ACFE - EY Fraud Week 2020 Newsletter
ACFE - EY Fraud Week 2020 Newsletter
15 - 21 November 2020
The COVID-19 pandemic has businesses experiencing testing times like While the road to normalcy is hard to predict in such tumultuous times,
never before, while significantly accelerating digital transformation. With organizations need to quickly adapt to the pace of change to remain resilient.
the economy gradually opening and the government and companies Channelizing efforts for business resurgence, recovery and continuity, using
reinvesting in people and businesses, organizations are likely to continue technology and digital platforms, and exercising increased vigilance to address
facing many unfamiliar challenges in the areas of fraud detection and fraud risks have become a pressing priority.
prevention.
Through initiatives such as International Fraud Awareness Week by the
Fraud and white collar crime have surged, making efficient and effective Association of Certified Fraud Examiners (ACFE), ACFE Mumbai Chapter,
risk and compliance management even more crucial. For example, along with EY Forensic & Integrity Services are trying to raise awareness
appointing new third-parties – suppliers and vendors without proper due around the fraud risks affecting businesses. As we show our support for Fraud
diligence or opening firewalls for work-from-home access to company Week, we are pleased to share this newsletter, which captures fraud trends in
systems and tools has led to a plethora of risks. There is a constantly 2020, viewpoints from industry leaders on their compliance and anti-fraud and
evolving landscape of frauds being committed by those seeking to take corruption efforts. We would like to thank all contributors and sincerely hope
advantage of the anxiety and uncertainty that the pandemic has created. you find it an interesting read.
e-Commerce frauds, involving fake or adulterated sanitizers and
cybercrimes such as phishing, malware and ransomware attacks are just
some of the foothill problems created by COVID-19.
Arpinder Singh
President and Founder, ACFE Mumbai Chapter
and Partner and Head - India and Emerging Markets,
Forensic & Integrity Services, EY
How agile forensic professionals and technology
integration in risk-based frameworks can
redefine the anti-fraud ecosystem
Of late, I have been seeing that there are growing opportunities coupled with a I see a trend and a shift in mindset on the part of regulators too, who are now
continuous and rising demand for Forensic professionals. The global recession, more open to methods like the use of artificial intelligence (AI), machine
corporate failures, banking crises, money laundering, corporate fraud, cyber- learning and robotics. In fact, they are actively encouraging organizations to
attacks, volatile markets, disruptive innovation and other developments necessitate consider, evaluate and where appropriate, implement these innovative
the need to have more of us in the system. technologies. This trend does not mean we throw away the existing risk-based
approach. What I see is co-existence i.e. a mixture of the existing scenarios
It is very much evident that the COVID-19 pandemic has resulted in an increase in
and the AI mechanisms.
financial crime and other misconduct due to market disruptions, reduced staff and
resources, and an increase in digital uptake. If one must call out a specific skill that all Forensic professionals must possess
in abundance, then that would be AGILITY. The dictionary meaning of agility
A spike in digital transactions leaves financial institutions exposed to an increased
is quick and well-coordinated in movement. The synonyms are cleverness,
threat of cyber security and fraudulence. COVID-19 also restricts financial
dexterity, quickness, sharpness, swiftness, briskness, promptness and
institutions from identifying and verifying clients; performing regulatory processes
sprightliness which are opposed to antonyms which are slowing, slowness,
such as customer due diligence; and implementing new solutions and technology,
sluggishness, clumsiness and stiffness.
which would typically protect organizations from these threats.
For any organization, for the Anti-Fraud Framework to be effective, the An Agile Forensic professional is the one who focuses on stakeholder needs,
organization's executive leadership should really drive it, as what we call the Tone accelerates review cycles, drives timely insights, reduces wasted effort and
at the Top. Today's complex, hyper-competitive and regulated environment generates less paper documentation.
requires leaders to guide their organizations away from fraudulent activities. This is So, my very dear fellow professionals, let us focus on agility which will help us
a simple statement and its implementation on the ground, is not as easy as it looks. to adopt technology, be an integral part of strategy, develop the confidence of
management and do everything that is lawfully expected of us. While we are
The fundamental elements of an effective anti-fraud and anti-corruption program doing it, we should enjoy the process.
are Enjoy the Forensic journey, not just the destination.
