Skip to main content

PwC fraud survey unveils the unexpected gaps that leave organisations exposed

Are we assessing threats well enough… or are gaps leaving us dangerously exposed? Are the fraud-fighting technologies we’ve deployed providing the value we expected? When an incident occurs, are we taking the right action?

These are the key questions asked in PwC’s 2020 Global Economic Crime and Fraud Survey, which has been published this week. The survey received responses from more than 5,000 participants – 62% of whom are at C-suite level – across 99 territories. CUBE cut through the report, to pick out the highlights.

What type of economic crime is being committed?

The survey revealed that the top fraud to have occurred across the board is customer fraud – accounting for 35% of all recorded incidents. Cybercrime came a very close second, accounting for 34% — with asset misappropriation and bribery and corruption in third and fourth place. Given the recent surge in cybercrime during the coronavirus pandemic, it is likely that – at the time of publishing – cybercrime could now be in first place. Interestingly, while cyber accounted for more than 1/3 of fraudulent activity across industries, it only accounted for 15% within financial services.

The unexpected perpetrators

For us, a highlight of the PwC report is the examination of who is carrying out criminal and fraudulent attacks within businesses. As might be expected, external individuals – including customers and hackers – are responsible for 39% of attacks. What is less expected, is that 37% of fraudulent events are inside jobs – carried out by middle management (34%), operations staff (31%) and senior management (34%). In fact, nearly half of the reported economic crime and fraud that resulted in losses of more that $100 million was committed by insiders. For many businesses, this will be a wakeup call to ensure they have the policies and procedures in place to monitor their own employees activities.

Check your blind spots

Managing fraud and economic crime has never been an easy task. A rise in internal bad actors will only make this harder. As PwC points out – external frauds are often transactional and naturally lend themselves to active monitoring. Internal frauds are harder to control, predict and monitor – and often bring reputational damage as well as financial.

What is of particular interest, however, is that many organisations appear to be failing in their attempts to mitigate or address these challenges. Almost half of respondents admitted that they either do not perform risk assessments, or only carry out informal risk-based due diligence. Even more surprising is that fewer than 3 in 10 companies perform limited testing of the operational effectiveness of their systems and controls – 12% do no testing at all.

In a recent conversation between CUBE and Lynn Molfetta of MC Bernstein Data, Lynn pointed out that operational effectiveness is imperative to functioning compliance systems. Without it, “…technology cost could be just an expense, not the investment it should be.”

Technology as a solution

There is no one-size-fits all solution to prevent economic crime and fraud. As technology evolves, many firms may implement new systems in a bid to mitigate the problem.  However, despite the advances in technology solutions – only 3 in 10 strongly agreed that they had been able to implement or upgrade to new technology, citing obstacles such as  cost, limited resources and the lack of appropriate systems. In terms of smart technology, only 25% of respondents admitted to using artificial intelligence.

PwC’s report notes that “one tool won’t address all frauds – and technology alone won’t keep you protected. Back-up your technology with the right governance, expertise, and monitoring.”  After all, your technology and systems will only be as secure as the people who are trained to use them.