Having investigated fraud for some 25 years, I remain fascinated how many matters from the 1990’s have recently come back in a different guise: invariably involving the use of technology to carry out or cover up the fraud. It is somewhat like the remake of a film: the plot seems familiar but the HD and 3D effects leave a lasting impression. I compare the past and the present as a warning to all because it can allow us to understand the underlying risk and can help fraud-proof our processes and systems.
As a young auditor I spent much time poring over manual, handwritten cashbooks – looking for alteration of payee details, large and unusual payments, and the use of correction fluid (holding the cash book page to the window). A better test was ticking off transactions to the third party documents such as bank statements.
The fraudster has moved on. In several recent cases we investigated, hard copy bank statements have been falsified to a high standard. It appears that electronic copies of the statements were obtained from the bank and the text boxes showing payee details were altered. Payments to offshore or related parties were altered to show legitimate payments to suppliers and to pay off tax liabilities. On a first pass basis, spotting a problem from such a review without detailed knowledge of the business would have been difficult. Indeed, it added credibility to any explanation the fraudsters gave about high levels of expenditure. Similarly, payment notices or orders were manipulated to cover the trail.
This matter raises a fundamental issue of what information can you trust? It seems unsafe to rely on documents or information which are not sourced on an evidenced basis from third parties. For payment reviews to be effective, where underlying systems are weak, there may be no alternative but to get data directly from the bank or third party. Not too dissimilar from obtaining returned cheques all those years ago.
Of course, the fight against fraud is not one-way-traffic. Some frauds which historically were very difficult to unravel, such as procurement fraud, are a better prospect for investigators. An insider who has a conflicting external commercial interest, will have to communicate this in some manner. We have found much valuable information on texts, mobile records and iPad notes, which in some cases the fraudster thought they had deleted but we were able to recover. In some cases a valuation of the insider’s financial interests in the third party for which they were able to orchestrate bid success (having previously denied any conflict), were uncovered.
Documents help win out trust
Another variant of the fraud example above, involving falsifying bank statements, is the taking out of supplier invoices somewhere in the chain: anywhere from post rooms to shared service centres. Such invoices are scanned and the remittance slips are altered to show the bank details of a pass through account linked to the fraudster. In a small proportion of such cases, a purchase clerk will adjust the details on the payment system with the falsified payment slip misdirecting one or several payment runs.
The fraud examples I have listed can be mitigated with better controls. But, it should also make us ask the question: should we apply the same scepticism we apply to electronic data to hard copy documents, because otherwise, the fraudster will continue to exploit this inconsistency.
This article represents the views of the author only, and does not necessarily represent the views or professional advice of KPMG in the UK.