PWC'S GLOBAL ECONOMIC CRIME SURVEY 2018: UK FINDINGS - PULLING FRAUD OUT OF THE SHADOWS
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
PwC’s Global Economic
Crime Survey 2018:
UK findings
Pulling fraud out
of the shadows
www.pwc.co.uk/gecs
Welcome to the UK results from our
2018 Global Economic Crime Survey
(GECS). The findings from this year’s
GECS confirm that the long-term global
trend towards higher levels of fraud
is continuing, and clearly show the
destructive impact that this rising tide of
economic crime is having on businesses.
According to our study, nearly a quarter of frauds Rising usage of digital technologies is a futher
occurring in the UK over the past two years factor. With businesses relying ever more heavily
resulted in a loss of over $1m (£700,000). The on the benefits of technology and the use of data,
direct costs are increased still further by the it is hardly surprising that our survey has revealed
burden of investigating and remediating after a yet another rise in the number of UK organisations
fraud, and businesses are feeling the resulting experiencing cyber attacks in the past two years.
impact on their reputation, brand, employee Our survey showed that cybercrime is the most
morale and relationships with business partners. commonly experienced fraud, overtaken by asset
misappropriation for the first time. Yet we have
Fran Marwood
Investigations Partner,
Experience shows that times of uncertainty often also seen increases in the number of organisations
Forensic Services create new openings for fraudsters to exploit gaps reporting other types of fraud, notably bribery
PwC UK or weaknesses in controls, and it’s significant and corruption and procurement fraud, despite
that over a quarter of respondents to our survey the overall level of UK businesses experiencing
felt that the current geopolitical climate would fraud falling from 55% in 2016 to 50% in 2018.
lead to more opportunities for people to commit It is also apparent that the UK is lagging behind
fraud. As such findings underline, it’s now more much of the rest of the world in harnessing
crucial than ever that businesses understand technology to prevent and detect fraud.
the fraud risk landscape and all the possible
avenues of attack. In this year’s report, we use the UK results from
GECS to explore three key themes:
• How do you make the best choices around
preventing and detecting fraud?
• How can you focus your resources and use
technology more effectively?
• What do the results say about UK businesses’
approach to bribery and corruption?
3 PwC’s Global Economic Crime Survey 2018: UK findings 4 PwC’s Global Economic Crime Survey 2018: UK findings
Know Top 5 frauds that
respondents think
55% of frauds were committed by
external perpetrators (Global: 40%).
Cybercrime is
high on the
what fraud 50% of UK
are most likely to be 42% 33% were committed by internal agenda for UK
looks like respondents
the most disruptive
in the next two
perpetrators (Global: 52%) boards...
reported
experiencing years Cybercrime External
55%
Internal
economic crime
in the past 24
months, in line
10% 8%
33%
with the global
average of 49%
and a reduction in
Bribery and corruption Accounting fraud remaining respondents either don't
the UK from 55% know or prefer not to say
compared to 2016.
82% ...with 82% of CISO’s*
Top 5 types of reported Half the frauds committed by internal
8% 7% perpetrators were committed by senior reporting into the
fraud in 2018: management, up from 18% (in 2016) board (compared to
Cybercrime
49%
44% Consumer fraud Money laundering + 61% globally)
Asset
misappropriation
32%
49%
$ lost through fraud in the past
24 months
32% 19% of frauds were detected
through fraud risk management and 15%
$100,000 ->$1M were detected by internal audit.
Procurement fraud
23% $1M
The success of suspicious transaction
18%
$50,000 monitoring (from 22% in 2016 to 10%
45% 24%
-$100,000 in 2018) and data analytics (8% to
Bribery and 23%
PwC’s Global Economic Crime Survey 2018: UK findings Making good choices: How well do you understand your fraud risks?
6 PwC’s Global Economic Crime Survey 2018: UK findings
Fraud imposes significant costs on UK business. Organisations face potential attack from multiple
24%
Half of the respondents to our survey reported angles – customers, suppliers, cyber criminals,
that they have experienced fraud in the last organised crime, employees, and many more.
two years, similar to the global level – and our
of frauds saw the victims experience suggests that many more may have The range of fraud also continues to expand and,
lose more than fallen victim to fraud without realising it. for every threat and risk that an organisation
$1M Our study also shows that the incidence of fraud
identifies and manages today, new risks arise
as it develops and grows its activities over time.
(£700,000) is continuing to trend upwards over time, both in
the UK and globally.
