Playback of this video is not currently available
Fran Marwood:
Good morning, everyone. Thank you all for joining us. My name is Fran Marwood. I'm a partner in the PwC forensics practice and I lead our digital and forensic investigations team across the UK. The session today marks the launch of the fraud cast, our new webcast series, which is going to explore how we can all get a better respond to fraud and economic crime. I'm delighted that on today's Fraud Cast, we're going to be talking about the UK results from our 2022 Global Economic Crime Survey which we sometimes refer to as GECS, we’ve been running that every two years since the year 2000, and this year we saw 1300 responses from organisations across 53 countries. I'm joined today by a panel of our experts, who are going to help us go through the UK results and talk about some of the emerging trends. We've also got lots of opportunity to share your thoughts on the topics and we'll be using our polling system to ask you questions as we go through. We'd also love to hear any questions you may have for the panel and you can ask those by typing them in on the box that you can see on the screen, with that I'm delighted to introduce you to our panel members today. I'm joined by Laura Middleton, who focuses on fraud, risk management and ESG issues; by Deidra Lazarus, who's an expert in the use of fraud related technology, and Mark Anderson, who leads our supply chain and resilience team.
The Fraud Cast today is going to be recorded. Please do share it with your colleagues, you'll be able to find it on our new web hub where you can also access the UK GECS report, which is launching tomorrow. And we’ll share the link with the report with you after today's session. I wanted to start the session by giving some reflections on the UK findings and then we'll explore some of the key themes with our panellists in a bit more detail.
The first thing to mention is the unprecedented disruption we've all faced over the last two years and the impact that has had on the way we do business, and the way people work. I'm really struck by just how quickly the fraud risk landscape has changed and how important it is for organisations to really have a panoramic view of their key fraud risk areas. You can really see the effect of this disruption coming through in the survey results. So my second main observation from the findings relates to the amount of fraud, at a summary level we saw 64% of organisations that took part in our survey had experienced economic crime within the past two years. That's a huge increase from just 56% in 2020 and only 50% in 2018. The UK rate is also much higher than the global rate of 46% and it's second only to South Africa. What's really interesting is the percentage of frauds that are committed by fraudsters who are external to the business. The UK rate of external fraudsters is really high. We saw 51% of those compared to the global average of 43% and it's clear that part of the reason why UK fraud rates are so high is that we're clearly a key global target for external fraud groups.
We've also seen some interesting trends relating to the different types of fraud and we're going to touch on five key themes this morning that we covered in the survey, those are: fraud risk and maturity, the use of technology in risk prevention and detection, supply chain risk and resilience, ESG and cybercrime. Before we do that, let's kick off with the first of our live polls. Fingers on the buttons, we should be on the screen now. You've got 20 seconds, so we'll need to be quick, and then we'll take a look at the answers. One of the biggest changes that's been driven by COVID disruption is around ways of working. Our first question deals with that. How has the switch to hybrid working impacted the opportunity for fraud? Laura, I wonder if you may have some initial thoughts on that particular topic?
Laura Middleton:
Yeah, absolutely. There's been a few different factors we've seen playing out that have absolutely increased the risk as we've moved to hybrid working. The first is around the organisational culture and when people are working from home, maybe that open and honest culture where people are more likely to report issues has perhaps declined slightly over time. We're also seeing a shift in individual mindset, people are able to better justify some of the fraudulent activities that they're undertaking and it presents the opportunity for people to do that when they're less observed. Finally, a lot of organisations will have controls that rely on physical presence in the office and where those haven't been amended for hybrid working, that also increases the risk.
Fran:
That opportunity is a key point and certainly a lot of clients that I've been talking to have been talking about how they hardwire that risk into their ‘business as usual’ controls. Just looking on screen there, the results haven't quite popped up yet, but Mark, I wonder if you had any thoughts on that topic as well.
Mark Anderson:
Just generally around controls, and I do think, as we will see it is across some of the other areas, it's an area that investment in fraud controls clearly has a return on it in terms of protecting the organisation. Hopefully, we'll see that come through in the poll results.
