In the wake of the COVID-19 pandemic, fraud is on the rise. From cyber crime to financial crime, businesses are more vulnerable than ever to threats from organized crime, employee fraud, government imposters and economic statecraft. But there are steps that Canadian businesses can take to mitigate the medium- and long-term risks they face today.
Criminals are increasingly taking advantage of the emotionally charged and financially unsure environment of the COVID-19 pandemic to commit fraud and financial crimes.
As well as the threat of financial scams, businesses also face a number of other financial crime risks (FCR), illicit supply chains and associated money laundering.
The pressure of financial hardship
No business has remained untouched by the financial fallout from the COVID-19 pandemic. The stay-at-home orders necessary to protect people from the coronavirus have brought economic activity in many sectors almost to a standstill. Businesses have been forced into unprecedented circumstances, with many unable to trade at all and many more having to adapt to all employees suddenly working from home.
For some employers, getting all workers online and keeping their business running smoothly has been a challenge that has led to internal controls slipping. For example, there has been a marked increase in attacks against internet-exposed remote desktop protocol (RDP) servers, as bad actors have identified those as a weak point for many organizations 1.
Internal controls are impacted when organizations divert their attention to focus on maintaining sales and cash flow rather than oversight and control. The risk of internal fraud has heightened during COVID-19 as it has prompted many organizations to close their offices and to transition to a remote workforce. This work environment has created challenges with internal controls due to limited employee interaction, new processes implemented and the lack of resources that are available outside of the office.
Organized crime in supply chains
The global pandemic has heightened the dangers posed by the global trade in counterfeit goods, especially for pharmaceutical products. The Royal Canadian Mounted Police have warned that criminal groups are adapting their illegal operations to the pandemic and successfully scamming Canadian individuals and companies 2.
These scams typically offer products online that never arrive or sell counterfeit, unauthorized or substandard goods. Now, these schemes have been adapted to medical goods and the sale of fake COVID-19 test kits and remedies, and the PPE equipment that has been in such short supply. (The CDC has issued a list of PPE equipment and respirators that are not approved for use 3).
Quebec City's Laval University Hospital, for example, is alleging fraud in the purchase of $45 million worth of N95 masks that never arrived 4. The order was placed with a 3M plant in China and the usual tender process was not followed given the urgency of procurement needs. The perpetrator was paid upfront for the masks, but when they tried to transfer the funds out of the country, it set off alarm bells with the bank. The government and the bank were later able to establish that 3M did not have large supplies available at the time and official documents were later determined to be fraudulent.
It's not just the supplies themselves that may be affected. In this fluid environment illicit supply chains can crop up as businesses relax internal controls. There can also be infiltration of supply chains by organised crime and bribing of customs officials to release cross-border goods.
Upholding supply chain standards
It is pertinent that companies continue to perform onboarding and ongoing checks on suppliers to ensure clear visibility over third-party risks. If companies have let “workarounds” creep into business processes in the emergency phase of the crisis, now is the time to assess these and adopt a complete process that’s been adapted to new ways of working, while maintaining standards. Organizations need to continue to remediate and address internal control deficiencies identified, and provide the necessary infrastructure to work from home, including security connections to the business network.
Not only do companies need to ensure that they are not inadvertently taking part in illicit supply chains or facilitating money laundering, they will also have to monitor the chain for sanction evasions. In the confusion, sanctioned regimes may look for new ways to secure goods or raise revenue as their access to the global financial system will be impacted.
Sanctioned regimes will struggle to manage the socio-economic implications of COVID-19 and many are already attempting to find new methods of securing goods or raising revenue. For example, there has been an increase in North Korea’s state-sponsored cyber-crime to drive revenue 5. There is also the potential for North Korean garment manufacturers to try to benefit from decreased productivity in China and South Korea 6.
It is difficult for businesses to predict how long the pandemic will last or what the ongoing impacts might be. However, every company needs to work on financial crime risk assessment, adjust working practices for what could be the new normal and develop business continuity plans that will see them through this and any other coming crises.
Contact HSBC to discuss how we can help you and your business mitigate financial crime risks – and watch a replay of our webinar Responding to COVID-19: Implications on fraud for corporations for further information.