Professional Documents
Culture Documents
This report brings together these survey results with the experience
and expertise of Kroll and a selection of its affiliates. It includes
content written by the Economist Intelligence Unit and other third
parties. Kroll would like to thank the Economist Intelligence Unit,
Dr. Paul Kielstra and all the authors for their contributions in
producing this report.
The information contained herein is based on currently available sources and analysis and should be understood to be
information of a general nature only. The information is not intended to be taken as advice with respect to any individual
situation and cannot be relied upon as such. Statements concerning financial, regulatory or legal matters should be
understood to be general observations based solely on our experience as risk consultants and may not be relied upon as
financial, regulatory or legal advice, which we are not authorized to provide. All such matters should be reviewed with
appropriately qualified advisors in these areas. This document is owned by Kroll and the Economist Intelligence Unit Ltd,
and its contents, or any portion thereof, may not be copied or reproduced in any form without the permission of Kroll.
Clients may distribute for their own internal purposes only. Kroll is a business unit of the Altegrity family of companies.
Contents
China overview...................................................................................28
Pre-empting fraud: Understanding the mind-set of the
Chinese entrepreneur and how business is done in China.............29
India overview....................................................................................31
Investigating procurement fraud in South and Southeast Asia......32
Malaysia overview..............................................................................34
Infrastructure investment in developing Asia
Perspectives on risk............................................................................35
Economist Intelligence Unit Report Cards
fraud.kroll.com | 3
Introduction
Introduction
Following a decrease in 2012, fraud is on For the past four decades, Kroll has worked
the rise again, and so are the costs involved with its clients to help them achieve a deeper
in managing it. These factors are in turn understanding of underlying facts in a range
driving up companies’ sense of vulnerability. of difficult situations and to assist with
Every kind of fraud covered in this year’s solutions. Increasingly, fraud exhibits
survey saw an increase in incidence, with industry-specific and regional characteristics
vendor, supplier or procurement fraud and that require detailed knowledge of a market,
management conflict of interest seeing the sector, business process or culture to
biggest growth. unearth, redress and prevent. Our global
team, on the ground in 45 cities across 28
Awareness of fraud is up, regardless of
countries, has the experience and expertise
whether it’s related to cybercrime,
to enable our clients to respond effectively
information theft, outsourcing or expansion
to the ever-changing risk environment.
into new and riskier markets. Yet measures
to guard against fraud continue to be I hope that this year’s report provides you
constrained by budgets and corporate policy. with some useful insights and helps to
identify emerging threats and opportunities
Particular areas of interest from this year’s
for your own business.
report include:
» The incidence of fraud has increased
Welcome to the seventh edition Overall, 70% of companies reported
suffering from at least one type of fraud in
of Kroll’s Global Fraud Report, the last year.
prepared in conjunction with » Information-related fraud is common Tom Hartley
the Economist Intelligence Unit and evolving Chief Executive Officer
Information theft affected more than one in
and designed to give insight five companies over the past year.
and help to businesses around » Fraud remains an inside job
the world facing the challenge Companies that suffered fraud and knew
who was responsible reported that 32%
of fighting fraud. had experienced at least one crime where
a leading figure was in senior or middle
management, 42% where it was a junior
employee, and 23% where it was an agent
or intermediary.
» Global modern business practices
increase fraud exposure
The move to a more global business model
that relies on a network of suppliers and
partners is leading to a higher risk of fraud.
Fraud on
the rise
For the seventh year running, The Economist Intelligence Unit, commissioned
by Kroll, surveyed senior executives from around the world across a wide
variety of sectors and functions. This year’s 901 respondents report that
fraud remains a widespread problem regardless of the industry or region in
which their businesses operate. It is also as protean, and hence unpredictable,
as ever. The results of our 2013 report reveal a number of key insights.
1. The incidence and costs of fraud of threats: on average, those hit in the past supplier or procurement fraud and management
rose markedly in the past year, in year suffered 2.3 different types of fraud conflict of interest seeing the biggest growth.
turn driving up companies’ sense each, compared with 1.9 in 2012. Finally,
of vulnerability. The survey offers little hope for relief on the
the economic cost of these crimes mounted,
immediate horizon. Of those surveyed, 81%
According to this year’s survey, the level of increasing from an average of 0.9% of
believe that their firm’s exposure to fraud has
fraud increased by every measure in the past revenue to 1.4%, with one in 10 businesses
12 months, reversing recent trends. Overall, increased overall in the past 12 months, up
reporting a cost of more than 4% of revenue.
70% of companies reported suffering from at from 63% in the previous survey. Respondents
least one type of fraud in the past year, up The damage occurred in a wide variety of attribute this increase to the complexity of
from 61% in the previous poll. Individual ways. Every kind of fraud covered in the survey information technology (IT) infrastructure, high
businesses also faced a more diverse range saw an increase in incidence, with vendor, staff turnover and entry to new, riskier markets.
fraud.kroll.com | 5
Economist Intelligence Unit Overview
fraud.kroll.com | 7
Fraud at a Glance
The Human
Factor
By Tommy Helsby
fraud.kroll.com | 9
Fraud at a Glance
A geographical snapshot
Regulatory or Information theft,
compliance loss or attack 29%
breach 17% Theft of physical
We compared the results of the assets or stock 20%
Prevalence
Corruption Perceptions Index (CPI). 66%
Prevalence
63%
Transparency International
Vendor, supplier
Corruption Perceptions Index 2012 or procurement Theft of
fraud 23% physical assets
Vendor, supplier or
Very Clean or stock 30% Vendor, supplier
9.0 - 10.0 Kroll findings or procurement
procurement fraud 23% Theft of
physical assets
fraud 20%
8.0 - 8.9 Mexico or stock 37%
The incidence of a wide number of
7.0 - 7.9 frauds saw substantial growth in Internal
Mexico over the last 12 months. Prevalence financial
6.0 - 6.9 These include theft of physical 63% fraud 16%
assets (30% of respondents report
5.0 - 5.9 their company being affected, up
from 19% in the 2012 survey), Prevalence
4.0 - 4.9 internal financial fraud (25% up Corruption and 74%
bribery 17%
3.0 - 3.9 from just 7%), corruption and
Theft of
bribery (25% up from 15%), vendor
physical assets
2.0 -2.9 or procurement fraud (23% up from Kroll findings or stock 37%
19%), and regulatory or compliance Colombia Information
1.0 - 1.9 fraud (20% up from 4%). Respondents from Colombia report theft, loss or Management
a rapid rise in fraud. In the 2012 attack 19% conflict of
Highly Corrupt 0.0 - 0.9 survey, the overall incidence of interest 26%
No data fraud was only 49% and the Kroll findings
average loss just 0.4%. Similarly, Brazil
in the 2012 poll, only two frauds Brazil’s fraud problem has grown
were more common in Colombia rapidly in the last 12 months. 74%
than in the survey as a whole, but of companies were affected by at
this year it is four – theft of physical least one fraud (up from 54% in
assets (37% compared to 19% in 2012) and businesses on average
2012), vendor or procurement fraud lost 1.7% of revenues to such
(20% compared to 19%), corruption crimes (up from 0.5%). Brazil also
(17% compared to 14%), and market had above average rates of
collusion (13% compared to 8%). management conflict of interest
(26% compared to 20% overall)
and vendor or procurement fraud
(23% compared to 19% overall).
Information
theft, loss or
attack 29%
Internal
financial Management
fraud 17% conflict of
Corruption and
bribery 32% interest 24%
Information Management
theft, loss or conflict of
attack 35% Theft of physical Regulatory or compliance
interest 24% assets or stock 33% breach 16%
Market
Vendor, supplier or Information theft,
collusion 28%
procurement fraud 23% Internal loss or attack 24%
Theft of
physical assets Kroll findings financial
or stock 47% The Gulf States fraud or
Internal theft 22% Prevalence
72% of companies in the Gulf
financial 66%
suffered at least one incidence of
fraud or
fraud – slightly above the global Prevalence
theft 27%
average, but the increase from 69%
2012 of 49% was more than twice
Vendor, supplier Theft of
as great as that experienced in the or procurement physical
Prevalence rest of the world. Gulf States fraud 25% assets or
77% currently have the highest regional Vendor, supplier stock 34%
or procurement Corruption and
incidence of information theft
fraud 20% bribery 24% Kroll findings
(35%), vendor or procurement
Malaysia
fraud (30%), market collusion
Kroll findings Two types of fraud are worryingly
(28%), and management conflict
Corruption INDIA widespread in Malaysia - theft of
of interest (24%).
and bribery 30% Management Over the last 12 months the physical assets and vendor or
conflict of procurement fraud. Where the
interest 22% country had an above average
Regulatory incidence of theft of physical perpetrator was known,
or compliance assets, corruption, internal Malaysian respondents are more
breach 22% financial fraud and information likely than average to report that
theft. Insider fraud is particularly vendors were leading parties.
