BY LUKE MULUNDA
Kenyan financial institutions are facing growing threat from a new trend of fraud perpetuated by customers, according to the PwC 2018 Global Economic Crime and Fraud Survey (GECS).
The survey says consumer-related fraud has become the second most prevalent economic crime in the financial services sector, at 37% incidence rate, after asset misappropriation.
PwC defines consumer fraud as economic crimes that occur when a client exploits the governance and control vulnerabilities of a company to commit fraud. The report identifies the crimes as “episodic fraud” which happens when the perpetrators find themselves in circumstances that present an opportunity to commit fraud in the course of conducting a legal transaction with an organisation.
The PwC 2018 survey shows an overall surge in economic crime reported in the past two years, putting organisations on high alert, especially financial institutions, which are the biggest victims of customer-related fraud.
Three-quarters of Kenyan respondents reported having experienced at least one form of economic crime in the past two years. This ﬁgure is notably higher than the global average (49%) and the African average (62%). It also marks a 23% increase from Kenya’s 2016 ﬁgure. In addition, 37% of respondents stated that the most disruptive economic crime over the past two years cost them at least $100,000 (Sh10 million).
“In an already challenging economic environment, losses attributable to economic crime continue to prove a challenge for Kenyan organisations, says Muniu Thoithi, Forensics Leader, East Africa region, at PricewaterhouseCoopers (PwC). “The margin of difference between the prevalence rate of economic crime in Kenya and the global/African averages and the margin of growth from Kenya’s 2016 ﬁgure, together suggest that economic crime in Kenya continues to be a pervasive problem requiring serious, well thought out and even societal interventions to both prevent and control it.”
The report draws insights from 116 respondents in Kenya – comprising board members and senior managers who are part of executive management, finance, audit, risk management and other core functions in large, medium and small organisations. Of the 116 respondents, 38% represented listed companies, 42% private organisations and 20% public or non-governmental institutions.
Consumer fraud is especially prevalent in the financial services industry where it had an incidence rate of 65%, becoming the most prevalent form of economic crime, overtaking asset misappropriation and cybercrime, the traditional leading forms of economic crime in this industry.
The survey notes that economic fraud has hit an unprecedented high in Kenya, occasioning direct losses of between Sh10 million and Sh100 million to organisations. Other costs linked to economic crimes include severance of business relations, brand and reputational damage, low employee morale, and strained relations with regulators.
It is estimated that banks lose up to Sh500 million every month through fraud and unethical practices by their own staff. Often, however, little or no cash alleged to have been stolen in such circumstances is ever recovered.
The Cybercrime Investigation Unit estimates that Kenya lost more than Sh17 billion to hackers in 2016, with theft of credit or debit card data and financial scams, bank Salami attacks and hacking of the mobile banking systems being the greatest targets.
The rise in consumer crime, however, presents a major shift from the conventional trend, where most economic fraud is associated with systemic flaws, cybercrime, money laundering, anti-competitive behaviour, among other internal malpractices.
Customer is friend and foe
As businesses continue to walk through the digital revolution and globalisation, they are forced to innovate, enter new markets and adopt new technologies to survive or grow. This opening up, however, is increasingly exposing them to additional threats, often posed to and by the customer.
This also affects organisations such as governments and non-proﬁt organisations where the consumer of their services is not necessarily a customer. Organisations are faced with a dilemma of either closing themselves in and be seen as non-responsive or opening up their operations and exposing themselves to ﬁnancial, reputational and regulatory risks.
“At an incident rate of 37%, our survey found that fraud committed by the consumer is the second most prevalent type of economic crime experienced by Kenyan organisations. It is also the second most prevalent economic crime in East Africa and Africa and third globally,” says PwC.
There are many reasons and circumstances that conspire to result in an increased threat from the consumer.
PwC says one of the factors is the changing demands of the consumer. With the ubiquity of technology today, the 21st Century consumer has become used to convenience and on-demand service, it says. “This consumer wants to spend the least amount of time and effort while being served. Organisations from banks to governments have thus been forced to adopt new technologies that make them more accessible and efﬁcient.
“In the process, tellers have given way to mobile banking and parking attendants to parking applications,” says the report. “These technological advances, however, come with a number of threats arising both from the organisation’s unfamiliarity with the technology and the added access that the consumer gets to the organisation through the technological channel linking the two.”
Another consequence of the enhanced technological uptake is the reduction of permanent staff replaced either by the technology itself or by outsourced third parties. Organisations have taken advantage of the technological advances to downsize or to introduce agents who are cheaper to maintain and increase the organisations’ reach at minimal cost. Consequently, the trusted employee that is well versed in an organisation’s culture and values is increasingly not the main point of contact between the consumer and the organization.
The rapid change in trends and entry of market disruptors have also seen organisations that have traditionally offered a singular service chart into new offerings. These organisations ﬁnd themselves in environments where they often have limited experience and know-how of the associated fraud risks and regulatory frameworks. “As banks offer insurance products, manufacturers get into real estate and the government begins to sell bonds through mobile apps, they all ﬁnd themselves in unfamiliar territory that is fraught with danger,” says the report.
In a world where the cost of living is increasing, lifestyle trends promote more consumerism and traditional values are discarded: the consumer just as the employee is under more pressure to commit fraud. Consumers also ﬁnd it easier to rationalise fraud whether it is a failure to pay a public utility or is a case of shoplifting.
