Fraudulent parties exist on both the customer and business side of the economy and their targets differ depending on their type. Training yourself, and your team, in fraud detection is not only the best way to avoid financial and reputational loss but also legal consequences. For example, some acts, such as the Data Protection Act, compel you to have measurable and reasonable operational security to avoid damage to the customers who entrust you with their data.
But what are these security measures? In this article, RealBusiness will answer this question and detail in depth the different types of fraudulent activity that exist in the business world.
What are the different business fraud types in the business world?
The following is a list of different types of business fraud, including how they are conducted and how to stop them. For the sake of simplicity, we will use the terms business and corporate fraud interchangeably, as their differences mainly lie in scale or level.
Accounting fraud
Accounting fraud is the manipulation of financial records to create an untrue and often overvalued representation of a company’s financial health for investors, clients, and regulators. This inflation of financial performance attracts investment money, which the perpetrators then use for their ends.
Their accounting manipulation relies on confidence artistry, exploitation market shifts and delayment of audits are their main defence against detection. However, the long-term viability of maintaining accounting fraud is low. Scrutiny will eventually catch up with them, as once those most affected raise the issue to the courts, there isn’t much the fraudsters can do.
The most famous example of accounting fraud is the Enron scandal, which shook the USA to the core and has spawned many documentaries dissecting the company, from its practices to its personality. Executives Jeffrey Skilling and Kenneth Lay used mark-to-market accounting to inflate their profits, ensuring that all their debts were hidden off the books. They were caught due to a whistleblower Sheeron Watkins bringing the matter to the SEC, resulting in a probe that discovered the massive discrepancies. Skilling attempted to shift the blame to his workers, whilst Lay simply feigned ignorance. The result was that Enron’s stock price crashed, wiping out 74 billion dollars in shareholder value, and legal sentencing for many involved. Skilling was sentenced to 24 years in prison. Kenneth Lay died from coronary artery disease before he could be sentenced.
Almost 10% of all corporate fraud cases are classed as accounting fraud. Here is how you spot and defend against it:
- Regular auditing – Conduct regular audits via an independent accounting firm to ensure lack of bias, and identify discrepancies early.
- Financial control – Implement strict internal financial control by splitting financial duties between individual members, thereby reducing the risk of collusion.
- Transparent reporting – Mandate transparent financial reporting, with real-time oversight, and automated fraud detection systems.
Payment fraud
Payment fraud occurs when unauthorised transactions are made with company bank details, usually through exploitation of financial controls, social engineering or through hijacking of an employee’s account.
This type of corporate fraud scheme is done with varying levels of sophistication. Lesser skilled fraudsters may use shell companies, fake vendors or manipulate invoices to receive the money, relying on hiding in plain sight. This, of course, leaves the risk of being tracked, which would spell the end for the fraudster. The more skilled amongst them, however, may continuously move the money through shell companies and offshore accounts to complicate tracking before abandoning the company or converting the money into cryptocurrency, which authorities have a hard time tracking.
The most famous example of this corporate fraud scheme was the Wirecardal. CEO Markus Braun and COO Jan Marsalek orchestrated a scheme inflating their revenue on the balance sheets by $2 billion, claiming the money to be sourced from bank accounts that simply didn’t exist. Auditors at EY requested an audit, which Braun tried to delay by insisting funds were temporarily unavailable, to no avail. Interestingly, Marsalek used pre-prepared forged identities to escape to an unknown location, and as yet to be located.
Typically, businesses that are small to medium-sized tend to be the primary victims of payment fraud, and it costs UK businesses an estimated £2 billion per year collectively. Best practices to spot and deter consist of:
- Finance monitoring – Use financial software with advanced fraud detection tools that analyse patterns in real-time.
- Authentication – Use multi-factor authentication and encrypted payment systems to prevent access to unauthorised transactions.
- Vendor verification – Ensure you have a strong, zero-tolerance verification process that includes background checks, contact verification and transaction history analysis.
Asset misappropriation
The misappropriation of assets is defined as theft of company resources, including but not limited to money, by employees of the same company.
It differs from the previous type of corporate fraud scheme in that it involves the manipulation of records, such as rigged inventory counts and falsified expense reporting, to cover the missing assets. This is done through simple leveraging of their position in the company, or subterfuge (such as recording and using the logins of higher-ups).
One of the biggest fraud examples of this kind is the Dixon Illinois Fraud Case. Rita Crundwell was a city comptroller, who managed the counting and financial reporting of public money, and she embezzled over $53 million of those same city funds in over two decades. She diverted the money into a secret bank account and used it to fund a lavish lifestyle, including luxury horses, jewellery and vehicles. During her annual leave, a city clerk noticed the transactions and launched an investigation that resulted in her arrest, which caught her by surprise. She was arrested and sentenced to 20 years in prison, leaving the city of Dixon financially crippled.