Kroll findings rife in India; 89% of respondents
Sub-Saharan Africa indicated that the perpetrator
Corruption continues to plague was an insider of some sort – a
sub-Saharan Africa more than any junior, middle management, or
other region: 30% of respondents senior employee or an agent.
report being affected by it, up from
20% in 2012. 48% of African
respondents say that their firms are
highly vulnerable to this crime.
Where a fraud has taken place in the
last year and the perpetrator is
known, 33% of respondents say
government officials played a
leading role – another highest
regional figure.
fraud.kroll.com | 11
Regional Analysis Americas
fraud.kroll.com | 13
Regional Analysis Americas
By Peter Turecek
diligence programs
Certainly in jurisdictions with less transparency, more comprehensive due diligence is advisable. research process, challenging data found and
where the availability of public records is slim or Particularly in these instances, the due diligence re-researching findings and conducting analysis
non-existent, where independent media is should follow a more rigorous investigative to fully understand the implications of those
censored/restricted, or where corruption and methodology rather than the more simple results. Combined with local source inquiries
bribery are common ways of doing business, screening regimen. This involves an iterative of knowledgeable resources, these efforts can
help a client feel more comfortable about the
level of understanding they have with regard
Technology, media & telecoms Economist Intelligence Unit Report Card to their business partners and third parties.
The technology, media and communications industry had an unusual pair of results in this year’s survey: although On a recent joint venture relationship
it had one of the lowest overall incidences of fraud, with only 66% of companies hit, it also had the highest average
opportunity in the Middle East, the client asked
fraud loss as a proportion of revenue (1.8%). Helping to drive up costs has been the most widespread problem
Kroll to conduct investigative due diligence into
with information theft, loss or attack in any sector (31%). The issue is not merely one of weak technological
principals of the company. Our research quickly
defenses, although IT complexity is a driver of increased fraud risk at 37% of the companies surveyed. Although
started identifying flags about the subjects,
industry companies are more likely, on average, to be investing further in security software as well as specialized
including the fact that their bios, word for word,
and general staff training, an effective defense should include greater physical protection of technological assets.
were identical to the bios of other individuals
The main difference in the source of information theft between this sector and the survey average is a much
involved in the same line of business in Dubai
higher level of theft of physical devices from companies or employees. This was involved in one-half of cases
– only the names were different. The website
of information theft and is the most common mode of attack against companies within this sector. With only
for the company had only been formed a
35% of firms in this industry investing in physical asset security in the coming year—far below the overall survey
couple of years ago, odd for a company with
average of 44%—this problem may continue to undermine information security efforts elsewhere.
18+ years in business. Worse, we found that
the registrant of the website was linked to a
0 % 10 20 30 40 50 60 70 80 90 100 known Nigerian fraudster. Needless to say,
Corruption and bribery the client ran from the potential relationship.
Theft of physical assets or stock But it took this investigative level of insight
Money laundering
to identify issues that might have otherwise
Regulatory or compliance breach
slipped through lighter levels of inquiry.
Internal financial fraud or theft
Misappropriation of company funds So, perhaps, the answer to the million-dollar
Information theft, loss or attack question isn’t a predetermined level of due
IP theft, piracy or counterfeiting diligence. Rather, companies should instead
Vendor, supplier or procurement fraud focus on compliance programs designed with
Management conflict of interest
elements that can raise red flags and identify
Market collusion
problems, then escalate due diligence as
Highly vulnerable Moderately vulnerable
necessary to deliver the most effective
protection and confidence in their new deals.
Loss: Average percentage of revenue lost to fraud: 1.8%
Prevalence: Companies affected by fraud: 66% Peter Turecek is a Senior Managing
Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud: Director in the New York office. He is
an authority in due diligence,
Information theft, loss or attack (31%) • Theft of physical assets or stock (21%) • Management conflict
multinational investigations and hedge
of interest (20%) • Vendor, supplier or procurement fraud (17%) • Internal financial fraud or theft (17%)
fund related business intelligence
Increase in Exposure: Companies where exposure to fraud has increased: 83% services. Peter also conducts a variety
of other investigations related to asset
Biggest Drivers of Increased Exposure: Most widespread factor leading to greater fraud exposure
searches, corporate contests, employee integrity, securities
and percentage of firms affected: IT complexity (37%) • High staff turnover (37%) fraud, business intelligence and crisis management.
fraud.kroll.com | 15
Regional Analysis Americas
Independent monitors:
Not just for enforcement
actions anymore
By Dan Schorr and Emily Low FCPA enforcement actions are usually reporting structures must be properly aligned,
resolved through deferred prosecution and the system of internal financial controls
agreements and non-prosecution agreements, needs to be audited and periodically re-
which often impose an independent monitor assessed and re-evaluated. FCPA anti-bribery
to ensure the company’s previous failures are provisions, as well as the books and records and
not repeated and that adequate safeguards internal control requirements, necessitate very
are put in place to ensure compliance with specific training. An appropriate external monitor
Bank Secrecy Act (“BSA”) and anti-money already has the team infrastructure, skills
laundering requirements. Such monitors are and expertise to provide education; track
becoming increasingly utilized at the federal, expense reports and transactions; audit
state and even local level of government. financials; and impose controls necessary to
prevent, deter and detect improper payments.
Effective compliance requires focus
Companies frequently do not have adequate
on implementation and enforcement
internal controls to ensure compliance with
Although companies may have a compliance applicable policies, procedures and practices.
structure in place, such existing intended Even if such controls do exist, they are often
safeguards are often inadequate: Employees unenforced. According to a separate survey
need to be trained on compliance with the FCPA, conducted for Kroll’s recent Anti-Bribery and
Corruption Report, 18% of respondents said The utilization of monitors is becoming more test, analyze and improve the compliance
they either do not have an anti-corruption common in the construction industry. For controls and programs in place, in addition to
policy, or have an anti-corruption policy but example, a major US city decided the best identifying and addressing areas of non-
do not require their employees to read it. course of action was for the general contractor compliance. It is important to take proactive
Further, 47% of all respondents said they on certain construction projects to designate a measures to address FCPA, BSA and other
conduct no anti-corruption training with small percentage of the contract price for a legal compliance and potential fraud. If a
their third parties. Of those who do train monitor to help prevent safety violations, abuse company is cited for FCPA or other violations,
their third parties on anti-corruption, only of workers or other violation of law on-site. having had an effective compliance program
30% believe their efforts are effective. Less than 1% of the contract price is set aside will often reduce the ultimate penalties.
part of the New York Federal Reserve to Theft of physical assets or stock
Money laundering
adequately monitor the integrity of LIBOR rates.
Regulatory or compliance breach
Another big bank recently reached an
Internal financial fraud or theft
approximate $2 billion settlement with the
Misappropriation of company funds
Department of Justice to settle claims of Information theft, loss or attack
anti-money laundering and counterterrorism IP theft, piracy or counterfeiting
financing. The settlement included the Vendor, supplier or procurement fraud
position of Independent Compliance Monitor. Management conflict of interest
Market collusion
European company with FCPA violations of Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud:
bribing intermediaries of a foreign government Management conflict of interest (22%) • Theft of physical assets or stock (15%)
official to obtain contracts. The company agreed Information theft, loss or attack (14%)
to a very significant payment to settle the SEC Increase in Exposure: Companies where exposure to fraud has increased: 73%
and criminal charges and to hire a corporate Biggest Drivers of Increased Exposure: Most widespread factor leading to greater fraud exposure
compliance monitor to assist with implementing and percentage of firms affected: IT complexity (34%)
and testing a compliance and ethics program.
fraud.kroll.com | 17
Regional Analysis Americas
BRAZIL OvervieW
Brazil’s fraud problem grew faster than that of the rest of the world over the past
12 months. Seventy-four percent of those surveyed in the country report that their
companies were affected by at least one fraud in the last year (up from 54% in
2012) and businesses on average lost 1.7% of revenues to such crimes (up from
0.5%). Brazil also had the highest incidence of theft of physical assets (37%) of
any region or country covered in detail in the survey outside of Africa, as well as
above-average rates of management conflict of interest (26% compared to 20%
overall) and vendor or procurement fraud (23% compared to 19% overall).
fraud.kroll.com | 19
Regional Analysis Americas
Who controls
Many corporate frauds aimed at evading a
company’s internal controls in order to
misappropriate cash, information, goods
or intellectual property are crimes that
could be thwarted if companies would
the controllers?
allocate sufficient time and money for fraud
prevention planning.
