Fraud thrives in times of crisis and the Covid-19 pandemic has proven to be no exception. Factors such as supply chain issues, workforce constraints and the withdrawal of the furlough scheme in the United Kingdom in September 2021 is putting further pressure on employees and management alike.
Motivation, opportunity and rationalisation, the three key elements of the fraud triangle, have already been heightened throughout the pandemic and the impact is likely to be felt for the foreseeable future. Due to continued disruption in economic conditions, motivation for committing fraud has increased with economic uncertainty providing the rationalisation. Changes to the working environment will result in modifications to systems and processes, and challenges to remote employee oversight. This can all create opportunities for fraud.
According to the latest Fraud Barometer, embezzlement fraud has increased (15 cases worth £8 million/$11 million in 2020 vs 26 cases worth £15.9 million/$21.9 million in 2021). Staff working from home, combined with businesses not having the right degree of oversight in key areas of their business such as finance or procurement, is likely to have exacerbated the risks.
The number of procurement frauds heard in the UK courts in the first half of 2021 was up 400%, from just three cases heard in the first half of 2020 (with a value of £2.6 million/$3.5 million) to 15 cases heard in the first half of this year with a value of £9.5 million/$13.1 million.
The dynamics and working environment in family businesses are different to those of other large corporates. The strengths of family businesses with long-standing employees, trust-based controls and less separation between owners and employees come with their own unique risks.
To manage fraud within your family business, you should focus on setting a strong ‘tone from the top’. Where you may not directly manage key business functions, ensure that the culture is such that management are not motivated to manipulate financial results in order to cover up any adverse financial performance, or avoid breaching bank covenants to preserve their position. As family businesses continue to adapt to new ways of working, management must proactively formulate a plan to detect and prevent fraud and ensure internal controls are still fit for purpose.
So, what can family businesses do?
1. Proactively manage new ways of working
Due to Covid-19, many businesses quickly transitioned to remote working and will now be transitioning to hybrid working. Each family business needs to ensure that any weaknesses and new business risks that have emerged because of remote working are carefully reviewed and technologies are scaled appropriately. This will ensure a smooth and appropriately risk-assessed transition to hybrid working. Employees must have access to the relevant tools and critical systems securely, enabling them to collaborate effectively. This must be done whilst ensuring that exposure to fraud and data loss is mitigated.
2. Prioritise fraud training and awareness
In many industries, a significant proportion of the workforce is still working from home, and this is likely to continue for some time. It is important to remind employees of your company values and behaviours expected of them, and that they should remain vigilant about the threat of fraud against the company (or themselves—cases involving the general public as the victim were also up almost 285%).
Subjects such as the code of ethics and education on phishing attacks should be reinforced and regular communications should be sent out. Employees should be aware of the resources available to them, regular fraud training should be provided to help them to identify red flags. This is especially key when they may be focused on other priorities and could miss the signs of fraud. It is important to have a culture which promotes reporting of suspected fraud. Multiple reporting channels should be offered, including the ability to report anonymously and this should be communicated to staff on a regular basis. Remember your employees are key in your first line of defence against fraud and misconduct.
3. Keep your fraud risk assessments current
Most family businesses will have had to rapidly change processes in relation to their critical systems by adapting to remote ways of working. Fraud risk assessments will also have changed. Revisit your fraud risk assessment—consider how things have changed such as levels of oversight or cash flows, revisit how best to implement segregation of duties effectively while in separate locations. Furthermore, with the introduction of UK SOX in the coming years, directors will have to report on the steps taken to prevent and detect material fraud. As a result, now is a good time to assess whether your family business can withstand the new focus and scrutiny.
4. Improve your fraud detection mechanisms
Cyber-attacks and misappropriation of assets can be detected using advanced analytics and fraud detection software. Keeping these up to date is key. The way we transact has shifted to e-commerce, which could mean that existing models will need to be amended to meet the new normal. You can keep up to date with current cyber threats by following the National Cyber Security Centre.
5. Ensure your suppliers and third parties don’t ‘bend the rules’
Reliance on suppliers and third parties should be assessed, given that they are also likely to be experiencing times of stress. Supply chain fraud is typically opportunistic, and in most cases involves complicit behaviour from an internal source and collusion with a third party.
Covid-19 has presented ample opportunities for criminals to exploit; taking advantage of current supply shortages, reduced or immobile workforces, poor oversight and weakened approval processes, and low productivity or staff morale. The business should continue to be vigilant when changing supplier account details or reviewing high value transactions.
It’s estimated that up to 5% of business revenues are lost to fraud. How well is your family business managing fraud risk? Take our fraud risk assessment to understand how well you are protected.