Theft, fraud and corruption is a growing threat to many companies. But what does such a broad range of perils really mean for companies in practice?
The fraud epidemic is costing businesses billions a year, yet many companies are doing too little to protect themselves.
In the UK, annual fraud losses stands at an estimated £193 billion, according to a 2016 study by the University of Portsmouth’s Centre for Counter Fraud Studies, business advisers PKF and credit risk specialist Experian.
Businesses were the biggest targets. Procurement fraud alone is estimated to cost UK firms £127 billion a year; payroll fraud another £12 billion.
While the estimates are subject to high levels of uncertainty, the impact on businesses is, without a doubt, profound. As the University of Portsmouth study puts it: “No-one knows the true cost of fraud in the UK, but it’s taking place on an industrial scale and is, without question, one of the biggest crimes afflicting UK plcs today.”
A global problem
The issue of fraud is not just restricted to Britain. Another study, published in 2016 by the Association of Certified Fraud Examiners (ACFE), detailed 2,410 occupational fraud cases worldwide. Certified fraud examiners (CFEs) estimated their businesses’ typical losses to fraud at 5 per cent of revenues in any given year.
The problem affects all industries. In the private sector, fraud was most frequent in the banking, financial services and manufacturing industries. And although the mining and wholesale trades saw the fewest cases, their median losses were the highest among all industries.
Despite this, many organisations are failing to protect themselves. The ACFE study found that the most prominent organisational weakness contributing to fraud is a lack of internal controls. Likewise, uptake of crime insurance policies, which protect businesses against such losses, is relatively modest.
“Probably only 15 to 20 per cent of our significant commercial customers traditionally buy this sort of insurance, while others will add extensions to other policies,” says Mike Parry, Partner at JLT Specialty.
However, the situation is changing.
“At the moment, this is the area of coverage we’re discussing with businesses more than any other,” says Parry.
The changing nature of fraud risk
Traditionally, fraud and crime have been first-party losses for businesses, says Terry FitzGerald, UK Head of Commercial D&O and Financial Institutions for Allianz Global Corporate & Specialty. He says that it’s been focused on employees stealing from their own companies, which makes it a difficult problem for businesses to address.
“Employers don’t like to believe they have dishonest staff,” explains FitzGerald. “So they’re reluctant to spend money to cover the risk, even though it’s remarkably prevalent.”
The danger of first-party fraud persists. But it’s the growing threat of third-party fraud that is making the issue easier for businesses to admit and impossible to ignore.
The variety of risks from outsiders is as wide as those from staff, and will vary from industry to industry.
Examples of third-party fraud
Solicitors, for example, have seen a surge in so called ‘Friday afternoon fraud’ over the last couple of years, according to insurer QBE. In the 18 months to the first quarter of 2016, QBE found 150 successful cases among UK law firms, costing £85 million, as well as ten times as many failed attempts.
This is just one example of a wider increase in ‘social engineering’ fraud, which accounts for much of the boom in third-party losses.
The most high-profile cases have been the big ‘fake president’ or CEO frauds, which have seen companies duped out of millions in a single attack. Earlier this year, Austrian firm FACC lost €50 million in such a scam, which ultimately cost both the Chief Executive and the Chief Financial Officer their jobs. Belgian bank Crelan lost €70 million in similar circumstances, and US firm Ubiquiti Networks lost some $47 million.
In an alert put out earlier this year, the FBI estimated that businesses had lost more than $2.3 billion to what it termed ‘business email compromise’ (BEC) scams in the past two and a half years. The Bureau reported a 270 per cent increase in identified victims and losses since January 2015.
That’s likely to be replicated elsewhere, says James Barnacle, chief of the FBI’s money laundering unit. “Criminals don’t have borders, and this is a global problem,” he told the Financial Times.
For further information, please contact Mike Parry, Partner on +44 (0)20 7528 4921