In today’s cyber world, building an anti-fraud culture within the organisation is a company’s best defence, says global consulting firm Kroll.
24 January 2017
Fraud and cyber incidents are the “new normal” for companies across the world, according to the newly released Annual Global Fraud and Risk Report from Kroll, a leading global provider of corporate-risk solutions. Speaking from Hong Kong, the company’s Asia-Pacific hub, Violet Ho, Senior Managing Director, co-Head of Kroll’s Greater China Investigations and Dispute Practice, discusses strategies for managing fraud risk in the Chinese mainland.
Tell us about the survey.
Kroll has been conducting annual fraud and risk research globally since 2007. This year (2016/2017), we surveyed 545 senior executives worldwide across multiple industries and geographies.
Respondents represented all major global geographies and countries, such as China, India, Middle East, Russia, the United Kingdom and the United States, from a variety of industries including financial services, technology and telecoms, professional services and manufacturing.
The surveyed executives held senior positions within their companies, with 70 per cent representing the C-suite. Some 61 per cent of companies had annual revenues of US$500 million or more.
What has your study found?
The proportion of companies that fell victim to fraud in the past year rose significantly to 82 per cent, from 75 per cent in 2015 and 70 per cent in 2013, highlighting the escalating threat to corporate reputation and regulatory compliance.
We also found that fraud in China has become increasingly complex and challenging. Some 86 per cent of companies surveyed there reported fraud in 2016, above the global average of 82 per cent and representing a double-digit (13 per cent) increase from 2015.
A quarter of survey respondents, a higher proportion than all other countries and regions surveyed, indicated that they were dissuaded from operating in the Chinese mainland due to concerns over fraud and corruption.
What type of fraud is occurring?
Respondents in China named regulatory or compliance breaches as the most common type of fraud (41 per cent, nearly double the global average). This was followed by vendor, supplier or procurement fraud, which was 11 per cent higher than the global average.
Other significant types of fraud reported in China included theft of physical assets or stock, as well as theft of data and information. Mainland Chinese companies surveyed also fell victim to above-average rates of corruption and bribery, market collusion and the misappropriation of company funds.
Cyber incidents were also prevalent in China, with 86 per cent of respondents having experienced a cyber-incident in the past 12 months. Email-based phishing attacks (41 per cent), virus/worm infestation (39 per cent) and data deletion or corruption by malware or system issues (39 per cent) were the most common types of incidents reported.
Respondents in China also showed high exposure to cyber incidents involving customer records (82 per cent), more than double the global average. Other popular targets were trade secrets and R&D or intellectual property. Some 48 per cent stated that company relationship with regulatory authorities was also strongly affected by cyber-attacks.
Where are the main areas of vulnerability?
Victims identified joint venture partners as the key perpetrators of fraud in 52 per cent of cases, more than twice the global average, followed by junior employees. However, respondents advised that fraud in China was often committed by senior or middle management, resulting in potentially more significant losses. It also often involved cross-departmental and multiple-party-collusion, rendering many traditional internal control measures ineffective.
To complicate the issue, the rapid expansion and quick staff turnover of companies result in a lack of continuity in corporate governance and fraud detection, at the same time, fraudsters in China are becoming more enterprising and systematic, posing potentially greater threats to the victims.
Fraudsters can also be faceless, nameless attackers sitting anywhere – people pretending to be CEOs, or hiding behind IP addresses – and we do see an increase in that in Chinese companies. On the other hand, many are parties not employed by but related to the organisation, such as trading partners; your vendors, distributors and customers. This type of external party [fraud] is quite relevant to the Hong Kong market because one of the things we are observing for Hong Kong is fraud involving Hong Kong-listed companies.
A large percentage of current Hong Kong-listed companies have mainland origins, so there are several issues related to this – sometimes, senior managers who brought this company to market in the first place may be committing fraud against the smaller shareholders. They can do so through multiple types of scams after raising funds through IPO – such as announcing large M&A activities, to influence stock price. In reality, they’re buying up shelf companies that are worth nothing, often ultimately controlled by the CEO himself, and a lot of the funds have been squandered or diverted through undisclosed related party transactions. The victims of this type of fraud are the shareholders.
“The risk is ever present and cannot be completely eliminated – even the best run and most successful companies are potentially vulnerable. So the sooner you have the right mentality of fighting against fraud, the better.”
How are companies responding?
A majority of respondents in China had invested in partner, client or vendor due diligence (90%) and protection of physical assets (86%) to combat fraud, followed by board engagement in cyber policies and procedures (86 per cent). Companies in China showed the highest percentage of fraud cases that were discovered by whistleblowers within the company (55%) and through an external audit (55%).
The risk is ever present and cannot be completely eliminated – even the best run and most successful companies are potentially vulnerable. So the sooner you have the right mentality of fighting against fraud, the better. It’s an ongoing battle; you have to chip at it every day in order to nurture an anti-fraud culture within the organisation. You can’t have a heat of the moment attitude – responding to fraud on an incident level, then going back to business as usual. Companies need to shift their mindset to consider active and proactive approaches in combatting fraud, including how to beef up their internal controls to prevent such issues arising again.
How can Hong Kong companies safeguard their firms?
Hong Kong companies in general are a bit more advanced than mainland companies in terms of corporate governance, so they have more structured policies and procedures. That said, in today’s world it’s difficult to find a Hong Kong company that is 100 per cent Hong Kong – the vast majority of companies also have exposure to China. So there is no room for complacency.
One of the positive things I do see is Hong Kong regulators paying greater attention to fraud risk, so the Hong Kong Stock Exchange and the Securities and Futures Commission have both issued new policies giving those underwriters in a capital market more accountability to conduct due diligence before they bring companies into the Hong Kong market. They are also showing more enforcement actions against fraudulent activities involving Hong Kong-listed companies. The regulators are doing what they can, but I would hope all Hong Kong companies would be more proactive in protecting their own business.
For SMEs, being the target of a fraudster can be life or death for the organisation. My advice to SMEs is to bite the bullet and invest heavily in preventive measures. This may seem costly at the beginning, but it will be the best investment you could ever make, because it’s protecting your future operation.
- Hong Kong