Michael Luckman: Well welcome everyone to our new look, online, COVID-free ThinkHouse Unlocked. I have to say we're missing meeting you all in person and we're doing our best to keep in touch as best we can, in this case through a series of online and live webinars. This is the third in the series. We're talking about fraud in times of crisis and I'd like you to give a big welcome to our two resident 'fraudsters' here, Alex Jay and Brid Holden who are experts in our litigation team, well use to dealing with major fraud cases and matters.
If you think fraud a matter of minor significance, here's a few statistics for you: worldwide the impact of fraud is around six per cent. of gross domestic product. That's quite a significant number. In the UK that translates to somewhere between 130 and 190, wait for it, billion pounds a year and the average UK business is likely to lose somewhere between three and six per cent of its revenue to fraud and in some cases, in major cases, that can be as high as ten per cent. Fraud is also a particular issue in the Government and public sector circles as well and it's fair to say that fraudsters are not shy about creating opportunity out of the kinds of crises the government gets involved with.
So I would like to turn directly to Alex, I think you'd agree we are definitely in unprecedented times of crisis. How is the fraud market shaping up at the moment?
Alex Jay: Yes well I think that's fair to say Michael, we certainly are in unprecedented times and in terms of the impact on fraud that is going to arise as a result, there's a couple of things we can say. You know, we can look back of course at history to draw comparisons with a number of similar events because of course the current COVID course of events is a crisis in its own right, a healthcare crisis, but it's also created an economic crisis that we're feeling. We've seen unprecedented negative GDP spikes, every time you read the papers there's often more bad news about struggling businesses or job losses, all of the sort of things that are indicators of difficult financial times and of course you only need to look back at the financial crash, the credit crunch of 08/09 for a similar level of financial impact from a recession to try to draw some comparisons. What we saw in the credit crunch was, as reported by KPMG, who provide a fraud indication report every year, in the wake of the credit crunch we saw the second highest recorded amount of fraud in the history of KPMG's survey so we saw unprecedented levels of fraud and of course that's always driven because hard financial times drive fraud.
You have businesses/people under financial pressure that can drive risky behaviour, you have fraudsters who take advantage of difficult financial times to try to persuade people to invest their money, to promise returns at times when people need them, you have all of these sorts of issues that arise where you have a difficult financial landscape that simply drives up instances of fraud. So looking at the effect of COVID from a financial perspective and the significant impact on the economy that it's having, I think from that point of view you can certainly say that we are likely to experience significantly increased levels of fraud just because of the financial impact alone.
Michael: I think some wise old source said that those of us who do not learn the lessons of history are destined to repeat them, what further detail can you sort of pick out about those lessons of history and what should be squirrel away for use?
Alex Jay: Yes and that's a very interesting and perceptive question. I already talked about the COVID course of events causing a financial crisis but also being in its own right a crisis, a crisis that needs to be addressed and it needs to have lots of measures put in place and lots of people are doing lots of different things in different ways, whether that's trying to produce a vaccine or trying to produce more face masks than we've ever probably needed in history in a short space of time. But a crisis generates a response and sadly we can look back at history at crises and we can see that fraudsters try to capitalise on the response.
If you go back to 2001 in the UK we had the foot and mouth crisis. This was a disease affecting cattle that was a very contagious problem and resulted in a very significant Government-led initiative to try and address the problem. As part of that lots of contractors were hired to help with the disposal of cattle and management of tracking where cattle go and all of that sort of stuff and obviously lots of people responded very positively but some people also took advantage over-charging the Government in effect because in its rush to put out and to engage people to help with the crisis of course the normal checks and balances you might acquire in a more dispassionate contract process weren't always able to be implemented, and people took advantage and over-charged. I know there was a day of reckoning after the EU crisis had been dealt with to deal with people who had over-charged but that's what happened.
If you wind forward a few years some people might remember the Indian Ocean Tsunami that caused a lot of damage particularly to island states, Indonesia and some of the Indian Ocean island countries and there was a huge international aid effort, I think something like $6.25 billion was ultimately advanced to assist affected areas.
