As new compliance rules loom – GDPR and CDD – new acronyms (and mandates) make companies scramble to get to know their suppliers a bit better. May (the month) may see risk compliance efforts flower. In the meantime, invoice and payments fraudsters may be getting a bit bolder, grabbing everything – even the barn.
May marks the debut of new compliance efforts – key among them, of course, GDPR (which covers Europe but touches these shores), and as of last week, new customer due diligence mandates.
To that end, risk solutions firm Kroll partnered with Ethisphere to offer up the Anti-Bribery & Corruption Benchmarking Report of 2018. As noted by law firm Mishcon de Reya, the report states that firms are concerned about third-party risks, with a particular emphasis on “opaque ownership structures” that are increasingly becoming a priority for compliance teams.
That opacity is heightened by open banking and cryptocurrencies. Although a majority of firms – 84 percent – collect ownership information about the companies with which they do business, context is important.
The report recommends a collaborative approach among information security and compliance team members. As GDPR takes effect late in the month, firms must be compliant with new rules and regulations. Also noted by the site, Ernst & Young’s Global Fraud Survey has set its sights on compliance efforts. The data from this survey shows that while 78 percent of respondents are aware of penalties tied to breaching compliance rules, only 57 percent know that people have been penalized for breaches.
Local news stories show that fraud – across payroll schemes and otherwise – remains alive and well across the globe.
In one example, in Kenya, media outlets reported audits have shown that Isiolo County exaggerated its payroll reporting and lost “hundreds of millions of shillings” between the period of 2013 to 2017. The losses mounted amid double payments, irregular allowances and “ghost workers.”
Separately, here in the states, Fidelity Investments jettisoned (via firings or resignations) more than 200 workers who claimed employee purchase program reimbursements to which they were not entitled. Under the terms of the program, those workers were entitled to be reimbursed for 20 percent of the cost of computers and other work-related equipment, and even exercise-related items, such as Fitbits. In this case, employees bought equipment but cancelled the orders while continuing to collect money under the reimbursement policies – to the tune of thousands of dollars.
In Ireland, three men were arrested by the Garda for their alleged roles in “invoice redirect frauds” that brought the trio 500,000 euros. Two of them had allegedly taken the bulk of that amount, at 300,000 euros, from a Spanish company. The remaining 200,000 euros had been siphoned from an account in Ireland. The site RTE reported that invoice redirection fraud takes place when companies contact businesses directly posing as a supplier, and then fool them into changing bank account information (and sending funds) to those bad actors.
In what might be fraud on a smaller monetary scale but a bit grander on the brazenness front, Ohio prosecutors allege that a maintenance foreman, Robert Schwerman, stole $65,000 worth of goods – included an HVAC system – that were stolen or bought via his local school district’s credit card. As reported by Cleveland 19 News, Schwerman allegedly also had a barn removed from school grounds and placed on his own property.