To create and maintain a culture of honesty and high ethics
In this episode, Arpinder Singh, CFE, partner and head Impact of the Forensic Accounting and Investigation Standards
of India and emerging markets, Forensic & Integrity
Services at EY, highlights how cybercrimes like BEC
scams, phishing and account takeover have risen and • Useful to the law enforcement agencies, corporate, banks and other stakeholders
will continue to rise over the next year.
• Highest degree of professional standards in investigations
Digitalization is one of the global megatrends, and with the ever-growing adoption ‘Speak up culture’ should be encouraged and all employees should be
of digital technologies and digital applications, it has become almost omnipresent. encouraged in ‘speaking the truth; being honest and trying to build a value-based
An increasing number of corporates across sectors are in the midst of digital organization’ as this is what creates a good ecosystem for good corporate
transformation, which is a crucial component of their business strategies. As per governance. Such an organization is bound to succeed over the long term in the
reports, by 2025, the global volume of data will soar to 163 zettabytes and by 2020, digital age, where the constant focus on quality, flexibility and efficiency forces
30 billion devices will be connected. Nearly 80% of corporates reported to have a constant change upon employees!
digital initiative under way while close to 70% believed that they need to invest in a
Building a robust moral fabric is important as only that would lead to sustainable
digital strategy to remain competitive.
and profitable business.
As digitalization disrupts society and business models, it poses both a challenge The Indian industry has taken to digitalization, with some sectors being able to
and an opportunity for Compliance Officers. More than ever, this transformation identify and exploit the benefits earlier than others. From an Indian perspective
makes a convincing argument for laying stress on the importance of business though, there still exists a trust deficit between government, industry and society.
ethics in the functioning of any company. A corporate must essentially develop a The basic reason behind the widening gap is the question of ethics and how each
character for the company rather than only stress on more processes since it is the pillar could try to ensure ethical behavior, specially at a time with digitalization also
character with which the company gets identified in the long run. brings in transparency and speed!
Why? Consider the amount of data, growing at an exponential pace, available for As the Indian Industry has so far seen six committees formed to educate and
corporates to harness. Combine this with the emergence of powerful technologies direct industry on what constitutes good ‘Corporate Governance’, its importance
such as machine learning and artificial intelligence. New skills have also could not be better underlined.
materialized, such as data mining, data visualization and risk analytics.
Due to some misdemeanor by industry the government promulgates new
It is in such a scenario that new risk management techniques and strategies need regulations, which demand increased disclosure requirements by corporates while
to take shape. Corporates, with a strong ethical character, will effectively combine on the other hand the industry looks up to these committees to guide the industry
the need for reviewing processes, making tools intelligent and automating risk captains on good governance. It is an oxymoron that needs quick addressal.
identification with role models for good corporate governance among senior
management. Deliberations within organizations that have been found wanting in compliance
have revolved around the question of what was more essential and important:
For every corporate, the journey for achieving good corporate governance Having more processes or developing a character for the company?
commences at the very top. As culture starts at the top, it is very important to have
the right members as role models and captains of the businesses. Healthy debates, Values can never change with technology or newer business models. To sum up,
quality of discussions, allowing dissent in a healthy manner within the management building up of moral fabric is very important as only that would lead to sustainable
teams are all essential and vital. ‘Walk the Talk’ by the management sets the tone and profitable business.
for values within the organization, not just maximizing efficiency, monitoring
business processes and automating compliance controls.