Experience shows that times of economic
uncertainty and change, with businesses
expanding into new global markets, holding
These findings are borne out by frequent media and utilising more data, and implementing new
reports covering the full spectrum of fraudulent technologies, give rise to increased opportunities
activity, ranging from the latest cyber scams and pressure on individuals to commit fraud.
against businesses and consumers, to corporate
executives facing serious charges. 27% of our respondents expect that the
geopolitical environment will result in increased
The continuing flow of frauds takes a heavy economic crime in the next two years, and only
financial toll on the businesses affected. Over 9% are expecting a decrease (compared to
half of the most disruptive frauds in the UK 18% globally).
resulted in losses of over US$100,000 (£70,000),
while some 24% of frauds saw the victims Business conduct and misconduct
lose more than US$1m (£700,000). These are
significant costs both to UK business and the This year we have included a new category
wider economy. Also, importantly, the proceeds of fraud: business conduct/misconduct. We
often end up in the hands of organised criminals, define this as frauds where the company is the
funding a range of activities from terrorism to perpetrator, with the criminal activity typically
human trafficking. affecting customers or suppliers through
activities such as deliberate overcharging. This
type of crime affected 21% of those respondents
in the UK who reported experiencing a fraud in
the last two years.7 PwC’s Global Economic Crime Survey 2018: UK findings
Both globally and in the UK, we have also seen The wider cost of fraud
a rise in the percentage of frauds committed
by senior management. In the UK this category While some of the losses from fraud can be
increased from 18% of all frauds in 2016 to 50% quantified clearly, others are much harder to
in 2018. In our experience, these types of fraud understand. For example, on top of the losses
can relate to a range of activities, including the sustained as a direct result of a fraud, businesses
manipulation of accounting records to influence also face the costs of investigation and remedial
results and deliberate overcharging of customers activities, as well as potentially significant
where contractual arrangements may be vague. disruption to wider business activities.
Interestingly for UK businesses with operations Of those respondents who had experienced a
overseas, accounting fraud or misstatement of fraud in the last two years:
results was by far the more common overseas
fraud, with 40% of businesses affected. This
is also by far the most disruptive fraud in
organisations’ overseas locations.
78%
77%
Many businesses do not consider the risk of fraud 68% 68%
68%
from the perspective that the business or one of
its subsidiaries may be the perpetrator, yet it is
these types of fraud that are typically the most 68% said that 77% said it 78% said it
damaging to brand, reputation and shareholder the fraud had had an impact had an impact
value. Frauds perpetrated by management an impact on business on employee
present some unique challenges: on their relations morale
reputation
• They are often harder to spot, as management and brand
may be in a position to override controls;
• As a result, the direct loss from the fraud can At the same time, UK organisations are
be much greater; spending more than ever on compliance. 54%
• Related activity may set a culture and “tone of UK organisations have seen an increase in
from the top” that unethical behaviour compliance spend over the past two years (vs
is acceptable; 42% globally), and 51% expect it to increase in
• Employees may be pressured to turn a the next two years (compared to 44% globally). It
blind eye; and is clear that UK businesses are taking compliance
• The incentives and pressures can be complex, spending significantly more seriously than the
for example, to maintaining the continuity global average.
of the business rather than for direct
personal gain.
Source: Global Economic Crime Survey 20188 PwC’s Global Economic Crime Survey 2018: UK findings
Fraud risk assessments Fraud risk is an increasingly multifaceted and
50%
complex issue that develops over time. Both
Given the continuing rise in fraud, it is worrying fraud techniques and threats evolve alongside
that 50% of the UK businesses surveyed had not the business’s activities, operations, people
carried out a general fraud risk assessment, which and structures. of UK businesses
looks at the key risks facing particular parts of surveyed had not
their business or activities in the past two years. This makes it vital that risk assessments are carried out a general
fraud risk assessment
This is broadly consistent with the global position. refreshed regularly to ensure developing threats
looking at key fraud
are addressed, and means the lack of frequency
risks in the past two
In our view, a well-considered and closely with which we know risk assessments are being years. This compares
targeted assessment should be the technique that, reviewed is a significant concern. to 46% globally
first and foremost, drives all other anti-fraud
activities. Its absence means that the business’s With risk assessments being an increasing feature
other anti-fraud activities may be poorly targeted of enforcement actions (as well as part of an
and lack effectiveness and specificity. “adequate procedures” or “reasonable procedures” Key questions to ask:
defence under the UK Bribery Act and the
• Am I maintaining
More positively, some companies do report Criminal Finances Act), it’s more important than a view of my
undertaking more focused risk assessments ever that a business’s fraud risk assessment is fit evolving risks –
relating to specific risk areas such as cyber for purpose. Key questions to consider include: including fraud,
vulnerability (52%), anti-bribery and corruption cyber and bribery?
