How can organisations position themselves to transform a potentially serious business problem into an opportunity?
People often ask what white collar crime is, but no single definition of white collar crime exists in Irish law. Indeed, we often hear or see the words “economic crime”, “fraud”, “corporate crime” and “white collar crime” used interchangeably. Taken together, they cover illegal acts committed by an individual or a group of individuals to obtain a financial or professional advantage. Examples include asset misappropriation, bribery and corruption, money laundering, business misconduct fraud, cyber-crime, accounting and tax fraud, false accounting, insider trading, procurement fraud and consumer fraud.
Regulatory framework
Earlier this year, the Minister for Justice and Equality, Charlie Flanagan TD, received Cabinet approval for the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2019 in order to comply with Ireland’s obligation to implement the EU Anti-Money Laundering Directive (AMLD) into our legal system before the end of 2019. The Minister stated that it will help with Ireland’s plans to build a “very robust legal framework” to tackle white collar crime, building on other measures recently introduced as part of the Irish Government’s ongoing response to the 2008 financial crisis.
These measures included the faster-than-anticipated commencement of the Criminal Justice (Corruption Offences) Act 2018 in July 2018, the publication of a report by the Law Reform Commission in November 2018 on Regulatory Powers and Corporate Offences, and the announcement of the Corporate Enforcement Bill in December 2018. In 2019, we are also likely to see the re-naming of the Office of the Director of Corporate Enforcement (ODCE) as the Corporate Enforcement Authority and its establishment as an independent statutory agency to investigate increasingly complex breaches of company law.
Management beware
For readers, perhaps the most significant provision introduced by the Corruption Offences Act was the introduction of criminal liability for corporate bodies and senior management for offences under the Act. A director, manager, secretary or other company officer who consents to the commission of an offence may be guilty of an offence; and the same office holders may also be guilty of an offence if proved that the offence on the part of the company was attributable to any wilful neglect on the office holder’s part. It is worth nothing that it is not necessary for the body corporate to be convicted of the offence in order for the company officer to be prosecuted. Criminal sanctions include, on conviction on indictment, unlimited fines and/or up to 10 years imprisonment.
Irish Economic Crime Survey
This demonstrates an increased political focus on ensuring that regulatory and enforcement authorities have fit-for-purpose tool-kits at their disposal. And it is easy to understand why. The PwC 2018 Irish Economic Crime Survey found that white collar crime is now a major business issue. Gone are the days when it was viewed as an isolated incident of bad behaviour, a costly nuisance or a mere compliance issue.
That’s because the scale and impact of white collar crime has grown so significantly in today’s digitally enabled world. Indeed, managing its threat can now almost be seen as a business in its own right – one that is tech-enabled, innovative, opportunistic and pervasive. Think of it as the biggest competitor you didn’t know you had.
So what did the survey tell us?
Reported economic crime and fraud in Ireland has increased significantly. Half of Irish respondents in the survey reported that they were victims of economic crime in the last two years, up from one third of respondents in 2016. This rise can be explained not only because more economic crimes are being detected, but also because more fraud and economic crime is happening.
The average financial loss suffered by respondents increased from €1.7 million to €3.1 million in the last two years, with 11% of respondents losing in excess of €4 million (3% in 2016). The survey results also indicated that the non-financial costs (reputation, share price, employee morale, as well as business and regulator relationships) are underestimated by Irish companies. Though many organisations still feel that Ireland is not a target for economic crime, these statistics clearly tell another story. It is worrying that nearly one-fifth of Irish respondents admitted to either not knowing how much the economic crime and fraud had cost them, or said the financial loss was immeasurable.
Unsurprisingly, cyber-crime has taken over from asset misappropriation as the most prevalent economic crime. In fact, the incidence of cyber-crime (61%) in Ireland was double that experienced by global companies (31%). Within the last two years, over half of Irish respondents have fallen victim to cyber-crime despite an increased level of awareness and more resources being spent on addressing the risks. This is a concern for Ireland’s digital economy and for investors looking at Ireland as a business destination.