It is only values that can lead to sustainable business. Leadership guru Peter Neville K Gandhi
Drucker said, ‘Culture Eats Strategy for Lunch’. Hence, a lack of speak up culture
would not be able to sustain an organization. Vice-President Compliance, Siemens Limited
Educate We have several examine processes: monthly expense audits, with CoC
perspective, compliance clearances for processes with elevated risks, spot
checks, data analytics etc. We follow examine principle of effective
The beauty of the Schindler Code of Conduct (CoC) Policy is that it’s a one implementation, in a fair mode and the results are discussed at senior
pager document with five principles. Simple to understand, co-relate and follow. management level.
The compliance department devotes its maximum time on training and ensuring
all the activities are under training rigorously. The activities under this "E" are:
Explain the CoC at the time of induction and then ensuring that each employee Enforce
undergoes personal training minimum once a year. The CoC is always item no.2
in all the management meetings, first being Safety. During COVID-19 times also The violations, if any, are taken seriously. Proper impartial investigations are
the process of training is effectively conducted, with a change in model of virtual conducted by independent compliance officers. Fair treatment, including right
training, but keeping it interactive. Records of attendance are collected and kept to be heard, is offered to alleged perpetrators. A deep dive is conducted to find
on file. We started this year a new initiative of monthly CoC newsletters, which out motives and rationale.
is a one pager circulated over email to all the employees.
In a continuous learning process, violation practices are reviewed, and risk
Besides this, we also run a Compliance Radar, where each employee is given control measures are improved. Accordingly, we have various Risk Control
the opportunity to speak up and voice any compliance risks. This is in addition to modules in place, to avoid and mitigate the various types of fraud. We not only
a hotline whistleblower process, which is also in place. impose sanctions, including termination, for violations; we also extend rewards
and congratulations for doing the right thing. We cover and circulate learnings
Each employee undergoes eLearning once a year and has to clear the exam, in our future training materials.
with passing percentage being more than 80%. All new joiners have to pass
eLearning during their probation period and it’s one of the conditions for
confirmation.
We also have a direct hot line for whistleblowing and disclosures, which is open Atul Juvle
24/7. The code of conduct policy is an integral part of vendor and supplier
LL.B., F.C.S. M.F.M., CFE
agreements, and it is one of the conditions for forthwith termination, in case of
violations. We run a due diligence process on major vendors and suppliers. General Counsel, Compliance Officer & C.S, India & SA, Schindler
The report covers recent trends on how occupational fraud imposes tremendous costs upon businesses and government agencies
throughout the world.
The COVID-19 crisis has introduced us to the “New Normal” world of high usage of The goal of money laundering is to move the cash around to create layers that
Digitalization and Artificial Intelligence. Most business transactions globally are obfuscate the source of the criminal funds and, ultimately, turn the proceeds of
taking place online with high value of digital accounts. Fraudsters and crime into "legitimate" assets.
cybercriminals have been taking utmost advantage of this situation. Some
aggressively evolving fraud techniques in 2020 are listed below: Merck has designed a global project on Anti-Money Laundering (AML) to
create awareness amongst the senior leaders worldwide and eLearning
modules are rolled out to the entire organization.
Account Takeover (ATO)
Business Partner Risk Management (BPRM)
This technique is used to steal login credentials of individuals as well as
organizations. High net individuals and big corporates are the main targets for
these kinds of fraudulent activities. Organizations have created IT firewalls to Organizations rely heavily on their business partners (BP) for improved
mitigate this risk, so that these ATOs cannot be successfully commissioned. Our profitability, faster time to market, competitive advantage, and decreased
organization has a full-fledged IT Shared Business Services Centre which is costs. However, BP relationships come with multiple risks that include:
equipped to combat these kinds of frauds.
Transaction Risk
Organizations and individuals have been widely losing valuable assets without
giving away passwords. This tactic allows attackers to access data stored in the Strategic Risk
cloud by directing them to the real login page via a malicious link. RISK
Reputation Risk
Those who take the bait end up forwarding a digital token which gives fraudsters
indefinite access to all the cloud data, including emails, files and contacts – even Compliance Risk
after the victim changes their passwords. Merck’s IT team has been periodically
Information Security Risk
sending mails to all employees to create awareness about phishing, that they
should not fall prey to these attacks and the ramifications, which could cost the
organization dearly.
