Kroll, the risk consultancy firm, have released their annual Global Fraud and Risk Report 2016-17.
545 senior executives from across the globe were polled from a range of industries, with over half of the executives polled working in companies with annual revenues of US$500 million or more.
This year’s Kroll Report broke down the data provided by executives, revealing a more detailed picture of the type, prevalence, method and perpetrators of fraud.
Here are some of the key findings from the Report:
- 82% of respondents reported at least one incidence of fraud in their business over the last year
- Over the last 12 months, 85% of executives reported a cyberattack
- Ex-employees (20%) were the biggest perpetrators of a cyberattack or information theft on companies
- In the UK, 90% of those polled had been affected by fraud in the past 12 months – the only country that reported higher incidences of fraud was Colombia.
- The three most common types of fraud that impacted businesses were: theft of physical assets or stock; vendor, supplier or procurement fraud and information theft, loss or attack.
The standout finding from the Report was that incidences of fraud have risen: 75% of respondents reported that fraud had occurred within their business in last year’s Report, a figure that this year stands at 82%.
Such prevalence led Kroll’s Tommy Helsby to describe fraud, cyber and security incidents as the ‘new normal’ for companies all over the world, and the Report’s findings offer a clear illustration of the size of the threat to organisations.
Underlining the notion that the prevalence of fraud is growing are recent comments from senior British police officer Sir Tom Winsor, who said that the current level of fraud was now at ‘epidemic proportions’.
Let’s take a closer look at fraud growth.
Another key finding from the Report was that the vast majority of fraud perpetrated came from within an organisation, with 79% of executives stating that an employee, a former employee or a contractor/freelancer was the perpetrator of fraud.
44% of cyber incidents were perpetrated by insiders, with ex-employees responsible for most of the information loss/theft and security incidents within companies. Inside an organisation the biggest perpetrators of fraud were junior employees, closely followed by senior or middle management.
The UK’s very high fraud incidence percentage (90%) will be a major concern for UK businesses. Theft of physical assets was the most common type of fraud in the country, followed by misappropriation of company funds. The UK fared similarly poorly when it came to security incidents, with the second highest number of incidents behind only the Middle East.
China and India were revealed as the two countries respondents were executives most dissuaded from doing business in due to concerns about fraud and security; 25% of respondents were deterred from doing business in China due to fraud concerns.
In India, fraud actually declined, with only 62% of executives encountering it, down from 80% in 2015 and well below the global average of 82% - nevertheless India retains its high-fraud reputation.
Many interested parties will be watching President Trump’s first moves eagerly, keen to discover whether he follows through with his verbal commitment to roll back regulation in a number of areas and the implications this may have for systems and controls.
US markets have soared in recent weeks in anticipation of reduced regulation of banks, with the Dodd-Frank Act, largely unpopular on Wall Street, apparently the first in the Trump crosshairs.
Likewise, the political appetite in Washington appears to be for deregulation. But Trump’s recent opposition to plans from Republicans to scrap an independent political ethics committee – which led to the proposals being dropped – demonstrates that the incoming president may not be as keen as deregulation as his Twitter feed suggests.
A major vulnerability in the United States was cyberattacks, with 88% of respondents reporting an attack over the last 12 months. Another standout point for the US was the exposure of fraud: in the majority of countries whistleblowers were responsible for detecting fraud, however an internal audit was the most common method of detecting fraud in the US.
The financial services industry emerged from the Report with the joint-highest fraud incidences alongside manufacturing, with 89% of executives working in the industry reporting at least one fraud last year, a substantial 19 percentage point increase in fraud from the previous year.
The financial services industry, as Kroll commented, is much more likely to have anti-fraud measures in place in comparison to other industries. As a probable direct result, most other industries polled had their fraud detected by whistleblowers whereas in financial services fraud was more likely to be detected through an external audit.
The rising level of fraud is a concern for businesses and organisations all over the world. The most effective way of reducing it is by assessing and understanding the risk and training employees across the business in prevention and detection.
Underlining this assertion is the fact that, whilst employees or former employees were the most likely group to commit insider fraud, employees were also the most likely group to identify fraud, with 44% of fraud globally exposed by whistleblowers.
This illustration of effective fraud detection proves that old adage that employees are the first line of defence, and a crucial element in fraud reduction.
By following us on LinkedIn, Facebook and Twitter you’ll stay up to date with the latest developments in governance, risk, anti-money laundering and financial crime prevention, and the professional qualifications we offer.