Understanding the characteristics of fraudsters and strengthening internal controls can be the key to thwarting fraud.
Is there a full-proof way to stop fraud from occurring at your company? The short answer is, no, there is not. But there are steps the organization can take to make it more difficult for fraud to occur – or to discover and contain the fraud more quickly if it’s in progress. Among the most effective ways to do this is by:
- taking a hard look at your internal controls and checking for weaknesses
- strengthening gaps where they exist
- regularly monitoring internal controls and employee behavior
Insights from a new KPMG study1 into the nature and characteristics of fraudsters – who they are and how they operate – may be helpful as companies seek to prevent and ferret out fraud. For example:
- The danger is usually found close to home. 86 percent of fraudsters are employees or former employees of the company.
- The person committing the fraud is often the person you would suspect the least.
The Cost of Fraud
The damage caused by business fraud is staggering. On a global basis, we’re looking at nearly $4 trillion in losses annually.2 And unless you’re insured against it, there’s very little likelihood of a full recovery.
According to a report by the Association of Certified Fraud Examiners, nearly 60 percent of organizations victimized by fraud recovered nothing; only 14 percent make a full recovery.
With that in mind, the best option is to head it off before it starts, and to uncover the fraud before it goes on too long. However, this is easier said than done. Over 65 percent of the frauds analyzed in the KPMG survey lasted between one and five years. And it should come as no surprise that the longer lasting the fraud, the greater the damage.
Who are they and why do they do it?
The why of it is pretty simple: money. The survey determined that over 65 percent of fraudsters were motivated by personal financial gain and greed. Sure, there were other reasons found for their actions. For example: because they could; they were driven to it by the organizational culture and/or to meet sales or budget targets. But money was clearly the driving factor.
What’s more, most fraudsters either aren’t afraid of getting caught, or believe they won’t get caught. This is a key reason why, no matter what steps you take, it’s virtually impossible to prevent people from attempting to commit fraud.
As for who fraudsters are, they are primarily3:
- male (79 percent)
- between 36 – 55 (68 percent)
- employees (65 percent) or ex-employees (21 percent)
Many fraudsters turn out to be “well-respected” members of an organization, and 38 percent have been with the company for at least six years. What’s more, 34 percent turned out to be executives or non-executive directors, and another 32 percent of fraudsters were managers. Anecdotally, it would be fair to say the individual committing the fraud “was the last person we would expect to do something like this.”
There typically is nothing in the fraudster’s employment history to indicate that he or she would be prone to commit this crime, so employment background checks aren’t foolproof in this regard (although they may save you from hiring an otherwise bad employee). And if, as it often turns out, the fraudster is a high-level executive or rain-making employee, regular employees and even senior officials have a tendency to look the other way.
Risk from non-employees/third parties: The other primary threat of fraud is from third parties, such as business partners, joint venture partners, customs agents, distributors, suppliers, contractors, etc. As you can imagine, this significantly expands the vista of potential fraudsters; some companies do business with hundreds of thousands of third parties.
In some cases, these outside parties acted alone in committing the fraud, but in nearly two-thirds of the cases investigated, they acted in collusion with a current employee. This tends to make it even harder to detect the fraud as the employee often is in a position cover up the illegal activities.
When are companies most at risk?
While all organizations have potential exposure to fraud, those going through high levels of change are particularly susceptible and need to be extra vigilant. The following three situations often result in significant organizational and operational changes:
- Global expansion: Companies that expand globally, going into emerging markets or areas of the world with a culture and business environment different than the United States, tend to have greater exposure to fraud. That’s because actions viewed as both common and acceptable in a foreign county – for example, paying bribes to government or others to facilitate transactions – may be a violation of U.S. law, such as the Foreign Corrupt Practices Act (FCPA).
What makes corruption/fraud especially dangerous is that we found a high level of fraud tending to occur at the executive level. And as noted above, fraud perpetrated by executives is harder to detect or stop than other types of fraud. Thus, it typically runs longer (three years in 66 percent of cases) and is more damaging.
- Investment/reinvestment in new technologies: Many companies are making big investments in new technology, such as enterprise resource planning (ERP) and accounting systems. While they devote significant time, money and resources to getting these systems up and running, they often overlook “holes” that are created in internal controls designed to guard against fraud.
So this new technology can cut both ways, as it helps many fraudsters (24 percent) access systems they shouldn’t have access to and may also enable them to cover up their fraud.
- Complying with new regulations: It sounds counter-intuitive, but in trying to comply with new regulations, an organization can open the door to fraud. Regulations often require companies to put together programs designed to mitigate fraud and risk.
So, companies get laser-focused on checking off boxes and making sure everything is in place to show regulators they’re in compliance; they implement a control structure, establish process and procedures, offer/require training programs, etc.
However, according to compliance directors we’ve spoken with, the allocation of resources and time that goes towards complying with the regulations sometimes results in businesses not paying as close attention on suspicious activities or anomalous transactions that might be a tip-off to fraud.
Phil Ostwalt is a Partner with KPMG. He currently is KPMG’s Investigations Service Network Leader.