Security, which involves preventing and fighting fraud, is a topic that continues to be more and more critical in today’s world of ongoing digital transformation. The Association of Certified Fraud Examiners reports that U.S. businesses will lose an average of five percent of their gross revenues to fraud.
In recent technology news, Lithuanian Evaldas Rimasauskas and his co-conspirators sent phishing emails to employees from Facebook and Google. The fraudsters incorporated Quanta, a company spoofing the Taiwanian tech giant Quanta Computer – with whom the defrauded companies regularly transacted. Employees from both Facebook and Google fell for the fraud – paying more than $100 million to the fake company's bank accounts.
Shocking, right? If you are a finance leader that learned of this scam, you probably cringed. You are probably asking yourself and your AP team, “how could this have been so easy?” and “how exposed are we to such a scam?”
Responsible for the company’s financial health, the CFO is explicitly involved with any losses caused by fraud. And if (s)he is going to be effective in leading the fight against fraud, they will need to adapt their defenses to face fraud and fraudsters who are better organized, more aggressive, and more technologically proficient than ever.
This leads us to three questions that CFOs should be asking and answering and the seven key things they can do to help mitigate, even prevent, events such as the Rimasauskas case.
THREE QUESTIONS THE CFO SHOULD ASK AND ANSWER
1. What exactly are the threats and what risks do they represent?
Threats come in a variety of forms. We are familiar with the most common: supplier fraud (fake bank details), fraud on finance (stock brokers and bankers) and legal professionals, and client fraud (fake invoices).
While technologies continue to offer better performance and security, the reality is that the human factor is still the main source of vulnerability in terms of exposure to fraud today.
An employee is somehow involved in most confirmed cases of fraud. In the U.S., fraudsters who have longer tenures (five years or more) misappropriated twice as much as those of tenures of less than five years. The Association of Certified Fraud Examiners (ACFE) found that employees tenured at least five years stole an average of $200,000.
Further, the 2018 Euler Hermes-DCFG report found that 68 percent of fraud committed by individuals outside the company represents the act of people close to the company in some manner, notably partners such as sales agents, clients, service providers, and others.
The risks to the company are obvious:
Financial: Financial impact is not only felt when cash is directly impacted, such as invoices paid or wire transfer made to a fraudulent recipient, but also in terms of operating income, such as bad receivables — resulting in loss of cash flow and lower net profit.
Data Theft: A company’s client data files represent some of its most valuable assets. The threat of data theft can take two forms:
- Inaccessibility to data, which would block the company’s commercial, operational, and industrial activities.
- Malicious use of corporate data, which could incur significant legal liability for the company, serious reputational damage, and potential financial consequences for its customers.
HR and Psychological Impact: A breach affects employees psychologically when they feel betrayed by a work colleague that they have known for a long time, as well as the fraudster’s managers who may wonder whether they truly carried out company procedures to the fullest extent, or should have been aware of warning signs.
Reputation: Falling victim to fraud impacts the company’s reputation, from the company’s main commercial partners, namely its clients and suppliers, to its shareholders. How the company manages the crisis also impacts its reputation, so a solid communications plan should be in place and rehearsed frequently.
2. Why invest in fraud prevention?
Beyond the understandable peace of mind that security brings and assurance that the company will not (or will no longer) become the victim of attempted or successful fraud, security for processes represents a competitive advantage due to its reinforcement of the company’s reputation for reliability, reassurance for commercial partners, and more.
3. What are the most effective tools to mitigate, even prevent, fraud?
The most advanced technologies in this battle are big data, machine learning, and digitization.
Big data enables handling vast volumes of information, often in real-time. Machine learning is a component of artificial intelligence in its broader meaning, seeking to create and use algorithms to obtain predictive analysis based on data. Together, they make it possible for the company to go even further, such as risk scoring its clients and suppliers.
Digitization, or automation, technologies that leverage A.I. are the other essential tool and an important part of any effort to mitigate risks. By creating and organizing a rigorous process that includes complete traceability and security found in cloud technology, these solutions become extremely effective in fighting fraud.
But even by leveraging advanced technologies, raising employee awareness is one of the most important aspects of fraud prevention. Providing training to all departments and every hierarchical level within the company, including top management, is important so everyone knows the role they play in identifying warning signs and exposing potential fraud.
It is also important to implement communications that are adapted to each different stakeholder group within the company that reflect the company’s commitment to fraud prevention and identifies the consequences of not taking fraud prevention seriously, as well as the benefits of executing well-defined fraud prevention plans and practices.
In summary, here are seven key responsibilities of the CFO when leading the fight against fraud:
- Make risk management a priority
- Automate your processes
- Communicate with IT
- Embrace advanced and emerging technologies
- Engage all internal stakeholders
- Implement a cloud-based automation solution
- Choose the right technology tools
For a free demo or to schedule a complimentary AP automation assessment, click here.