(50%), anti-money laundering (28%), sanctions • Are you just focusing on the obvious areas,
• Is this detailed
and export controls (25%), and anti-competitive where you probably already have the
and tailored to my
behaviour (17%). However, it’s clear that coverage best controls? organisation and
is patchy across all areas. • When did you last update your risk how it operates?
assessment? Does it adequately reflect your
• Are each of the
In our experience, very few organisations have put business as it is today?
risks identified
processes in place to identify major changes in the • Do you have a holistic view of fraud risks, or
covered by
risk profile of the business or parts of the business, have your risk assessments been carried out appropriate anti-
such as new products or new markets. Fraud risk in silos? fraud measures?
assessments, when prepared, are often static • Have you engaged with all relevant
documents, reflecting a snapshot at a moment stakeholders, and do your senior management
in time, rather than responding to a complex have a sufficient level of oversight?
and evolving environment. This type of static • Would your risk assessment stand up to
assessment is not enough. scrutiny in the event of an unexpected
investigation under the Criminal Finances Act
or the UK Bribery Act.9 PwC’s Global Economic Crime Survey 2018: UK findings
Technology 2.0:
How can you focus
your resources and use
technology more effectively?10 PwC’s Global Economic Crime Survey 2018: UK findings
The top fraud in the UK in 2018 was cybercrime, As a result of its prevalence, impact and the
49%
suffered by 49% of these respondents who had requirements of EU General Data Protection
experienced fraud in the past two years. As a Regulation (GDPR), cybercrime is high on the
result it overtook the traditional “winner”, asset agenda for UK boards. One sign of this is that
of the frauds in the misappropriation (32%), for the first time since 82% of Chief Information Security Officers
past two years were our survey started. A closer look at the figures (“CISOs”) in the UK report directly to the board,
cybercrime
underlines the scale of the issue. compared to only 61% globally. This echoes the
findings from PwC’s recent Global CEO Survey,
Given the number of high-profile cyber and data which revealed that cybercrime was one of the
loss issues reported in the media recently, it isn’t top current concerns of business leaders.
surprising that 42% of UK respondents felt that
cybercrime will be the most disruptive economic Fortunately, UK business appears to be taking the
crime over the next two years, far higher than challenge of cybercrime seriously, with a higher
the global average of 26%. level of UK businesses than the global average
having put cyber security programmes in place.
As a developed economy, the UK represents an That said, 25% of UK respondents still do not
attractive target, especially for overseas threat have such a programme, or are still evaluating
actors. Their attacks are causing significant whether to have one. This is a risky position to
business disruption, and are often used as a be in.
channel to commit more traditional frauds
such as the theft of assets, cash, or Intellectual Exhibit 1: What type of economic crime was
Property. Cybercrime is often simply a new take committed through cyber attack?
on old-fashioned confidence tricks, but can also
be highly sophisticated. Disruption of 29%
business
30%
processes
Asset 26%
misappropriation 24%
Intellectual 22%
Property (IP) theft 12%
13%
Extortion 21%
12%
Insider trading
10%
UK Global
Source: Global Economic Crime Survey 201811 PwC’s Global Economic Crime Survey 2018: UK findings
Gone Phishing?
Over half of the cyber attacks reported in the
last year involved phishing, which seems to be
more prevalent in the UK than in the rest of the
world (20% higher than the global average). It
could also be that the UK is just better at spotting Technology and fraud detection
phishing attacks.
This year, our survey shows that the most
However, what is clear is that phishing (a broader successful fraud detection methods in the UK
term to cover mass attacks that are playing the rely on people – with fraud risk management the most successful
odds) or spear-phishing (more targeted attacks techniques (detecting 19% of frauds), internal fraud detection
on an individual) are often just the starting point tip offs and whistleblowing (detecting 16% of methods in 2018 have
for a wider attack. Phishing allows fraudsters to frauds) and internal audit (detecting 15% of relied on people
gain access to a company’s systems, whether for frauds) coming out top. The percentage of frauds
the purposes of stealing information, blackmail, detected by all of these methods has increased
or simply to cause disruption. compared to 2016, suggesting that anti-fraud
measures are getting better at detecting issues.
