When we discuss “fraud, waste, and abuse” in the corporate compliance world, fraud often takes center stage. Fraud is the deliberate deception of knowingly submitting false information for personal or corporate gain. Waste is easier to define: the careless or inefficient use of resources. But abuse? Abuse sits in that murky middle ground. It may not rise to the level of criminal fraud. Still, it represents conduct that undermines the ethical framework of the organization and erodes trust in systems designed to manage risk.
In many ways, abuse is the most insidious of the three. It thrives in the shadows, often justified by employees as “harmless” or “making up for what the company owes me.” Yet left unchecked, abuse not only costs organizations real money but also paves the way for outright fraud. One of the clearest examples of abuse today lies in employee expense reimbursement, a process now under siege by the rise of AI-generated fake receipts.
Today, we continue our week-long exploration of the role of a Chief Compliance Officer (CC) and corporate compliance function in fighting fraud, waste, and abuse. Today, we explore what abuse means, how expense reimbursement schemes illustrate the problem, why weak controls allow abuse to metastasize into fraud, and what compliance professionals can do to address it. We use a real-world example of AI creating fraudulent expense reimbursements to demonstrate how the task has become more difficult and why a corporate compliance function must be even more vigilant.
Defining Abuse in the Compliance Framework
Abuse is often defined as the use of authority, processes, or resources in a manner that is inconsistent with accepted business practices, resulting in unnecessary costs or unfair advantages. Unlike fraud, abuse does not always involve intent to deceive. Instead, it often reflects opportunistic behavior, such as stretching policies to personal advantage, exploiting loopholes, or rationalizing misconduct.
In the context of compliance, abuse is the “gateway drug” to fraud. An employee who casually exploits the expense system, rounding up mileage, submitting duplicate claims, or fabricating receipts for lost expenses, may start with small infractions. But over time, the lack of consequences emboldens greater misconduct.
One only needs to look back at the sordid story of GSK in China to recall that employee expense reimbursement can lead to catastrophic consequences for an organization.
Expense Reimbursement Abuse: The AI-Receipt Problem
As the New York Times (NYT) recently reported, employees are increasingly turning to generative AI tools to create realistic fake receipts. This is abuse in action. It often begins innocently enough: an employee loses a legitimate receipt and turns to an AI chatbot to recreate it. They may even rationalize the act as necessary to be reimbursed for actual money spent.
But the abuse does not stop there. Once the employee realizes the system can be gamed and that compliance or finance fails to detect the fraud, they repeat the behavior. In one case, an employee submitted AI-generated receipts for hotels and airfare in Bangkok, despite never traveling there.
The ACFE in its most recent Report to the Nations confirms the scale of the issue:
- 13% of occupational fraud cases involve inflated or invented expenses.
- Median loss per case: $50,000.
- 30% of fraudulent receipts detected by one major auditing tool are now AI-generated.
What makes this a prime example of abuse is not just the false documentation. It is the culture of permissiveness that allows employees to cross the line between mistake, abuse, and eventually fraud.
How Lack of Controls Fuels Greater Fraud
The absence of strong internal controls around expense reimbursement is fertile ground for abuse. Companies that rely on manual review or outdated systems may not be equipped to detect sophisticated fakes. AI has supercharged this risk. Where once an employee might need Photoshop skills to doctor a receipt, now anyone with a chatbot can generate a convincing fake in seconds.
Weak controls create three distinct risks for compliance:
1. Normalization of Misconduct
Employees who “get away” with small abuses normalize this behavior, eroding ethical culture. “Everyone does it” becomes the rallying cry.
2. Escalation to Fraud
Abuse begets fraud. What begins as recreating a lost taxi receipt morphs into fabricating entire trips, complete with hotels, meals, and airfare never taken.
3. Regulatory and Legal Exposure
Inflated or fabricated expense claims, especially involving government contracts or international operations, can trigger False Claims Act liability, FCPA scrutiny, or other regulatory action.
Ultimately, compliance officers should view expense reimbursement abuse as more than an administrative nuisance. It is a leading indicator of deeper cultural weakness and a flashing red light for greater fraud risk.
