What is the Reshaped Landscape of Fraud Investigation?

How did COVID-19 affect fraud?

We always expect fraud to peak during a crisis, and the pandemic was no exception. According to a 2021 benchmarking survey published by the Association of Certified Fraud Examiners (ACFE), 51% of organisations had uncovered more fraud since the onset of the pandemic. The report, ‘The Next Normal: Preparing for a Post-Pandemic Fraud Landscape’, also found 71% of entities expecting fraud to rise over the next 12 months.

For fraud investigators, the digital acceleration and remote work precipitated by the crisis not only made employee fraud more likely – it made securing and identifying evidence of fraud all that much harder.

Why has remote working increased the risk of employee fraud?

Employee fraud was the most significant fraud risk during the pandemic. About one-third of employee fraud is caused by lack of internal controls, which was exacerbated by the global move to working from home. In the rush to respond to lockdowns, the priority was to provide staff with the necessary digital tools and hardware to do their jobs remotely. A business’s internal controls were a secondary thought.

However, the lack or weakening of controls, and the fact that internal audit was also grounded, left the door open for unethical behaviour to grow. Some of this unethical behaviour has already been exposed, but the rest is still to be found. Key risk factors leading to heightened fraud risk during the pandemic included people becoming disengaged from work and culture, a lack of face-to-face compliance activities and increased financial stress.

This is not to suggest that companies should avoid hybrid and remote work. The Talent Tech Outlook 2022 study by job site SCIKEY shows that remote working has now become the new normal, with 82% of employees preferring to work from home or other places rather than returning to the office. Notably, almost two-thirds (64%) of employees said they are more productive working from home and feel less stressed.

For fraud investigators, the digital acceleration and remote work precipitated by the crisis not only made employee fraud more likely – it made securing and identifying evidence of fraud all that much harder.

However, it is also true that employees working from home feel they are less observed and may be aware that controls have weakened, and are therefore increasingly likely to believe they will get away with unethical behaviour. As cultural connection fades, disengaged employees are more likely to be blasé about a job they are not even sure they want. We also see cases where the situational reality of working from home, including any perceived lack of support, can help disgruntled employees to rationalise fraudulent behaviour.

Given that hybrid working is here to stay, businesses and organisations need to be aware of the increased fraud risk this poses. The latest ACFE Report to the Nations – Occupational Fraud 2022 asked participants which pandemic-related factors, such as internal control changes or operational process changes, led to the frauds that they investigated. The factor most commonly cited as significant was the shift to remote work.

Why does digitisation make fraud investigations more challenging?

The digitisation of work is challenging in that it has created a huge volume of structured and unstructured data for investigators to trawl through. In particular, remote work triggered the ubiquitous use of unified collaboration and communication tools. In 2021, Gartner’s Digital Worker Experience Survey found nearly 80% of workers using collaboration tools, up from just over 50% in 2019.

Today, businesses communicate internally and externally across an ever-expanding range of communications vectors, including dozens of team chat apps depending on the region. Take Hong Kong as an example: the region is quite diverse in its chat preferences, so investigators need to deal with many different chat applications with regional nuances around favourite platforms, such as Telegram in Hong Kong, WeChat in China, WhatsApp in Singapore, Line in Japan and KakaoTalk in Korea.

The widespread use of personal devices via Bring Your Own Device policies also means personal and business communications have become intermingled with an employee’s personal data. Today, investigators frequently come up against cases where employees are using non-enterprise versions of chat applications and personal accounts for business use. We must also assume that people have more than one phone – and their other one is likely a ‘burner’ used for communications they want to hide from their employer.

Given that hybrid working is here to stay, businesses and organisations need to be aware of the increased fraud risk this poses.

To meet the new demands of fraud investigation, we have had to uplift our capabilities in remote mobile data collection, including chat images and audio files. Right now, we cover 98.6% of mobile devices, including various Chinese brands, using specific local software. We also offer a full forensic analysis of mobile devices to extract hidden and deleted files and uncover insights in relation to call logs, geolocation, deletion analysis and internet search history.

To handle the oceans of data uncovered in an investigation, we use eDiscovery and investigations platforms. These technologies enable capabilities like image conversion, auto-redaction, text indexes for keyword searches and unified metadata fields, where electronic files can be tagged with information such as document date, custodian, or evidence ID. In addition, mobile chat data can be pulled into our document review platforms, and we use machine learning tools to grasp communication topics and timelines.

What type of disciplines do you need for a successful fraud investigation?

When working with legal teams, our job has always been to answer: ‘Who?’ ‘What?’ ‘How?’ ‘When?’ ‘Why?’ and ‘How much?’ To get to the bottom of these answers, fraud investigation teams broadly need three distinct disciplines, which can work closely with subject matter (industry) experts:

• Forensic accountants – These are the traditional financial detectives who use accounting skills, business acumen and financial expertise to collect and collate evidence from financials, books and records.
• Forensic technologists – These specialists extract and secure digital evidence and use fraud and forensic data analytics tools to make sense of allegations and find anomalous relationships, transactions or unusual patterns to locate the electronic version of the needle in the haystack.
• Business intelligence (BI) analysts – Often former investigative journalists or lawyers, BI analysts provide human intelligence, searching social media profiles, interviewing former business associates and looking at public records to put the pieces of the puzzle together.

It is an iterative process. The forensic technologist may identify a person of interest. The forensic accountant may not initially find any evidence linking them to the allegation. But the BI analyst may uncover the person of interest is the director of a company that received fraudulent payments. Now the forensic accountant can go to work on those company records identifying payments of interest. The best teams work collaboratively, using their disparate skills to run down lines of enquiry and secure robust evidence.

What recommendations do you have for legal teams at the start of a fraud investigation?

• Prioritise data identification and preservation – Bring on investigators immediately so they can work with you on document retention notices and identify and collect as much data and as many devices as possible before evidence can be destroyed or lost. Sometimes, data preservation is as simple as picking up a backup tape. In other cases, investigators need to image hundreds of different hard drives and mobile devices overnight.
• Be mindful of data transfer laws – This is a big issue in Asia where, for example, China’s framework of State Secrets Law, Data Security Law, Cybersecurity Law, and Personal Information Protection Law requires companies to follow strict controls and processes, such as specific document review, before anything can be transferred out of China.
• Begin with the end in mind – Your investigators will quickly help you to understand the worst possible case, so you and your client are not blindsided by unexpected evidence.

© Copyright 2022. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.

Peter Glanville, Senior Managing Director

Ankura Consulting

Suite 2206, Level 22, Central Plaza, 18 Harbour Road, Wan Chai, Hong Kong SAR, China

Tel: +852 2233-2500 (Main) | +852 5596-2080 (Mobile) | +852 3002-2011 (Direct)

E: Peter.Glanville@ankura.com

Peter Glanville is a senior managing director at Ankura as well as a chartered accountant with over 20 years’ worth of experience. He has assisted a range of clients across Australia, the UK, Europe and Asia with complex investigations and forensic accounting matters. His wealth of expertise enables him to assist organisations in navigating key risks, investigating allegations of bribery and fraud and responding to regulatory issues.

Ankura is an independent global expert services and advisory firm that delivers services and end-to-end solutions to help clients at critical inflection points related to conflict, crisis, performance, risk, strategy and transformation.