Role of technology
As companies come to view fraud as first and foremost a business problem that could seriously hamper growth, many will continue to make a strategic shift in their approach to technology.
Technology opens up major opportunities to tackle fraud more effectively and efficiently, and growing numbers of Irish organisations are using – and finding value in – technologies like artificial intelligence (AI) and advanced analytics as part of their efforts to combat and monitor fraud.
The first step for any organisation in this strategic shift is to access the end-to-end fraud prevention and detection programme that already exists with a view to increasing automation by utilising emerging technologies. Key activities in this assessment may include:
- The analysis of key fraud performance metrics and the identification of areas for improvement from a client experience, operational efficiency and risk perspective;
- The review of documentation, listening to calls and conducting interviews to assess the current fraud programme and to identify opportunities for lower friction, efficiency and risk reduction, including the assessment of policies and procedures;
- the assessment of technology controls; and performing data analytics and data quality assessments, which utilise a recognised fraud analytics framework;
The identification of gaps in the existing fraud prevention and detection processes;
- The review of emerging technologies (AI, advanced analytics etc.) to ensure they are appropriate to the business and address the identified gaps; and
Presenting recommendations to executives/senior management to address the identified gaps.
Companies need to ensure that they are business-focused and have a threat-based perspective when assessing and designing the implementation of technology solutions to enhance their fraud prevention and detection controls.
Where to from here?
It isn’t hard to see how we got here. On the one hand, technology has advanced in leaps and bounds, helping fraudsters become more strategic in their goals and more sophisticated in their methods. On the other, the regulatory regime is becoming far more robust with enforcement intensifying, often in cross-border cooperation. Moreover, in the face of well-publicised corruption and other corporate scandals, public expectations are converging around common standards of transparency and accountability. In this era of unparalleled public scrutiny, today’s organisations face a perfect storm of fraud-related risks – internal, external, regulatory and reputational.
Not only has the threat of economic crime intensified in recent years, the rules and expectations of all stakeholders – from regulators and the public to social media and employees – have also changed irrevocably. Today, transparency and adherence to the rule of law are more critical than they have ever been.
But our survey indicates that many companies are under-prepared to face fraud and that too few companies are fully aware of the fraud risks they face. Perhaps the value proposition of an up-to-date fraud programme can be hard to quantify, making it sometimes difficult to secure the investments needed. But the opportunity cost – financial, legal, regulatory and reputational – of failing to establish a culture of compliance and transparency is likely to be far greater.
So, the important question is not: is your organisation the victim of fraud? Rather, it is: are you aware of how fraud is touching your organisation? Are you fighting it blindfolded, or with eyes wide open?
Role of the accounting profession
The accounting profession will play a crucial role in this fight against fraud. For professionals in practice, clients will require support in complying with more robust regulatory requirements, embedding anti-fraud operating models, investigating fraud and adopting new analytical tools and technologies in the areas of detection, monitoring and investigation of fraud. Ongoing assurance is also likely to be required to ensure that anti-fraud programmes remain fit for purpose.
For those members of our profession in industry, they are likely to be leading or supporting initiatives within their businesses. These initiatives can be expected to include the introduction of appropriate policies and controls, awareness and education programmes, fraud risk assessments and fraud and cyber incident response programmes. They should also involve board-level support and oversight. It will not be a ‘one size fits all’ approach; the complexity and size of a business, and the partners with whom (as well as the locations from which) it conducts its business will influence the approach. In any event, a systematic approach is required, one that removes silos in functions like compliance, ethics, risk management, internal audit, information security and legal; and enables a culture that is more positive, cohesive and resilient.
The imperatives are clear: place transparency at the heart of organisations; use it to unite strategy, governance, risk management, information security and compliance; and find yourself better-positioned to transform a potentially serious business problem into an opportunity to emerge stronger and more resilient as an organisation.
William O'Brien is a Director in the PwC Forensics team, specialising in forensic technology.