Because executives often find themselves Management on the ground, who are having the value of preventative actions that include
unable to decline the “promotion,” companies difficulties dealing with growing operational background and reputation checks on
generate the ideal scenario for corruption or and commercial challenges, have little time executives, as well as a comprehensive
fraud to flourish when they do not recognize to spare for adjusting or instituting new assessment of operational vulnerabilities.
or accept the greater stress being placed on preventative fraud control measures. This The results of both can raise red flags for
these managers as well as the greater span creates a fertile environment and opportunity potential fraud while also providing a
of control that needs increased support from for fraud to begin. roadmap for ways to prevent gaps in the
adequate fraud prevention programs. fraud prevention infrastructure and to
Where previously a direct line for the crime
For example, Kroll recently worked on a fraud neutralize distractions for relevant
could be traced back to the bad intentions of
case for a major multinational food company management and controllers before they
the fraudster, now the seeds of fraud can be
operating in Argentina, Uruguay and Brazil. can cause multimillion-dollar losses.
found in the lack of corporate fraud controls,
Even after experiencing significant growth in negligence on the part of high-level
its exports and production, the company still executives, and the company’s own
Matías Nahón is an Associate
Managing Director and Head of Kroll’s
had only one regional manager to oversee inadequate human resource investment in Buenos Aires office. Matías manages
and control activities in all three countries, a wide variety of complex
qualified staff focused on fraud prevention.
and one area retail manager with assignments, including investigations
into fraud, due diligence, litigation
responsibility for sales to many regional The time has come to support companies in
support and asset searches.
retailers. Our research showed that although this challenge. It is impossible to overstate
only one party had the intention to commit
fraud, there were three facilitators of the
crime: (a) the fraudster, who instead of manufacturing Economist Intelligence Unit Report Card
reporting company vulnerabilities
Interpreting this year’s survey for manufacturers is a matter of perspective. On the positive side, after
intentionally took advantage of them and exceptionally poor results in 2012, the sector is the only one to see a marked decrease in the overall incidence of
committed the crime; (b) the regional fraud (from 87% to 75%) and in average revenue lost to fraud (from 1.9% to 1.6%). Compared with other
manager, who did not fulfill his internal industries, however, the results remain disappointing. Manufacturing still had the highest overall incidence of
control duties; and (c) the company itself, for fraud and the second greatest rate of revenue lost to fraud in the survey. Moreover, it had the second highest
incidence of theft of physical assets of any industry (44%) and the highest frequency of intellectual property theft
not investing in human resources and more
(14%). Finally, the sector is particularly prone to insiders seeking dishonest gain: 54% of known frauds in the past
effective fraud controls. year involved junior employees in a leading role. More broadly, 56% of all manufacturers suffered fraud at the
hands of an employee or an agent, rising to 77% for companies hit by fraud where the perpetrator was known.
Economic policies – such as The most worrying aspect of the results is that manufacturers are excessively accentuating the positive. For all but
replacing imported goods with local three types of fraud, manufacturing sector respondents are less likely, on average, to see their companies as at
least moderately vulnerable, and for the exceptions the difference from the survey median is only slight.
products – boost the number and
Similarly, for nine of the 10 anti-fraud strategies covered in the survey, manufacturers are only about as likely as,
size of transactions for many small or less likely than, the average to be contemplating investment in the next year. Worse still, 30% say that they
and medium local companies. simply lack the budget or resources for compliance initiatives. Even with some improvement over the past few
years, fraud levels in the manufacturing sector remain much too high for the industry to rest on its laurels.
Argentina is a prime example of how rapid
growth in a country sets the stage for
0 % 10 20 30 40 50 60 70 80 90 100
companies to realize not only great
Corruption and bribery
opportunities, but also significant internal Theft of physical assets or stock
control challenges. According to official data, Money laundering
Argentina’s Gross Domestic Product (GDP) Regulatory or compliance breach
grew over 30% in the last 6 years. Industries Internal financial fraud or theft
Misappropriation of company funds
in the region are not only addressing the
Information theft, loss or attack
growing demands of these larger domestic IP theft, piracy or counterfeiting
markets, but also engaging in export Vendor, supplier or procurement fraud
markets. However, many of these domestic Management conflict of interest
companies do not have the mechanisms for Market collusion
dimensions. Major deficits in fraud control Prevalence: Companies affected by fraud: 75%
systems can then occur, with the result that Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud:
these market “opportunities” bring with them Theft of physical assets or stock (44%) • Vendor, supplier or procurement fraud (20%) • Information theft,
loss or attack (19%) • Regulatory or compliance breach (18%) • Management conflict of interest (15%)
a significant risk for fraud.
Increase in Exposure: Companies where exposure to fraud has increased: 85%
In this kind of high-growth scenario, Biggest Drivers of Increased Exposure: Most widespread factor leading to greater fraud exposure
increasing responsibilities are usually and percentage of firms affected: Entry into new, riskier markets (40%)
delegated to the same executives.
fraud.kroll.com | 21
Regional Analysis Americas
Mexico OvervieW
The incidence of a wide number of frauds saw substantial growth in Outside of sub-Saharan Africa, the internal
financial fraud figure was the highest for any
Mexico over the last 12 months, including theft of physical assets
region or country looked at in detail by the survey.
(30% of respondents based in the country report their company being Just as alarming, the financial loss to fraud more
affected, up from 19% in the 2012 survey), internal financial fraud than doubled from 0.7% in the 2012 survey – well
below that year’s overall average – to 1.9% this
(25% up from just 7%), corruption and bribery (25% up from 15%),
time around – well above the global norm.
vendor or procurement fraud (23% up from 19%), and regulatory or
Meanwhile, risk is growing rapidly: the number of
compliance fraud (20% up from 4%).
respondents saying that their company had
become more exposed to fraud in the last 12
2012-2013 2011-2012
months went from 56% in the 2012 survey to 93%
Prevalence: this year – the highest figure for any country or
63% 59%
Companies affected by fraud
region in 2013. High staff turnover alone is
Theft of physical assets or stock (30%) increasing the danger at almost half of companies
Information theft, loss or attack (26%) (45%). Growing IT complexity (40%), entry into
Corruption and bribery (25%)
Areas of Frequent Loss: Theft of physical assets or stock (19%) new markets (40%), increased outsourcing (35%)
Internal financial fraud (25%) and increased collaboration (33%) are also
Percentage of firms reporting loss to this Vendor, supplier or
type of fraud Vendor, supplier or procurement procurement fraud (19%) widespread sources of greater exposure. As a
fraud (23%)
Corruption and bribery (15%) result, 20% or more of those surveyed regard their
Regulatory or compliance breach (20%) businesses as highly vulnerable to every fraud
covered in the survey, except for management
Increase in Exposure:
Companies where exposure to fraud has 93% 56% conflict of interest and internal financial fraud
increased where, in both cases, 18% still do.
Colombia OvervieW
fraud.kroll.com | 23
Regional Analysis Americas
Brazil
After millions took to the streets in more than
100 Brazilian cities in June-July 2013 to
express discontent over their government’s
massive public spending and lack of
institutional transparency, Brazilian politicians
were spurred into passing a landmark
anti-corruption bill that had previously
stalled in Congress for over three years.
Anti-corruption efforts
government authority, among several
remedies, to seize a company’s assets or
blacklist it from future contracts.
» Proper risk assessment: Risks vary from Increase in Exposure: Companies where exposure to fraud has increased: 85%
country to country, within different Biggest Drivers of Increased Exposure: Most widespread factor leading to greater fraud exposure
industries or by company depending on and percentage of firms affected: IT complexity (38%)
the level of government interaction.
fraud.kroll.com | 25
Regional Analysis Americas
Latin America
Infrastructure
Projects
Dealing with
the risks
By Vander Giordano
In the last few years, Latin America has seen a undertaken in Latin America to help bridge
the infrastructure gap:
significant uptick in the number of large-scale » Chile is building a water conveyance
system called Aquatacama;
infrastructure projects, although these rates are » Mexico is constructing the Bicentennial
meet growing industrial activity. Many Latin gas exploration, production, and refining. The » Costa Rica is constructing the Reventazon
American governments are aware of the following represent a small sample of the Hydroelectric project; and,
problem and realize that, without significant countless projects currently being » Jamaica is expanding its Kingston port.
The increase in infrastructure projects in Latin managers, and related organizations to have the progress of any construction sites
America will likely bring a broad array of structured mechanisms to identify, quantify involved in the operation; establish strict
social and economic benefits to the region and and mitigate risks. Such a risk-review internal controls; develop contingency plans;
support sustainable growth. However, the function should constantly provide data, and conduct field intelligence and deploy
planning and execution of these projects carry reports and indices to relevant personnel and countermeasures to mitigate risk. Kroll’s
a number of concerns for investors, private help guide the planning and execution of experience with projects of this nature have
companies and government partners work. In the bidding phase, for example, revealed notable issues related to fraud and
operating in the segment. While many companies should capture all elements in a
compliance breaches that can generate large
organizations have experience working in proposal to make sure they are technically
losses for all parties involved. Geography
Latin America, dealing with cultural barriers sound and competitive in price. While
and gaps in 24 hour-a-day monitoring of
and geography-specific risks remains a developing bids, companies should have a
controls contribute significantly to the
challenge. Armed militant groups, social thorough understanding of major competitors,
perpetration of ethics violations. This issue
resistance, crime, legal uncertainty, political personnel, logistics, equipment suppliers,
is highlighted by the survey findings. For
interference, logistics, lack of skilled labor and third-party vendors, raw material costs and
example, in Brazil, 74% of companies have
complex tax codes make up a small portion of technical training as well as regulatory risks,
been affected by at least one fraud in the
the litany of risk scenarios that infrastructure crime rates, the presence of armed groups
past year that has generated an average loss
investors and developers will have to address. and other pertinent challenges that could
of 1.7% of total annual revenue. In Mexico,
thwart a winning strategy.