86% of all fraud cases involve asset misappropriation as a component of the fraud, but typically, it’s not the main or sole corporate fraud scheme at play. To spot and defend against this:
- Real-time tracking – Establish an inventory tracking and reconciliation system using automated asset management software.
- Dual-approval – Segregate financial duties and implement a dual-approval system for high-value transactions to reduce fraud opportunities.
- Financial reporting – Conduct routine surprise audits of company assets and cross-verify financial reports with physical stock levels.
Investment fraud
Investment fraud is a type of fraud that is treated more like a category than a specific set of actions. It is defined as the deception of investors by providing false pes or information (which can be financial documents and therefore be classed as accounting fraud).
Investment fraud can be as petty as a one-time misrepresentation of company health, to more complex plans such as Ponzi schemes, where the company is perceived as legitimate because it pays back its investments. This is an indicator of great financial health in the eyes of future investors, but what they miss is that the money doesn’t come from legitimate business practices, but rather from other investors. As investors are paid, valuation rises, and as valuation rises, investors invest more money.
Bernie Madoff’s Ponzi scheme is easily the most severe and well-known example of this type of corporate fraud scheme. He defrauded investors of around $65 billion in total, starting somewhere in the 1970s until 2008 when the financial crisis happened. Investors began to make withdrawal requests at a rapid rate due to losses in other business areas. It became so frequent that he ran out of money to pay, and with withdrawal requests still coming in strong, his sons (business partners) confronted him over why the withdrawal requests were being rejected. It was only at this point that the Ponzi was revealed. Madoff was arrested and was sentenced to 150 years in prison.
Investment fraud costs UK investors £1.2 billion every year. Whilst investment fraud mainly affects investors, note the example of Bernie Madoff and his company. It took one higher-up conducting the fraud to destroy the entire company. The best practices to spot and avoid this situation are as follows:
- Investment verification – Verify all investment claims, third-person forensic financial analysis and background checks on executives.
- Monitoring – Financial documents should be monitored using automated software to flag irregularities.
- Regulation compliance – Ensuring that you comply with all regulatory frameworks by mandating independent oversight, and whistleblower protections for reporting fraudulent activities.
Bribery
Bribery is a catchall term for the act of giving or receiving material value for improper gain, but it’s just as prevalent as corporate fraud if not more.
Bribery as corporate fraud typically comes disguised as legitimate expenses, such as via consultant fees and charitable donations. More sophisticated bribery happens via intermediaries, allowing them to distance themselves personally from the transaction. As you might imagine, both kinds of bribery make it hard to prove.
Consider the Rolls-Royce bribery scandal. The UK-based engineering firm had to pay £671 million in fines for bribery offences internationally. The company funnelled their bribes through intermediaries to government officials and decision-makers in exchange for lucrative deals. The corporate scheme was uncovered by an extensive investigation by the UK’s Serious Fraud Office and Brazilian authorities after internal whistleblowers leaked documents proving the fraudulent payments.
Bribery costs UK businesses billions annually, and government contractors and multinational corporations are most affected. You can spot and defend against bribery in the following ways:
- Policy – Add an anti-bribery policy in compliance with the UK Bribery Act 2010.
- Training – Conduct employee training to cover ethical practices and outline the severe legal ramifications of conducting or accepting bribes.
- Reporting channels—Bribery is hard to prove, but the fact that it presents a risk to the entire organisation can inspire staff to become whistleblowers. However, this scenario is unlikely to happen if there are no secure, anonymous/confidential reporting channels to utilise.
Identity fraud
Identity fraud is the unauthorised use of an individual’s or organisation’s sensitive information to deceive and defraud a party of their resources and credit.
The impersonation aspect is key to identity fraud. The people who masquerade try to gain access to goods or services that are not available to their person, bypassing security with legitimate credentials. They then siphon off these assets or funds to their accounts, leaving the victims to fend for themselves.
One of the biggest examples of this type of corporate fraud scheme is the 2016 FACC AG incident. The Austrian aerospace company fell victim to a Business Email Compromise (BEC) attack, a type of identity fraud that involves impersonating a higher-up and presenting an emergency that requires swift action. In this case, cybercriminals impersonated the CEO and ordered an employee to send money to fraudulent accounts. The attack was successful and around 47 million euros was transferred to fraudulent accounts.
Identity fraud is a component of over 60% of all fraud cases that are reported in the UK, and businesses, banks and individual consumers are the primary targets:
- Verification – Implement measures such as biometric authentication and multi-factor security for verification purposes.
- Financial accounting – Regularly monitor financial accounts for suspicious activity.
- Detection training – Educate employees on phishing and social engineering tactics to prevent data breaches.
Conclusion
The only way to properly defend against it is to institute consistent and measurable safeguards against it and train your staff in their function. This creates a net that will always catch corporate fraud before it happens, set up in their avenues of attack. Remember, fraud so often results from human error.