Cybersecurity

Companies are Losing Billions to External Fraud, And Shareholders are Paying a Price

By Marianne Robak, corporate fraud and disputes attorney, McCathern PLLC

If you feel as though you’ve been hearing more about corporate fraud over the past couple of years, there's a good reason. “Fraud, compliance concerns and cyber attacks are common, have increased in severity -- and are expected to become more frequent,” according to the new KPMG 2022 Fraud Outlook.

Importantly, the survey shows the type of fraud causing the most damage. 

Corporate fraud comes in different forms. Internal fraud “originates with an employee, manager, officer or owner,” KPMG explains. External fraud “originates with a third party, such as a customer or vendor.” The latter kind is far more common among North American companies. Two-thirds of respondents from North America said their companies have experienced external fraud in the last 12 months; less than 20% said their companies experienced internal fraud during that time.

Why the spike in fraud? Bruce Dorris, president and CEO of the Association of Certified Fraud Examiners (ACFE) warned early on in the pandemic that this is what happens during times of economic instability. “A large factor is the increased pressure companies and their employees feel as they struggle to meet the challenges of a down economy.” 

There's also the confusion and upheaval that can make companies more susceptible to fraudsters. With employees focused on so many tasks, it can be easier for bad actors to find loopholes to exploit.

Trillions in losses

Before the pandemic, the ACFE estimated that fraud cost businesses 5% of revenue each year, totaling more than $4.5 trillion worldwide. Those losses trickle down, impacting share values. So investors have a lot at stake. I’ve seen this happen. While I do all I can to recoup my clients’ investments, it’s crucial to take a series of steps to avoid being defrauded in the first place. Investors can play an important role in making sure companies are being proactive. In earnings calls and conversations with investor relations representatives, ask about these kinds of security measures:

Due diligence in determining a vendor’s value

Before entering into a business transaction with any organization, the company should conduct a deep investigation to determine how much the vendor’s company is really worth. Is the company requesting financial statements and making sure all are included? Is the company searching for any court and bankruptcy filings? Does the company routinely hire a third party to search the vendor’s assets and ensure solvency?

All this is necessary to ensure the vendor is able to pay its debts or a judgment if a business dispute develops. If a vendor defrauds the company and has no assets to cover the costs, the company will likely never recover its losses. These steps are also crucial to “sniff out” untrustworthiness before a business relationship begins.

Ensuring the accuracy of payment instructions

Shareholders should make sure the companies they invest in have policies to prevent being defrauded by online hackers. One frequent way companies are defrauded by hackers is by communicating with vendors through the Internet. For example, companies should be very wary of receiving wiring instructions via email, phone apps or social media. These often appear secure and legitimate, but looks are deceiving. Some hackers create emails that look just like a company’s official account; others break into a real email account and use it to send fake instructions.

Ask any corporation you invest in how they handle making large payments. Do they first call and speak with their point of contact at the organization to confirm any instructions? Do they try to video chat with the person first to make sure the instructions are legitimate? Does someone who can recognize the point of contact participate in the call?

Double-team checking bank statements

Investors should also ask whether the company has a policy in place to ensure that at least two people review all the details surrounding every banking transaction within the first 30 days of receiving the company’s bank statements. This is necessary because most banks are only required to reimburse fraudulent transactions if they are detected and reported within that time frame.

It is also important to have two people review the bank accounts in case the vendor has someone inside the company assisting with the fraud. When there's a second person tasked with confirming the accuracy of every transaction, the chances of being defrauded decrease substantially.

Of course, there are cases of internal fraud as well. Taking a close look at company earnings, balance sheets, and other available information can be crucial in helping spot it.

Bad actors are always coming up with new ways to swindle corporations. It takes vigilance by as many people as possible to prevent fraud. With shareholders pushing them along, corporations will be more likely to step up their security, which will help keep your investment safe.

Marianne Robak is a partner in the Houston office of McCathern PLLC. Her practice is focused on business disputes and corporate fraud.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Other Topics

Technology