruptive technologies and automation methods, such as machine learning and AI, which allow us to review whole populations of data to identify fraudulent transactions. This is helping our clients to be more proactive in managing their risks than ever before. Companies are increasingly using these technologies to mitigate potential losses and secure recoveries.
We are also seeing an increasing focus on directors’ responsibilities relating to fraud risk. This is driven by greater stakeholder expectations and a regulatory desire to build confidence across UK corporate governance. The UK’s Department for Business, Energy and Industrial Strategy (BEIS) consultation, ‘Restoring trust in audit and corporate governance’, indicates that directors of ‘public interest entities’ will be required to report on the actions they have taken to prevent and detect material fraud. Whilst the recommendations have not yet been published, many clients are pre-empting these and seeking help to improve their fraud management activities.
Interestingly, technology presents both a fraud risk and a great opportunity for companies to strengthen their anti-fraud controls.
Which emerging risks are your clients finding particularly challenging?
The ‘fraud triangle’ continues to be a great way to think about the fraud risk environment by considering pressures, opportunity and rationalisation. COVID-19 has undoubtedly created a much more favourable environment for the fraudster. New fraud opportunities emerged as organisations moved to working remotely and existing internal controls, such as payment approval processes, and monitoring activities were relaxed. Concerns over business survival have incentivised would-be fraudsters, and government support was also targeted. Moreover, individuals may have been more easily able to rationalise wrongdoing through the lack of positive contact with colleagues.
The pandemic has also disrupted the supply chains of many organisations. In an increasingly regulated and uncertain world, businesses’ reliance on extended global supply chains and networks of third parties heightens the importance of managing risk and resilience across these networks.
The ESG agenda is also causing an increase in non-financial reporting requirements, regulation and scrutiny. Regulators, investors and customers are becoming increasingly focused on fraud concerning ESG issues, whether that is criminal behaviour or exploitation in supply chains, or false claims or reporting concerning green credentials. Most larger businesses are currently working to improve ESG governance throughout their supply chains and operations, and robust intelligence work plays a key role in managing these risks.
In what ways are these risks compounded by the introduction of an international dimension?
With increasing globalisation of trade and investments, risks to organisations are increasing in scale and complexity.
A key issue for businesses is trust. The relationships between global businesses and their counterparties are not subject to the same level of trust that has been built historically through personal contact over a number of years. We see global organisations with increasingly autonomous parts of the business, and this leaves the door open to manipulation.
Where businesses are geographically spread, with a changing profile of suppliers and stakeholders, it is especially important that they do reliable diligence on counterparties to minimise their exposure to risk. This is an area of growth in the work we do, and our intelligence specialists help clients to address a range of business issues and mitigate risk in the supply chain.
The relationships between global businesses and their counterparties are not subject to the same level of trust that has been built historically through personal contact over a number of years.
Global organisations also face the challenge of meeting the requirements of a number of different regulators and regulations, be that multifaceted international sanctions regimes or challenges presented by global data regulations.
Have there been similar evolutions in the sanctions space? What major shifts have taken place in the past decade?
Sanctions is an area of economic crime that has become increasingly important, and one where we are repeatedly seeing our clients spotting the risks and seeking our help.
The use of economic sanctions to protect national interests or enforce peace has rarely been more prevalent than in more recent years. We have also seen the breadth of supranational (the UN Security Council) or unilateral (individual nations) sanctions programmes widen since the early 2000s. These often target not only individuals and organisations, but also sea vessels, specific addresses and locations (and even crypto-wallets), and entire national industries.
The increasing globalisation of trade and investments, together with this expansion of sanctions, has made navigating this complex regulatory space even more difficult for our clients. They are exposed to greater risks and challenges to comply with sanctions programmes imposed by multiple government agencies and international bodies. In addition, new “smart sanctions” (e.g. sectoral sanctions imposed by the US Office of Foreign Assets Control) and targeted restrictions mean that measures to ensure compliance need to become iterative and more sophisticated. On top of this, increasing fines and penalties are making non-compliance even more costly.
How are businesses responding to these changes?
It is important for businesses to have a sound understanding of their global supply chain so they can assess the risk of sanctions exposure via third parties.
We are seeing organisations looking to enhance their sanctions compliance programmes, monitor sanctions risks and regulatory development, and respond to them rapidly and cost-effectively. Our regulatory team can quickly and accurately assess and improve our clients’ sanctions compliance programmes.
Technology is increasingly being used for continuous monitoring of sanctions risks. We are helping clients to outsource sanctions screening and alert review processes or build their own based on the latest tools, advanced methodologies and international best practices.
How do you help your clients to better understand and overcome these issues?
Historically, forensic work was more reactive in nature – helping clients to understand, quantify and evaluate fraud or misconduct following an incident. We are now doing much more proactive work with our clients to mitigate the risks of incidents occurring.
The best defence to the growing threat of fraud is strong and proactive risk management. At PwC, we have developed a Fraud Risk Management solution, which is designed to help our clients understand the key elements needed for an effective control environment and to improve the processes and controls they have in place to prevent and detect fraud. The framework has five components: governance, risk assessment, monitoring and prevention, detection and response.
It is about helping businesses to have an awareness of the risks that they’re exposed to across their supply chain. Key fraud risks need to be identified, and then mapped to the business’s control environment to facilitate effective ongoing risk management. Our team provides clients with data-driven insights to give greater clarity and flexibility in tracking and managing risks and resilience levels in supply chains and third parties.
Fran Marwood, Partner
Tel: +44 (0)7841 491 400
Fran Marwood is a forensic accountant and counter fraud specialist, with 25 years’ worth of experience helping clients with complex investigations across the UK and globally. He leads PwC UK’s Digital and Forensic Investigations practice. The team is based across the UK regional centres and London and includes 250 forensic accountants and investigators, technologists and specialists in intelligence, contracts and asset tracing. They help their clients to protect value by preparing for, responding to and recovering from crisis events and business threats.
With offices in 156 countries and more than 295,000 people, PwC is among the leading professional services networks in the world. The UK firm has 22,000 employees across Assurance, Tax, Deals, Risk and Consulting.