At an incident rate of 37%, consumer fraud in Kenya is 8% more than the reported prevalence globally. Some 20% of managers interviewed for the report in Kenya further cited fraud committed by consumers as the most disruptive economic crime in their organisations over the past 24 months of the survey, only behind asset misappropriation at 21%.
The prevalence of this fraud is also reﬂected in the East Africa region where it is the second most prevalent form of economic crime at 37% only behind Asset Misappropriation at 46%.
Consumer fraud is especially prevalent in the financial services sector where in Kenya it had the highest incidence rate of 65%, higher than cybercrime at 48% and asset misappropriation at 42%.
The survey indicates that ﬁnancial institutions such as banks are a major target of fraud by the consumers, where the consumers exploit loopholes in the designing of ﬁnancial products or instruments to perpetrate fraud. In East Africa, consumer fraud has an incidence rate of 62% in the financial services sector followed by cybercrime and asset misappropriation at 44% and 35%.
In insurance, consumer fraud has the highest incidence rate in Africa at 71% followed by business misconduct at 54% and asset misappropriation at 38%.
“In our experience, consumers in the insurance industry typically defraud the insurance companies through the lodging of an illegitimate or inﬂated claim that is designed to appear legitimate,” say PwC experts. “Whereas our survey results show that on average Fraud Committed by the Consumer is less prevalent in other sectors other than in financial and insurance services sectors, from our experience a sizeable number of organisations in other industries are grappling with fraud committed by consumers through a myriad of ways spanning from nonpayment for goods and services to more complex frauds involving cybercrime or collusion with internal parties.”
Detection and prevention
KYC: The Know Your Consumer/Customer (“KYC”) protocols are mechanisms employed by an organisations to identify and verify the identity of a prospective customer prior to making an engagement with them as well as to ensure the organisation becomes aware of any changes to the consumer’s identity subsequent to the ﬁrst engagement.
To successfully avert and detect fraud, PwC says in the report that customer acceptance and on-boarding procedures of the organisation must be rigorous enough to ensure that the organisation only engages organisations and persons that are who they say they are.
Organisations must seek to examine the full proﬁle of the prospective customer including any criminal history, type of activities undertaken by the consumer, any ethical or legal non-compliance history and general brand proﬁle.
Customer acceptance procedures must also encompass the veriﬁcation and validation of documents presented by the prospective client including identiﬁcation documents, documents evidencing ownership of assets, registration documents etc.
“Whereas Customer Acceptance Policies are not an end in themselves and are unlikely to curb fraud perpetrated by legitimate customers who subsequently identify loopholes for fraud, they can go a long way in helping single out suspicious persons or imposters or abnormal transactions,” the report says.
In undertaking these KYC procedures, however, a ﬁne balance must be struck between remaining vigilant and pervading the perception of suspicion towards potential consumers.
Risk Management Procedures: Risk proﬁling depending on the scale and volume of the organisation’s transactions with consumers encompasses many activities. One of the main ways organisations can monitor and manage fraudulent activities initiated by their consumers is by creating risk proﬁles for each existing consumer.
Based on purchasing and payment patterns, an organisation can create a risk proﬁle for individual consumers that will provide guidance on the level of vigilance that is to be employed while dealing with the consumer. For instance, consumers with a propensity to lodge special requests that involve a bypass of an organisation’s protocols may be considered to be of a higher risk than those who comply with organisation’s policies. Other factors to consider are methods of payment, credit period, use of proxies etc.
The identity of the consumer is also key to the creation of a risk proﬁle. By their very identity, politically exposed persons (PEPs) warrant keener monitoring. Due to their high level of visibility and inﬂuence in the society, PEPs are widely considered to be more susceptible to being victims, conduits or perpetrators of economic crimes especially in areas of bribery and corruption, procurement fraud and anti-money laundering activities.
Worryingly, the growth in consumer economic crimes comes on the backdrop of an overall increase in economic crimes globally. Although Africa appears to have suffered the highest prevalence level in the past 24 months, accounting for 50% of countries with the highest incidence rate, the challenge goes beyond geographical barriers.
“In Kenya, Africa and globally, the prevalence of economic crime appear to be at its peak in Kenya,” says the survey. This phenomenon is attributed to a number of factors, including the widening gap between the rich and the poor, increased connectivity brought about by ICT coupled with poor understanding of controls needed in a highly interconnected environment as well as poor enforcement of existing regulations.
Despite the rise in economic crimes, many organizations are not adequately prepared to combat fraud committed by both internal and external perpetrators since most still approach risk management, fraud investigations and reporting as different functions. PwC recommends a centralised fraud management framework that is all-encompassing, which would hasten detection and ensure effective investigation.
The high prevalence of economic fraud could be attributed to increased awareness about economic crimes due to improved detection mechanisms, according to the fraud experts. The researchers also argue that the percentage of economic crimes could be higher given that most cases often go unreported.
Growing consciousness of economic crimes is also an indication that ﬁghting fraud has progressed from an operational or legal matter to a central business issue. “As awareness of the pervasiveness of economic crime continues to persist, and Kenyan organisations set out policies to prevent and control fraud, we can hope that the number and costliness of fraud incidents will reduce,” says the report.
The report suggests various measures of mitigation, including careful examination of fraud detection mechanisms, and better training of relevant parties on fraud detention. Further, the study recommends that a culture of transparency and fraud reporting must be cultivated including implementation of sound policies governing the treatment of tip-offs and whistleblower activities within the organization.
“Organisations must work harder to come up with solutions and deterrents that are customised to unique set-ups and governance frameworks to manage and eliminate these crimes,” PwC says in the survey.