Fraud strikes again (and again). Are we really surprised?

History is repeating itself. The economic downturn caused by fallout from COVID-19 feels very familiar to the economy after the dot-com bust in the early 2000s and the Great Recession in the late 2000s. Just as we saw then, and as we’re seeing now, fraud is a major player in these tight economies.

Economic downturns generally lead to two types of frauds. First, there’s employee fraud, when employees feel the pressure of tough times, rationalize stealing, and take advantage of an opportunity to do it. These frauds happen more than business owners would like, but usually a business can survive them. The second type is corporate fraud, usually carried out by an executive who has been committing fraud for years. In a tight economy, the fraudster loses access to capital to continue their scheme, and their multi-year fraud is exposed. These are the frauds that cause entire companies to collapse.

Two recent examples show us that corporate fraud is wreaking havoc with audit firms, banks, and investors alike, just like it did in the 2000s.

Nearly $500 million has gone missing at Commerzialbank Mattersburg, a commercial bank in Austria. The bank long reported that it had large balances of 40 to 60 million Euros each with five other Austrian banks. Guess what happened when examiners called those banks looking for the money. It didn’t exist.

The amount of money missing amounts to around half of the total assets of this small regional bank. DE24News reports that “There is a suspicion that those responsible have systematically styled the balance sheets for over ten years.” Of course, this is a blow to the internal auditors that missed the fraud. But it’s an even bigger blow to the community. Many local companies that had accounts and investments at the bank are out of hundreds of millions of dollars.

Then there’s the collapse of German payment processor Wirecard, in what amounts to the largest accounting fraud in European post-war history, shocking the corporate world and grabbing headlines globally.

When the company admitted $2 billion was not only missing from its balance sheet, but didn’t exist, the fallout destabilized banks, creditors, wealth funds, firms using Wirecard’s services, and customers all over the world who have been unable to access capital.

The scandal is likely to accelerate impending changes to accounting legislation across Europe, and perhaps beyond. The separation of audit and consultancy functions in large professional services firms has been much discussed in the past few years, but there’s also a feeling in regulatory circles that auditors have been too slow to move to better technology. There’s a feeling that we’ve seen all this before.

Same old story 

Despite the general astonishment in business circles of the scale of the Wirecard plot, and the elaborate nature of attempts to shield the wrongdoing, as we’ve already mentioned above, the type of fraud unearthed is not new at all.

In fact, like several other large-scale bank confirmation scams, including Parmalat, Peregrin Financial, and that of fund owner James Shepherd, the simple use of paper in the audit confirmation trail was key to pulling off the fraud—a deception that could have been stopped by an easy switch from this outdated paper method to digital.

When the auditors followed the trail of the missing billions and began to ask questions, Wirecard presented documents to show the cash had been sent to two Philippines-based banks. However, the financial institutions were quick to point out the documents were clearly false and amounted to little more than a sheet of paper with fabricated logos and names.

Fraudsters gravitate toward the weak links and areas of vulnerability inside markets, ecosystems, and processes, and, in this case, the paper trail and weak internal controls were wide open for the culprits to exploit.

Wirecard purportedly booked the false revenue to its financial statements by first listing it as cash and then undermining the auditors’ bank confirmation process by requesting they send the bank confirmation to another party in on the fraud who would give the auditors the false documents, backing up the phony financial data. An unsuspecting auditor would then be left with a fake cash balance and a false confirmation.

Digitizing the entire process and using technology, like that pioneered by Confirmation, which sits between both parties as a trusted entity, would quickly root out the fraud and help the auditors stop the scam before any money was lost.

Regulatory thinking 

Implementing stronger internal controls and adopting more advanced technology to help strengthen the quality of audits is no longer just a business need for many firms but may soon be a regulatory requirement.

The UK is in the process of replacing its accounting regulator, the Financial Reporting Council, with the Audit, Reporting, and Governance Authority (ARGA), a new body that has greater powers to hand out sanctions.

One of the FRC’s final acts has been to impress on auditors the need to embrace new technology, and to use more advanced solutions that will detect and prevent fraud, spot unusual transactions, and improve audit quality.

This baton is sure to be picked up by the ARGA, which is expected to be more interventionist and aggressive than its predecessor. It was created to be a more effective enforcer with stronger powers to hold auditors to account, and it’s unlikely to show leniency should another case like Wirecard emerge when there are quick and easy ways of validating data.

This is also likely not unique to the UK, with regulators around the world paying attention to the increase in fraud as a result of COVID-19. Audit firms should seize the opportunity to get ahead of these regulatory changes by using technology that’s available now.