Online Exclusive

Fraud schemes and investigations amid the COVID-19 pandemic

The COVID-19 crisis is forcing companies to tackle significant operational, financial and strategic challenges. And some employees might be tempted to engage in embezzlement schemes or even manipulate financial statements, among other improper acts, to address their immediate financial needs.

The line that separates acceptable from unacceptable behavior can become blurred for some people when pressures mount. Also, workforce displacement or distraction might weaken controls like segregation of duties.

The pandemic has created an environment of not only increased internal fraud risks but also opportunities for external fraudsters to take advantage of disruptions in normal business operations, such as potentially weakened control environments. Fraudsters have historically used crises such as market crashes and natural disasters to exploit and benefit.

Organizations and CFEs should be: 1) knowledgeable about internal and external fraud risks and schemes throughout the pandemic and post-pandemic recovery; 2) proactive and vigilant; and 3) prepared to efficiently and effectively respond to potential instances of fraud.

Know internal fraud risks and schemes

The ACFE Fraud Tree, as contained in the 2020 Report to the Nations, supplies the three categories of occupational fraud: corruption, asset misappropriation and financial statement fraud.

As we know, occupational fraud generally requires three fraud risk factors: pressure, opportunity and rationalization — the Fraud Triangle. For example, management might intentionally increase revenue numbers for a period of time because external shareholders are pressuring for increased value. And management, which may have the opportunity (through override of internal controls or otherwise), might rationalize that they don’t have any other choice but to cook the books.

Layoffs and remote working conditions could lead to a breakdown in internal controls. And employee fraudsters might more easily rationalize their conduct during crises with views like, “I have nothing to lose” or “This money is due to me anyway.”

Increases in pressure, opportunity and the ability to more easily rationalize actions means that CFEs should be aware of increased fraud risks and potential for fraud schemes, including:

Corruption and kickbacks

  • Conflicts of interest and collusion among employees and outside third parties (e.g., vendors, customers, suppliers, distributors) to execute fraudulent billing, purchasing and sales schemes in which they’ll benefit (e.g., accounts payable employees approving payments to a third party owned by their spouse).
  • Bribes and kickbacks provided to external third parties (including government officials) on behalf of an organization to secure contracts that could increase employees’ compensation (e.g., commission-based employees).

Asset misappropriation

  • Employees submitting fictitious invoices (potentially related to vendors purportedly associated with a COVID-19 response) that direct organizations to directly pay them or related parties.
  • Addition of fictitious (or “ghost”) employees to payroll registers.
  • Establishment of fictitious vendors to the vendor master file to wire funds and other organizations’ assets.
  • Tampering of checks by altering payees and forging endorsements.
  • Submitting fraudulent travel and expense reimbursement claims for non-business/non-permitted expenses.

Financial statement fraud

  • To make up for decreased consumer spending, organizations might deliberately overstate or fabricate revenue to boost bottom lines and show how management was able to persevere in a challenging customer/ business environment.
  • Management might be motivated to intentionally understate allowances and reserves to avoid additional charges to the bottom line. (Companies have numerous valuation accounts, allowances and reserves including — but not limited to — those for inventory, accounts receivable, insurance claims incurred but not recorded, income taxes and contingent liabilities.)
  • Because of disruptions to supply chains and volatility in financial markets, organizations might manipulate or delay valuations and impairments to try to overvalue certain assets and generate insurance recoveries. Companies might use forecasts as part of estimating the value of assets, including inventory, goodwill, financial instruments, investments (such as portfolio companies and debt/equity securities issued by entities) and certain long-term contracts.
  • Organizations might write-off underperforming assets and/or record what is commonly referred to “big bath,” or large restructuring charges, as part of larger organizational restructurings, sales or closures of parts of their businesses that are either marginally associated with the impact from COVID-19 or not associated at all.
  • Organizations might be tempted to capitalize substantial COVID-19 expenses and deduct them over several accounting periods rather than expense them immediately.
  • Organizations might avoid fully disclosing the impact of COVID-19 on its overall business results, particularly concerning risks, uncertainties, contingencies, representations contained in public statements and regulatory filings. For example, organizations might not want to disclose their (or their counterparties’) ability to satisfy contractual obligations. That disclosure would also include organizations’ assessments of whether reliance on force majeure provisions or common law principles of nonperformance might apply. The adequacy and sufficiency of such disclosures might lead to regulators and investors claiming securities fraud.

Look for these external fraud schemes

External fraudsters include those unrelated to organizations (such as scammers) or parties that organizations do business with (such as vendors and customers).

Here are some examples of external fraud schemes that organizations need to be alert for:

  • Third-party vendors submitting fraudulent invoices with the hopes of circumventing relatively weakened accounts-payable control environments.
  • Cyber-related attacks, specifically business email compromise schemes, in which fraudsters might pose as someone they aren’t (e.g., CEO or a customer) and request sensitive data, such as personnel records, or a change in banking/payment data. Fraudsters might also target employees with email and text phishing schemes, in which employees receive messages from unknown sources soliciting information or claiming to have “must-see information” about COVID-19 only to find links that download malware to organizations’ cyber infrastructures.
  • Fraudsters will often pose as legitimate charitable organizations claiming to collect relief funds.

