Fraud is on the rise, but regional businesses are adopting resilient corporate governance programs to protect themselves
Every year,we publish the Kroll Global Fraud Report in which we describe and analyse the results of a survey carried out on our behalf by the Economist Intelligence Unit. In 2013, over 900 executives from around the world were polled in July and August. More than half of these C-level participants represented companies with annual revenues of over $500 million. A wide range of industries was represented including financial services, telecommunication, retail, FMCG, construction, engineering, manufacturing and oil and gas.
In 2012, the overall incidence of fraud in the Gulf region – in other words, companies that were hit by fraud at least once in the preceding 12 months – stood at 49%.In 2013,the figure jumped to 72%. There are multiple reasons that might explain this jump of 23%.
First, the percentage of companies where exposure has increased stood at 54% in 2012, but in 2013 that figure rose to 89%. As the table below shows, the four main drivers that increased exposure to fraud are high staff turnover, entry into new markets, lack of budget for compliance and internal audit, and the complexity of the IT infrastructure resulting in multiple points of attacks and IT security vulnerabilities.
Second, the heightened awareness of fraud also demonstrates that executives across the Gulf region are changing their thinking and attitudes in the way they address it. In particular, they are openly discussing the issue of fraud and the fact that it is costing businesses tens of millions of dollars in losses every year.
Our experience shows that many corporations in the Gulf are fighting the problem head-on, although at times somewhat reluctantly in fear of leaks of information and reputational damage. Businesses in the Gulf are becoming more inclined to engage fraud specialists to help deal with internal and external misfortunes and achieve the best possible outcome. They are gradually engaging with external risk specialists to develop focused mitigation strategies and response to attacks.Many require specialist skills such as computer forensics, cyber investigation and forensic accounting, and the issuance of expert and an independents report to support clients’ commercial and legal objectives, which may not otherwise be available in-house.
It is interesting to note that according to the survey, fraud is usually committed by business partners, vendors/suppliers,customers, junior employees, and senior-and middle-management. Regarding the latter two (employees and management), combined they represent 43% of all fraud committed. This explains why, according to the survey, 56% of companies are investing in whistle-blowing programs and staff training in an attempt to undermine that high risk.We should note that these figures are consistent with international standards – i.e. other emerging markets are implementing similar measures, including Asia and Africa. But for this to succeed, businesses must design and implement appropriate and clear whistle-blowing procedures. The decision must come from the board, and this is intended to create an overarching culture of disclosure and good corporate governance; robust and transparent internal audit and compliance functions and activities; inclusion of clear and obligatory responsibilities, and specific guidelines in the Code of Conduct and corresponding employee contracts. Some today also rely on external whistle-blowing specialists and ‘hot line’ consultants to manage and analyse the reporting that comes from whistle-blowers’ submission of information and the appropriate timing and speed by which to react.
To complement these activities and increase a more resilient business, when asked what specific anti-fraud measures businesses will focus on in the next 12 months, the answers in order of priority were: financial controls, information security, physical security, management controls and third party due diligence.
However, when we asked executives about corporate vulnerabilities, the answers were rather contradictory. For example, when executives were asked ‘how vulnerable is your organization to internal financial fraud’, 32% responded ‘not at all vulnerable’. When asked ‘how vulnerable is your organization to misappropriation of company funds’, almost a third responded ‘not vulnerable at all’. The perception that businesses are not vulnerable to fraud is worrying. These respondents are advised to reconsider their responses. There is no more effective way to invite attack than to lower defences to the floor.
Our experience in the region suggests there is clearly a gap between the perception of threat and the actual risk that Gulf businesses are facing in domestic and foreign markets. Companies recognize they have a problem, but sometimes only when it is too late. The wider this gap grows, the greater the real risk becomes. Regrettably, we often find that those who have been bitten are the fastest learners, and those that have not, are more inclined to sweep the problem under the carpet until they have.
Despite this, it would appear that systematic methods toward risk management and mitigation are being used by some of the leading corporations in the region – they are making the investment because they recognize it will protect them in the long run. However, they remain in the minority and many still make the same mistakes.Internal audit and lawyers alone cannot provide sufficient protection. This would suggest there is some pain to come, and the consequences for those who fail to plan and respond accordingly could prove far reaching and have considerable financial and reputational repercussions.
YASER DAJANI, MA is Managing Director at Kroll for the Middle East & North Africa region.