In order to properly conduct business in high- the survey demonstrated a year-over-year
risk jurisdictions or unfamiliar environments In the execution phase of a project, increase of 19% to 30% of companies
that pose threats to companies or involved companies need to be sure that its employees reporting an occurrence of asset theft.
counterparties, it is necessary for investors, and assets are protected; constantly monitor In Colombia, 90% of respondents said that
their companies’ exposure to fraud increased
Construction, Engineering & Infrastructure Economist Intelligence Unit Report Card against the prior year.
After a year with fraud figures similar to other industries, construction is again one of the worst-affected sectors. Kroll has an extensive history of supporting
In particular, it saw the highest incidence of management conflict of interest (34%), the second highest rate of risk management needs in large
corruption (18%) and market collusion (13%), and the third-highest rate of vendor or procurement fraud (24%).
infrastructure projects. Our collective work in
Respondents from the construction industry are also the most likely to call their companies at least moderately
vulnerable to management conflict of interest (72%) and corruption (79%). Construction firms are also having infrastructure, coupled with our investigative
difficulty grappling with globalization and the greater use of partners and joint ventures. Entry into new, riskier expertise, has provided us with deep insight
markets is the biggest driver of increased exposure to fraud for such companies (34%), but the sector also saw the into the segment. In one recent case, we
highest proportion of respondents saying that increased collaboration between firms was driving risk higher
helped an energy consortium obtain
(31%). Similarly, the sector had the highest proportion of fraud committed by agents and intermediaries (24% of
information related to internal factions that
all companies). The industry is taking some steps against fraud. For example, more companies in the construction
sector are looking to invest in due diligence than any other industry, but with this figure including just 55% of aimed to delay the delivery of work. Our
construction-industry respondents, it may not reduce the problem as quickly as would be desirable. fieldwork revealed that a core group of
employees was responsible for organizing
0 % 10 20 30 40 50 60 70 80 90 100 strikes and delays that would impact
Corruption and bribery compliance with the project’s scheduled
Theft of physical assets or stock
timeline. In another assignment with an
Money laundering
Regulatory or compliance breach
infrastructure client, Kroll conducted a
Internal financial fraud or theft comprehensive risk assessment for a
Misappropriation of company funds large-scale project that was located in a
Information theft, loss or attack
hostile geographic environment. The study
IP theft, piracy or counterfeiting
Vendor, supplier or procurement fraud
included reality-based risk scenarios
Management conflict of interest touching on topics such as the safe
Market collusion transportation of employees, materials, and
Highly vulnerable Moderately vulnerable equipment to be used in construction as well
as the implementation of internal control
Loss: Average percentage of revenue lost to fraud: 1.5% measures, access policies, and contingency
Prevalence: Companies affected by fraud: 69% plans related to managing risk and loss.
Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud
Management conflict of interest (34%) • Vendor, supplier or procurement fraud (24%)
Theft of physical assets or stock (19%) • Internal financial fraud or theft (19%) • Corruption and bribery (18%) Vander Giordano is a Senior Managing
Information theft, loss or attack (18%) • Regulatory or compliance breach (15%) Director based in Kroll’s São Paulo office.
Vander has extensive experience working
Increase in Exposure: Companies where exposure to fraud has increased: 82% with companies in the energy, retail,
Biggest Drivers of Increased Exposure: Most widespread factor leading to greater fraud exposure banking and airline industries. He is a
member of the Brazilian and International
and percentage of firms affected: Entry into new, riskier markets (34%)
Bar Associations and holds an MBA.
fraud.kroll.com | 27
Regional Analysis Asia-Pacific
2012-2013 2011-2012
This year the data from China-based respondents shows little
Vendor, supplier or
23% 2%
change in that country’s incidence of fraud. This may, however, procurement fraud
mask a growing problem. The proportion of those reporting an Information theft, loss
22% 6%
increase in fraud exposure at their firms has grown from 69% in or attack (e.g. data theft)
Money laundering 8% 2%
Misappropriation
8% -
of company funds
Pre-empting
the Chinese partner’s strong relationship with
its government counterparts is an institutional
alliance based on operational strength and
contributions to the local economy, or, more
dubiously based on bribery.
fraud
Understanding the mind-set
of a Chinese entrepreneur
First-generation Chinese entrepreneurs typically
come from humble beginnings; they have tasted
hardship, but in a growing economy also tasted
Understanding the mind-set of the sweetness of wealth. As a result, they are
highly ambitious and willing to take risks if they
fraud.kroll.com | 29
Regional Analysis Asia-Pacific
any intermediary contracts and acquisitions be of value if managed by a local team put in China should not be a place that investors
the Chinese entrepreneur is pursuing. What place by the head office. shirk in trepidation; rather, it is a vibrant
may come across as a legitimate revenue- place where intrepid investors and
Where satisfactory due diligence cannot be
generating acquisition often turns out to be an entrepreneurs can do business for potentially
conducted before an acquisition, regulators now
over-priced purchase of a relative’s business,
expect effective post-acquisition due diligence to a great reward, but only when done right.
which simply is a conduit to channel funds
identify the risks in a relatively short time after
back into the entrepreneur’s pocket.
the deal. The primary objective of the forensic
Similarly, sales revenue figures and due diligence is to evaluate the potential Violet Ho is a Senior Managing Director
future loss in value resulting from for Kroll’s Greater China Investigation &
relationships with distributors should be
Disputes practice. With over 16 years of
questioned. For example, a multinational client inappropriate or unethical business practices of professional experience in
in the retail sector – who was once impressed the target. This analysis generally concentrates investigations, and an in-depth
by the double-digit sales growth of its China on specific areas – inventory and supply chain understanding of China’s business
environment, Violet has successfully
branch – appointed Kroll to investigate the management, consultancy and agency fees,
advised on numerous highly complex investigative
reason behind large accounts receivable that travel and entertainment expenses, political and projects in China and beyond.
were building up with distributors. Kroll found charitable donations, and cash transactions.
that the China branch was simply moving
goods back and forth from its family-owned
distributors. As per the small print in the As an investor in China, when was the last time you visited
contracts, the distributor could return all
unsold goods with no penalty. The illusion of the China presence unannounced or with little pre-warning?
profitability boosted the company’s share
price; however, reality quickly caught up and You might be surprised by what you see.
news of bad debt caused a significant drop in
share price and angered investors.
In the West, many companies possess control Consumer goods Economist Intelligence Unit Report Card
mechanisms to limit such behavior. These
Last year’s consumer goods report card warned that too many companies in this sector were not paying enough
include job rotations, authorization levels,
attention to vendor or procurement fraud and theft of physical assets. This year’s survey data show the results of
segregation of duties, tendering processes for such complacency. For the second year in a row, the sector has seen the highest level in the survey of vendor,
contracts and internal audits, and more supplier or procurement fraud. This time, however, the actual incidence is nearly twice as high (30%, compared with
importantly, regulatory requirements such as 18% in 2012). Meanwhile, over the past 12 months theft of physical assets or stock – a traditional bane of the
disclosure of conflicts of interest or external consumer goods industry – affected the companies of 41% of respondents in this sector, the third-highest level of
audits. In China, however, these measures may any industry in this survey and again well up on the 2012 survey (26%). Despite these growing problems, consumer
not be enough, especially since junior goods companies still have the lowest average fraud loss of any sector (0.9% of revenue), although this was more
than double the figure in the previous survey. The industry is also moving in the right direction. It has the highest
employees will rarely disagree with senior
proportion of companies of any sector planning to invest in physical asset security (59%) in the coming 12 months
management, and internal authorization can be
and an above-average 50% of consumer goods companies are looking to invest in partner and vendor screening,
easily obtained when the entrepreneur’s family up from 33% in the 2012 survey. That said, with 86% of consumer goods respondents saying that their businesses
members are the other department heads. are at least moderately vulnerable to vendor or procurement fraud, plenty of work remains to be done.
conduct an in-depth risk assessment of how Prevalence: Companies affected by fraud: 68%
the company mitigates or handles instances Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud:
of fraud, bribery and corruption, money Theft of physical assets or stock (41%) • Vendor, supplier or procurement fraud (30%) • Management conflict
laundering, related-party transactions, and of interest (23%) • Internal financial fraud or theft (18%) • Corruption and bribery (16%)
conflicts of interest. Based on the findings, Increase in Exposure: Companies where exposure to fraud has increased: 75%
appropriate anti-fraud, anti-corruption Biggest Drivers of Increased Exposure: Most widespread factor leading to greater fraud exposure
measures can be put in place, but given the and percentage of firms affected: Entry into new, riskier markets (38%)
challenges mentioned above; these will only
fraud.kroll.com | 31
Regional Analysis Asia-Pacific
Challenges to investigating
procurement fraud
Suspicions without proof. A number of
investigations where Kroll has been involved
in Asia started as whistle-blower complaints
or informal water-cooler discussions about
procurement practices that led managers
to suspect certain vendors and employees.