Be proactive and vigilant

Organizations can’t eliminate every potential fraud risk arising from the COVID-19 pandemic, but CFEs should take proactive, practical steps (the earlier, the better) to identify, mitigate and manage such risks, which may lessen potential financial and reputational damage.

Here are some effective tips:

  • Continue to be active and assertive in your compliance activities.
  • As a proponent of good tone-at-the-top principles, continue to send communications stressing the importance of compliance and encouraging employees to do the right thing.
  • Reinforce use of the anonymous whistleblower reporting mechanism (and ensure it’s operating effectively) and investigate when appropriate.
  • Continue with any anti-fraud training protocols using technology to facilitate remotely.
  • Perform additional monitoring procedures, including deployment of advanced analytics, in key areas of operations (e.g., sales) to assist in proactively identifying potential red flags and preventing potential instances of fraud.
  • Conduct additional testing to assess if internal controls are functioning properly and modify, as needed, to address stakeholders working remotely
  • Reassess policies, procedures and controls surrounding banking and treasury functions, vendor set-up and payroll and procurement business control processes.

Be prepared to respond

In the COVID-19 environment, CFEs should evaluate their response plans, identify if conditions might affect those plans and determine how to address any potential impacts.

CFEs also will need to assess the internal investigations they can delay and those they need to immediately ramp up because of allegations of significant financial impropriety, questions about the integrity of key officers or management, or cases subject to regulatory or law enforcement actions.

Because social distancing requirements might challenge or negate physical interactions, CFEs may want to consider how they can productively continue or initiate investigations. They can use technology to help perform data and information collection and analysis, plus provide virtual connectivity for interviews and collaborations.

Here are some options for a remote investigation process:

  • Investigation planning. Organizations should consider any limitations and nuances that might arise when they conduct remote investigations, including:
    • What’s the best approach for conducting interviews?
    • Is our online site secure enough to exchange electronic documents?
    • How will we obtain images of desktops and mobile devices?
    • Will courts be open to retrieve corporate and individual filing information?
    • Who has the appropriate experience to conduct the investigation?
    • What type of technology proficiencies should the investigator need?
  • Centralized tracking. Use one central tracking system for cases and “data custodians” — all managers, employees and third parties who hold information on their electronic devices. Global investigation teams might rely on this system as the single-source repository to track, report and share information throughout organizations. Teams might need to supplant in-person or live interviews with electronic questionnaires. They can quickly capture interview responses and automatically ingest them into systems with rapid aggregated, indexed responses they can search without reviewing manually. Stakeholders can use dashboards and other automated reporting functions at any time to bolster remote workflow management and performance monitoring.
  • eDiscovery collections and document review. Organizations should be able to collect some data as they normally would because they probably already conduct enterprise collections, such as email, remotely. Inspecting data custodians’ electronic devices present a larger, yet solvable, logistical challenge. Discovery specialists, after they identify relevant data sources, can coordinate with IT teams to access and download enterprise or cloud data sources.

    In the absence of enterprise collection capabilities, discovery specialists will need to notify data custodians, which may increase the risk that the custodians will delete or destroy information. Discovery specialists typically mail encrypted hard drives preloaded with scripts directly to data custodians that they can connect to their devices. The discovery specialists can access and control devices to securely extract and collect the data. Organizations can use server eDiscovery software to digitally produce, review and tag documents.
  • Forensic accounting analysis. Electronic access to data and supporting documents in enterprise resource planning systems are generally available for remote forensic-accounting analyses. Advances in data analytics have expedited the acquisition of large amounts of accounting and financial data, and predictive capabilities have significantly shortened the time required to identify relevant transactions. Secure share sites enhance collaboration among investigative and client teams and can facilitate the transfer and review of potentially sensitive information.
  • Business intelligence searches. Organizations predominantly conduct business intelligence research through online databases and telephone interviews except when court or business filings haven’t been digitized.
  • Investigative interviews. Although most organizations commonly use teleconferencing and videoconferencing software, investigators need to carefully weigh the advantages and disadvantages of conducting investigative interviews remotely. Many software programs offer document sharing and face-to-face communication capabilities, which allow interviewers to observe interviewees’ reactions and assess credibility. However, organizations might still prefer in-person interviews for essential witnesses where timing isn’t urgent and when they want to control circumstances, including environment, pace and ease of access to voluminous documents.

Be flexible and astute in your investigative plans

As CFEs continue to evaluate their business operations and related compliance activities in the wake of the COVID-19 outbreak, they should consider 1) specific fraud risks and schemes that could potentially impact their businesses; 2) what steps (if any) their organizations are taking to proactively identify, mitigate and manage such risks and schemes; 3) how to best prioritize their investigations and implement cost and process efficiencies via remote, digital technologies; and 4) what type of assistance they might require from professional service organizations, such as forensic accounting and law firms.

Anthony Campanelli, Kevin Corbett and Christopher Georgiou are Deloitte Risk & Financial Advisory partners at Deloitte Financial Advisory Services LLP. Contact Anthony Campanelli at Contact Kevin Corbett at Contact Chris Georgiou at