Business Fraud Does Not Rest; Prevention Should Not Either

It is a silent threat, but surely more harmful than other well-known risks to businesses. Every year, fraud detracts billions of euros from the P&L accounts of companies around the world. It is not easy to assess the real magnitude of this type of criminal offences, because companies tend to wash their dirty laundry inhouse, but it is a universal phenomenon, which does not distinguish between geographical locations nor business categories. No one is safe from its economic and reputational effects. Whether it’d be through asset appropriation (the most frequent, but also the least significant, fraud), corruption, or accounting or financial manipulation, employee misconduct is a risk that companies must effectively manage.

The level of internal control is, in this sense, a critical factor. If the company’s monitoring mechanisms end up slackening, as is sometimes the case under various circumstances, fraud is more likely to appear and thrive. That is precisely what we have noticed at FTI Consulting during the pandemic years. The organizational chaos caused by the coronavirus pandemic allowed for some irregularities, such as the management of funds without adequate control or supervision, or the inappropriate engagement of some vendors for certain one-off supplies. The economic impact of these events is certainly relevant, more than half of the time not a single cent of the amount that has been defrauded is recovered. The reputational impact also bears upon the P&L account.

Fortunately, companies are increasingly aware of the importance of control systems to prevent this type of criminal offences, which in turn results in a lower incidence of the problem, both in the reduction of losses caused by employee fraud and in the reduction of detection times. According to the latest report by the Association of Certified Fraud Examiners (ACFE), “2022 ACFE Report to the Nations”,¹ which every two years makes a detailed x-ray of the phenomenon worldwide, the average loss for each fraud case is $117,000 and is detected, on average, over a twelve-month period. These figures are slightly better than the 2020 report ($125,000 and 14 months) and looking back to see the evolution of the last decade the downward trend is slow but robust (in 2012 the figures were $140,000 and 18 months).

In this sense, the president of the Spanish Chapter of the ACFE, Gertrudis Alarcón, recently confirmed to us that the trend is positive and that the control systems will have a real impact on the organizations. In fact, the study attributes this improvement to the progressive implementation of control tools within companies. Particular importance is attached to the increasingly frequent existence of reporting channels, or “hotlines”, which allow employees (and also external groups, such as customers or suppliers) to inform the organization of potential irregularities while maintaining confidentiality and anonymity. According to the ACFE report, 70% of the companies analysed had such a mechanism, compared to 54% in 2012.

It is the proven effectiveness of reporting channels in detecting internal fraud that has led the European Union² to adopt the Directive on the protection of persons who report breaches of Union law (“whistle-blowers”), which makes it mandatory for companies to set these channels up in order to monitor internal irregularities, placing particular emphasis, as its name suggests, on the need to protect whistle-blowers from possible reprisals. In Spain, the Directive is in the process of being transposed into national law. The Council of Ministers approved the draft bill in March³ and started parliamentary proceedings, which are expected to be completed in the third quarter of this year. The draft bill, which affects both public and private enterprises, provides for two stages of implementation. Initially, large companies (250 or more employees), and then medium-sized companies (50 to 249 employees), will be required to have complaints programs.

Experience shows that reporting channels are important in preventing employee fraud. But companies have other tools at their disposal to help them detect it in time. Training of staff, resourcing of internal audit and compliance departments, proactivity in internal controls, involvement of top management (“Tone from the top”), background checks for key employees, suppliers, or intermediaries, or enforcing a culture of transparency are elements that make a decisive contribution to the effectiveness of the policies for preventing internal irregularities.

Those are the tools. But almost as important as using them is to keep in mind that no business or organization (whether large or small, national or multinational, public or private, for-profit or not) is immune from such criminal offences. Fraud does not rest.

Footnotes:

1: https://legacy.acfe.com/report-to-the-nations/2022/

2: https://www.boe.es/doue/2019/305/L00017-00056.pdf

3: https://www.lamoncloa.gob.es/consejodeministros/referencias/Paginas/2022/refc20220304v02.aspx#corrupcion