A major challenge of investigating fraud
when there is no evidence against any target
is that often managers do not know which
vendors and employees to investigate first.
country to country – markets in South and Southeast Asia Unreliable vendor data. Poor quality of
vendor data is also a key concern when
can pose unexpected challenges for companies that rely conducting procurement-related
investigations in Asia, even when Enterprise
on fraud mitigation and investigation practices applicable Resource Planning (ERP) systems are in
to developed markets. Quite simply, these practices do not place. In one of Kroll’s investigations, the
client had entered a large volume of data into
work in Asia. In fact, some common Asian business SAP when it was first installed in 2006. We
determined that the data was poorly entered
practices make companies more vulnerable to fraud, at the time, with little quality control. This
posed a difficult challenge when the client
especially procurement fraud, and at the same time make wanted to review the data a few years later
it harder for investigations to be carried out. to identify suspicious vendors.
Best practices for responding to payroll and is obliged to talk to » External and Internal Leads. Interview
suspected fraud investigators when summoned. internal process owners and second tier
employees. Coordinate external source
Kroll has helped several companies » Breach and Clear. Secure the evidence
inquiries to provide additional investigative
investigate vendors and employees when (i.e., PCs, data and email servers,
leads and keywords.
procurement fraud is suspected and targets smartphones and mass storage devices),
are known. Since there is no “one size fits maintain chain of custody and restrict
What happens when you suspect
all” strategy for this region, the most access to the aforementioned hardware.
fraud but are not sure who are the
effective approach incorporates both best » Secure Evidence. Secure documents and perpetrators?
practices and client-specific considerations. contents of the target’s desk or office.
Taking into account a country’s legal In the event of a suspected fraud when
framework in which an entity operates, the » Block All Access. Remove access to the targets are unknown, Kroll works to isolate
server and the premises. the source of the problem by:
steps can include:
» Overt vs. Covert. There are pros and cons » Examine Data Files. Forensically extract » Analyzing internal data files on vendors
for each option – for example, an overt data from IT equipment. Also, analyze the and employees in an efficient way to
investigation may lead to the identification data using dedicated text-mining tools. shortlist targets.
Keywords should be specific to limit false
of key witnesses but can also result in data » Gathering external evidence from vendors,
loss if a perpetrator catches wind of the positives.
former employees, competitors and
investigation and starts destroying critical » Data Analytics. Conduct data analytics on customers about the company’s practices
evidence. suppliers’ master-file, sub-ledger, cash that may constitute fraud.
» Garden Leave. Consider placing the books, expense claims, phone records, » Establishing strong, well-organized
suspect employee on Garden Leave so that general ledger entries, approved contracts internal control systems to reduce clients’
he or she remains on the company’s and invoices, budget vs. actuals, etc. vulnerability to procurement fraud:
» Building secure environments that
Financial Services Economist Intelligence Unit Report Card reduce the risk of access control
systems’ being compromised
Although the growth in fraud for financial services this year was consistent with the experience of other sectors,
it remains one of the most affected industries in 2012/13. With 75% of companies hit, the sector had the second » Conducting due diligence on new
highest overall incidence of fraud after manufacturing. Moreover, it had the most widespread problems employees and vendors
in the survey with internal financial fraud (29%), regulatory or compliance breach (26%) and money laundering
(8%). Although it saw a slight decline in the incidence of information theft – to 29%, from 30% in the previous
» Instituting anonymous and independent
whistle-blowing systems that encourage
survey – it still had the second highest frequency of this crime in the survey. Meanwhile, the rate at which
financial services firms lost money to fraud (1.5% of revenue on average) is both above the median and more
local employees and vendors to report
than twice the level found in the previous survey. Looking ahead, coping with complexity will be a major unethical behavior while protecting them
challenge for financial services companies. The sector has the highest number of respondents reporting increased from direct and indirect punitive actions
fraud exposure from information technology (IT) complexity (47%) and from the ever greater complexity of its
products (28%). High staff turnover is also cited increasingly as a driver of higher fraud risk (38%) in financial
Visit fraud.kroll.com for web-exclusive content,
services than in any other sector, making dealing with complicated systems and offerings all the harder. including more best practices and proven
strategies on how to mitigate the risk of
procurement fraud in South and Southeast Asia.
0 % 10 20 30 40 50 60 70 80 90 100
Corruption and bribery
Theft of physical assets or stock Reshmi Khurana is the head of Kroll’s
Money laundering India office. Reshmi has more than 13
Regulatory or compliance breach years of experience conducting
Internal financial fraud or theft complex corruption investigations,
Misappropriation of company funds litigation support, and due diligence on
the management, operations and
Information theft, loss or attack
business models of organizations across
IP theft, piracy or counterfeiting
the US, South Asia and South East Asia. Her clients
Vendor, supplier or procurement fraud include asset management companies, corporations in
Management conflict of interest the mining, oil & gas, consumer packaged goods and
Market collusion pharmaceutical industries and law firms.
fraud.kroll.com | 33
Regional Analysis Asia-Pacific
Malaysia OvervieW
has focused on Malaysia, and survey last 12 months, compared to 70% globally. Also, for
most of the specific frauds covered in the survey the
incidence was also below the mean. On the other
respondents reveal a mixed picture. hand, two types of fraud are worryingly widespread,
even by global standards: 34% of companies were
affected by theft of physical assets (compared to an
overall average of 28%) and Malaysians reported
2012-2013 the second highest country rate of vendor or
procurement fraud in the world with 25% of
Prevalence:
66% companies affected. Only Saudi Arabia’s incidence
Companies affected by fraud
was higher, at 33%. The danger from vendors shows
Theft of physical assets or stock (34%) through in other data as well. For companies that
Areas of Frequent Loss: had suffered fraud and where the perpetrators are
Percentage of firms reporting loss to this Vendor, supplier or procurement fraud (25%)
type of fraud known, Malaysian respondents are more likely
Regulatory or compliance breach (16%) than average to report that vendors were leading
parties (38% of cases compared to 32% overall).
Increase in Exposure:
Companies where exposure to fraud has 69% Regrettably, companies do not seem to be fully aware
increased
of the extent of vendor and procurement fraud in their
Biggest Drivers of Increased country with only 9% acknowledging that they are
Exposure: Most widespread factor highly vulnerable, compared to 18% globally. Another
Increased outsourcing and offshoring (41%)
leading to greater fraud exposure and worry is that the businesses of Malaysian respondents
percentage of firms affected
are more likely than companies in almost any other
Loss: geography to rely on external audits to uncover fraud,
Average percentage of revenue lost 0.6% and have among the lowest rate of fraud discovered
to fraud by senior managers. These executives need to
become more fully attuned to the issue in order to
Insufficient respondents in 2011-2012 to provide comparative data. protect their companies better.
Infrastructure investment
in developing Asia
Perspectives on Risk
By Omer Erginsoy and Makoto Suhara
fraud.kroll.com | 35
Regional Analysis Asia-Pacific
High absolute demand for better » Long-term, open-end infrastructure It is also important to conduct benchmarking
infrastructure in South and Southeast Asia investment funds have given global investors of competitors at the tender stage. This
occurs at a time when experts claim there is a new way to bet on emerging markets exercise will not only inform a more effective
a marked increase in infrastructure growth. Allocations are increasing annually. bid, but could also mitigate the risk of
This is not “hot money” that flees the competitors seeking annulment of a
investment globally. Conventional wisdom is
moment that US monetary policy changes. concession after the tender is closed.
that economic infrastructure assets are
Investors are aware that their capital will
inherently monopolistic and therefore less In the construction phase of the investment
be tied up for a long time. Moreover, with
sensitive to spells of economic weakness. cycle, supply chain issues always surface.
the development of regional financial and
This probably holds true more in developed This is not just a matter of performance risk.
offshore centers such as Hong Kong and Fraudulent collusion between suppliers and
countries than in developing ones where the Singapore, funds are finding innovative ways
risks of political instability, currency local managers (or managers of JV partners)
to reduce the impact of foreign exchange can give rise to large financial losses and cause
depreciation and indeed, the expropriation of risk and to some extent, sovereign risk. delays in the project, heightening completion
an asset could swiftly eradicate the promise
These factors have brought private financing risk. If bribery and corruption issues emerge,
of high returns from a monopoly situation.
into countries historically unable to fund the project can be embroiled in debilitating
Many foreign investors who were forced to controversy and serious legal problems, locally
infrastructure projects.
renegotiate contracts or had them canceled and internationally. Over and above the initial
in the aftermath of the 1997 Asian crisis due diligence of subcontractors and partners,
Risk Mitigation Strategies
would appropriately remind us of this fact. Kroll is frequently asked to conduct regular fraud
There are also negative factors underlying reviews to mitigate the risk of corruption and
But there are enduring signs of change since
the prospects for infrastructure investment in theft as well as contract audits to reduce the risk
that time: there is greater political stability in developing Asia. Based on our conversations of overpaying. Such assignments require the
most Asian countries, currencies are flexible with clients, the recent slowdown in China deployment of investigators with experience
and the public-private partnership model has and India, Asia’s two largest growth markets, working in the locality supported by forensic
made wholesale seizure of assets in the is not top of their list of concerns – investing accountants and data analytics experts.
infrastructure sector less likely. There are in a country’s infrastructure involves betting
Companies in the infrastructure sector are
also other factors driving infrastructure on long-term growth and the continued
accustomed to assessing market conditions
investment in Asia: demand for services in these countries.
before making massive upfront investments.
