By Laurent Charpentier, COO and Chief Innovation Officer, Yooz Inc.

Security, which involves preventing and fighting fraud, is a topic that continues to be more and more critical in today’s world of ongoing digital transformation. The Association of Certified Fraud Examiners reports that U.S. businesses will lose an average of five percent of their gross revenues to fraud. (1)

In recent technology news, as one troubling example, Lithuanian Evaldas Rimasauskas and his co-conspirators created fairly convincing forgery emails using fake email accounts from a company called Quanta in Taiwan—a company Facebook and Google regularly conducted business with—and sent them to employees at Facebook and Google who responded by paying out more than $100 million to the fake company's bank accounts, prosecutors said. (2)

Shocking, right? If you are a finance leader that learned of this scam you probably cringed. “How could that have been so easy?” you are likely asking yourself and your AP team. And, “How exposed are we to such a scam?”

Responsible for the company’s financial health, the CFO is explicitly involved with any losses caused by fraud. And if (s)he is going to be effective in leading the fight against fraud, they will need to adapt their defenses to face fraud and fraudsters who are better organized, more aggressive, and more technologically proficient than ever.

 

This leads us to three questions that CFOs should be asking and answering and the seven key things they can do to help mitigate, even prevent, events such as the Rimasauskas case.

 

Three questions the CFO should ask and answer

1. What exactky are the threats and what risks do they represent?

Threats come in a variety of forms. We are familiar with the most common: Supplier fraud (fake bank details), fraud on finance (stock brokers and bankers) and legal professionals, and client fraud (fake invoices).

 

And while technologies continue to offer better performance and security, the reality is that the human factor is still the main source of vulnerability in terms of exposure to fraud today.

 

 

An employee is somehow involved in most confirmed cases of fraud. Sadly, in the U.S., fraudsters who have longer tenure with their company (five years or more) stole twice as much! An average of $200,000 compared to employees with tenure of less than five year.1 And 68 percent of the fraud committed by individuals outside the company is actually the act of people close to the company in some manner, notably partners such as sales agents, clients, service providers, and others. (3)

 

The risks to the company are obvious:

Financial: Financial impact is not only felt when cash is directly impacted, such as invoices paid or wire transfer made to a fraudulent recipient, but also in terms of operating income, such as bad receivables resulting in loss of cash flow and lower net profit.

Data theft: One of the greatest riches of a commercial company are its client data files. This threat can take two forms:

   • Inaccessibility to data, which would block the company's commercial, operational, and industrial activities.

   • Malicious use of corporate data, which could incur significant legal liability for the company, serious damage to its reputatio, and potential financial consequences for its customers.

HR and psychological impact: A breach affects employees psychologically when they feel betrayed by a work colleague that they have known for a long time, as well as the fraudster’s managers, who may wonder whether they truly carried out company procedures to the fullest extent, or should have been aware of warning signs.

Reputation: Falling victim to fraud impacts the company’s reputation, from the company’s main commercial partners, namely its clients and suppliers, to its shareholders. How the company manages the crisis also impacts its reputation, so a solid communications plan should be in place and rehearsed frequently.

 

2. Why invest in fraud prevention?

Beyond the understandable peace of mind that security brings and assurance that the company will not (or will no longer) become the victim of attempted or successful fraud, security for processes represents a competitive advantage due to its reinforcement of the company’s reputation for reliability, reassurance for commercial partners, and more.

 

3. What are the most effective tools to mitigate, event prevent, fraud?

The most advanced technologies in this battle are big data, machine learning and digitization.

Big data enables handling vast volumes of information, often in real-time. Machine learning is a component of artificial intelligence in its broader meaning, seeking to create and use algorithms to obtain predictive analysis based on data. Together, they make it possible for the company to go even further, such as risk scoring its clients and suppliers.

 

Digitization, or automation, technologies that leverage A.I. are the other essential tool and an important part of any effort to mitigate risks. By creating and organizing a rigorous process that includes complete traceability and security found in Cloud technology, these solutions become extremely effective in fighting fraud.

 

But even by leveraging advanced technologies, raising employee awareness is one of the most important aspects of fraud prevention. Providing  training  to  all  departments  and  every hierarchical level within the company, including top management, is important so everyone knows the role they play in identifying warning signs and exposing potential fraud.

 

It is also important to implement communications that are adapted to each different stakeholder group within the company that reflect the company’s commitment to fraud prevention and identifies the consequences of not taking fraud prevention seriously as well as the benefits of executing well-defined fraud prevention plans and practices.

 

In summary, here are seven key responsibilities of the CFO when leading the fight against fraud:

   1. Make risk management a priority

   2. Automate your processes

   3. Communicate with IT

   4. Embrace advanced and emerging technologies

   5. Engage all internal stakeholders

   6. Implement a cloud-based automation solution

   7. Choose the right technology tools.

 

Communicated by Yooz

 

Sources:

(1) ACFE 2018 Report to the Nation

(2) How this scammer used phising emails to steal over $100 million from Google and Facebook, CNBC

(3) Étude Fraude 2018, Euler Hermes France


Publié le 17 septembre 2020