Kassem Younes and James Tebbs, Senior Managing Director at Ankura, discuss fraud prevention. They present a simple ‘cycle’ any organisation can use in order to improve its resilience against fraud.
“It’s hot topic!” Not an original headline.
The anti-fraud agenda can easily be heard in any location and at any time. It is linked to global crises, corporate imperatives, or personal security. Yes, it affects all of us. Fraud is on the rise: The COVID-19 pandemic. Fraud is increasing due to increased use of digital tools. Fraud is increasing when you work from home.
How can we make sense of all this? There must be some “numbing” effect. It is not uncommon to hear about fraud, but we become so used that it becomes a background concern.
This raises the obvious question: Despite all the technological advancement, system enhancements, training programs, fraud awareness week, regulatory fines, and clear costs, how much fraud was actually detected, prevented, or prosecuted over what could have been? How can you determine the true value of these activities for an individual, organization, state, or global agenda?
This question has been a problem for anti-fraud practitioners, as well as anti-financial crime risk professionals, for many years. The same question is raised about the prevention of money laundering, terrorist financing, or proliferation financing that are often levied on financial institutions. It is important to consider the ‘costs of compliance’ and calculate any decrease in criminal activity that may be a result of these preventive or detective activities. Although we can’t give a quantitative answer, we believe that anti-fraud adds significant value to an organisation.
We get so used to hearing about a problem, that we no longer consider the risk.
What are the steps taken by organisations to address this issue?
Our colleague Peter Glanville gave clarity about the new landscape in fraud investigation [2] as well as the collaboration efforts of investigators and legal professionals. Investigating fraud is an essential and powerful tool for preventing it. It is the core of any anti-fraud programme and actively shows zero tolerance for fraud incidents, internal or external. It is clear that any suspicion of wrongdoing will be investigated thoroughly and professionally, and the appropriate action taken.
This article will discuss the practical steps that organisations can take to prevent fraud. We have found that every organisation, regardless of size or budget, can find a solution using these steps. This could be a huge benefit that may not be obvious to you.
This cycle demonstrates how this continuous loop might be seen in practice.
img alt=”Cyclical Fraud Prevention Diagram” class=”aligncenter wp-image-38231 size-full” height=”638″ sizes=”(max-width: 642px) 100vw, 642px” src=”http://www.lawyer-monthly.com/Lawyer-Monthly/wp-content/uploads/2022/11/Fraud-prevention-diagram.png” srcset=”https://www.lawyer-monthly.com/Lawyer-Monthly/wp-content/uploads/2022/11/Fraud-prevention-diagram.png 642w, https://www.lawyer-monthly.com/Lawyer-Monthly/wp-content/uploads/2022/11/Fraud-prevention-diagram-300×298.png 300w, https://www.lawyer-monthly.com/Lawyer-Monthly/wp-content/uploads/2022/11/Fraud-prevention-diagram-150×150.png 150w” width=”642″/>
Understanding the cycle
First, fraud prevention is a continuous process. It is not a series or isolated activities. This is illustrated by the ACFE/COSO Fraud Risk Management work, which includes the Anti-Fraud Playbook [3] . These valuable insights are linked to the COSO framework as a foundation for internal controls.
The tendency to view compliance activities as a regulatory imperative, including mitigating the risk that a fine is imposed on them, has led to ‘pools of activity’ which are often not well coordinated. Consider the ‘Governance” component as the ‘tone at the top. We have found that there is often a disconnect between senior executives/Board directors involved and those who are informed at this stage. The monitoring (including MI), and reporting that follows can be a little more difficult. It is crucial that the top has ownership.
The ability to link anti-fraud actions not only gives you a better understanding of the overall risk, but also allows for more efficient and effective resource use.
What should an organization prioritize in its anti-fraud strategy
Each step in the cycle is an integral part of the overall strategy. Without each step, the strategy will fail.
Governance and Risk Assessment
It is crucial to establish the anti-fraud agenda from the beginning. The Board determines corporate strategy and risk appetite. The anti-fraud agenda is a result of these commercial imperatives. A risk assessment is essential in order to determine how effective controls can be built once the risk appetite has been established. A system of controls cannot be effective if it doesn’t know the risks it is meant to reduce.
Engage the business directly to conduct a risk assessment. This will ensure that the process is not treated as a compliance exercise. For real insight, try to imagine yourself as a criminal. You might even want to engage some consultants who were once fraudsters.
