§1. Online Fraud
§1.1. The Nature of Online Fraud
Businesses now operate in a connected world. They sell across multiple channels and geographies. But as the number of channels and markets businesses operate in continue to rise, so does the risk of fraud. Fraud perpetrators are becoming more sophisticated. Fraud is increasingly difficult to detect. As a result standard fraud verification tools can prove to be insufficient.
§1.2. The Threats
Fraud perpetrators may target an online business to gain customer information such as names, addresses and payment details to commit crime.
A lot of people use public Wi-Fi networks when travelling on business at hotels, bars, cafes etc., but take no steps to secure their connection when sending personal and business emails, banking or credit card details. Public Wi-Fi networks are open to hacking, identify theft and fraud. Numerous simple tools and free apps exist which can be used by fraud perpetrators to hack public Wi-Fi networks – a process called “sniffing”.
Employees are now being targeted by “spear phishing” – when an email is sent by a fraud perpetrator directed to a particular individual. The fraud perpetrator poses as someone else within the company, usually someone important or in a position of trust. The fraud perpetrator requests information such as login ID and passwords. He may ask the employee to update their username and passwords. Once the fraud perpetrator has this information, he can access the secured networks of your company, gaining entry to confidential information and customer data.
Other methods of a fraud perpetrator include asking the employee to click on a link, which deploys malware that can take personal or confidential data from within your company.
Be wary of where you store personal or confidential information. If you employ a third party “hosting” company then you need a) to identify where your information is being kept, b) how it is being shared and c) how it is being stored.
The latest computer threat to businesses is called crypto-locker. Crypto-locker is a form of ransomware that is usually disguise within a legitimate looking e-mail attachment. When the attachment is opened, the malware encrypts certain types of files within a computer. The victim will then receive a message offering to decrypt the data in exchange for payment usually via Bitcoin or pre-paid vouchers. There is little recourse for the victim. That is why it is important to back up your data on a regular basis.
§2. The role of the Serious Fraud Investigation Office
§2.1. Serious Fraud Investigation Office
The Serious Fraud Investigation Office is an international specialist bureau for independent forensic examination of fraud-related crime involving complex issues of criminal law or procedure. We examine serious and complex cases of corporate fraud, commercial fraud, insurance fraud, cheque and payment card fraud, counterfeit currency, money laundering, computer crime and breaches of the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, Official Journal No. L.119 of 4 May 2016, p. 1 et seq. (General Data Protection Regulation).
§2.2. Create a culture of honesty, openness, and assistance
Creating a culture of honesty, openness, and assistance includes three (3) factors: (1) hiring honest people and providing fraud awareness training; (2) creating a positive work environment, which means having a well-defined code of conduct, having an open-door policing, not operating on a crisis basis, and having a low-fraud atmosphere; and (3) providing an employee assistance program that helps employees deal with personal pressures.
§2.3. Eliminate opportunities for fraud
The five (5) ways to eliminate fraud opportunities are: (1) having good internal controls; (2) discouraging collusion between employees and customers or vendors and clearly informing vendors and other outside contacts of your company’s policies against fraud; (3) monitoring employees and providing a hotline (whistle-blowing system) for anonymous tips; (4) creating an expectation of punishment; and (5) conducting proactive auditing.
§2.4. Comprehensive approach to preventing and deterring fraud
Most organizations do not have a comprehensive approach to preventing and deterring fraud. In fact, most companies don’t think about fraud until they experience one. When fraud occurs, they go into crisis mode, investigate and try to resolve the fraud, and then wait until another fraud occurs. A more comprehensive fraud-fighting approach would involve:
- creating the right kind of modeling and tone at the top,
- educating and training employees about fraud,
- assessing risks and putting proper controls in place,
- having reporting and monitoring systems in place,
- proactively auditing for fraud and then, when fraud does occur,
- investigating and following up on the fraud.
The first element of a good fraud-fighting system is having management, the board of directors, and others at the top of an organization positive “tone at the top.” This involves two (2) steps: (1) caring enough about having a positive organization that effective fraud teaching and training is conducted throughout your organization and a well-defined corporate code of conduct is promoted and (2) setting a proper example or modelling appropriate management behavior.
