Tag: ACFE

Categories
Blog

Culture, Controls, and Consequences: Why Compliance Should Address Abuse Before It Escalates

When we discuss “fraud, waste, and abuse” in the corporate compliance world, fraud often takes center stage. Fraud is the deliberate deception of knowingly submitting false information for personal or corporate gain. Waste is easier to define: the careless or inefficient use of resources. But abuse? Abuse sits in that murky middle ground. It may not rise to the level of criminal fraud. Still, it represents conduct that undermines the ethical framework of the organization and erodes trust in systems designed to manage risk.

In many ways, abuse is the most insidious of the three. It thrives in the shadows, often justified by employees as “harmless” or “making up for what the company owes me.” Yet left unchecked, abuse not only costs organizations real money but also paves the way for outright fraud. One of the clearest examples of abuse today lies in employee expense reimbursement, a process now under siege by the rise of AI-generated fake receipts.

Today, we continue our week-long exploration of the role of a Chief Compliance Officer (CC) and corporate compliance function in fighting fraud, waste, and abuse. Today, we explore what abuse means, how expense reimbursement schemes illustrate the problem, why weak controls allow abuse to metastasize into fraud, and what compliance professionals can do to address it. We use a real-world example of AI creating fraudulent expense reimbursements to demonstrate how the task has become more difficult and why a corporate compliance function must be even more vigilant.

Defining Abuse in the Compliance Framework

Abuse is often defined as the use of authority, processes, or resources in a manner that is inconsistent with accepted business practices, resulting in unnecessary costs or unfair advantages. Unlike fraud, abuse does not always involve intent to deceive. Instead, it often reflects opportunistic behavior, such as stretching policies to personal advantage, exploiting loopholes, or rationalizing misconduct.

In the context of compliance, abuse is the “gateway drug” to fraud. An employee who casually exploits the expense system, rounding up mileage, submitting duplicate claims, or fabricating receipts for lost expenses, may start with small infractions. But over time, the lack of consequences emboldens greater misconduct.

One only needs to look back at the sordid story of GSK in China to recall that employee expense reimbursement can lead to catastrophic consequences for an organization.

Expense Reimbursement Abuse: The AI-Receipt Problem

As the New York Times (NYT) recently reported, employees are increasingly turning to generative AI tools to create realistic fake receipts. This is abuse in action. It often begins innocently enough: an employee loses a legitimate receipt and turns to an AI chatbot to recreate it. They may even rationalize the act as necessary to be reimbursed for actual money spent.

But the abuse does not stop there. Once the employee realizes the system can be gamed and that compliance or finance fails to detect the fraud, they repeat the behavior. In one case, an employee submitted AI-generated receipts for hotels and airfare in Bangkok, despite never traveling there.

The ACFE in its most recent Report to the Nations confirms the scale of the issue:

  • 13% of occupational fraud cases involve inflated or invented expenses.
  • Median loss per case: $50,000.
  • 30% of fraudulent receipts detected by one major auditing tool are now AI-generated.

What makes this a prime example of abuse is not just the false documentation. It is the culture of permissiveness that allows employees to cross the line between mistake, abuse, and eventually fraud.

How Lack of Controls Fuels Greater Fraud

The absence of strong internal controls around expense reimbursement is fertile ground for abuse. Companies that rely on manual review or outdated systems may not be equipped to detect sophisticated fakes. AI has supercharged this risk. Where once an employee might need Photoshop skills to doctor a receipt, now anyone with a chatbot can generate a convincing fake in seconds.

Weak controls create three distinct risks for compliance:

1. Normalization of Misconduct

Employees who “get away” with small abuses normalize this behavior, eroding ethical culture. “Everyone does it” becomes the rallying cry.

2. Escalation to Fraud

Abuse begets fraud. What begins as recreating a lost taxi receipt morphs into fabricating entire trips, complete with hotels, meals, and airfare never taken.

3. Regulatory and Legal Exposure

Inflated or fabricated expense claims, especially involving government contracts or international operations, can trigger False Claims Act liability, FCPA scrutiny, or other regulatory action.

Ultimately, compliance officers should view expense reimbursement abuse as more than an administrative nuisance. It is a leading indicator of deeper cultural weakness and a flashing red light for greater fraud risk.