Controls Design
Many times, we see organisation controls that are implemented ‘after-the-fact’ without having done a proper risk assessment. Although it doesn’t have to be costly or time-consuming, the risk assessment can drive well-designed and targeted controls that bring about much-needed efficiency.
Each step in the cycle is an integral part of the overall strategy. Without each step, the strategy will fail.
There is a lot of literature available that can be used to support the [4]. But, fraud control is not what it seems. Effective passwords, authority limits and independent reviews, as well as segregation of duties, help to avoid errors and prevent fraud. This exercise should not be confused with other operational controls.
Monitoring and Detection
These are the actual activities of controls. To help governance personnel determine whether controls are effective, and identify potential fraud early so that they can be promptly followed up on, it is important to create KPIs and reporting data.
This information, if designed properly, should be aligned with commercial goals and provide more than just fraud monitoring.
Investigation
The investigation is usually managed by an external team, typically within Internal Audit or another risk function. In many cases, with the support of legal counsel, thorough investigation can provide a wealth of information about individual cases and the crystallisation and identification of perceived risks. This allows senior leaders to see their organizations from a different perspective.
Reporting and Recommendation
Without clear and detailed reporting, no investigation is complete. Consider two main outputs. What controls failed or were circumvented in allowing fraud to occur? And where else might the same scheme be possible in an organization. Answering both these questions can complete the “cycle” and help to improve controls design and monitoring.
These steps are applicable to all businesses, regardless of size. This cycle is not designed to consume more resources. It’s meant to make sure that resources are effectively allocated and focused on the most important activities. This cycle, while presented in an anti-fraud manner, should have far greater commercial value.
What are our future expectations?
A wise colleague once said that there has never been an ‘outbreak in honesty’. It is well-documented that fraud’s human psychology will not change. We recommend that you focus on your risk assessment, and not on the cycle.
However, there are positive developments in anti-fraud that are proving fruitful. The most important of these developments, outside of individual organizations, is the increasing tendency to cooperate between public and private sector organizations. This is illustrated by:
- The Kingdom of Saudi Arabia has just inaugurated its Joint Operations Centre for combating financial fraud. It includes all Saudi banks and is tasked to follow up on cases of financial fraud [5].
- The UAE’s Financial Intelligence Unit published helpful guidance on fraud trends and typologies. This information is useful for organisations to incorporate into their risk assessments.
These examples show the willingness and capability of government agencies to work with the private sector in order to fight fraud. While further cooperation is needed, these examples demonstrate that there is a global and state-level commitment to work together to fight fraud.
Conclusion
What can we learn from this? While fraud is still a problem and new attack vectors are constantly emerging, anti-fraud activities can be more efficient and effective than just tackling the fraud at an organisational level. We can move the needle on fraud with the right collaboration at the state-level and within an organisation.
Copyright 2022. These views are solely those of the authors and do not reflect the views of Ankura Consulting Group LLC., its management or any of its subsidiaries, affiliates, or other professionals. Ankura Consulting Group, LLC. is not a legal firm and cannot offer legal advice.
James Tebbs
Senior Partner, Dubai
T: +971(0) 4 381 9000 Main
Kassem Younes
Senior Director, Riyadh
T: +966 11 261 1522
James Tebbs, Senior Managing Director at Ankura, leads the Middle East’s compliance, risk and forensics team. He has more than 20 years of experience in fraud detection, prevention, and investigation, with 10 years in Middle East.
Kassem Younes, Senior Managing Director at Ankura Riyadh. Kassem has experience in a range of cases, including corruption, money laundering, and asset misappropriation. He has also appeared as an expert witness on numerous occasions.
Ankura is an independent global advisory and expert services firm that provides services and end-to–end solutions to clients at critical points in conflict, crisis and performance, risk, strategy, and transformation.
[1] We refer to anti-financial crimes as a narrower term related to AML and CFT.
[2] What’s the Reshaped Landscape of Fraud Investigations? (lawyer-monthly.com)
[3] https://www.acfe.com/fraud-resources/fraud-risk-tools–coso
[4] Also includes the ACFE/COSO antifraud framework mentioned above
[5] Saudi Central Bank Governor launches Operations Center to Combat Financial Fraud (arabnews.com).