Companies are losing billions to external fraud and shareholders are paying the price

By Marianne Robak, Fraud and Corporate Litigation Lawyer, McCathern PLLC

If you feel like you’ve heard of corporate fraud in the past couple of years, there’s a good reason. “Fraud, compliance issues and cyberattacks are common, have increased in severity and are expected to become more frequent,” according to the new KPMG 2022 Fraud Outlook.

It is important to note that the survey shows type fraud causing the most damage.

Business fraud comes in many different forms. Internal fraud “comes from an employee, director, officer or owner,” KPMG explains. External fraud “comes from a third party, such as a customer or supplier”. The latter type is much more common among North American companies. Two-thirds of North American respondents said their companies had experienced external fraud in the past 12 months; less than 20% said their company experienced internal fraud during this time.

Why this spike in fraud? Bruce Dorris, president and CEO of the Association of Certified Fraud Examiners (ACFE), warned early on in the pandemic that this is what happens in times of economic instability. “A significant factor is the increased pressure that businesses and their employees are feeling as they struggle to meet the challenges of a down economy.”

There is also confusion and upheaval that can make businesses more vulnerable to fraudsters. With employees focused on so many tasks, it can be easier for bad actors to find loopholes to exploit.

Billions of losses

Prior to the pandemic, the ACFE estimated that fraud cost businesses 5% of their revenue each year, totaling more than $4.5 trillion worldwide. These losses affect the value of the shares. So investors have a lot at stake. I’ve seen it happen. Although I do my best to recover my clients’ investments, it is essential to take a series of steps to avoid becoming a victim of fraud in the first place. Investors can play an important role in ensuring companies are proactive. During earnings calls and conversations with investor relations representatives, ask about these types of security measures:

Due diligence in determining the value of a seller

Before entering into a business transaction with an organization, the company should conduct a thorough investigation to determine the true value of the supplier’s business. Does the company request financial statements and ensure they are all included? Is the business seeking a court filing and bankruptcy filing? Does the company regularly engage a third party to search for the seller’s assets and ensure its solvency?

All this is necessary to ensure that the seller is able to pay his debts or a judgment in the event of a commercial dispute. If a seller defrauds the business and has no assets to cover the costs, the business will likely never recoup its losses. These steps are also crucial for “sniffing out” lack of trust before a business relationship begins.

Ensure the accuracy of payment instructions

Shareholders should ensure that the companies they invest in have policies to avoid being defrauded by online hackers. Hackers frequently defraud businesses by communicating with vendors over the Internet. For example, companies should be very careful when receiving wiring instructions via email, phone apps, or social media. These often seem safe and legit, but looks can be deceiving. Some hackers create emails that look like a company’s official account; others break into a real email account and use it to send fake instructions.

Ask any company you invest in how they handle large payouts. Do they call and speak with their point of contact within the organization first to confirm instructions? Do they try to video chat with the person first to make sure the instructions are legit? Is someone who can recognize the touchpoint on the call?

Verification of bank statements in double shift

Investors should also ask if the company has a policy in place to ensure that at least two people review all details surrounding each bank transaction within the first 30 days of receiving bank statements from the company. This is necessary because most banks are only required to refund fraudulent transactions if they are detected and reported within this time frame.

It is also important that two people review the bank accounts in case the seller has someone within the company to help with the fraud. When a second person is responsible for confirming the accuracy of each transaction, the risk of fraud is greatly reduced.

Of course, there are also cases of internal fraud. Looking closely at the company’s earnings, balance sheets, and other available information can be crucial to help spot it.

Bad actors are always coming up with new ways to scam companies. It takes the vigilance of as many people as possible to prevent fraud. With shareholders pushing them, companies will be more likely to step up their security, which will help keep your investment safe.

Marianne Roback is a partner in the Houston office of McCathern LLC. His practicethis is focused on commercial litigation and corporate fraud.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Shirlene J. Manley