The second element of a good fraud-fighting system is educating employees and others about the seriousness of fraud and informing them what to do if fraud is suspected. An awareness training might help your organization to prevent fraud and ensure that fraud do occur are detected at early stages, limiting financial exposure to the corporation and minimizing the negative impact on the work environment.
The third element of a good fraud-fighting system involves integrity risk assessment and having a good internal control system. Having a good system of controls means that there will be an explicit study of all frauds and why they occurred, together with implementation of control activities necessary to prevent future occurrences of the same types of frauds. Our analysis involves determinations by people in management, the board of directors, and others at the top, audit, security, human resources, control and finance of why and how the fraud involved. Such analysis are focused on the individuals who were involved, the controls that were compromised or absent, the environment that facilitated the fraud, and related factors. The results are important in understanding the kinds of preventive measures that are needed within the environment in which the fraud occurred.
The fourth element of a good fraud-fighting system includes having a system of reporting and monitoring.
The fifth element of a good fraud-fighting system involves having proactive fraud detection methods in place. Proactive active fraud detection methods are not only effective in detecting fraud, but knowledge of their use is a good fraud deterrent.
The sixth element of a good fraud-fighting system involves having effective investigation and follow up when fraud occurs. Effective investigation means your organization must have formal fraud polices stating who will carry out all elements of an investigation. Your investigation procedures must include: (a) who will conduct the investigation, (b) how the matter will be communicated to management, (c) whether and when law enforcement officials will be contacted, (d) who will determine the scope of investigation, (e) who will determine the investigation methods, (f) who will follow up on tips of suspected fraud, (g) who will conduct interview, review documents, and perform other investigation steps, (h) who will ultimately determine the corporate response to fraud, disciplines, control, etc. A strong prosecution policy must have the support of your board of directors, and others at the top, and must be informed if someone commits fraud and is not prosecuted. The single greatest factor in deterring dishonest acts is the fear of punishment. In order to obtain cooperation from law enforcement officers and the justice system, it is almost always necessary to conduct a thorough an complete investigation (usually including obtaining a signed confession) before the overworked law enforcement agencies and criminal justice systems can accommodate the prosecution.
§2.5. Proactive Fraud Auditing
Very few organizations actively audit for fraud. Rather, their auditors are content to conduct financial, operational and compliance audits and to investigate fraud only when symptoms are so egregious that fraud is suspected. Organizations that proactively audit for fraud create awareness among employees that their actions are subject to review at any time. By increasing the fear of getting caught, proactive auditing reduces fraudulent behavior.
§3. Our Strategic Analysis, Advisory Services and Operational Support
§3.1. Fraud Risk Assessment
Anti-Fraud provides an independent and objective assessment of the organizations existing anti-fraud program, gaps in the existing controls and suggest measures to mitigate the gaps.
We assist our clients in setting up a monitoring framework, developing relevant checking procedures and identifying key risk indicators of fraud, corruption and abuse.
We also develop training programs for employees, and help to create a continuously evolving control environment reflective of the risk landscape.
§3.2. Fraud Risk Management
To deter the occurrence of fraud, we provide clients with expertise to set-up and implement a visible and transparent fraud risk management program that allows to create an anti-fraud environment.
We assist private and public organizations with turning critical and complex issues into opportunities for resilience and long-term advantage. This involves identification of modus operandi as to how did the fraud occur, who was involved, what were the extent of losses, and how can it be prevented from recurring.
§3.2.1. Our Anti-Fraud Strategy
Our anti-fraud strategy has four (4) main components: a) Prevention, b) Detection, c) Response, and d) Deterrence. The various elements of an effective anti-fraud strategy are closely interlinked and each plays a significant role in combating fraud. The combination of effective fraud prevention, detection and response measures will create an effective fraud deterrent.
§3.2.2. Fraud Prevention
The attitudes within your organization lay the foundation for a high or low fraud risk environment. Where minor unethical practices may be overlooked, larger frauds may also be treated in a similar lenient fashion. In such an environment there may be a risk of total collapse of your organization either through a single catastrophic fraud or through the combined weight of many smaller frauds.
