Accountants warned as fraudsters seize Covid-19 crisis
We all know that the risk of fraud, both personally and from a business standpoint, is ever-present. However, in the current Covid-19 climate some of these risks may increase or change.
Whether you are an accountant in practice, business, or a charity, you will want to be aware of what is happening. For those in practice remember that there is the additional duty to report suspicious activity to your Money Laundering Reporting Officer (MLRO) who will in turn report to the National Crime Agency (NCA) if appropriate.
Let’s have a brief look at some of the types of risks that might be prevalent at the moment.
Payment diversion fraud
Frauds which have been around for ages, such as payment diversion fraud, continue to be prevalent. However, the risks of such frauds being successful might have changed quite significantly with the altered working arrangements many companies are coping with.
If all, or many, of your employees are now working at home, contact by email may be even more common than usual. Normal control routines may not be working as they previously did, and people may be distracted by their working environment such as by small children being around. All of this means that previous controls may not be effective and a sudden request, apparently from the CEO, to urgently pay someone with account details provided, may not meet with the normal scepticism and phone call to check the details.
Organised crime infiltration of a company
There is also an opening for organised crime to “get to” employees more easily than before. Staff may be suffering financial hardship if perhaps one of a couple has lost their job or is getting a reduced salary due to furlough.
Offers of financial reward for access to systems, passwords or other confidential information might be much more tempting to accept than in normal circumstances. Similarly, payment of a “commission” to put large amounts of money (which is actually the proceeds of crime) through the business bank account may be more tempting to accept than before.
In more subtle situations it is possible to use social engineering, such as phishing attacks, to get desired information from an individual without them realising to whom they are really talking.
Many of these might currently be under the guise of calls from government departments offering grants or loans. A risk on the horizon will be fraudsters posing as part of the government’s contact tracing system seeking personal details.
Hacking risks are also likely to increase with the workforce having been rapidly moved to remote locations. In many situations it might not have been possible to ensure the normal level of IT security was maintained.
Individuals may have had to use their private computers or other devices for work activities and their internet connections may not have been as secure as desired. This may provide weak spots for criminals to access systems and divert money, or to use the information obtained to commit other crimes, such as stealing Personal Protective Equipment because you know when and where it will be delivered or stored.
Frauds instigated by the business
Of course, in some instances, the client or the business won’t be the victim, but the fraudster themselves. Many businesses will be struggling to survive and may be tempted to apply for grants or loans to which they are not entitled.
The Coronavirus Job Retention Scheme (CJRS) is perhaps especially vulnerable. It had to be created and implemented very rapidly with wide applicability. But that also means it is relatively easy for a business to cheat and perhaps claim furlough money when staff are still working.
As well as the risk of fraud though, there is also risk of error, where a business has done their best to claim the appropriate amounts, but just got it wrong.
Remember, that for the purpose of reporting suspicions of money laundering an innocent mistake is not reportable as long as once it is pointed out it is corrected.
What should you do?
Whether you are in practice, business, or a charity, you should try to ensure that all staff, especially those working remotely, are aware of these risks and take extra precautions. For instance, any new supplier’s bank account or any changes in bank details for an existing supplier should be checked with a phone call using pre-existing contact information.
If remote working systems did not originally include all the security features you would have liked, consider whether these can now be enhanced.
If you feel staff might be vulnerable to approaches from organised crime, try to consider what actions may mitigate this. For instance, individuals who feel valued by their employer will be less likely to succumb (though not immune) to offers of cash from criminals. So, look at what you can do to help keep employees engaged, even where working conditions are difficult, or employees are furloughed.
If you are a practice or are otherwise regulated for money laundering purposes, make sure staff receives alerts about factors which might indicate fraud.
Remember, it doesn’t matter if the client is the victim or the fraudster, if there is a suspicion of fraud, tax evasion or other money laundering offences then a suspicious activity report must be made.
Sources of further information
There are, of course, many more types of fraud than listed here, but hopefully the examples in this article will help you to be alert to the risks.
You might also want to consider sending alerts to clients, whether corporate or personal, about current risks, based on the information you receive to help fraud occurring in the first place.
You might also be interested in
Julia Penny is the principal of JS Penny Ltd which provides technical and training consulting on anti-money laundering procedures, auditing and financial reporting. Julia is a member of ICAEW Board and Council, chair of the ICAEW Ethics Advisory Committee and past chair of the ICAEW...