BPRM is the process of identifying, assessing and controlling these and other
risks presented throughout the lifecycle of relationships with BPs. Our
Money Laundering
organization is in the process of introducing an improvised, sophisticated
version to the existing IT tool which will conduct due diligence of BPs more
Currently, it represents between 2 – 5% of the global GDP, or close to $800 billion effectively and mitigate risks substantially.
to $2 trillion, according to the United Nations Office on Drugs and Crime.
A culture of integrity and transparency in a company helps in creating an open While interacting, conducting trainings, awareness sessions, campaigns and
work environment. Any company looking to ensure a fraud free environment investigation of the reported cases, the learning should be incorporated for
needs to proactively define various initiatives and should take appropriate continual improvement of the defined policy and to make sure that it stands current
measures. at all times.
To make an organization’s strong anti-fraud culture, there are various important There are various ways available presently and also emerging on day-to-day basis
aspects which are critical. to mitigate the different type of frauds. But the most efficient and important way is
the organization’s respect to the anti-fraud policy created, ensuring its regular
For example,
review and updation.
The fraud, if occurred, can cause impact at any level. Hence, the various effective
techniques based on emerging technologies like Artificial Intelligence, Machine
Defining the anti-fraud policy of the company and effectively
learning or Data analytics can help us in unearthing the impact of a fraud that
publishing it for its better reach
occurred. But it’s always wise to introduce these technologies to the environment in
Defining the expectations of the company from each of its employees the form of a defense as well, so that fraud can be prevented to an extent, at the
which may include the conduct from its employees, the expected first place.
values to be followed while performing any of the duties, etc Continual fraud risk assessment of various business processes also helps to
understand the gaps in advance, plan and implement the effective and best suited
The awareness among the employees as to how each one can
control to plug in that gap in a timely way.
contribute in achieving a fraud free work environment
An organization’s culture where all personnel across any level feel confident and
Setting the tone of the organization by ensuring a zero-tolerance safe to report any type of fraud noticed, without the fear of retaliation is a very
approach toward any breach to the anti- fraud policy important aspect to ensure an open environment. This aim can only be achieved
when special efforts are being made to ensure the confidentiality of the person
Publishing the incident reporting structure at all levels for ensuring
reporting the matter till the time it is not important for the investigation of the case.
timely reporting of any type of fraud at any level. This involves
mechanism like advertising the hotline numbers and email Summarizing, the organization’s culture plays a very critical role in maintaining the
addresses on which fraud cases can be reported by anyone. fraud free environment. It is pertinent to maintain the healthy organizational culture
as it can cause serious impact not only financially, but for bigger companies’
Regular conduct of trainings, awareness and campaigns of the reputational loss is even more concerning.
defined anti-fraud policy for better assimilation and complete
familiarity with the policy
Ranjana Rao
After taking all the precautionary steps as stated above, it is equally important CFE
to define the penalty and disciplinary actions which can be taken by the
Head of Security- RIL, Logistics
management or a defined committee.
Sanjiv Dwivedi
Business experience: Past business experience in terms of
sales which have been a risk can help give insights in terms of Head – Investigation & Loss Mitigation,
underwriting new business
Bajaj Allianz General Insurance
Today’s corporate world is a confluence of organizations that were built Modern day organizations must reinforce the documentation practices by
decades back and the ones that have been around for much lesser time. constantly reinforcing the accountability every email, meeting, system access, etc.
There are many differences in the way younger and more modern organizations that maps the e-Signatures of the employees via their laptops, cell phones, etc.
operate. We all know these differences and the overarching word that is usually This reinforced accountability will help create a much robust deterrent against
used to describe these differences or let us say ‘uniqueness’ is culture! fraudulent practices.
