Corporate fraud: from raising awareness to taking preventive action
Fraud is still a tenacious phenomenon with ever more skilful fraudsters. A recent study reveals that actually 30 percent of companies were victims of at least one proven fraud in 2017, compared with only 25 percent in 2016. Directors are aware of the risk that looms over companies, though they do not necessarily take any preventive actions to protect against things like false suppliers, false bankers, false customers or impersonation of top executives. Here, Rajàa Aouina, financial loss adjuster and consultant with GM Consultant examines a recent case of fraud to allow us to better understand how it works.
Case study: two new technology giants who were victims of fraud
Small and large companies can be victims of fraud arising from inside or outside the company. For example, a recent case of fraud that was well covered by the media led to more than $100 million being taken from the four Big Tech companies.
In September 2018, the Lithuanian Evaldas Rimasauskas was found guilty of fraud by the United States Department of Justice after stealing more than $100 million in total, including about $98 million from Facebook and $23 million from Google.
With the help of accomplices, he created a fake company to assume the identity of a real business partner of Facebook and Google, the Taiwanese company Quanta Computer. He used emails that looked compliant, but that actually linked back to fake addresses, and many fake documents such as invoices, contracts, purchase orders, etc.
In this way, the fraudsters sent many fake invoices to Facebook and Google between 2013 and 2015, which led to the transferring of amounts totalling over $100 million. After receiving the transfers, Mr Rimasauskas quickly sent the stolen funds to different accounts with banks all around the world, notably in Latvia, Cyprus, Slovakia, Lithuania, Hungary and Hong Kong. He also helped the banks to which the funds were transferred to provide falsified documents to explain the large money transfers.
Mr Rimasauskas was arrested in Lithuania in March 2017 and sentenced to 30 years in prison in the United States. For their part, Google and Facebook recovered the stolen money not long after the fraud was discovered.
The actions to be taken to prevent fraud
So, what can you do? Adopt a defeatist position and say it will happen to me sooner or later, the only question is when?
Although there is no miracle solution, there are actions that you can take to reduce the risk, in particular by acting on a key parameter: the human factor.
Indeed, for every company, from the smallest companies focussing on controlling sensitive transactions by having them systematically verified by the manager to multinationals with robust internal control procedures, there is always a risk. The actions of one individual, whether voluntary or not, can cause an issue in this environment and create a fatal flaw.
To limit behaviour that deviates from the established rules as much as possible, you need to keep the following essential principles in mind:
- Any employee, no matter how careful, reliable and loyal they may be, can find themselves in a position of negligence, or even where they are manipulated by an external fraudster whose psychological manoeuvres can lead to irrational behaviour.
- The automation of computerised controls without human intervention is still the best means to ensure that a key control over a crucial stage in the process is performed without being bypassed.
- Processes need to be made secure beyond a company’s boundaries. You also need to ensure that the risk of fraud is limited by everyday partners as the areas of discussion and sharing between two participants (invoicing, sending documents with sensitive data, etc.) are vulnerable to dual mechanisms of identity theft to trick both parties so that they are led to convince themselves of the validity of the transaction initiated by the fraudster.
- Training by identifying and simulating the different possible mechanisms is a tool that, coupled with raising awareness amongst employees and partners, helps to identify the uncovered areas of risk and to correct them.
Rajàa Aouina, Partner Loss Adjuster, in charge of Finance & Services
 Euler Hermes / DFCG Study 2018