What I happen to know, because we worked on a case, is that not all of that money was applied properly, in fact some of it was misappropriated by particular individuals who took advantage of the amount of aid being made available and they took advantage and effectively siphoned it off for their own benefit. That's an interesting point, one of the reasons why crises and fraudsters often come together is because fraudsters know where there's a crisis and there's an economic response there's an opportunity for them to tap into monies being made available to take them for their own advantage.
A few more examples, Hurricane Katrina: that was the hurricane that hit Louisiana described as the most destructive natural disaster in US history and yet, an interesting stat that underlines the point around fraudsters taking advantage of a crisis, within a week off Hurricane Katrina making landfall the FBI estimated that there were nearly 2,500 fraudulent Hurricane Katrina internet sites of the sort of 'we can help', 'click here', 'pay us a fee' and, this is a stark example of how quickly fraudsters will try to take advantage.
Two other quick ones that certainly the UK will remember, and the Americans, the BP oil spill Deep Water Horizon, there was a huge number of fraudulent insurance claims on the back of that claiming you've been adversely affected by the oil and they hadn't really so that was something that happened. And of course people will remember the Grenfell Tower block fire. That was a very difficult event of course and there was a huge response, but even that was targeted by fraudsters.
It was reported, I think, that at least a million pounds was lost to fraudsters effectively seeking to take benefit from the support being offered by the Government to affected people. So drawing the threads of that together, what we have here is we have a crisis that will be targeted by fraudsters, there's a huge economic response being put out by the Government that will be targeted.
It's already reported that that's being targeted as you've commented on in your opening statement. But we have the additional double-pronged attack here in that this is a crisis in its own right which is driving a financial crisis so we have two problems to deal with and I think that is going to exasperate matters and we're going to see unprecedented levels of fraud. In fact Jim Chanos, he's a well-known Wall Street trader, has come out in an article in the last few days and said we are entering what he calls the 'golden age of fraud' so that is a nice pithy line which I tend to agree with in terms of the times that we are heading into.
Michael: What a depressing view of humanity, that people will always take advantage of other people's misfortune for their own game, how depressing is that? But why don't you, can you play your own Jim Chanos please Alex and give us some view of where you think the future will go. How in your experience has it shaping up right now?
Alex: Well I think we're already seeing significant reported instances of fraud, we're seeing cases being reported and flagged in the press already about the furlough scheme being targeted by fraudsters, no doubt the other Government support schemes will also fall victim in some part to being targeted by fraudsters.
Michael: Brid can I bring you in here, looking specifically at obviously COVID itself the impact of COVID but also the impact on the economy. Are we going to see special types of fraud cropping up? What are the types of fraud that we are likely to see coming out of this crisis?
Brid Holden: The effects of fraud itself are very far reaching so you can imagine there are very many categories of fraud which are captured by it. It is probably worth just revisiting that offence just to give an idea how far reaching it is so it involves a person dishonestly making false representation or wrongfully failing to disclose information or abusing a position of trust with intent to make a gain or cause loss or expose another to the risk of loss.
Action Fraud and Cash Crisis are reporting eight different types of fraud. Most involve the fraudster obtaining a dishonest advantage, often financial, over the victim. Having deal with so many different types of fraud, it is not a victimless crime and it has far reaching consequences where the victim be that an individual or a corporate.
Now looking at personal fraud or fraud against individuals, some there have been certain studies that have been produced and the Office for National Statistics released a summary on the nature of fraud and computer misuse in England and Wales with the year ending March 2019 and it reported that one in eight victims of fraud were victimised more than once. That statistic has remained fairly constant for the previous three years for which data is available. So coincidentally as well, and this is actually what's surprising, is that fraud victimisation, the likelihood of being a victim is greater in higher income households and it is lower in older age groups, save for investment fraud for older, the older age group is more likely to be a target.
Now in 76% of fraud the victim incurred a financial loss, these sorts of statistics are a bit of a wake up call. Again looking at corporate fraud, which is probably more relevant to the audience here today, Michael you mentioned some really stark statistics about global losses caused by fraud and corporates PwC produced a global economic crime survey in 2020 and the UK findings reported that 56% of respondents experienced fraud in the last 24 months, a very high number. 33% lost an opportunity to a competitor who they believe to have paid a bribe and 28% unsurprisingly cite cybercrime as the most disruptive type of fraud.
