With businesses ordered to close, workers advised to stay at home and financial markets at their most volatile, companies and their leadership are under pressure to ensure that the Coronavirus Disease 2019 (COVID-19) crisis does not become a business crisis.
Businesses have diverted much of their energy to enabling those working for them to work from the relative isolation of their own homes, working tirelessly for customers while preserving cash. In all of this it is important not to overlook the maintenance of a robust control environment.
In this GT Alert, we consider the increased risk of fraud and error in times of crisis, the response of authorities in the UK and US to date and we offer some guidance on how business may be able to manage such risks.
External Threats, Internal Risks – Two Sides of the Same Coin
Stories are already emerging of alleged fraud.
In the US, the Department of Justice has filed its first enforcement action since the COVID-19 pandemic related to fraud against a website falsely claiming to ‘offer consumers access to World Health Organization (WHO) vaccine kits in exchange for a shipping charge of $4.95’.
Attorney General William Barr has also directed all US Attorneys in every district in the United States to focus on the investigation and prosecution of COVID-19-related fraud schemes and has urged the public to report accusations of COVID-19-related fraud by contacting the National Center for Disaster Fraud (NCDF) hotline.
In the UK, Financial Conduct Authority (FCA) has issued guidance listing examples of scams people should look out for including but not limited to:
- Loan fee/advance fee fraud targeting those already under financial pressure, namely being requested to hand over an upfront fee when applying for a loan or credit that is never obtained.
- ‘Good cause’ scams. This is where investment is sought for good causes such as the production of sanitiser, manufacture of personal protection equipment (PPE) or new drugs to treat COVID-19 – with scammers using the promise of high returns to entice consumers.
- Using the uncertainty around stock markets, scammers may advise you to invest or transfer existing investments into non-standard investments.
- Clone firms. Some scammers will claim to represent authorised firms to appear genuine. In particular, be aware of life insurance firms that may be cloned.
- Scammers may contact you claiming to be from a Claims Management Company (CMC), insurance company saying they can help you recuperate losses and ask you to send them some money or your bank details.
- Cold calls, emails, texts, or other messages stating that your bank is in trouble due to the coronavirus crisis, and pushing you to transfer your money to a new bank with alternative banking details.
In addition, the National Crime Agency (NCA) has warned of the increased risk of scams including specific advice to businesses on how they can avoid so called ‘Mandate Fraud’, where victims are deceived into amending account information for regular payments to suppliers who may have fallen victim to a phishing attack.
The NCA’s advice highlights the need to ‘establish robust internal processes’; however, as well as being robust enough to avoid falling prey to these external scams in any situation businesses must now also ensure that compliance programs are effective in a home working/self-isolating environment. On occasion this will not be the case. For example, a ‘work around’ to deal with the requirement for two original signatures to make a bank transfer could potentially be exploited to facilitate a phishing cybercrime.
Guidance for Businesses
Below, we share some guidance that may help businesses manage such risk throughout the current crisis.
1. Risk assess and update policies as required in the ‘new normal’ of working remotely.
Not all company policies and procedures will stand the test of remote working. Consider assessing risk for your business in the new working environment and making any necessary updates to policies and procedures so that internal scrutiny, formal auditing, and authorisation can still take place effectively.
2. Maintain monitoring and supervision.
Working from distance creates challenges, risks, as well as opportunities. Technology may be used to ensure that monitoring and supervision protocols geared to office-based employees and physical proximity are updated to take into account remote working.
3. Communication, communication, communication.
If in a real estate environment, it often is all about location, location, location – in a virtual world it is all about communication.
Employers may wish to remind employees of existing controls and update them on changes flowing from the new remote working environment.
Likewise, making sure that remote working and self-isolating workers do not feel cut off or inhibited from asking questions or liaising with colleagues may be effective. Teamwork is more important than ever. Team meetings may be held online and by phone, to keep the lines of communication open and encourage questions.
An indirect but real consequence of the COVID-19 pandemic is the shift in the way we all work almost overnight. Compliance programs and systems and controls, including procedures for monitoring and supervision should cater to this new working environment. Conducting risk assessments and updating relevant policies and procedures may be an effective place to start as well as continuing to encourage open communication.
For more information and updates on the developing situation, visit GT’s Health Emergency Preparedness Task Force: Coronavirus Disease 2019.