» Despite inconsistencies in execution, Investors are more concerned about stalled They may have a history of studiously
improvements in the business and reforms in India and bureaucratic delays in considering political and regulatory risk before
regulatory environment are reducing approving projects (Mumbai’s Sea Link stepping into an environment of multiple
barriers to entry. Legislative reforms famously took 20 years to be approved). Lack competing interests, where pricing policies
of transparency in Indonesia, the prevalence or tax regimes can suddenly change at any
passed or slated in Indonesia (e.g.,
of corruption in Philippines and populist point in the long investment cycle. All these
amendments to the law on public-private
changes to policy all present serious risks can be managed, especially against the
partnerships and land acquisition),
challenges. A political and regulatory risk backdrop of favorable politico-economic
Thailand, Philippines and even Myanmar, trends. But infrastructure is ultimately an
assessment should be conducted at the
have coupled with relatively favorable investment in an operating business, and the
outset of infrastructure projects to
concessions offered to foreign investors by realities of operating in South and Southeast
understand and mitigate these risks. Taking
governments looking to attract Asian countries may present risks with
a macro view on probable political scenarios
infrastructure investment. is not enough. It is critical to understand the which many companies are unfamiliar.
» The hunger for natural resources; relative positions of all stakeholders, covering
exploration, development, production, policymakers at the central government level, Omer Erginsoy is a Senior Managing
administrators at the provincial level (or even Director for Kroll based in Singapore.
transportation and distribution of Omer has extensive experience in
resources requires good infrastructure. at the sub-provincial level), local residents, conducting corporate and regulatory
This has been one of the drivers of organized labor, and environmental NGOs as investigations and in providing dispute
well as undisclosed stakeholders such as advisory and litigation support services
Chinese infrastructure investment in to clients. His areas of expertise include
local businesses with hidden agendas who
Southeast Asia (and elsewhere). emerging markets, special situation investments,
can alter the outcome of a project. complex multi-jurisdictional commercial disputes and
» Overcapacity on the part of Japanese and hostile takeovers. He also has a long track record of
Malaysian companies has forced them to For example, in 2012, spurred by legislative advising high net worth individuals on reputational and
reform, a Japanese-led consortium won the regulatory issues and in leading confidential reputation
look for new investment opportunities in
bid to build a new power plant in Central audit assignments for emerging market business owners.
“near-abroad” markets. These countries,
Java that would provide electricity for 8
alongside China, have deeper domestic
million people. However, this year certain Makoto Suhara is a Managing Director
capital markets and therefore able to fund based in Tokyo, specializing in business
landowners refused to sell a portion of land
infrastructure investments led by their accounting for 20% of the planned
intelligence, fraud investigation,
corporate governance and risk
blue-chip companies. Telecommunication construction site. If the dispute is not consulting services for multi national
investments in India and recently in resolved in time, the consortium faces losing corporations and government agencies.
Myanmar have also benefited from a similar the concession. An in-depth market entry Makoto has helped clients respond and
mitigate risks in the areas of financial fraud, legal dispute,
driver (in these cases, Russian and Middle assessment conducted at the outset of the regulatory and compliance, and computer security.
Eastern petrodollars funded the investments). investment cycle may have identified this risk.
Europe OvervieW
fraud.kroll.com | 37
Regional Analysis Europe, Middle East and Africa
The psychology of a cyber criminal become harder for financially motivated Professional services firms such as lawyers,
hackers (FMHs) to collect the data they need. accountants, consultants and wealth
Cyber-based crime has different motivators,
Targeting only one individual at a time, managers are an attractive target as they
different methodologies, and different targets.
breaking through each unique security typically hold volumes of valuable data
While the media likes to use the word
system, and then committing a fraud on that which are often stored in an organized
cybercrime for every computer-based attack,
one target with no guarantee of success is manner with little protection.
the term is really about profit-motivated
not a good return on investment or time.
attacks. Cyber criminals are financially
Professional services:
motivated fraudsters who use the Internet to Therefore, FMHs like volumes of data from
the perfect target
access data and facilitate their main which they can attempt mass fraud schemes,
objective: to make a profit. tweaking each attempt to ensure the highest By gaining access to a lawyer’s email accounts,
level of success. As well as holding large not only can hackers read about upcoming
Although cyber criminals may view themselves
volumes of data, the ideal target will usually transactions or litigation, they can also
as smart business people who “work smarter,
have three main attributes: (1) limited cyber impersonate a victim’s lawyer or gain enough
not harder,” the reality is that the techniques
security; (2) full access to the system or personal data to effect wire transfers, property
cyber criminals typically employ are lazy.
network on which they are based; and (3) IT sell-offs, or any other manipulation available to
As personal cyber security systems have support staff who are just that, “support” them. The same can be said about the accounts
become more robust and user-friendly, it has rather than security focused. of wealth managers or accountants.
Such attacks are not sophisticated hacks. to win an iPad if you click a link and fill in Protecting yourself from working
Most involve a simple password collection your details could pose a risk. for a hacker
made when the adviser logs on at a free
The severity of the risk is brought home
Wi-Fi spot or clicks on a link in a spear- Complacent thinking
phishing email that requires or automates a when two key questions are considered:
Cyber criminals rely on complacent thinking.
software download before viewing a file or a » If you discover a compromise on your
video that has gone viral. Many professionals believe that if their email system, do you have any way of knowing
was compromised, they would notice unusual what was viewed, modified, or taken?
Spear-phishing emails are tailor-made for a
traffic. Unfortunately, once a hacker has
specific person or professional group with the
access to a victim’s email account, he or she
» What would be the impact to your
focus on getting that person or group to click business if it became public that client
can set up filters to forward certain mail
a link and install hidden malware. data was stolen and potentially misused?
messages away from the hacked inbox to
Professional services advisors are profiled by
folders or even to reply and then delete In the past year, Kroll has been engaged on
the attackers utilizing social media, standard
before the target sees them. more than 25 such matters for large
media, client inquiries and public records to
professional services firms. The message
determine their likelihood of having access to Even in rare cases where the fraud is discovered
behind this trend is clear: why attack on
the data required by the cyber criminals. and halted in time, cyber criminals will have
a one-on-one basis when a single targeted
That profile is used to tweak the attack and already stolen information and can use it against
attack can get you 1,000 victims or more?
then launch it. Ever wonder why you get so victims in a future attack or to make a profit. The
much spam or why you have so many new financial value of confidential data cannot be The damage to firms in the professional
Facebook, LinkedIn, or Twitter followers? underestimated. If it is sensitive, there will services sector is equally multiplied. In a
Even friendly emails with sugar-coated offers likely be someone willing to pay for it. sector that relies on trust and belief that
client information will be protected, the
effects can reverberate for years.
Retail, Wholesale & distribution Economist Intelligence Unit Report Card
The assumption is often made that there is
The retail, wholesale and distribution sector had a substantial theft problem over the past year, with the number
of companies with physical assets taken almost doubling, to 45%, from 25% in 2011/12. It is therefore not nothing of value that cyber criminals could
surprising that 87% of respondents described their company as at least moderately vulnerable to this type of want, therefore it is not a concern. But the
crime. However, a worrying number of firms may just be accepting this as a fact of life: the survey indicates that truth is that cyber criminals do not discriminate;
only 42% of companies expect to invest in new physical security measures, including just 53% who say their they want a lot of data, some of which may
business is highly vulnerable to theft of physical assets. The industry might benefit from a more active approach
seem irrelevant to others. A personal credit
to fraud: 94% of respondents say their company’s exposure to fraud rose in the past year, easily the highest figure
card number is just a small piece.
for this question among sectors in this survey. Nor is theft of physical assets the only danger. Information theft
affected 28% of retail, wholesale and distribution companies – well above the 22% average – and 43% of such
Businesses need to understand what data
firms attribute their greater fraud exposure to IT complexity. Meanwhile, various other types of fraud are
they hold, why it is important or attractive to
appearing with increasing frequency which will also need attention.
cyber criminals, how it is protected, and who
has access to it. A proactive understanding
0 % 10 20 30 40 50 60 70 80 90 100
Corruption and bribery
of the threats leads to proactive mitigation.
Theft of physical assets or stock
The next time you are “inconveniently” forced
Money laundering
Regulatory or compliance breach to change your password due to some
Internal financial fraud or theft internal policy understand that this, as well
Misappropriation of company funds as other requirements, could be the
Information theft, loss or attack
difference between money in your hands and
IP theft, piracy or counterfeiting
Vendor, supplier or procurement fraud money in the cyber criminals’ hands. It could
Management conflict of interest be the difference between working for your
Market collusion client and working for a hacker.