Email filtering will catch some phishing attacks,
but given that businesses almost always need to However, while people-based detection methods
let through external emails, it is difficult to catch are essential, they can also be labour and cost
every phishing attack. intensive. In the current climate, the best fraud
detection harnesses the power of both people
Also, criminals’ phishing tactics are changing and technology to balance higher effectiveness,
over time. The consequences of attack can be with tight control of costs.
devastating, so awareness and diligent behaviour
on the part of technology users is a vital defence. Exhibit 2: How are companies detecting fraud?
Phishing capitalises on our vulnerabilities as
Fraud risk management 19%
humans, playing on our curiosity or fear and 14%
acting as a trigger that causes us to do something
Whistleblowing and 16%
we wouldn’t usually do. Phishing files are
internal tip off 13%
deliberately titled to exploit human behaviour –
names such as ‘Pay_details_for_all_staff.xls’ and Internal Audit 15%
‘Planned_redundancies.ppt’ have both been used 8%
in the past. Suspicious 10%
transaction monitoring 22%
Ultimately, defence against phishing attacks By accident 7%
relies on humans, as well as technology, so 8%
training, awareness and escalation procedures Data analytics 1%
are key tools to use. 8%
2018 2016
Source: Global Economic Crime Survey 201812 PwC’s Global Economic Crime Survey 2018: UK findings Making technology work for you, not The known unknowns: what is against you lurking in your data? When technology is used well, it can be of a With data analytics detecting only 1% of frauds
13 PwC’s Global Economic Crime Survey 2018: UK findings
Bribery 2018:
the ongoing impact of the
UK Bribery Act on business’
approach towards bribery
and corruption14 PwC’s Global Economic Crime Survey 2018: UK findings
One of the most surprising statistics in this year’s So, is this trend telling us that bribery is suddenly
2018
survey was the big increase in the proportion of UK more prevalent in the UK? Or is something
2016 organisations that reported having experienced else going on? Our experience tells us that it’s
6% bribery and corruption in the last two years – a the latter.
figure that has leapt to 23% from just 6% in 2016
23% 23% (with the global average in 2018 being 25%). Policies, backed up by actions
the number of
organisations While research done by observers such as In the past ten years, the UK has gone from
experiencing bribery Transparency International, indicates that the lagging behind the rest of the world in its anti-
and corruption in the level of bribery and corruption in the UK remains bribery laws and enforcement activities, to
past two years has relatively low from a global perspective, our being at the forefront of global anti-corruption
increased from 6% survey suggests that the issue is having a serious efforts. It now appears that these developments,
to 23%
impact on our UK respondents. and the greater openness they have helped to
generate, are having a significant impact on our
Our survey also finds that nearly a quarter of UK findings.
UK businesses had been asked to pay a bribe in
the past two years, either in the UK or in their
overseas operations. In 2016, only 5% reported
that they had been asked to pay a bribe.
Exhibit 3: What percentage of those who experienced fraud experienced bribery & corruption?
UK 23%
Africa 32%
Asia Pacific 30%
Eastern Europe 31%
Latin America 26%
Middle East 22%
North America 13%
Western Europe 13%
Source: Global Economic Crime Survey 201815 PwC’s Global Economic Crime Survey 2018: UK findings
The UK Bribery Act, which came into force Managing your bribery and
3/4
in 2010 has been instrumental in bringing to corruption risk
light a number of high-profile cases, and has
without doubt led to huge improvements in The starting point for developing processes and
how UK business prevents and detects bribery. of the UK controls to manage bribery and corruption risk
It has also led to massive increases in the sums respondents to our should be conducting a risk assessment – this is
business spends on ensuring compliance. At the survey said their also the first principle of “adequate procedures”
organisation had
same time, the UK has remained committed under the UK Bribery Act. Given this, and the
a formal ethics
to an agenda of fostering transparency and number of cases of bribery and corruption that
and compliance
responsible business behaviour, as set out in the programme in place have been in the news recently, it is surprising
recently published UK anti-corruption strategy that only half of respondents to our survey had
2017-2022. Both the OECD (Organisation for carried out a bribery risk assessment in the past
Economic Co-operation and Development) and two years.