Building a Compliance Response
How should compliance professionals address abuse in expense reimbursement systems? Three principles stand out:
- Leverage Data and Technology: Just as employees use AI to fabricate receipts, compliance teams must deploy AI to detect them. Expense auditing platforms now compare metadata, font spacing, and behavioral patterns to identify suspicious submissions.
- Strengthen Policy and Training: Clear guidance is essential. Employees should know that even “recreating” a lost receipt is prohibited, and repeated violations will trigger disciplinary action. Training should emphasize that abuse is not a victimless act; it drains resources and undermines trust.
- Promote a Speak-Up Culture: Abuse thrives in silence. Anonymous hotlines, visible accountability, and consistent follow-through on reports send the message that integrity matters.
Five Key Takeaways for Compliance Professionals
1. Abuse Is the Gateway to Fraud
Abuse often sits in the gray space between negligence and intentional misconduct. An employee may rationalize using a fake receipt as a harmless way to recover legitimate expenses, but once this behavior is accepted, it erodes the organization’s integrity. Abuse teaches employees that rules can be bent without consequence. Over time, this rationalization escalates, leading to outright fraud. Compliance professionals must recognize abuse not as minor misconduct but as the earliest sign of a deeper cultural problem. Treating abuse seriously, through policy, training, and accountability, prevents small acts of dishonesty from snowballing into systemic fraud that damages the enterprise.
2. Expense Reimbursement Abuse Is Rising
Expense abuse has always been a problem, but the introduction of generative AI has made it easier and more scalable. Employees no longer need technical expertise in Photoshop to fabricate documents. Today, they can generate convincing receipts in seconds, often indistinguishable to the human eye. Cases of employees submitting AI-generated receipts for trips never taken highlight just how quickly this abuse can escalate. For compliance teams, this shift means that traditional manual review is no longer enough. Organizations must anticipate that abuse in expense systems is increasing both in volume and sophistication, and they must respond accordingly.
3. Weak Controls Enable Misconduct
Compliance professionals recognize that robust internal controls are the foundation of effective fraud prevention. When expense systems lack proper oversight, they create opportunities for abuse to thrive. Employees quickly learn where controls are lax, whether through inconsistent auditing, inadequate documentation requirements, or poor segregation of duties. Without strong controls, small abuses go unchecked, and employees feel emboldened to escalate their misconduct. Worse still, regulators may interpret weak controls as evidence of willful blindness or negligence, thereby exposing companies to additional liability. Compliance officers must ensure expense reimbursement processes are fortified with modern controls that prevent, detect, and remediate abuse at every level.
4. Technology Must Match the Threat
The same tools employees use to commit expense abuse can be harnessed by compliance to stop it. AI-generated receipts may look convincing, but advanced auditing tools can detect subtle inconsistencies in formatting, metadata, and behavioral patterns. Expense management platforms now deploy machine learning to flag unusual submissions, such as repeating server names or meals in fabricated restaurant receipts. Compliance professionals must advocate for investment in these technologies to stay ahead of evolving threats. Without matching technology to the risk, organizations remain vulnerable. Ultimately, AI must be part of the compliance toolbox to counteract the AI-enabled abuse already occurring.
5. Culture Is the Ultimate Control
No amount of technology or policy will succeed without a culture that values accountability. Abuse thrives in environments where misconduct is ignored, rationalized, or dismissed as “just the cost of doing business.” By contrast, cultures where leadership models ethical behavior, encourages reporting, and rewards integrity create natural barriers to abuse. Compliance must work hand in hand with leadership to embed accountability into daily operations. When employees see that even small abuses are addressed, they understand the seriousness of compliance expectations. A healthy culture sends the clearest message: abuse will not be tolerated, and integrity is non-negotiable.
Abuse Is Fraud’s Precursor
Fraud, waste, and abuse are often discussed as a package, but compliance professionals must pay special attention to abuse. It is the gray zone where rationalizations take root, where misconduct begins small, and where organizational culture is tested. Expense reimbursement systems offer a cautionary tale: without proper controls and accountability, abuse can quickly evolve into systemic fraud.
Compliance officers who ignore abuse risk far more than inflated receipts. They risk cultivating an environment that fosters fraud. The lesson is clear: treat abuse as seriously as fraud, because in practice, one leads inexorably to the other.
