This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.
  • The risk of fraud amid COVID-19 outbreak

The risk of fraud amid COVID-19 outbreak

27 May 2020

Orginal Content provided by BDO Hong Kong


The extent and severity of the novel coronavirus pandemic are unprecedented. In the past few months, every country globally has been intensely focusing their efforts to counter and mitigate the effects of this epidemic. This include reinforcing medical and healthcare services and also boosting fiscal policies and providing financial aid to those badly affected by lockdowns and the economic downturn. But amid the prevalence of this viral outbreak, will businesses be more susceptible to fraud?


Why does fraud occur (especially during an economic slowdown)?

During economic downturns, it is worth revisiting the Cressey fraud triangle to evaluate the chance of fraud happening. The Cressey fraud triangle says that for a person to commit fraud, there must be three factors simultaneously present. The three factors are pressure, opportunity and rationalisation.  

'Pressure' refers to the reason forcing or persuading a person to perpetrate fraud. It can be greed (eg desire for more wealth), being too keen for an early achievement (eg to be the top salesperson) or, simply, the need to make more money. In light of the recent pandemic, many economies in the world are suffering from a drastic decrease in demand for many goods and services, especially luxurious and discretionary products. Airlines, hotels, theme parks, retailers and many other businesses particularly in the tourism, food & beverage, events, sports and entertainment industries are struggling just to break even. Shortening of business hours and restrictions on operations for various businesses around the world translate to even less business. The substantial drop in demand and number of customers result in a significant fall in revenue for many businesses. This no doubt generates enormous pressure for business owners, managers and employees to solicit more business, meet revenue targets and do whatever they can to stay in employment or simply to make enough money. For example, under the current stressful circumstances, one might offer illicit rebates or kickbacks in order to try to win a contract or customer. Or a company might offer a bribe to a government official in order for its substandard products to attain certification or be approved for sale in order to boost revenue. Sales or profits could be illegitimately inflated or manipulated by senior management to obtain further funding from creditors or investors. A sales manager might be thinking of fabricating profit and loss figures so that his or her bonus is secured, or to avoid getting the sack. An employee might be considering stealing from the company's coffers or pocketing a few thousand dollars from the petty cash. Expense claims might be forged by a worker who is trying to make a few hundred dollars more during such difficult times.  

'Opportunity' is the circumstance or situation where fraud could be easily committed, and often the fraudster considers that he or she would not be easily caught. In light of the outbreak of the novel coronavirus, many businesses are in the process of reducing their manpower in order to cut costs. Some businesses are adopting flexible working hours or home office policies to try to minimise contact among employees and prevent the spread of the virus. Controls and the level of stewardship of some organisations might have become less stringent due to lack of or insufficient resources. Shops normally manned by two persons might now be overseen by only one person. Having more people working remotely means fewer people would be present in offices, and in turn means potentially less supervision and monitorship. For instance, a company might originally have a cashier responsible for disbursing payments and an accountant responsible for recording the disbursements in the books. Due to the recent downsizing of the business, only the cashier remains and is now responsible for both the disbursements and recording of disbursements. As there is no longer segregation of duties, this creates a loophole, or an opportunity, for the cashier to make unsubstantiated payments to himself or herself but recording them as genuine business payments in the books. If there is no higher hierarchy carrying out approval of such payments or other person scrutinising the nature of the payments recorded in the books, the company funds improperly siphoned by the cashier might never get uncovered. Shops being run by fewer employees run a higher risk of pilferage by staff or customers if rotation of duties become impossible. Working alone or in an office with substantially reduced number of staff could also encourage people to commit fraud more easily as they might feel there are fewer people watching them and also fewer people are monitoring the operations.             

'Rationalisation' refers to the mindset or belief of the fraudster in terms of justifying the fraud. During economic downturns, reduction in salaries or perks are not uncommon for businesses. Employees with grievances might think they should take more from their employers to make up for the reduction in remunerations. Such thinking include 'work so hard all these years and the company owes me', or  'It is no big deal for me to take a little more since no one cares about such a small sum'  or  'everyone is doing the same, why not me?'.

In short, businesses will have to be extra vigilant in these troubling times. Apart from staying afloat, they will also have to be mindful of the financial 'pressure' employees might be experiencing, the 'opportunity' to circumvent a compromised or weakened control and the 'rationalisation' employees might adopt to commit fraud.    

What if fraud has already happened? 

Prevention is always better than cure. However, if fraud is suspected, there are a number of recommended steps to take:

  1. Review the essential relevant controls such as payment approvals and bank account authorised signatories. Identify possible loopholes and take rectification steps as needed immediately to try to contain losses.  
  2. Ensure the key stakeholders are informed in a timely manner so that they are aware of the incident and could consider taking appropriate measures. At the same time, maintain confidentiality as applicable and inform key decision makers solely on a need-to-know basis.
  3. Deal with the incident and address all imminent issues immediately by investigating the incident, finding out who might be involved and try to quantify losses and assess potential non-financial impact.  
  4. Review the terms of relevant insurance policies for fraud coverage. Initiate a claim if appropriate.  
  5. Document all steps taken so that you can prove to any regulators or authorities the measures implemented in response to the incident.
  6. Consider seeking legal advice if necessary. Ensure legal privilege is maintained if required.  
  7. Evaluate major existing operations, controls, policies and procedures to identify other potential vulnerabilities. Implement changes or enhancements to controls or procedures to prevent or minimise recurrence of the incident.   
  8. Engage an external investigative specialist team to conduct a thorough investigation and to recommend remedial actions independently and objectively, especially from the perspective of stakeholders and regulators.