So analysis from the economic crisis shows us that these figures are likely to increase and considerably so, and Alex has touched on that. Corporate fraud is really far reaching. It can reach from can range from account takeover, mandate fraud, procurement, false invoices, domain name scams, intellectual property fraud, procurement fraud, insurance fraud, I could go on, I could probably speak for half an hour about the various types of fraud that can occur to corporates.
So looking ahead there is no new rulebook as a result of COVID-19 and the economic crisis for corporates and individuals alike in terms of prevention and protection really. The system has checks and balances, segregation of duty, proportionate checking regimes and awareness of responsibilities for the employees and then of course event assurance when fraud does take place.
Michael: And one of the elements of COVID I wonder whether, just focusing in on that a bit particularly. We are all working quite a bit of home, and I do not know whether it is just me but I have had quite a few phishing attempts coming through from strange and weird and wonderful places. Are we seeing an increase in cyber fraud and what other types of fraud are particularly picking up at this time?
Brid: So looking specifically at COVID-19 what we are seeing is, well firstly forecasting economic outlook is always fraught with economic uncertainty but we are seeing some specific types of fraud so I know Michael, you and I chatted quite a while ago about the number of companies which were incorporated at Companies House with COVID in the name, since then the pandemic took hold and we have got for instance COVID-19 Claims Limited, COVID-19 Grants and Loans Limited, and COVID-19 Virus Compensation Limited. Now I know Alex has touched about those thousands of websites after Hurricane Katrina, we are seeing something very similar here in the UK.
So in terms of threats from a fraud prospective and what we are seeing our clients facing. We would predict a huge increase in certain types of fraud. These particularly range from health sector fraud. So fraud within the NHS was estimated in 2019 in excess of £1.2 billion per year that is the equivalent of 40,000 nurses. Obviously if there is a clear threat, there is increased fraud within the NHS because of the pandemic, a perfect crisis really for fraudsters. So we are seeing this being widely reported on, for example vaccines, sanitisers, PPE, ventilators, threat of fraud exists both internally within the NHS Trust etc. and externally via suppliers who range from fraud including procurement, mandate, recruitment and payroll.
We are also seeing pandemic investment fraud. Again this is something we advise on time and time again. Economic crisis are a perfect storm for this type of fraud. Savers pension pots are very vulnerable and particularly so since the introduction of the pensions freedoms. Some £54 million of combined savings were targeted by scammers by 13 providers last year alone but you know £54 million is a large amount of money in terms of pension pots. There will be a significant increase of pension investment and pension liberation frauds as people are drawn in by the prospect of increased returns particularly in an economic crisis where interest rates at the bank are low and people are also facing redundancy etc.
So the media is already reporting a wide and big increase in advance of these schemes, so for example we have seen criminals, I actually have been on the receiving end of emails involving Bitcoin or any of crypto currency for example.
So investment fraud as well, we have predicted and indeed see that this rose considerably in lockdown, when you think you have that category of older people who were isolating or self-isolating are more vulnerable. The commodities I suppose, this fraud has been around for a long time, commodities may vary but how the scam works is largely unchanged. The probability of commodity may be COVID-19 related as a scheme potential investors with usual return are promised rather high returns which never come true and the altruistic nature of such investments in this as well.
So another fraud, Alex briefly touched on this, is legacy fraud and that is where when a company enters recession or an insolvency procedure, some sort of takeover often then frauds are uncovered because the accountants look at the financials and are subject to scrutiny which would previously if the fraud was in place within an incorporate it could have been capable of concealment. We have advised extensively on this and I can see this becoming very prevalent in the coming months particularly as the Government support packages are withdrawn. The competition cartels today, it's safe to say there has been relaxation in rules which means that fraud is likely to be occurring there as well but as those rules are implemented again and implemented you know it would come out, it always does I think.