Highly vulnerable Moderately vulnerable
fraud.kroll.com | 39
Regional Analysis Europe, Middle East and Africa
By Marianna Vintiadis
Organized crime
infiltration in
the supply chain
Much of the recent debate on organized crime infiltration in the business world
has focused on the financial strength acquired by the mafia and other similar
groups since the 2008 financial crisis. Clearly the liquidity accumulated by the
world’s mafia and its ready availability for cash-strapped companies and
individuals alike in the long recession that has hit the developed world in the
past few years is a major problem. However, we should not lose sight of how this
liquidity is generated and what other implications this profit generation process
may have for the business world including the impact on the supply chain.
Obviously some of the proceeds of organized crimes affecting the environment covering a the local population, international troops and,
crime groups come from illegal activities that number of areas, such as construction, waste, following the 2004 tsunami, on many distant
are both well-known and readily identifiable, arson, and archaeological crime. According to shores. Aside from the obvious and disastrous
such as drugs, prostitution, and racketeering. the 2013 Ecomafia report, the turnover of health hazard caused by the dumping, this
An increasingly important part, however, environment-related crimes for Italian “trade” is widely alleged to be connected to
emerges from more discreet activities such as organized crime groups has reached €16.7 the piracy of recent years: organized crime
infiltrating the supply chain of legitimate billion and the Italian local administrations groups supply Somali warlords with arms in
businesses. dissolved by Presidential Decree due to mafia return for permission to dump waste.
infiltration has risen from 6 to 25.
Legambiente, the Italian League for the If toxic waste dumping affects a small section
Environment, set up an Observatory on These crimes do not affect Italy alone. The of the business community, other activities
environmental crimes in Italy in 1994. Each dumping of toxic waste in Somalia by Italian have broader ramifications. The Italian
year, the Observatory publishes a report on organized crime gangs has had an impact on authorities seized assets worth €1.3 billion
from Sicilian businessman Vito Nicastri last repair its buildings, transport its goods, due diligence efforts, for example checking
April. Nicastri, dubbed by the Italian media or decide to diversify its portfolio into links to known criminals. Organized crime
as “Lord of the Wind,” is alleged to be a mafia renewables. The threat is increasing as generally moves in families, and many
frontman in the renewable energy sector. clans diversify into the legal economies organizations, from police forces to
Italy’s favorable subsidy regime led many of developed countries. And the perils for observatories and charities, will publicize the
investors to seek opportunities in Italian businesses and investors are also on the criminals’ names and names of known
renewables over the past decade. Companies, rise as health and safety, anti-bribery and affiliates and sectors of operation.
individual investors, and many private equity corruption legislation may implicate not only Reconstructing family ties is a key exercise
funds who dealt with Nicastri are now the supplier but the company awarding the in attempting to determine links with
fighting seizures and the inevitable contract as well. organized crime. Legambiente identified
reputational damage that has ensued. Many 34,120 crimes in its last Ecomafia report,
But a solution is available: applying
of those affected are foreign investors who these were down to 302 clans – a significant
appropriate due diligence checks can go a
failed to conduct appropriate due diligence. but much more manageable number of repeat
long way to mitigate the risk. Supply chains
offenders to look out for.
Construction is another area traditionally can involve thousands of third parties, so a
associated with the mob. Fear of infiltration methodical approach should be applied to
in the reconstruction efforts following the segment risk and prioritize red flag situations Marianna Vintiadis is Kroll’s Country
Manager for Italy and Greece, and
earthquakes that hit the region of Emilia which may require deeper analysis. Third also works with clients in Austria
Romagna last year has led the authorities to party risk assessment tools use algorithms to and Switzerland. A trained economist
quickly process risk profiles, enabling with experience in policy making
create a “white list” of construction
and analysis, she works on business
companies. Although adherence to the list is companies to identify which relationships intelligence and complex investigations
voluntary, only white list companies can bid might pose the greatest threat to their in these countries. Her areas of expertise include
organization. Armed with this information, market entry, shipping, internal investigations, litigation
for public contracts in the region. The aim
support and cyber investigations.
here is not only to protect the region from companies are better able to prioritize future
infiltration, but also to protect workers by
ensuring that proper contracts and health Travel, Leisure & Transportation Economist Intelligence Unit Report Card
and safety regulations are adhered to.
The fraud picture this year for the travel, leisure and transportation industry is relatively positive when compared
Organized crime infiltration in the with the other sectors in this survey. It has the lowest overall incidence of fraud (63%), as well as the smallest
figures for management conflict of interest (14%) and market collusion (4%). Moreover, the sector has the second
construction industry is not only an Italian
lowest average percentage of revenue lost to fraud (1%). Nevertheless, notable weaknesses exist. The industry
problem. It is well-known that major efforts
has the highest incidence of misappropriation of company funds (14%) and the second highest rate of regulatory
have been undertaken in several other or compliance breach (23%). Respondents from this sector recognize the danger: for both of these types of fraud
countries including the United States to curb they are more likely to rate their firms as at least moderately vulnerable than those surveyed from any other
the power of the “families.” Evidence industry. Meanwhile, cost-reduction strategies are also having a negative effect: 35% say that increased
emerging from Quebec’s Charbonneau outsourcing has raised the risk of fraud – the second-highest figure for any industry in this survey – and 29% said
commission of inquiry on the awarding and the same of pay restraint – the highest sectoral figure. Finally, travel and entertainment businesses were not
exempt from the general rise in fraud affecting most other industries. Overall, although the good news is
management of public contracts in the
welcome, the industry should focus on reducing its vulnerabilities, lest they grow into bigger problems.
construction industry is just one recent
example suggesting that organized crime
0 % 10 20 30 40 50 60 70 80 90 100
infiltration is still alive and well in North
Corruption and bribery
America. The public inquiry is still ongoing,
Theft of physical assets or stock
but many allegations about illegal political Money laundering
financing, bid-rigging, collusion, and mafia Regulatory or compliance breach
ties in Quebec’s construction industry have Internal financial fraud or theft
fraud.kroll.com | 41
Regional Analysis Europe, Middle East and Africa
Africa OvervieW
Vendor, supplier or procurement Theft of physical assets or stock (32%) Meanwhile corruption remains a deeply rooted
Areas of Frequent Loss: fraud (23%)
Percentage of firms reporting loss to this Internal financial fraud or theft (30%) problem in Africa. The number of companies
type of fraud Regulatory or compliance breach (22%) affected by it this year rose to 30% from 20%
Management conflict of interest (25%)
Management conflict of interest (22%) in the last survey. More alarming, 48% of African
Corruption and bribery (20%) respondents say that their firms are highly
Information theft, loss or attack (19%)
vulnerable to this crime. It is therefore not
Misappropriation of surprising, where a fraud has taken place in the
company funds (17%)
last year and the perpetrator is known, that 33%
Increase in Exposure: of respondents say government officials played
Companies where exposure to fraud has 86% 73% a leading role in the crime – another highest
increased regional figure.
Investment in
African infrastructure
An Opportunity for
the Private Sector
Economic performance over the past decade has at a mere 12%, a disparity partly explained
By Alexander Booth
outstripped any previous period, and current by the different levels of access to undersea
forecasts are that the regional African market fibre optic cables on the east/west coasts.
will grow at about 5.5% this year. Armed In contrast, Gabon has a comparatively high
conflict is significantly reduced, providing the per capita spending on health compared to
stability required for economic growth and Nigeria, and indeed to China and India,
development. Many state-owned enterprises explained partly by its high oil revenues
have been privatized, and legal and regulatory and small population.
systems are being strengthened. Inflation is
By far the greatest infrastructure challenge
being brought under control, and foreign debt
facing Africa is reliable power provision.
and budget deficits are being reduced. Across
Only 16% of the sub-Saharan African
the continent, African economies have
population has access to electricity (compared
opened up to international trade.
to 50% in Asia and 80% in Latin America).
But while in recent years the African investment Moreover, some 30 African countries face
narrative has been dominated by success in regular power shortages, forcing many to
the natural resources and telecoms sectors, pay high premiums for emergency power.
today it is the infrastructure sector – which In some countries, this is becoming a political
has been estimated to require investments issue. It was a recurring theme in the 2011
by non-government entities of US$100 billion elections in Nigeria, and for many Nigerians it
each year until 2020 – that is most likely to will be an issue as they consider whether to
rouse interest and generate returns. re-elect President Goodluck Jonathan in 2015.
Current infrastructure provision varies among Perhaps the second biggest infrastructure
all African countries, but all (except South challenge is inadequate transport links.