Building a Compliance Response

How should compliance professionals address abuse in expense reimbursement systems? Three principles stand out:

  • Leverage Data and Technology: Just as employees use AI to fabricate receipts, compliance teams must deploy AI to detect them. Expense auditing platforms now compare metadata, font spacing, and behavioral patterns to identify suspicious submissions.
  • Strengthen Policy and Training: Clear guidance is essential. Employees should know that even “recreating” a lost receipt is prohibited, and repeated violations will trigger disciplinary action. Training should emphasize that abuse is not a victimless act; it drains resources and undermines trust.
  • Promote a Speak-Up Culture: Abuse thrives in silence. Anonymous hotlines, visible accountability, and consistent follow-through on reports send the message that integrity matters.

Five Key Takeaways for Compliance Professionals

1. Abuse Is the Gateway to Fraud

Abuse often sits in the gray space between negligence and intentional misconduct. An employee may rationalize using a fake receipt as a harmless way to recover legitimate expenses, but once this behavior is accepted, it erodes the organization’s integrity. Abuse teaches employees that rules can be bent without consequence. Over time, this rationalization escalates, leading to outright fraud. Compliance professionals must recognize abuse not as minor misconduct but as the earliest sign of a deeper cultural problem. Treating abuse seriously, through policy, training, and accountability, prevents small acts of dishonesty from snowballing into systemic fraud that damages the enterprise.

2. Expense Reimbursement Abuse Is Rising

Expense abuse has always been a problem, but the introduction of generative AI has made it easier and more scalable. Employees no longer need technical expertise in Photoshop to fabricate documents. Today, they can generate convincing receipts in seconds, often indistinguishable to the human eye. Cases of employees submitting AI-generated receipts for trips never taken highlight just how quickly this abuse can escalate. For compliance teams, this shift means that traditional manual review is no longer enough. Organizations must anticipate that abuse in expense systems is increasing both in volume and sophistication, and they must respond accordingly.

3. Weak Controls Enable Misconduct

Compliance professionals recognize that robust internal controls are the foundation of effective fraud prevention. When expense systems lack proper oversight, they create opportunities for abuse to thrive. Employees quickly learn where controls are lax, whether through inconsistent auditing, inadequate documentation requirements, or poor segregation of duties. Without strong controls, small abuses go unchecked, and employees feel emboldened to escalate their misconduct. Worse still, regulators may interpret weak controls as evidence of willful blindness or negligence, thereby exposing companies to additional liability. Compliance officers must ensure expense reimbursement processes are fortified with modern controls that prevent, detect, and remediate abuse at every level.

4. Technology Must Match the Threat

The same tools employees use to commit expense abuse can be harnessed by compliance to stop it. AI-generated receipts may look convincing, but advanced auditing tools can detect subtle inconsistencies in formatting, metadata, and behavioral patterns. Expense management platforms now deploy machine learning to flag unusual submissions, such as repeating server names or meals in fabricated restaurant receipts. Compliance professionals must advocate for investment in these technologies to stay ahead of evolving threats. Without matching technology to the risk, organizations remain vulnerable. Ultimately, AI must be part of the compliance toolbox to counteract the AI-enabled abuse already occurring.

5. Culture Is the Ultimate Control

No amount of technology or policy will succeed without a culture that values accountability. Abuse thrives in environments where misconduct is ignored, rationalized, or dismissed as “just the cost of doing business.” By contrast, cultures where leadership models ethical behavior, encourages reporting, and rewards integrity create natural barriers to abuse. Compliance must work hand in hand with leadership to embed accountability into daily operations. When employees see that even small abuses are addressed, they understand the seriousness of compliance expectations. A healthy culture sends the clearest message: abuse will not be tolerated, and integrity is non-negotiable.

Abuse Is Fraud’s Precursor

Fraud, waste, and abuse are often discussed as a package, but compliance professionals must pay special attention to abuse. It is the gray zone where rationalizations take root, where misconduct begins small, and where organizational culture is tested. Expense reimbursement systems offer a cautionary tale: without proper controls and accountability, abuse can quickly evolve into systemic fraud.

Compliance officers who ignore abuse risk far more than inflated receipts. They risk cultivating an environment that fosters fraud. The lesson is clear: treat abuse as seriously as fraud, because in practice, one leads inexorably to the other.

Categories
Compliance Into the Weeds

Compliance into The Weeds: The ACFE 2024 Anti-Fraud Technology Benchmarking Report

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt look at the recent ACFE publication of its 2024 Anti-Fraud Technology Benchmarking Report and what it means for compliance professionals.

The ACFE 2024 Antifraud Technology Benchmarking report unveils an intriguing shift towards the use of AI in antifraud analytics, with a significant 83% of respondents planning to adopt generative AI in the coming years. However, the report also highlights a gap in current practices, with only a quarter of organizations utilizing analytics for corruption and bribery detection. Tom views this report as a crucial tool for understanding the evolving landscape of fraud detection. He emphasizes the importance of staying ahead of technological advancements and the potential risks of not having sophisticated tools for managing fraud investigations.

