I recently had the chance to visit with Olivia Allison, Senior Managing Director at K2 Integrity. We looked at some key fraud trends in 2021 and how they might influence fraud investigation, prevention and enforcement going forward into 2022. We began with a discussion of general fraud trends from 2021, particularly around Covid-19 issues, such as personal protective equipment (PPE), and monies distributed by governments to bolster national economies, such as Paycheck Protection Program (PPP) in the United States. Allison added that supply chain issues were also a contributing factor to these issues. She found that during investigations related to COVID procurement and healthcare procurement specifically in relation to the pandemic there were supply chains issues regarding fraud.
She believes going forward there will continue to be fraud investigations as more allegations are put forward about fraud in both COVID procurement and public procurement. Of course, the government is interested in these categories because fraudsters are trying to defraud the government out of funds. Interestingly, she found issues around fraud and data security, particularly in the heyday of working from home (WFH). This may well change in 2022 when we have a Return to the Office (RTO) but with the surge of the Omicron variant many companies are shelving RTO plans until the spring 2022.
WFH led to wider fraud inside of companies because employees were “bypassing controls, sometimes maliciously, sometimes it’s not fraudulent, but they just think that the controls are inconvenient.” This was coupled with the troubling phenomenon that Allison has seen reported recently that millennials “just think that some controls are inconvenient and they just try to work around them.” This obviously puts organizations at risk and from a culture perspective can be very damaging.
Allison noted that another risk factor for fraud she is following in 2022 are two related phenomena. They are the mobility of the work force coupled with the Great Resignation. These have led to people moving around a lot more in the labor market. With folks changing jobs and working remotely; it is very difficult to have the same level of connection with your employer. Companies must work much harder to build some kind of consistent culture. One of the prongs of the Fraud Triangle is Rationalization, that “the company owes me a bit more or something like that and if you do not have that level of loyalty, there is a kind of widespread risk that people may be justifying certain actions to themselves.” Allison believes that there are “a lot of things brewing that are difficult for companies, whether it’s supply chain or data, or employee loyalty, that may cause problems in the future.”
We then turned to what Allison characterized as “multi-vector crisis” which is when multiple crises coming from many different directions. As a compliance officer or fraud examiner, you are not simply responding to one threat or even one threat vector but several at the same time. Allison believes are some steps an organization can take to manage such risks. The first is “you need to make sure that your protocols, data security, policies and procedures are clear and manageable. Then train when onboarding your staff so employee understand your procedures and monitor that they are actually following them.” Finally, ensure “what is written on paper is also what happens in practice.” I would also add Document Document Document.
Additionally, companies are building dashboards of different fraud indicators. But that is only a starting point as they then must use the data to prevent fraud. She added, “I think that is a trend and also something that companies need to be looking at as they are using data. It is more than just gathering data, its actually using the data to drive decisions.” Finally, if you have not done so since the pandemic shut down the country in March 2020, you should “refresh your training.” From the training perspective, Allison believes that more frequent, yet shorter messaging is better. You can certainly have a longer annual targeted training but here she agrees with Tina Rampino that an “espresso shot” of training can be more effective.
From the controls perspective, you need to determine if different types of frauds are happening within your organization or if the situation is simply that controls are being bypassed. If there is a control bypass or override, this needs to be closed off or the bypass needs to be approved by senior management with an appropriate business justification. Of course, controls issues need to be considered when thinking about different working practices and where your employees work; whether that is WFH, RTO, work outside the physical office or a hybrid situation.
We concluded by looking at whistleblowers and the recently implemented EU Whistleblower Directive, which came into force in December 2021. In at least the last four or five ACFE Reports to the Nations, one of the consistent themes is that fraud is almost always detected internally and either reported internally or picked up through internal audit or internal controls or some other mechanism. With the EU Whistleblower Directive and the governmental monies being poured into the economies to rebuild infrastructure and other projects, Allison expects to see an increase in whistleblowers reporting fraud. This includes internal reporting and reporting to the government where a potential bounty is in play. But Allison also cautioned that the “media is a sort of third line of whistleblowing” which we saw in 2021 with the Facebook whistleblower, Francis Haugen.
All of these factors lead Allison to believe that the risk of fraud and fraud reporting will increase in 2022. Companies need to train their front-line employees to prevent fraud before it happens. Controls need to be assessed in light of the evolving work locations. Of course, the government is very interested in both fraud prevention but also fraud detection and prosecution so 2022 could well be a more significant year than 2021.