Transparency International have praised the
UK’s efforts, particularly with regard to foreign In addition, we found that a significant minority
bribery offences. of respondents are not using any kind of
monitoring technology in relation to bribery
This commitment to tackling bribery is also and corruption. While these kinds of frauds are,
evident among UK businesses. Three-quarters arguably, harder to detect than cyber breaches
of the UK respondents to our survey said their (which the vast majority of respondents do
organisation had a formal ethics and compliance use technology to monitor), all organisations
programme in place. Of these, 62% said that this have access to data that, if analysed properly,
included specific anti-bribery and corruption will enable them to pinpoint anomalies and
policies, well above the global average of 50%. inconsistencies that require further investigation.
These figures indicate that a number of factors, This approach is particularly relevant in
including an increased focus on creating a relation to bribery, as such ongoing monitoring
culture of transparency, the promotion of is a key part of any “adequate procedures”
whistleblowing hotlines, and encouragement defence, and is also an area where we see many
from the authorities for organisations to self- organisations struggling.
report, have all contributed to an environment in
which UK organisations are far better informed
than only a few years ago regarding potential
incidences of bribery and corruption in their
global operations.16 PwC’s Global Economic Crime Survey 2018: UK findings
The legacy of historical offences The risks of doing business
Of those UK respondents who had experienced
fraud in the past two years, only 5% felt that
bribery and corruption had the most disruptive
Whilst there has been a sustained effort in
the UK to tackle bribery and corruption, our
survey suggests that this type of fraud is still
21%
of the UK
impact on their business. This may be because having a big impact on UK organisations. As an respondents felt
many have spent considerable sums putting illustration, some 21% of our UK respondents that they had lost
an opportunity to
in place extensive compliance activities and felt that they had lost an opportunity to a global
a global competitor
frameworks, and believe the risk of future competitor who they believed had paid a bribe, who they believed
bribery and corruption is low. up from just 7% in 2016. had paid a bribe
Significantly, a large proportion of the high- The UK’s strong focus on the anti-bribery and
profile cases that have come to light recently corruption agenda may also explain why over
have been historical in nature, involving half of our respondents reported that they Key questions to ask:
investigations centred on allegations of improper included specific anti-bribery and corruption
• Do I understand
behaviour stretching back many years. Many of due diligence as a part of work undertaken when the detailed
these have been uncovered through the recent acquiring another business. bribery risks facing
focus on corporate integrity. my organisation?
This is higher than the global average of 45%,
• Is my programme
Similarly, looking forward, only 10% of and second to regulatory compliance as a priority
of adequate
respondents think that bribery and corruption for due diligence.
procedures linked
will be the most disruptive economic crime that to these risks?
they experience over the next two years. This aligns with our experience of client
demands for such services as well as even greater • Is the ethical due
focus on volume based integrity due diligence diligence on those
I do business with
on businesses’ third parties. Such measures are
adequate?
sensible, given that 55% of fraud threats come
from sources external to the organisations, as
referred above.
What4:additional
Exhibit due diligence
What additional do you
due diligence dodoononacquisitions?
do you acquisitions? Source: Global Economic Crime Survey 2018
Anti-bribery and Anti- Cyber security Sanctions and Regulatory Tax compliance
corruption competititive / export control compliance
anti-trust
53% 52% 57% 49%
43% 43%Contacts If you want to know more about any of the issues discussed above, be it fraud or bribery risk, cyber threat prevention, forensic technology or integrity due diligence, then please contact one of our subject matter experts. Fran Marwood Ian Elliott Umang Paw Mark Anderson Investigations Partner, Partner, UK Forensic Head of Digital & UK Anti-Bribery and Forensic Services Services Leader Forensic Investigations Sanctions Leader T: +44 (0) 20 7213 4709 T: +44 (0) 20 7213 1640 M: +44 (0) 7931 304666 T: +44 (0) 20 7804 2564 M: +44 (0) 7841 491400 M: +44 (0) 7711 912415 umang.paw@pwc.com M: +44 (0) 7770 921256 fran.marwood@pwc.com ian.elliott@pwc.com mark.r.anderson@pwc.com Survey editorial team Marketing team Kathryn Westmore Jennifer Miranda Senior Manager Marketing Manager T: +44 (0) 20 7213 2941 T: +44 (0) 20 7213 3939 M: +44 (0) 7715 211090 M: +44 (0) 7715 033797 kathryn.m.westmore@pwc.com jennifer.miranda@pwc.com
www.pwc.co.uk/gecs At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com. This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. © 2018 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to the UK member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. Design Services 31157 (02/18).
You can also read