Similarly, Matt underscores the report’s insights into the challenges faced by antifraud professionals. He stresses the importance of aligning analytical capabilities with manpower resources and the critical role of experienced professionals in managing complex issues like bribery and corruption. Both perspectives highlight the need for a strategic blend of technology and human expertise in the ever-evolving world of compliance and audit.

Key Highlights:

  • Generative AI Integration in Antifraud Analytics
  • Generative AI Impact on Fraud Examination Trends
  • AI’s Role in Fraud Detection and Compliance
  • Detecting Financial Fraud Through Advanced Analytics

Resources:

Matt on Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

Categories
FCPA Compliance Report

Kelly Paxton on Maximizing Your Network

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, I am joined by Kelly Paxton, a certified fraud examiner who has worked in the anti-corruption space for years. In our conversation, Kelly talks about the importance of networking and how women are often underestimated in the field. She is a proponent of the Certified Fraud Examiner designation and emphasizes the need to foster a brand for yourself. She also encourages listeners to remember that good people can make bad choices and to take an interest in the stories behind fraud cases. Kelly talks about her passion for defense work and delves into the nuances of different types of offenders. Her wisdom and insight make her an invaluable guest on the podcast.

 Key Highlights

Networking at National Industry Events for Fraud Examiners [00:04:34]

The Importance of Encouraging Women in Fraud Risk Management [00:08:17]

The Benefits of Becoming a Certified Fraud Examiner [00:11:55]

The Consequences of Choosing to Commit Fraud [00:19:51]

Breaking Through Stereotypes: Exploring Unconventional Life Experiences [00:24:04]

The Value of Defense Work [00:27:59]

 Notable Quotes

1.      “At the end of the day, the business owners are the ones who have the assets that are getting stolen.”

2.      “We have this thing called the optimism bias. We don’t think bad things will happen to us. Even more so, we don’t think bad things will happen to us compared to thinking good things will happen to us. We hire people. We know I can trust. So why would they steal?”

3.      “Don’t look at it as a cost center. Give the fraud professionals the ability to keep training in networking.”

4.     “The genius of LinkedIn is you meet the person, you send the invitation, you meet the person, and a couple of years down the road, you’re like that person pops up again. And you go back in your messages and remember, oh, yeah. I saw them there. I connected there.”

 Episode Links

Fraudish

Kelly Paxton on LinkedIn

Connect with Tom Fox on LinkedIn

Categories
FCPA Compliance Report

John Warren on 2022 ACFE Report to the Nations


In the Episode, I am joined by John Warren Vice President and General Counsel at the Association of Certified Fraud Examiners. We discuss the 2022 ACFE Report to the Nations, which is the most comprehensive report on the global scourge of fraud. It is a fascinating look of how fraud occurs, where is occurs and the steps you can take to prevent it.
Some of the highlights include: 

  • What is the ACFE Report to the Nations? How often is it released? What are you trying to capture?
  • What are some of the big picture findings of the Report?
  • What is the annual cost of global fraud?
  • Why are hotlines so critical to fraud detection?
  • What is the fraud tree?
  • What are the 5 critical areas of occupational fraud reviewed?
  • What does the Report to the Nations tell us about corruption?
  • What detection/prevention areas are the most effective for corruption?

You can download a copy of the ACFE 2022 Report to the Nations by clicking here.

