Introduction
In the wake of rapid technological developments, nearly all businesses are relying on technology to perform business activities. However, advances in the tech realm also present new challenges to businesses, exposing them to fraudulent activities perpetrated by criminals and cyberhackers.
As traditional approaches are deemed ineffective in protecting firms from such threats, it is important for businesses to adapt their methods in the hopes of detecting future attacks in the digital sphere.
In this article, FLY Journalists Andi Halilintar and Fen Ying interviewed the Executive Director/Group Chief Regulatory and Compliance Officer of Kenanga Investment Bank Bhd; Maheswari Kanniah, and Association of Certified Fraud Examiners (ACFE) Head of Asia Pacific Development; Ganesh Thuraisingham, to gain insights on digital fraud and the significance of cultivating anti-fraud culture in the workplace. Along with that, they also offered advice for youths interested in pursuing careers in fraud prevention.
With 43 years of experience in the financial industry, Maheswari has conducted investigations in the capital market and anti-money laundering fields. She is also currently on the Board of Institute of Corporate Directors Malaysia (ICDM), a member of the Audit and Risk Management Committee of ICDM, a member of risk management committee of University Malaya, as well as a Council member/Assistant Secretary of the Malaysian Association of Certified Fraud Examiners.
According to Ganesh Thuraisingham, the regional head overseeing ACFE’s enterprises;
“ACFE is the premiere provider of anti-fraud education in the world. In addition to offering continuously updated training to anti-fraud professionals, we also release reports (which are reports to the Nations, including COVID-19 benchmarking reports, fraud training benchmarking reports, tech benchmarking reports and so forth) that help both fraud examiners and the general public stay informed about the latest trends in fraud and fraud prevention.”
Governance for Investors
So, how important is governance to the investors? Maheswari mentioned that governance has always been a crucial part of sustainability.
“In light of the Enron case back in 2001, it is clear that failed governance can impact an organisation and its investors terribly.”
In fact, until today, there are cases of governance failure being reported. The investors and stakeholders are the ones who will be affected and ultimately suffer losses. Hence, to assure the investors that their investment is safe and would provide desired returns, the company must be able to sustain itself. Good financial performance is not the sole measure of importance of a company, the required governance must also be in place.
“Businesses should be run ethically and transparently while continuing to raise awareness, promote and embed good business conduct within its operations and throughout the value chain.”
Hence, companies need to set an ethical standard at the top so that the employees will act accordingly. Top management must be good role models by following what they have set because if employees regularly see their leaders flouting the rules, employees will follow suit.
How does Digitalisation Increase Cybercrime?
When asked how digital transformation has increased the risk of cybercrime, Maheswari explained that, with the new cloud system in workplaces, those seeking to infiltrate enterprise systems are presented with new and more frequent opportunities to succeed. Many internal access information has now been made public via the cloud. Fraudsters are now able to use the credentials of internal employees to access sensitive data that was previously not exposed in the public domain.
Next, as financial institutions are allowing customers to open bank and investment accounts online on smartphones, tablets or laptops, fraudsters have more opportunities to take advantage. They may provide fictitious information or even commit identity theft by posing as someone else to open accounts and using them for fraudulent activities including money laundering.
In addition, there is the possibility of data breaches or leaks of personal information online. Although financial institutions may have robust and strong measures to mitigate the risk, customers may be negligent in revealing information to unauthorised third parties. Maheswari also provided an example that the customers may disclose Transaction Authorisation Codes (TAC) received which allow fraudsters to access their bank accounts and perform transactions as though it is being done by the customers themselves.
According to Ganesh, the pandemic provided one of the largest opportunities for fraudsters in the digital realm.
“There was a never-before-seen proliferation of cybercrime, especially large-scale ransomware attacks”
There is usually robust security in place at offices. However, amidst the pandemic, when people are working from home, there is normally no encryption with their home’s internet and this made it easier for cybercriminals to find weak spots.
Using Technology to Mitigate Fraud
In order to act actively against fraudsters, financial institutions need to implement the required internal systems and controls. These entities can install numerous data analysis software which examines transactions in the company, including in real-time and this software will then generate reports that highlight indicators that may be of interest, as well as statistical anomalies.
Organisational anti-fraud professionals can thus study and analyse the trend of the data and records obtained from the internal systems, spot problems and identify possible fraud attempts.
Being used extensively for anti-money laundering efforts, AI is programmed to detect suspicious patterns of transaction numbers by customers and employees. Some can also be used to analyse emails or intercompany chat platforms to flag any phrases or words that might indicate users are planning to commit or are currently committing fraud. This is especially helpful in detecting collusion among multiple people, as explained by Ganesh.