Fran:
Wow, that's quite a decisive answer. I think 98% of you guys all said that hybrid working has impacted the opportunity of fraud for the greater. Laura, a quick question for you on the back of that. Why do you think that is and what do you think the survey tells us about fraud risk maturity more broadly?
Laura:
Absolutely. Well, it's quite interesting. Hybrid working has affected both the prevention side of things and detection. Interestingly, despite the trends, you've talked about increasing fraud in the UK generally, but we've actually seen a decrease in some specific types of fraud, like bribery and corruption, and accounting statement fraud. I think, really reflecting back on previous periods of disruption, we would have expected those to go up. There's definitely a role there in detection that perhaps is not picking up some of those issues. In terms of what organisations can do to strengthen themselves against these fraudulent activities - concerningly in the survey, we saw that a third of organisations didn't have a dedicated risk management function that's focusing on this, that's absolutely critical. We also would absolutely encourage organisations to revisit their fraud risk assessment in light of the changes to hybrid working to make sure that the controls that are in place there are fully robust. Then finally, absolutely, we want to consider the use of technology and continuous monitoring as a way of identifying fraud when it happens, so that those can be picked up and investigated.
Fran:
Thanks Laura, and that leads us nicely on to another theme that's come out of our survey around the role of technology in preventing and detecting fraud. Deidra, perhaps we can move on to you for this next part. In your role, helping clients with anti-fraud technology, what do you see as the key themes and trends coming from the survey in that particular area?
Deidra Lazarus:
Technology continues to play a very important role in managing and detecting fraud. An example of this is 67% of our respondent’s report that they are leveraging technology as part of their control frameworks. We've seen this during the course of the pandemic, some of our clients needing to make changes to their control frameworks. Many companies are finding that those static models just aren't keeping up the pace and this is where technology is still continuing to be a game changer in that area, because it allows you to bring various data sources together, re-score your transactions, which limits some of those false positives you pick up usually with static models and overall just getting a holistic view of risk themes. We've seen particularly in the UK that this is an area for investment and the UK seems to be lagging a little bit behind, versus globally when it comes to the use of advanced data analytics. That's about 4% in the UK versus 6% globally; however, it was encouraging to see that when it comes to the use of suspicious activity monitoring when using technology for that, the UK seems to be leading a little bit better there versus globally, that's about 15% in the UK versus 13% globally. Another interesting one and my final point is that, 66% of UK respondents and even 60% globally, all responded that inefficient technology or identification processes was a major concern when it came to managing supply chain risks. I would say supply chain risk and even procurement fraud are probably one of the biggest areas for using technology right now.
Fran:
Thanks for that Deidra. You mentioned supply chain there and that’s certainly a topic that's front of mind for a lot of our clients at the moment, a really key business issue for everyone. It's also an area that features heavily in the survey itself. Mark, I wonder if we move on to you now, and perhaps you could tell us a little bit about what we mean by supply chain and some of the key trends that we are seeing. Before you do that, perhaps we'll open up the poll to give us a little bit more time on that, does your organisation understand and proactively manage supply chain risks? Whilst we are waiting for that, Mark, maybe you introduce us on the concept of supply chain.
Mark:
Maybe I'll define it first Fran. In this context supply chain fraud is defined as fraud or corruption related to the production or distribution that accompanies goods or services. It doesn't include direct procurement fraud, although that's clearly a very related category, but it includes all other forms of supplier misconduct.
Fran:
Thanks for that. We were just waiting for the results to come up there. I wonder if we got any other thoughts on supply chain risk whilst perhaps we're waiting for those results to come through?
Mark:
Well sure, this was a big area of the survey and it's unsurprising at the moment that it's an area of focus for a lot of our clients, because of the amount of disruption that we're seeing in supply chains brought about by the pandemic and also by the war in Ukraine. This again is reflected in some of the stats that we're seeing from the survey, actually 43% of the respondents reported identifying misconduct in their supply chain, which is 5% higher than the global average.