Categories
Blog

Fraud Trends for 2022

I recently had the chance to visit with Olivia Allison, Senior Managing Director at K2 Integrity. We looked at some key fraud trends in 2021 and how they might influence fraud investigation, prevention and enforcement going forward into 2022. We began with a discussion of general fraud trends from 2021, particularly around Covid-19 issues, such as personal protective equipment (PPE), and monies distributed by governments to bolster national economies, such as Paycheck Protection Program (PPP) in the United States. Allison added that supply chain issues were also a contributing factor to these issues. She found that during investigations related to COVID procurement and healthcare procurement specifically in relation to the pandemic there were supply chains issues regarding fraud.
She believes going forward there will continue to be fraud investigations as more allegations are put forward about fraud in both COVID procurement and public procurement. Of course, the government is interested in these categories because fraudsters are trying to defraud the government out of funds. Interestingly, she found issues around fraud and data security, particularly in the heyday of working from home (WFH). This may well change in 2022 when we have a Return to the Office (RTO) but with the surge of the Omicron variant many companies are shelving RTO plans until the spring 2022.
WFH led to wider fraud inside of companies because employees were “bypassing controls, sometimes maliciously, sometimes it’s not fraudulent, but they just think that the controls are inconvenient.” This was coupled with the troubling phenomenon that Allison has seen reported recently that millennials “just think that some controls are inconvenient and they just try to work around them.” This obviously puts organizations at risk and from a culture perspective can be very damaging.
Allison noted that another risk factor for fraud she is following in 2022 are two related phenomena. They are the mobility of the work force coupled with the Great Resignation. These have led to people moving around a lot more in the labor market. With folks changing jobs and working remotely;  it is very difficult to have the same level of connection with your employer. Companies must work much  harder to build some kind of consistent culture. One of the prongs of the Fraud Triangle is Rationalization, that “the company owes me a bit more or something like that and if you do not have that level of loyalty, there is a kind of widespread risk that people may be justifying certain actions to themselves.” Allison believes that there are “a lot of things brewing that are difficult for companies, whether it’s supply chain or data, or employee loyalty, that may cause problems in the future.”
We then turned to what Allison characterized as “multi-vector crisis” which is when multiple crises coming from many different directions. As a compliance officer or fraud examiner, you are not simply responding to one threat or even one threat vector but several at the same time. Allison believes are some steps an organization can take to manage such risks. The first is “you need to make sure that your protocols, data security, policies and procedures are clear and manageable. Then train when onboarding your staff so employee understand your procedures and monitor that they are actually following them.” Finally, ensure “what is written on paper is also what happens in practice.” I would also add Document Document Document.
Additionally, companies are building dashboards of different fraud indicators. But that is only a starting point as they then must use the data to prevent fraud. She added, “I think that is a trend and also something that companies need to be looking at as they are using data. It is more than just gathering data, its actually using the data to drive decisions.” Finally, if you have not done so since the pandemic shut down the country in March 2020, you should “refresh your training.” From the training perspective, Allison believes that more frequent, yet shorter messaging is better. You can certainly have a longer annual targeted training but here she agrees with Tina Rampino that an “espresso shot” of training can be more effective.
From the controls perspective, you need to determine if different types of frauds are happening within your organization or if the situation is simply that controls are being bypassed. If there is a control bypass or override, this needs to be closed off or the bypass needs to be approved by senior management with an appropriate business justification. Of course, controls issues need to be considered when thinking about different working practices and where your employees work; whether that is WFH, RTO, work outside the physical office or a hybrid situation.
We concluded by looking at whistleblowers and the recently implemented EU Whistleblower Directive, which came into force in December 2021. In at least the last four or five ACFE Reports to the Nations, one of the consistent themes is that fraud is almost always detected internally and either reported internally or picked up through internal audit or internal controls or some other mechanism. With the EU Whistleblower Directive and the governmental monies being poured into the economies to rebuild infrastructure and other projects, Allison expects to see an increase in whistleblowers reporting fraud. This includes internal reporting and reporting to the government where a potential bounty is in play. But Allison also cautioned that the “media is a sort of third line of whistleblowing” which we saw in 2021 with the Facebook whistleblower, Francis Haugen.
All of these factors lead Allison to believe that the risk of fraud and fraud reporting will increase in 2022. Companies need to train their front-line employees to prevent fraud before it happens. Controls need to be assessed in light of the evolving work locations. Of course, the government is very interested in both fraud prevention but also fraud detection and prosecution so 2022 could well be a more significant year than 2021.

Categories
FCPA Compliance Report

John Warren on 2020 ACFE Report to the Nations


In the Episode, I am joined by John Warren Vice President and General Counsel at the Association of Certified Fraud Examiners (ACFE). We discuss the 2020 ACFE Report to the Nations, which is the most comprehensive report on the global scourge of fraud. The year’s Report is particularly important with the government bailouts from the fallout of Covid-19. It is a fascinating look of how fraud occurs, where is occurs and the steps you can take to prevent it.
Some of the highlights include: 

  • What is the ACFE Report to the Nations? How often is it released? What are you trying to capture?
  • What are some of the big picture findings of the Report?
  • What is the annual cost of global fraud?
  • Why are hotlines so critical to fraud detection?
  • What is the fraud tree?
  • What are the 5 critical areas of occupational fraud reviewed?
  • What does the Report to the Nations tell us about corruption?
  • What detection/prevention areas are the most effective for corruption?
  • With COVID-19 and the federal government bailout, why is fraud prevention and detection so much more critical now?

You can download a copy of the ACFE 2020 Report to the Nations by clicking here.