Rise of the 'fake CEO' challenging under-resourced finance departments

MUCH of the fraudulent behaviour seen in the corporate world in the years preceding the global financial crash was associated with excessive risk and a lack of governance.

Since then, of course, the world has changed considerably and companies are now faced with a very different landscape. The excesses of the pre-financial crash era led to increased regulatory burden, a greater focus on risk management, compliance, enhanced due diligence and Know Your Customer (KYC) processes, and increased anti-bribery and corruption training as organisations mitigate these risks.

But fraud remains virulent, and constantly adapts to its environment. In the past it was often a symptom of companies growing too fast and getting out of control, but new trends have emerged showing that companies becoming leaner and more efficient in order to reduce costs are leaving themselves vulnerable to fraudsters.

One example stems from technology and globalisation which have enabled companies to consolidate their finance departments into a remote support office often located in “out of town” locations away from the more glamourous company city headquarters. In these circumstances, finance teams frequently manage more operations with less people, which has enabled criminals to commit relatively simple frauds.

Fake CEOs

A particular trend that Kroll has seen is the rise of the “fake CEO” fraud. In this example, fraudsters use phishing emails and phone calls to contact a finance manager in a remote office and convince the individual that they are the CEO who urgently needs funds for a confidential acquisition overseas. Having never or rarely spoken to the CEO in person, the individual obliges without checking with head office. Kroll has investigated many instances where companies have paid millions of dollars or pounds to the fraudsters.

During our investigations of these cases, common themes have emerged. The companies often no longer had a receptionist to screen calls at their back office locations; and they were usually unaware of the data and information that was publicly available. The finance departments were usually under-resourced and over worked. Finance managers said they had to cancel holidays, work long hours and the fatigue and stress to “get things done” had led them to miss what in hindsight were clear red flags about the fraudulent payments.

These days, it is also more common for companies to hire staff on temporary or short-term contracts in junior positions. Often the company believes that physical and network access controls will protect them from theft or fraud by these more transient workers, who are often not fully vetted. In a very simple example, a Kroll investigation uncovered a temporary worker who accessed his manager’s computer whilst he was at lunch, and sent an email to a customer notifying them of a change of bank account details which led to the diversion of millions of dollars. This was discovered only after the temp had left. Some simple controls would have prevented this, including ensuring that all staff locked their computer screen when away from their desk, but the company had undergone significant re-organisation since the crash and had not updated and communicated policies and procedures across the group, leaving them exposed.

Overseas account

Another trend involves companies neglecting their overseas subsidiaries. For example, many US and European multinationals have seen internal fraud and corruption begin to surface in their overseas operations, which had largely been left to their own devices. Kroll has worked on a number of cases where local management were treating a subsidiary like their own “personal bank account”, exploiting their senior status and access to company finances. Kroll has also seen similar situations in Asian companies with European and US operations, which have been acquired since the crash. While internal audit functions have been enhanced over the last few years, they are still sometimes stretched to cover a large global footprint, especially across the emerging markets where local language and cultural differences are but two examples of the many nuances and challenges.

A particular issue the modern global company faces is that it is increasingly swamped with management information and reports from various operations, but lacks the resources to effectively analyse the huge volume of data and understand possible red flags. In one recent case, Kroll’s investigators applied data analytics to match unusual payment spikes to a particular vendor type, to a procurement manager who had moved between subsidiaries. All too often, information that should be relatively clear to see to the trained eye goes undetected due to a lack of resources, with a costly end result.

Companies can benefit from being leaner and more efficient, but to mitigate the fraud risks that accompany their scaled-down operations, they must be smarter and put processes in place to reduce the threats. Our experience demonstrates that there are far too many businesses that, while focusing on securing the front door, have unknowingly left the back window open.

Steve West is a principal at Kroll