Fran:
We’ve just had the results come through on screen there, 48% of those of you on the call today thought that you are proactively managing fraud risks, obviously, and there's 24% ‘no’ and a few ‘don’t knows’ on there. That ties interestingly into the stats that we got from the survey itself, which have four out of every five respondents saying that they thought they were pretty confident about the way they were managing supply chain risks. Mark, maybe we can unwrap that topic a little bit further.
Mark:
Well, Fran, it's really positive to hear that from the respondents as well as from the survey. That's the positive side of it, but I think there is unfortunately, a bit of a negative side if you dig into some of the stats that actually organisations are really struggling with the actual practical steps that you can take to do this. Let me just run through a few of those. You've got two thirds of the UK respondents, who identified inefficient technology or processes to identify and manage supply chain risks that links to some of what Deidra was saying, you’ve got 68% against a 57% global figure, who believes that onboarding supplies a pace, which has happened, again, throughout the pandemic, and it's happening now as organisations have just switched their suppliers for example, that's led to an inability to ensure that all of the risk management processes have actually been carried out. Clearly, that leaves organisations open to a much bigger risk.Then you've got 60% of respondents who are saying that they haven't implemented a companywide risk assessment of their suppliers. Those are all quite worrying, counter findings, if you like.
The better news is that these are all addressable in investment and we've seen that if you invest in your supply chain risk management frameworks, using technology for example, then actually you can really counter this risk. We’ll come on later to just talk a little bit more about that.
There's one other feature of the market that I would highlight from the survey and from what we're seeing from clients, which is there's a lot of pressure from external stakeholders for organisations to have transparency through their supply chain and responsibility for the conduct of their suppliers. Actually, in spite of that, you see that there's more than two thirds of the UK survey respondents, who have identified a lack of visibility of risk throughout the supply chain and 1/3 of the UK respondents, who felt they had an inability to accurately monitor the reporting of ESG metrics or risks around their third party business partners. As a result of that, a lot of the work that we're seeing in the market at the moment relates to mapping of supply chains to lower tiers, to get better visibility, around tracking and reporting of associated supply chain risks and actually investigating whistle-blower reports of supplier misconduct. These issues are not just related to fraud and integrity matters. Clearly there are some very topical ones at the moment around, for example, Russia exposure and sanctions, but increasingly, actually, we’re seeing convergence around the risk landscape, we're also looking at issues related to financial and operational risks, and actually to ESG which is a topic that actually overlaps quite a lot with some of those otherwise.
Fran:
It certainly doesn’t and ESG is one of the main topics that came out of the survey this time, and perhaps it's a nice segue to move over to Laura, for our next question. It was one of the key themes coming out of the survey, particularly around greenwashing, and I wonder if you could share some of your thoughts on that area Laura?
Laura:
Yeah, absolutely. You're right. It's absolutely an area of increasing risk and there's a number of different reasons for that. First of all, we're now in a period where the first UK organisations are having to do mandatory ESG reporting in their annual reports, so that obviously increases the pressure to have the right information that is free from fraud and misstatement. We're also seeing a huge amount of consumer and investor pressure for organisations to be sustainable. There's then the massive increase in sustainability linked loans and organisations have to have access to finance at a lower interest rate if they're able to meet certain ESG KPIs. Finally, in some cases, we also see director remuneration linked to different ESG KPIs. When you combine all those factors, there's absolutely much more of a pressure for ESG fraud and we're seeing that come through in some of our survey results and in conversations we're having with clients. You mentioned greenwashing, which is absolutely one of the issues we're seeing in the market. What we mean by greenwashing is companies overstating their green or sustainability credentials, when it's not backed up by some of the actual sustainability actions they’re taking. So they’re capitalising on that investor and consumer pressure without genuinely taking the actions that are required to be a sustainable organisation or produce sustainable products. Literally seeing it in the press every single day at the moment, both around green funds and green products, it’s a real issue, and as well as having regulatory and legal impacts, the reputational impacts for companies is absolutely key.