Yes, its rewarding to change with times and we have seen far more younger
organizations growing exponentially in value in much shorter time span. Investing in workforce
However, being new age does not necessarily mean age-old practices are
obsolete. A striking example is “core values” – the values we operate on have
evolved but the fundamental of operating on core values remains the same. In my personal observation, I have noted over the years many organizations, old
and new alike have developed policies and changed older practices to optimize
Let us look at some traditional terms that can help fraud mitigation in modern cost. A few examples – leave encashment, CTC restructuring, perquisites,
times – allowances, etc. are constantly tweaked. This does create a sense amongst the
workforce about in lines with how much organizations values its employees.
Loyalty Modern day organizations must not overlook this aspect or observations and
ensure parity in practices that not only benefit the organization alone but also its
employees. This helps in maintaining higher engagement levels thereby improving
Most modern-day workforce might chuckle at the word ‘loyalty’ because they organizational defenses against frauds.
associate it with longer tenures and today many employees move around
different organizations with tenures as less as 1-2 years per organization.
Modern day organizations must focus on absorbing this term and evolve its These are just some of the many such practices and values. I am sure all of us
definition to nurture a sense of belongingness to the organization without any can think of many more. It is important to learn from the past as we work hard in
clause on tenures. This will bolster mutual respect between employees and our present for a secured and sustainable future. Just as environmentalists talk
organizations. Any individual who has a sense of belonging and respect will tend about leaving a better place for future generations, us professionals must also do
less to sway towards malpractice against the organization and chances of them our bit to create a better working environment for future generations. Modern
being a brand ambassador of such organization event after they have moved on organizations are in the forefront of this change and traditional practices can offer
is high. important wisdom not just for fraud mitigation, but all aspects in this working world.
Today’s world relies on IT enablement and audit trails for documentation norms. DGM, Business Ethics and Compliance
Traditionally, the impetus on documentation was extremely high and there was Lupin Ltd.
an inherent accountability associated with every signature.
Every crime or fraud has a cascading effect on the economics associated with it. The Greater Mumbai Municipal Corporation (then) had six octroi collection
The Police enter details of property stolen, property recovered, weapons used, check posts. The ACB called for statistics relating to the daily collection of
suspects arrested, suspects sent for trial with outcome of such trial etc. Corporate octroi for three months prior to the date of the trap and three months post the
investigators, on the other hand, upload records of investigation including arrest of the Vigilance Inspector. The results were startling. It was disclosed
statements and investigation report. While this is all good and required, the that daily collection of octroi at the six check posts, till date of arrest of the
physical, financial, regulatory and emotional impact any crime or fraud can Vigilance Inspector was approx. Rs. 6 crores. This amount increased to
sometimes be devastating, for those involved and even to the concerned approx. Rs. 12 crores per day after arrest of the Vigilance Inspector. I will
corporate entity. leave it to the imagination of the reader to calculate the loss to exchequer per
year and its implications to the development of this island city and on the
As far as corporate investigations are concerned, an investigation may lead to society at large.
loss of business, loss of employment, and risk – reputational, regulatory and
financial. Like an iceberg, the loss recorded in the case management system may During my service with a multi-national bank, it was suspected that a small
sometimes be very minuscule as compared to the actual loss that is not apparent group of employees had submitted forged or fake food bills while on a short-
or immediately verifiable. term international project assignment. The employees concerned, were
supposed to submit bills to claim income-tax relief on their per diem
According to an old adage, “A milch cow gets the juiciest fodder while the heifer entitlement. Investigations disclosed that it was not just the few reported
goes to the slaughterhouse”. This is true for the investigating units in corporates employees who had submitted forged or fake food bills, there were hundreds
as well. The corporate investigation units are considered as non-revenue of such employees who had submitted thousands of forged or fake food bills
generating units of the corporate. Resultantly, these units do not generally get to claim rebate in income tax. While action was taken against the employees
due attention or recognition as compared to the revenue generating units. concerned, computing and managing the subsequent tax liability of the
employer’s part, including retrospectively, required huge efforts and
With the help of few cases, both from my law enforcement days as well as while resources. The employees had saved a few hundred rupees of their tax
working as an investigator in multi-national banks, an attempt is hereby made to liability, but the employer bank had to spend millions to rectify the situation.
