Opinion

Corporates need to relook anti-fraud strategy

Nikhil Bedi | Updated on November 20, 2020 Published on November 20, 2020

Checking fraud getting tougher   -  istock.com/ipopba

With frauds rising in these challenging times, firms will do well to take a proactive approach and seek professional help

The Covid-19 pandemic has caused widespread disruption and exposed vulnerabilities in ways businesses are managed across the globe. Some of the significant changes expected to influence business models in the long term include social distancing, large-scale remote working, reliance on shorter supply chains, enhanced use of technology, and customer introspection on the perceived value of goods and services. India is also seeing unprecedented rise in the pace of mergers and acquisitions (M&As) and their volume, alongside significant rise in private equity and venture capital investments.

Historically, data show that business disruptions have resulted due to rise in discovery of fraudulent practices. The 2008 economic crisis is a case in point that saw several large-scale corporate frauds being unearthed and the consequent collapse of several companies on Wall Street. India, too, witnessed frauds from 2009 to 2012, including several high profile cases. The current business environment is turning out to be no different.

In the early stages of the pandemic, media reports from across the world indicated a rise in cybercrime. In May 2020, the Association of Certified Fraud Examiners (ACFE) reported an overall increase in frauds observed and indicated that this trend was likely to continue over the next 12 months. The organisation also outlined key fraud schemes to watch out for, including vendor/seller frauds, payment fraud, healthcare fraud, identity theft, and insurance frauds.

In India, the experience over the past six months points to heightened awareness amongst corporates of their vulnerability to fraud risks, particularly as traditional fraud risk management efforts have relied on static organisational data.

Further, per Deloitte’s upcoming India Corporate Fraud Perception Survey, edition IV, 2020, about 80.3 per cent of the respondents indicated that fraud would continue to rise in the future, dominated by cybercrime, owing to large-scale remote working arrangements and change in business models. About 43 per cent of respondents felt that their existing fraud risk management frameworks were inadequate to address future frauds and required significant changes.

These developments have pushed many organisations to relook their approach to fraud, marking a shift from responding to fraud towards preventing fraud.

To make this shift efficient, organisations can consider the following:

Invest in technologies that can provide an enterprise data view: While looking to invest in this area, organisations must seek tools that can integrate both structured and unstructured data and perform advanced analytics on transactions. While there are many tools available in the market, organisations can consider a customised and scalable interface, supported by a subject matter expert who has the experience of successful implementation.

Selectively enhance the fraud risk management process for more vulnerable functions: For instance, supply chains were significantly disrupted during the pandemic, pushing organisations to consider relatively unknown vendors to continue business operations. An enhanced vendor due diligence process can identify red flags prior to associating with new vendors. Further, routine monitoring of existing vendors can avert supply chain disruptions and contract failures.

Employee training and awareness: It is widely acknowledged that formal training programmes can significantly reduce the risk of fraud, misconduct, and non-compliance. Employees are often the first line of defence against fraud and their ability to report suspicious activity can identify and curb fraud in its initial stage. Such training programmes may also help organisations respond more confidently to regulatory scrutiny and better comply with legislative requirements.

Seeking help from professionals: A decade ago, internal auditors were relied upon to identify corporate malpractice. Over the years, while the reliance on internal auditors has remained, there is equal emphasis on bringing forensic investigators, especially in situations involving conflict of interest. Organisations are also cognisant of the role that law firms, forensic experts, independent directors, technology providers, and law enforcement agencies can play in fraud risk management efforts. The future of fraud risk management is likely to be a collaborative effort within this ecosystem of experts.

Organisations will be better equipped to tackle fraud if they implement a proactive approach. Regulatory bodies also appear to be moving in this direction. For instance, the RBI issued guidance on an integrated risk-based approach for anti-money laundering programmes that banks and financial institutions had to adopt in less than 90 days.

In addition, SEBI has mandated disclosures of all forensic audits carried out by listed companies irrespective of the quantum. The Ministry of Corporate Affairs has mandated the disclosure of all whistleblower complaints for listed companies. A proactive approach to fraud risk management can meet these regulatory expectations and also provide companies the visibility into areas that require intervention.

The writer is Partner, Deloitte Touche Tohmatsu India LLP

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on November 20, 2020
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.