We saw a few different themes in our Global Economic Crime Survey. Interestingly, 43% of our UK respondents said that lack of ownership of ESG issues was one of the major concerns, that compares to 35% globally. Perhaps the UK is a little bit further behind ESG than some other countries. Then we also saw that two thirds of our respondents are at least somewhat concerned about ESG related fraud in their organisations. A lot of conversations I've been having recently are about those annual reports, which now have an increasing amount of ESG metrics, be that due to mandatory reporting, or a lot of companies really wanting to showcase their green credentials. What I'm hearing in the market is very much the challenge of getting assurance around those metrics and identifying whether there's fraud, because the data itself is much less reliable at the moment. People have less experience in this area. As I said, there's really that pressure to showcase that sustainability credential. We saw this come out strongly in our GECS this year, but we expect it to be an area that's just increasing over years to come.
Fran:
I absolutely agree. Given the additional appetite that we're all hearing for regulation in the area, that's certainly an area that we're all going to be seeing creeping up risk registers as we go forward.
Our fifth and final area relates to cyber risk and this was the most common area of fraud within our survey with 32% of organisations saying that they've been affected by cyberattacks. It’s also seen as the most disruptive area of fraud.
Let's bring up our final poll question. Has your organisation invested sufficiently in preventative measures against cybercrime? Press your buttons on that one now, and I suppose that will depend on how many IT professionals we've got on the call this afternoon, as to the answer that comes out of that one, but whilst we're waiting for that, perhaps we can move on to you Deidra, and just touch on whether you can tell us a bit more about what our UK organisations have experienced around cyber risk and what they can do about it?
Deidra:
Yeah, the results this year were quite interesting. One in three UK respondents noted that their organisation has experienced some form of cybercrime in the last 48 months, but we've seen a decline of about 10% in overall levels of cybercrime reported by our respondents. It's unclear why there's been a decrease in this prevalence. We'll see what the polls have to say, but it might be an indication that organisations have been investing a lot more in robust preventative measures and it's paying off. Having said that, though, as you mentioned, cybercrime is still one of the most disruptive and serious types of fraud risk, just by virtue of the impact it has on an organisation. There are three things that organisations should consider and that's one having a robust cyber program in place to assess that day to day risk. As businesses transform their processes, they should be incorporating cyber risk management as part of their plans, particularly when it comes to those BAU activities or day to day activities. Over and above all the actions that you can take from a mitigation standpoint, just reflecting back on points one and two, having a vast incident response plan is absolutely key. It’s still going to be important, because you're always going to be open to that risk of a cyberattack.
Fran:
Thanks for that. We've got the results of the survey three on screen there, which is probably the most mixed of the polls that we've run this morning. We've got 44% of respondents saying yes, they thought they’d adequately invested, 20% with no, and 34% that are unsure. That just goes to show that our working premise that investment is leading to a reduction in the rates of cybercrime must be partly true, but there is still clearly a lot more to do. Well, that brings us to the end of our structured part of this session. We've got an opportunity for questions now. The questions are coming up on the screen there. The first one is what do you think the lasting impact of the pandemic will be and perhaps Laura, do you want to pick that one up?
Laura:
Yeah, absolutely. We've talked a little bit about the shift to hybrid working, and that really is going to be a long lasting impact on the pandemic, and we've seen the various debates in the press over the last few weeks about that, but that combined with the increased use of technology, both increases the risk of different types of fraud, but also gives us the opportunity to introduce different controls that can help to prevent and detect it as well.
Fran:
That's great. Thanks for that. We've also got one that ‘how is fraud typically found?’ Maybe I pick that one up. The survey covers the area of how fraud’s found and ranks the different methods that are most effective and the top three of those were suspicious activity monitoring, so the use of tech to monitor individual transactions within the business and that identified 15% of frauds, internal audit for those internal auditors on the call, you'll be pleased to hear that you found 15% of all the frauds that we were talking about within the survey and then corporate security teams, which were an increased trend from last time and are more prevalent now. They were responsible for finding 12% of frauds. It's interesting as well that the whole area of tip offs and whistleblowing is the next one down as well with 10%, that obviously illustrates the importance that those channels play in preventing and detecting fraud.
Let's have a look on the questions. There's one there: ‘how effective can you find technology in the supply chain space?’ Mark, I wonder if you maybe expand on that one?