explain quantification of crime or fraud and thereby its impact either on the
society, the exchequer or the concerned corporate entity. Corporate frauds like Satyam, Enron, Wells Fargo, WorldCom, Lehman
Brothers Bank, Barings Bank usually end up in the concerned corporates
In the year 2000, the Mumbai Unit of the Anti-Corruption Bureau (ACB) arrested a either declaring insolvency and/or investors losing billions overnight, not to
BMC Vigilance Inspector for demanding and accepting bribe of Rs. 32,000 from a mention the protracted legal costs and court cases in various courts and
transport contractor for releasing a truck that the Vigilance Inspector had countries.
impounded for evasion of octroi. The ACB and Court records rightly captured
amount of bribe demanded, amount of bribe accepted and person arrested.
However, beyond what is required to be captured in the case management
system or the crime register, an effort was made to quantify this crime and its
impact.
Amazon: https://amzn.to/3mcod4y
MeriPustak: https://bit.ly/3dNQBad
MakeMyDelivery: https://bit.ly/35qlayS
Be Proactive: Adopt a code of ethics for management and employees. Evaluate International Fraud Awareness Week
01 your internal controls for effectiveness and identify areas of the business that are is led by ACFE, the world's largest
vulnerable to fraud. anti-fraud organization and premier
provider of anti-fraud training and
education with more than 85,000
Establish Hiring Procedures: When hiring staff, conduct thorough members. Fraud Week champions
02 background investigations. Check educational, credit and employment the need to proactively fight fraud
history (as permitted by law), as well as references. and help safeguard business and
investments from the growing fraud
problem. In 2020, this movement is
The good news?
from 15 to 21 November. During
There are some basic steps Fraud Week, official supporters will
Train Employees in Fraud Prevention: Do workers know the warning
your organization can take 03 engage in various activities,
signs of fraud? Ensure that staff members know basic fraud prevention
immediately to lessen your including: hosting fraud awareness
techniques.
vulnerability training for employees and/or the
to fraud. community, conducting employee
surveys to assess levels of fraud
Implement a Whistleblowing Hotline: Fraud is still most likely to be awareness within their organization,
detected by a tip. Providing an anonymous reporting system for your posting articles on company websites
04
employees, contractors and clients will help uncover more fraud. and in newsletters and teaming up
with local media to highlight the
problem of fraud.
Source: https://www.fraudweek.com/fraudweek/resources
Schedule
18 19 20
November November November
Session 1: Global Compliance Trends Session 1: Risk Assessment Session 1: Managing third party
(Compliance Risk reporting & compliance risks – The Medtronic
By Basha Galvin, Chief Operating Self-Monitoring tools) Compliance Program
Officer, Association of Corporate
Investigators By Deepa Bhandare, By Tanhieya Ghosh,
Compliance Officer – HC India & Director- Legal & Compliance,
Steve Young, Chief Executive Thailand, Merck India India Subcontinent (India & South
Officer, Association of Corporate Asia), Medtronic
Investigators
Session 2: Fraud detection and deterrence:
Session 2: Data privacy in a pandemic
an internal auditor’s perspective
induced environment: compliance
Session 2: Cross Border Investigations
constraint vs control
By Manoj Agarwal,
By Percy Amalsadiwalla, Head - Internal Audit and Risk By Atul Juvle,
Chief Manager - Investigations & Management, Metro Brands General Counsel, Compliance
Regulatory, Siemens Officer & CS- India & SA, Schindler
Arpinder Singh
Amit Rahane
President and Founder, ACFE Mumbai Chapter
Partner,
and Partner and Head - India and Emerging Markets,
Forensic & Integrity Services, EY India
Forensic & Integrity Services, EY