This is part 1 of a special two-part series with Tom Fox and the Integrity Matters podcast discussing fraud issues and trends going forward into 2022.
What were the key fraud trends compliance officers and fraud examiners were concerned about in 2021, and how might they influence fraud investigation, prevention, and enforcement going forward into 2022?
Key Fraud Trends in 2021
Fraud in 2021 tended to cluster around COVID-19 issues, such as personal protective equipment (PPE), and monies distributed by governments to bolster national economies, such as the United States’ Paycheck Protection Program (PPP). Supply chain issues were also a contributing factor, with investigations related to COVID procurement and healthcare procurement specifically in relation to the pandemic highlighting the part supply chains played in fraud.
Going forward, there likely will continue to be fraud investigations as more allegations are put forward about fraud in both COVID procurement and public procurement. Of course, the government is interested in these categories because fraudsters are trying to defraud the government out of funds.
2021 also saw many issues around fraud and data security, particularly in the heyday of working from home. This may well change in 2022, but with the surge of the Omicron variant many companies are shelving plans to return to the office for the moment.
With many employees working from home, companies experienced more incidences of fraud inside the organization brought about by employees bypassing controls—sometimes maliciously, and sometimes just in an effort to sidestep inconveniences. This obviously puts organizations at risk and from a culture perspective can be very damaging.
Another risk factor fraud experts are following in 2022 are two related phenomena that began in 2021: the mobility of the work force coupled with the Great Resignation. These have led to people moving around a lot more in the labor market. With folks changing jobs and working remotely, it is more difficult for employees to build connections and for companies to build a consistent culture. This lack of connection can lead to rationalization (one of the prongs in the “Fraud Triangle” of factors leading to occupational fraud), where an employee comes to believe that the company owes them. If a certain level of loyalty is lacking, for whatever reason, there is a widespread risk that people may be justifying certain fraudulent actions to themselves.
Proactively Preventing Fraud in 2022
What can compliance officers or fraud examiners do when facing such multi-vector crises, where multiple crises come from many different directions, forcing a response to several threat vectors at once? Consider taking the following steps:
Clarify and enforce policies and procedures. Organizations should make sure that their protocols, data security, and policies and procedures are clear and manageable, and that employees understand them. Frequently monitor compliance with policies and procedure to ensure that employees are actually following them, so that what is written on paper is also what happens in practice. Finally, document, document, document.
Ensure dashboard data are used, not just collected. Many companies are working to build dashboards of different fraud indicators. But such dashboards are only a starting point—the data then must be used to drive decisions that prevent fraud.
Refresh and update training. Companies that have not refreshed their training since the pandemic began in March 2020 should do so. Experts agree that more frequent, shorter messaging is better. There is a place for longer annual targeted training, but for changes and updates to regulations, policies, and controls, “espresso shots” of training can be very effective.
Investigate control overrides. Companies need to determine if different types of frauds are happening within the organization or if the situation is simply that controls are being bypassed. If there is a control bypass or override, this needs to be closed off or the bypass needs to be approved by senior management with an appropriate business justification. Of course, controls issues need to be considered when thinking about different working practices and different working environments, whether your employees work from home, have returned to the office, need to work at sites outside the physical office, or some combination thereof.
One additional thing companies should be prepared for in 2022 is an increase in whistleblower actions, especially with the recent implementation of the EU Whistleblower Directive, which came into force in December 2021. In recent editions of the ACFE Report to the Nations, released every two years, one consistent theme is that fraud is almost always detected internally and either reported internally or picked up through internal audit, internal controls, or some other mechanism. With the EU Whistleblower Directive and the governmental monies being poured into the economies to rebuild infrastructure and other projects, experts expect to see an uptick in whistleblowers reporting fraud. This includes internal reporting and reporting to the government where a potential bounty is in play, with the media becoming a third line of whistleblowing, as we saw in 2021 with Facebook whistleblower Francis Haugen.
All of these factors lead experts to believe that the risk of fraud and fraud reporting will increase in 2022. Companies need to train their front-line employees to prevent fraud before it happens. Controls need to be assessed in light of evolving work locations. And with the government very interested in both fraud prevention and fraud detection and prosecution, 2022 could well be a more significant year than 2021.