Mark:
Yeah, sure Fran. The answer is effective in some areas and increasingly effective. We should say that technology is never a panacea for a good program, or a good procedure, it only enables it; but there's different types of supply chain technology. You've got your workflow tools that manage the onboarding and lifecycle of supplier. You've got tools around screening and due diligence. You've got other tools using AI, for example, that will map supply chains down to lower tiers. All of that has improved massively in recent times. I think where we're heading to is a convergence of all of those types of technology into one platform. I haven't yet seen that done, but that is where we are going and therefore, it's definitely a good time to look at bringing some of these processes together in more of a converged solution if you like. The answer is getting more effective by the day and very much worth investing in.
Fran:
Certainly, that theme of bringing different strands of data and technology together as one that we're seeing an awful lot. That's going to be a real theme over the next few years, isn't it? That's an interesting question there, it is quite a long one. I'll try and paraphrase it, but it's basically asking, ‘do the panel think that the introduction of a failure to prevent fraud offence similar to the bribery act would be beneficial in improving the way in which companies manage their fraud risk?’ Mark, I wonder if you had any thoughts on that one?
Mark:
Yeah, it's a bit of a dichotomy in this one, because in some ways, you could say yes, so the bribery has had a massive impact on it and actually it is one of the first years that we haven’t had bribery in our list of five topics. That is a direct result of inactivity that organisations put into to meet that failure to prevent guideline. The challenge with wider fraud is, it’s such a broad church. We've been across five very different areas today and it also potentially penalises the company as victims. Most of these areas that we have been talking about, the company is already suffering from a loss. Whereas I think in bribery, there was a big issue about company's actual perpetrator. I do think you need to be a bit careful. If we were to go down that route we'd have to have a much tighter definition of economic crime.
Fran:
I think that's right. It's an interesting area, we have obviously got the base consultation that's out there at the moment with the additional responsibilities around the management of a business for responsibility for fraud and that's a good halfway house and would certainly be encouraging of that.
There is a question there: ‘we’ve said that certain types of fraud have decreased why do we think this is?’ It's a really interesting topic. It's probably different for different types of fraud that we've looked at and we’ve touched on bribery there. There's a bunch of different effects going on within the bribery space. There’s the fact of improvement in preventative measures. There's also an impact across the pandemic of how effective regulators have been in the space. Certainly, the mood music that we feel is that remote working has meant that the way in which businesses normally prevent and detect fraud has changed. We do feel, as you’ll read when you have a look at the report, that there is a backlog in some of these areas, just simply because when you look at the amount of disruption that everybody’s experienced, it feels, having looked at this survey for a number of years, it just feels counterintuitive that we would experience a reduction.
And there is a final question there, ‘what's the one thing I should be investing in?’ Perhaps Deidra, you could pick that one up.
Deidra:
Yeah, sure. Technology is in the forefront of everything we do, and we've seen from the results, we can only anticipate that it’s through companies' investment in technology. I would say continuing to invest, looking at some of your control frameworks, we touched on a lot of that, in terms of trying to find gaps, particularly within supply chain, as well. Investing in those areas, prioritising where you have gaps and looking at how technology or even other enablers would help support that to improve it. I would say that should be a focus.
Fran:
That's great Deidra. Thanks for that. That's through the questions.
Let's move on to the wrap up. Firstly, a massive thank you to our panellists for joining us today and to all of you, for your input during the session, it's really clear that fraud’s becoming a greater global threat to UK organisations than it’s ever been and with the landscape changing faster than I think any of us have seen before.
The key takeaway from today for me is to make sure you've got the right resources to invest in your anti-fraud activities, and really to act decisively when economic crime happens. Please do be sure to visit our web hub to access the Fraud Cast recording and the related content that goes with this session. The UK GECS report is also available there from tomorrow, which you should find an interesting read. We will also be sending you a copy of the report by email after this. Don't forget to keep an eye out for our future fraud cast sessions. Do let us know via the web hub if there are any topics that you are particularly interested in hearing about.
Thank you, we look forward to seeing you all again soon.