White-collar crime affects all organizations in Switzerland, regardless of size and sector and seems to be accelerating as people feel the pressure of the recession.
The fraudster most frequently seen by KPMG, in Switzerland and globally, is a manager or employee in or close to finance, respected and trusted who turned into a fraudster after years of service. When revealed, most people are surprised, finding the behavior totally out of character. Regularly this person commits fraud to fund an extravagant or at least very comfortable lifestyle.
So what is the most “typical” of the typical fraudster? That is actually the unexpectedness of that person being a fraudster! We usually think of fraudsters as the “bad” persons. Our experience and study shows that the typical fraudster could be someone like you!
The Swiss business environment is based on trust
Switzerland operates via a culture of trust; its corporate culture is permeated by a sense of community and family, making insider frauds particularly damaging for companies. While most companies in Switzerland have standard internal controls, a person can root out opportunities after four or five years. The fraudster often knows the system’s weaknesses for some time before taking action and the usual triggers for such actions include missed promotions, poor pay, no bonuses or unresolved issues at work. This combination of high trust with the fact that the typical fraudster is usually a regular and previously reliable employee can have huge impact in Swiss companies, as we have seen in the past.
Cyber crime on the rise
There are many possibilities open to a hacker, and based on how open company systems are, we expect to see more crime in this area. The financial pressure in Switzerland is not expected to go away, and nor is its appeal to fraudsters. KPMG expects more frauds to be committed by younger people using sophisticated technology. Globally, cyber-attackers are perceived as a younger generation, situated outside the organization. As with all fraudsters, however, not one face stands out as both organized criminals and insiders appear in cyber-attacks.
How can you be prepared?
KPMG investigations show that organizations are most frequently affected by insider frauds involving embezzlement – fictitious invoices triggering money transfers to personal accounts, senior executives siphoning off company assets or clients to their parallel businesses, together with increasing financial statement fraud.
Hence, control frameworks can never be invulnerable, especially when faced with a person who intentionally evades the controls and frequently has the position and formal authority to do it. Therefore, specific anti-fraud measures need to be developed. Companies do not invest enough time looking at their systems from the perspective of a fraudster, to assess and anticipate their biggest fraud risks. In addition, companies often fail to detect issues at local operations as senior executives or head office compliance teams flown in to oversee local operations are not conversant in local conditions or customs.
With the present advancing technology, it seems easier to commit huge frauds. In the past somebody had to forge documents and signatures; today it is all about stealing identities and information, or hacking IT systems. The awareness of data loss, data protection and data privacy issues is growing. In particular, an awareness of the lack of control over the intellectual property stored electronically on networks which allows most employees unrestricted and easy access to information.
So the answer to a better protection is not just a technical problem but also one related to personnel: It starts with raising employee awareness of the possible information risks they face. In that way cyber crimes are actually not that new, they use or more specifically, misuse the trust we have always had to place in each other.