Africa) fall short of the global average. Defunct or poorly maintained rail networks
The deficits are far from uniform, however. put an added burden on roads, which are
In Nigeria, for example, Internet usage is at frequently starved of investment, in poor
90% of global average, while Mozambique is condition, and organized more in accordance
fraud.kroll.com | 43
Regional Analysis Europe, Middle East and Africa
with the historical imperatives of colonial So, while there is a potential tremendous targets in order to determine whether a
rule than with today’s regional realities. As a upside to doing business in Africa, investors particular relationship presents inherent or
result, transport costs are the highest in the must not be distracted from the challenges specific vulnerabilities. Additionally, it is only
world – equivalent to 13% of the cost of trade and restraints. Investments in infrastructure by fully understanding where power lies,
in Africa, compared to 6% worldwide – with are particularly vulnerable because of the how it is exercised, and who might bring
an accordingly negative effect on scale and longevity of the financial influence to bear on a partner or acquisition
competitiveness. And the transport shortfall commitments, and the need to interface target that investors can accurately gauge
is not merely an academic debate: it has a closely with government. Moreover, many this risk, increase the chance of controlling
very real impact. In February this year, when hidden risks are not always identified by it, and create a stronger framework for
global mining major Rio Tinto was forced to traditional legal and financial due diligence. realizing a return on their investment.
book a US$14 billion impairment and chief Kroll’s recent work in Africa, including
infrastructure-related projects, has seen Alexander Booth is a Senior Director
executive Tom Albanese chose to step down,
many categories of fraud ranging from specializing in complex business
a key contributing factor was Rio’s losing intelligence assignments and emerging
regulatory and compliance breaches, through
struggle with rail infrastructure in markets including the Middle East and
to management conflicts of interest and Africa. Recently, Alexander has been
Mozambique. Rio had acquired substantial
vendor, supplier, or procurement fraud. involved in a diverse range of cases,
coal assets in the country but could find no and developed particular expertise in
viable export route through which to Dedicated profiling should be carried out on managing networks of subcontractors and human
sources in sensitive environments, particularly in DRC,
monetize the reserves. the commercial track record and industry
Nigeria, Ghana and Angola.
reputation of potential partners and acquisition
Beyond power and transport, other sectors
ripe for attention include healthcare, Internet
Healthcare, Pharmaceuticals & Biotechnology Economist Intelligence Unit Report Card
provision, and water/sanitation. The
combination of rapidly growing African After having some of the lowest fraud figures in the 2012 survey, in this year’s report the healthcare,
economies, the commodities boom, increased pharmaceutical and biosciences sector has the third-highest overall sectoral incidence of fraud (74%), along with
one of the largest proportions of respondents seeing an increase in fraud exposure (85%). Rather than any single
appetite for private sector participation, a
type of fraud being particularly large for this industry, the problem seems to be that, as the 2012 healthcare
variety of financing models, and a wide range report card noted, it is not taking active enough steps to deal with the fraud challenges arising from the business
of opportunities across the infrastructure model change which is so common in the industry. Faced with the need to react to healthcare reform in many
landscape make the investment thesis in this countries, as well as—for pharmaceutical companies—the need to improve success from research and
sector particularly compelling. development spending, the field is seeing dramatic growth in outsourcing and partnerships as well as headcount
reduction. The survey shows that these trends are having an effect. For companies hit by fraud where the
perpetrator was known, 23% report a joint venture partner was involved (the highest figure in the survey) and
Preparation is critical 30% an agent or intermediary (the third-highest). Moreover, 43% report that greater outsourcing and offshoring
Businesses moving into Africa, however, has raised their exposure to fraud (another survey high) and 29% attribute this to increased use of joint ventures
and partnerships (the second-highest industry figure). Meanwhile, high staff turnover, in part owing to headcount
encounter a set of risks they may not be
reduction in the industry, is also heightening risk at 37% of healthcare companies. In response, however, just 45%
familiar with from previous transactions. of healthcare and pharmaceutical firms are planning to invest in due diligence and 43% in staff background
The risk is not confined to the failure of the checks—both figures are only slightly over the survey average. If business model change is not accompanied by
specific deal in question; the wider fallout revised fraud defense, the incidence of fraud in the sector is likely to rise further.
may also extend to lasting damage to the
investor’s reputation at home. Reasons for 0 % 10 20 30 40 50 60 70 80 90 100
failure are many but some – exposure to Corruption and bribery
fraud and corruption, undisclosed interests, Theft of physical assets or stock
personality clashes, and links to organized Money laundering
Regulatory or compliance breach
crime – can be uncovered before committing
Internal financial fraud or theft
to a transaction. Misappropriation of company funds
Information theft, loss or attack
The political environment, too, requires close
IP theft, piracy or counterfeiting
attention and specialist assessment. African
Vendor, supplier or procurement fraud
democratization is very real, with the Management conflict of interest
one-party state increasingly the exception Market collusion
rather than the rule. Most African countries Highly vulnerable Moderately vulnerable
have transitioned, or are transitioning,
toward some form of participatory democracy. Loss: Average percentage of revenue lost to fraud: 1.4%
But this has not necessarily led to a more Prevalence: Companies affected by fraud: 74%
stable investment environment. As Cote Areas of Frequent Loss: Percentage of firms reporting loss to this type of fraud:
d’Ivoire, Kenya, and others have shown, Theft of physical assets or stock (32%) • Management conflict of interest (25%)
election results are frequently contested, Information theft, loss or attack (20%) • Regulatory or compliance breach (20%)
overturned, or accompanied by outbreaks of Increase in Exposure: Companies where exposure to fraud has increased: 85%
violence. Governments can be fragile and Biggest Drivers of Increased Exposure: Most widespread factor leading to greater fraud exposure
brief in duration. Institutions can matter less and percentage of firms affected: Increased outsourcing and offshoring (43%) • IT complexity (43%)
than individuals.
RUSSIA OvervieW
Russia had a substantial fraud problem in
the last year, with 76% of respondents
reporting that their companies have been
hit by at least one fraud, one of the
highest figures in the survey among
countries with sufficient respondents to
calculate a figure. Russian firms also
report losing on average 1.9% of revenues
to fraud, well above the 1.4% average.
Especially large problems facing the
country are corruption and information
theft: it has the highest reported
incidence of any country for the former
– 32%, more than twice the survey
average of 14% – and the second highest
incidence of information theft (29%).
fraud.kroll.com | 45
Regional Analysis Europe, Middle East and Africa
Respondents last year reported that the Gulf States were one of Moreover, the survey finds that the Gulf States
currently have the highest regional incidence of
the lowest fraud regions globally. This time around, the results information theft (35%), vendor or procurement
fraud (30%), market collusion (28%), and
are substantially different. The overall incidence of fraud – 72% management conflict of interest (24%). The
average financial cost of fraud – 1.6% of company
of respondents report their company being hit once in the last revenues – is also above the survey mean.
Fraud Damage
High
Healthcare, pharmaceuticals
Manufacturing Financial Services
and biotechnology
of sector Moderate
Technology, media and
telecommunications
Retail, wholesale and
distribution
Construction Natural resources
fraud profiles
Travel, leisure and
Professional Services Consumer goods
transportation
Low
response
Low Moderate High
fraud.kroll.com | 47
Contact Kroll
For information about any of Kroll’s services, please contact a representative in one of our offices below or visit www.kroll.com
Corporate Headquarters
600 Third Avenue
New York, NY 10016
Global Representatives
North America Latin America Europe, Middle East & Africa Asia
Robert Brenner Recaredo Romero Tom Everett-Heath Tadashi Kageyama
New York Bogotá London Hong Kong
1 212 833 3334 57 1 742 5556 44 207 029 5067 852 2884 7788
rbrenner@kroll.com rromero@kroll.com teverettheath@kroll.com tkageyama@kroll.com
local offices
North America
Bob Viteretti David Holley Melvin Glapion Bill Nugent Betsy Blumenthal Simone Maini
New York Boston Los Angeles Philadelphia San Francisco Washington D.C.
1 212 833 3211 1 617 210 7466 213 443 1142 1 215 568 2440 1 415 743 4800 1 571 521 6192
rviteretti@kroll.com dholley@kroll.com mglapion@kroll.com bnugent@kroll.com bblument@kroll.com smaini@kroll.com
Ray Blackwell Jeff Cramer Brian Lapidus James McWeeney Peter McFarlane
Bastrop Chicago Nashville Reston Toronto
1 512 321 4421 1 312 345 2750 1 866 419 2052 1 703 860 0190 1 416 682 2784
rblackwell@kroll.com jcramer@kroll.com blapidus@kroll.com jmcweeney@kroll.com pmcfarlane@kroll.com
Latin America
Dan Karson Recaredo Romero Matias Nahon Brian Weihs Snezana Petreska
Miami Bogotá Buenos Aires Mexico City Sao Paulo
1 305 789 7100 57 1 742 5556 54 11 4706 6000 52 55 5279 7250 55 11 3897 0900
dkarson@kroll.com rromero@kroll.com mnahon@kroll.com bweihs@kroll.com spetreska@kroll.com
Asia
Colum Bancroft Violet Ho Reshmi Khurana Violet Ho Penelope Lepeudry Makoto Suhara
Hong Kong Beijing Mumbai Shanghai Singapore Tokyo
852 2884 7788 86 10 5964 7600 91 22 6724 0500 86 21 6156 1700 65 6645 4520 81 3 3509 7100
cbancroft@kroll.com vho@kroll.com rkhurana@kroll.com vho@kroll.com plepeudry@kroll.com msuhara@kroll.com