Ivan Heard, Global Head of Fraud Solutions at the data and analytics software company Quantexa, discusses why it’s vital for companies to invest in tools to combat internal fraud during a period of economic instability and post-pandemic insecurity.
When we talk about the things we’ve lost as a result of remote or hybrid working, we’re naturally inclined to think about those water-cooler moments, company culture and in-person learning opportunities. But what is often an afterthought, is the impact that hybrid working is having on cyber and data security.
According to the Chartered Institute of Internal auditors in the UK, “hybrid working created a ‘culture crisis’ for companies by eroding staff loyalty and by making it harder to retain talented employees and easier for individuals to conceal fraud”.
And, following the Chancellor’s autumn budget which confirmed the UK has just entered into a recession, we are faced with further economic downturn and increased cost of living driving demand for higher pay. These dynamics foster feelings of entitlement which is often an underlying motivation for committing fraud.
Mixed with reduced loyalty and heightened opportunity to access and operate systems remotely, unobserved – we are witnessing the formation of a perfect storm. There is likely to be a significant spike in fraud and corporate misconduct as those facing financial pressures potentially look for ways to take advantage of their companies from the inside.
Internal fraud is particularly hard to predict as insiders have the knowledge and insight to manipulate their organisation’s systems. They are trusted parties, they need access and passcodes and keys to be able to do their jobs and they often also own an intimate understanding of which checks occur, how systems work and unfortunately also how to also evade detection.
To make things even more complicated, in historic cases there is very little correlation between age, gender, demographics, location or years of employment and fraudulent activity. And cases can manifest slowly, growing significantly over time. So while companies can be prepared and install logical controls, it is a real challenge to identify from where and when internal fraud may strike.
And the effects are not trivial – according to the ACFE Occupational Fraud 2022 report, organisations lose around 5pc of annual revenue to fraud. With financial institutions already under economic pressures themselves, the collision of losses is significant. In the same ACFE report, 42pc of fraud was detected in work-from-home environments.
The tools for detection
The good news is that there are now proven monitoring and investigation tools that can be used for detection, prevention and deterrence.
These tools and tactics, if properly and consistently executed, can help to combat the rise of insider fraud. This includes; creating transparency around (often hidden) potentially influential relationships; detecting anomalies in employee behaviour; uncovering undisclosed conflicts of interest; noticing changes made to IT and security systems; and formalising organisational learning based on past fraud events.
The successful implementation of these methods as part of a complete fraud detection and prevention programme requires utilising a range of data and data types, including having the ability to analyse this data. In fact, a Kroll research report found that data analytics is the most effective method of detecting fraudulent activity.
Another key element of a successful fraud detection programme is entity resolution. This can ensure that common obstacles in effectively making use of data (such as variations in dates, names and spellings) do not prevent an organisation’s ability to paint a clear picture of a person, or a business. It is also foundational in being able to use a wider variety of information sources and the more data we use, the easier it becomes to detect and prevent fraud.
A post-pandemic recession and hybrid working have created an environment in which we are very likely to see a lot more fraud. At a time when many businesses are facing their own economic challenges, avoiding these fraud losses presents material opportunity and the tools to prevent this type of activity have advanced significantly in the last few years. Greater context needs to be incorporated into risk analysis to enable organisations to act fast to identify new and previously unidentified fraud and better protect themselves and their customers.