So yes you mentioned Michael, and it is a big issue more for the people today, cyber fraud. Key concern for many of our clients, cyber security is such a significant part of corporate cultural now with cyber-crime becoming increasingly sophisticated and very difficult to predict and with the resulting losses also. So we are working from home a significant number of us, either full time or part time, but for many people this is the change to what would have been their usual working pattern. For every individual and corporates alike, the right infrastructure may not have been in place and properly trialled before we all started this homeworking.
So cyber and hacking criminals they really do not care and they are taking advantage. In the UK the NCSC has detected more UK Government branded scams related to COVID-19 than any other subject. One of the key threats observed by the NCSC are phishing attacks which hackers often use as a first route into organisation, and again I can hold up my hands and say I have had emails during the course of the lockdown where if you are distracted you might be inclined to press on them and that is the difficulty. They request credentials or malware is commonly hidden in those emails and individuals are invited to click on the link that will take them to pages run by cyber criminals. The other thing to note about cyber criminals is that they are becoming ever increasingly creative in devising new ways to exploit users, attack technology, to access passwords, networks and data.
We can see as well there is a heavy emphasis at the minute on sim card and then being able to access your sim cards etc. So there is a heightened risk with people working from home for corporates so that you are away from colleagues and the workplace environment and you may be distracted, I know in my case by children or family members because you are at home. People may become less vigilant and click on a link that they would not generally do and they would have thought twice about it in previous circumstances. The attacks as well it is worth knowing they also play on individuals heightened anxiety at the time of COVID-19. So it is a case of being vigilant, being aware, making sure the assurances and the systems and checks are in place, yes that is what I would say.
Michael: Well it is has certainly presented a picture of very much increased risk environment in terms of success and fraud and I wonder just as final passing comments from both of you, I might ask you Alex to give us some views on how you might manage general fraud and risk and Brid if you wouldn't mind your views specifically on the cyber fraud elements. Alex first.
Alex: Thank you very much. Well both of you have successfully frightened the life out of me, I will be running back and checking my bank accounts just to see how much I have lost, I am clearly not aware of it going on Alex so I am clearly losing money hand over fist somewhere. I have got the impression of the two of you as sort of fraud superheroes keeping the world safe from the bad guys so thank you very much, it has been a very interesting presentation and really put it in context very well so thank you both and thank you everyone for listening.
What internal controls can you introduce? How can you try to ensure you are as insulated from fraud as you can be? If there is one takeaway thing there is to remember it is a maxim that is cited regularly in anti-fraud circles it is that if you increase the perception and the minds of those you deal with or are employed by your business, if a fraud is carried out by the business it will be detected to increase the perception of detection then that has a, one of the best things you can do to stop it happening in the first place.
An awful lot of people will not commit fraud at all, if they were minded to do it, they will think twice if they consider there is a serious risk of being caught if they do, and of course if they don't consider there is that risk it is more likely they will just think I might as well go ahead and do it. So that would be my key take on it.
Michael: And Brid on the computer side, the cyber side.
Brid: Well I suppose for the corporates now is the time to be seriously considering your cyber security matters and considering any additional steps because of that increased home working. You need to be protecting specifically devices and connections and warning employees about the increased likelihood of phishing attempts and scams regularly.
Also there needs to be a reminder about company policies, updates and passwords etc. and then if the worst does happen that employees have immediate access for help concerns so they have that number for the IT helplines so steps can be taken immediately.
It is also worth noting some attacks will succeed, we can see that in the media. So looking at post event assurances and lessons to be learnt and what I would say as well, what I find really helpful rather, is the NCSC Government website because that is detecting you know in particular scams which are on the increase or whatever and corporates or IT departments responsible for cyber security should be monitoring that so that information can be filtered through to employees as to what is high risk at the minute.
Michael: Thank you very much. Well both of you have successfully frightened the life out of me, I will be running back and checking my bank accounts just to see how much I have lost, I am clearly not aware of it going on Alex so I am clearly losing money hand over fist somewhere. I have got the impression of the two of you as sort of fraud superheroes keeping the world safe from the bad guys so thank you very much, it has been a very interesting presentation and really put it in context very well so thank you both and thank you everyone for listening.