A sound ethical culture and sound internal control systems are essential key components of a fraud prevention strategy.
§3.2.3. Fraud Detection
There are a range of fraud indicators – both warning signs and fraud alerts – which can provide early warning that something is not quite right and increase the likelihood that the fraudster will be discovered.
§3.2.4. Fraud Response
Any organization should set out its approach to dealing with fraud in its fraud policy and fraud response plan. Organizations should ensure that this includes provision for learning lessons from fraud incidents and appropriate, prompt follow-up action.
§3.3. Fraud Investigation
Fraud Investigation helps organizations manage the risk an vulnerabilities that come from global corruption, from high profile and complex financial matters to employee, cash, cybercrime and procurement fraud.
We assist our clients with investigation of alleged fraud or corruption perpetrated against corporate and government entities, including, but not limited to, vendor fraud, payables fraud and embezzlement. We also assist with factual, often privileged, investigation of alleged corporate wrongdoing, including, but not limited to, investigation of alleged financial statement misrepresentations and violations of anti-corruption regulations. Our investigation work includes forensic imaging of computers, data analysis, collection and analysis of data, interviews of individuals and review of documents.
We help our clients understand and respond to anti-bribery and corruption compliance in all its phases, even when the businesses span many jurisdictions and are governed by many regulators. We assist in determining loose controls posing risk of violation of FCPA and Bribery Act, showcasing company’s views on corruption and bribery to regulatory bodies and also provide training to employees regarding FCPA, Bribery Act and related provisions.
§3.5. Compliance Assistance
Corporate executives and board of directors have increasing demand on evidences of whether their corporate compliance infrastructures, processes and controls are effective, integrated, efficiently risk-aligned and embedded throughout a complex, global organization. Effective and cost-efficient management of legal, regulatory and reputational obligations is a critical element of corporate governance and enterprise risk management.
We assist clients in assessing, improving and monitoring their compliance programs. Our work includes compliance risk assessment, compliance program gap assessment and improvement recommendations, design implementation assistance for compliance process, deployment of governance, risk and compliance, technology, and data analytics and compliance monitoring.
§3.6. Integrity Due Diligence
Integrity Due Diligence (“IDD”) is the gathering of independent information to gain an understanding of the integrity and corruption risks associated with a third party. It provides companies with a means to both identify these risks and confirm (or otherwise) information provided to them by a third party.
We conduct integrity due diligence services for clients across multiple sectors to help mitigate risks from new commercial relationships and to inform their strategic decision-making.
Companies with an international presence (or plans to expand internationally) are placing an increased emphasis on the need to understand the integrity risks posed by the third parties with whom they contract in those countries (including their representatives, agents, distributors and critical members of their supply chain), in particular for compliance purposes in light of new extra-mural anti-corruption legislation introduced in many western jurisdictions.
§3.7. Forensic Business Intelligence
Forensic Business Intelligence assists in conducting research and collecting information about a target or an entity through searches on public domain information sources on-site visits and interviews.
We provide Forensic Business Intelligence Services to eliminate opportunities for fraud.
We advise clients when the need further information about a potential business partner, another party in a hostile takeover, a competitor or a commercial opportunity. Entering into any significant commercial transaction involves risk, but by providing relevant an reliable intelligence we help clients make better decisions.
§3.8. Litigation Support
Litigation support is all activities, usually within the law firm, that is designed to prepare a lawyer to try a case, including document review, interviewing witnesses, and case preparation. Litigation support activities include the organization of documents, including paper-based document management, but increasingly through technology such as litigation support software and systems. Documents are organized into searchable databases for review and production.
We provide litigation support to our clients, often working alongside their external legal teams, to design and implement investigation strategies and obtain admissible evidence. We also work directly with law firms to enhance their resources and enable them to provide more cost-effective solutions to their clients. As well as legal remedies, our consultants have a detailed understanding of extra-legal strategies that can achieve the best outcomes for clients, having worked closely with law firms, media consultants and business advisors in many past cases.