“Many organisations and anti-fraud professionals are seeing success using artificial intelligence (AI) and machine learning to catch fraud before it happens, or at least at the beginning of the fraud.”
Before ending this topic, Ms Maheswari expressed that “Interestingly also, when companies undertake these data analysis measures and ongoing monitoring, individuals would less likely commit fraud. ”
Fighting Fraud in the Digital Era
In this era of digitalisation, the complexity of digital trails has also brought forth many challenges during fraud detection. Fraud examiners find it hard to detect fraud because fraudsters are able to erase or obscure their tracks when using technology. For example, cryptocurrency is used in cybercrime, fraudsters will use cryptomixers to confuse the blockchain paths or “wrap” coins, which takes the currency out of the blockchain altogether. Even if the cryptocurrency crimes are able to be tracked, it is difficult to recover the money from the blockchain.
Therefore, it is crucial that the fraud examiners always stay up to date on the latest digital tools and techniques that fraudsters are using, or employ organisations that specialise in digital tracing for help if they are not able to understand the more complex digital trails.
Ganesh emphasised that, “Technology is constantly evolving, so it’s an ongoing battle.”
Maheswari subsequently explained that one of the unique challenges in her role is to ensure that the organisation not only reacts to fraud but is also proactive in beating fraudsters. The nature of fraud always evolves, so as the Group Chief Regulatory and Compliance Officer, she must ensure that they are always on the lookout for ways to stay one step ahead at all times.
“Of course, detecting fraud and preventing any losses or damage when fraud is committed remains a very important matter, but the real challenge is to build processes and have systems in place that altogether disable the chance of fraud being attempted”
As a result, Maheswari will always engage with all the relevant stakeholders. She must also “speak their language” and have knowledge beyond her areas of expertise, such as IT security standards and the latest cyberfraud typologies to avoid the likelihood of fraud.
Developing an Anti-Fraud Culture in the Workplace
As firms are becoming more complex and revolutionary in their technologies, no single person or institution can claim expertise in all aspects of fraud. Maheswarri expressed that through the Corporate Alliance Program and ACFE, Kenanga is able to learn and gather insights on many aspects of fraud. Furthermore, the opportunities of networking via connections with other firms and collaborations with anti-fraud professionals around the globe, enables interchange of information such as experiences, knowledge and ideas.
The underlying principles of detecting fraud are the same regardless of the digital shift. Instead, businesses should adapt these principles through focusing on technology. According to Maheswari, one key measure for detecting fraud is through support in the collective and cooperative power of the personnel by increasing fraud awareness in the office.
“I think the biggest challenge for all organisations is learning to talk about fraud openly and making anti-fraud training for employees a priority,” said Ganesh.
By promoting fraud awareness, employees can be independent fraud detectors. As a result, different divisions of the institution are able to have their own detection mechanisms.
Secondly, financial institutions should cultivate anti-fraud culture by communicating to employees about the importance of reporting suspicious activities. Maheswari explained that an anti-fraud culture should be fostered through creating a comprehensive and holistic whistleblowing framework that allows for anonymous reporting, protection against retaliation, as well as openness and transparency on actions taken in reports. Another vital component in fraud detection is the implementation of technology used to detect fraud. Maheswari stated that there are countless data analysis softwares which are able to examine transactions. The data can then be used to generate reports that highlight indicators that may be of interest ,as well as statistical anomalies. As a result, the relevant personnel can identify trends within the company, spot problems and detect fraud.
Lastly, Maheswari emphasised that traditional approaches such as audit procedures should not be disregarded. Audit teams are able to monitor any significant and unusual transactions that have happened, including journal entry testing.
Winning the War Against Fraud
In conclusion, dealing with fraud should not only include preventing it but also being proactive in beating fraudsters. The transition towards the digital domain presents challenges in mitigating fraud, especially during the pandemic as we are now exposed to many new types of fraud. As a result, there is a large need for fraud examiners right now.
For those who want to pursue a career in fraud examinations, Ganesh strongly recommends becoming a student member of the ACFE. Student membership is much cheaper compared to full membership and allows access to benefits like expert articles, discounts on training, access to a professional network, the ACFE mentoring programme, the ACFE job board and more.
On a final note, Ganesh offers some words of wisdom:
“Being a successful CFE requires a person to be ethical, precise, detail-oriented and curious. They need to be able to spot patterns and ask probing questions to get answers. You need to have an investigative mind and understand financial documents to a degree, although some fraud examiners specialise in different areas and may be more focused on cybersecurity. They also need to be able to remain objective throughout all stages of an investigation.”
Journalists: Andi Fadlan Halilintar and Fen Ying
Reviewers: Hurriya Irfan and Faith Tan
Editor: Jessie Gan