52 Risks® Update (November 2020): Fraud, Fraud and More Fraud, Australian Cyber Hour – Cyber Future Summit 2020 and more.
Fraud and cyber incidents have two inevitabilities for most businesses: the first inevitability is that incidents will strike the business at some point and the second inevitability is that they will keep happening.
I have talked extensively about cyber security in my monthly emails and the various forums I am involved in. There is – pleasingly – a heightened sense of consciousness around cyber security in 2020.
Fraud risk is however less talked about – particularly internal fraud. Businesses that frequently experience external fraud – think of banks (theft of money from bank accounts, loan application fraud, credit card fraud and so on) and retailers (shoplifting) – have well developed fraud practices and processes.
Internal fraud is also less visible. Even institutions with the best financial controls in place experience employee fraud. Fraud can take the form of theft of money and goods, bribery and corruption involving customer and suppliers, theft of intellectual property and manipulation of business performance to avoid dismissal, meet sales and profitability targets and/or gain bonuses and other financial rewards.
Wells Fargo recently fired up to 125 employees for allegedly fraudulently obtaining stimulus money under the US Paycheck Protection Program (PPP) intended to help businesses hurt by the COVID-19 pandemic. This followed JP Morgan Chase launching an investigation into potential fraudulent access of PPP by both employees and customers. It is a timely reminder of the opportunities for fraudulent activity that can arise by new products, new initiatives, and new business lines.
In Australia, there have been two recent, high profile incidents reported on. In the first, a former senior executive of the National Australia Bank and a supplier were charged with participating in an illegal scheme to organizing lucrative contracts and bloated invoices, totaling A$40m.
In the second more recent incident, the CEO and a senior executive of the Victorian state government-owned rail business V/Line are under investigation for alleged bribery and corruption involving cleaning contracts.
There are many ways to manage internal fraud – and all need to be tailored to the firm or organizations. The recipe for success is a combination of having a deep understanding of the business processes, having strong financial controls in place, a well resourced and independent audit function, segregation of duties for financial payments, conflicts of interest protocols and codes of conduct. Fraud Risk and Employee Misconduct Risk are two risks in the 52 Risks® framework.
And whilst on cyber security, it was great to chair the last session of Day 1 of the Cyber Future Foundation’s virtual Cyber Future Summit in the US late last month. The Cyber Future Summit brought together cyber security and business leaders from around the world to stare into the challenges communities and business face in cyber security. A stellar panel of Australian experts made my role easy – we talked about the Australian cyber security landscape and challenges for SME businesses. If you have an hour free you can watch the replay on YouTube here.