Dramatic changes to the way sensitive information is stored and accessed in the past few years have rendered many tested fraud mitigation and risk management policies obsolete. We teamed up with Berdon LLP Partner Rita Pierre and Director Alex Moshinsky, who shared their insights on modern protocols companies should implement to protect themselves.
Start With Leadership
According to Moshinsky, fraud prevention starts at the top with leadership committing to actively foster an environment of integrity and ethical business.
"It is important that senior management creates a culture through its words and most importantly through actions," he said. "Tone at the top should clearly convey a message that fraud is not tolerated and any such behavior will be dealt with swiftly and decisively."
Pierre added that management should store culture and conduct documents on its intranet and make them mobile-optimized and accessible to all employees.
When whistleblowers feel safe from retribution, it can encourage them to raise vital alarm bells.
"Ensure channels such as hotlines and online submission forms exist for employees to easily and securely report ethics or conduct violations," Pierre said.
Management can also use HR to monitor for violations and ensure employee incentive structures do not contradict or counteract ethics standards.
"Leadership must continuously reinforce corporate values and reward employees for ethically driven behavior," Moshinsky said.
Conduct An Assessment
Uncovering fraud risks with a comprehensive assessment can allow companies to take some immediate preventive or remedial steps.
"Organizations should identify possible fraud schemes throughout all business processes, such as payroll, procurement, purchasing, accounts payable and third party relationships," Pierre said.
Once identified, obtaining a clear understanding of the likelihood and impact the risks can have on the business is essential. To understand their level of exposure, organizations must assess the controls they currently have in place.
"Existing controls should be evaluated on their effectiveness. If controls are in place but not operating effectively, enforce their operations as designed," Moshinsky said.
Within the industry, developers, investors, brokers, builders and owners of CRE assets are often exposed to more risk than other organizations and should perform regular assessments to ensure proper risk management in today's complex environment.
Know CRE-Specific Risks
"Real estate and construction industries experience a high number of reported fraud cases, many of which result in substantial losses," Moshinsky said.
He says this is due to their complex procurement processes, use of third parties, joint venture arrangements, operating in unfamiliar locations, cursorily drafted contracts, extensive use of cash and reliance on undocumented workers.
"The most common fraud scenarios in real estate and construction include bribery, corruption, bid rigging, employer-supplier collusion, billing schemes, check tampering, misappropriation of building materials and supplies, use of phantom suppliers and payroll schemes," Moshinsky said.
"Most organizations are reactive in nature rather than proactive, and proactivity goes a long way," Pierre said.
She added that investing time up front allows companies to focus on business opportunities and goals without distraction, rather than addressing sporadic fraud concerns.
"This, in the long run, makes firms more successful in meeting their business objectives," she said.
Know Technology's Fraud Risks And Applications
Technology, specifically cloud-based computing, has increased fraud risk substantially, but also armed those combating fraud with more powerful tools.
Moshinsky said that multiple electronic transactions can facilitate fraud concealment, but technology allows for the use of data analytics to identify anomalies in transactions and highlight possible fraudulent activities.
"Controls are often more successful if they remain unknown to employees," he said. "They include sophisticated procurement and T&E systems, cybersecurity systems including bio-metric credential recognition, surveillance algorithm technologies, data mining tools and artificial intelligence."
Unintended error could be the result of cyber fraud. Scammers could trick an unwitting employee into releasing a wire transfer to an unauthorized bank account in a phishing scam. Employees often release company funds when the email appears to be from a legitimate vendor.
"In many cases, ongoing employee awareness training is a key fraud risk management control, and should be a part of a comprehensive fraud management program," Moshinsky said.