With the country in lockdown there are unfortunately those who will seek to exploit the situation via frauds and scams. Initial signs in both the UK and the States are indicating that cases of fraud are on the rise. The National Fraud Intelligence Bureau has already identified over 20 reports of coronavirus-related fraud since February, with victims' losses totalling more than £800,000 in a month. It is therefore important to ensure all employees complete the required training to keep on track of the cyber-security measures and guidelines in place.
In response to the pandemic many businesses are rushing to implement an efficient form of agile working. As government travel guidance and restrictions become more stringent companies must find ways to keep operating business as usual with agile working. In light of this we urge companies and staff members to check their security settings with their IT department. Whilst systems and infrastructure are of vital importance, it is employees who are usually the weakest link in cybersecurity.
Please see below some useful tips on how to safeguard your business.
Risk area | Contributing factors | Mitigation |
Cyber fraud Our new reliance on online communication will heighten vulnerability to cyber, data security and privacy threats. Cyber criminals will actively look to exploit these threats. |
1. Phishing emails exploiting coronavirus 2. Staff working outside of any secure network 3. Sensitive data being transferred between insecure environments |
1. Staff should follow the principles set out in our coronavirus email scams guidance document and outlined here 2. Staff should ensure communications are encrypted / password protected if sending outside of the secure network 3. IT functions should disseminate guidance about remote working |
Misappropriation There is now an urgency to obtain equipment to make sure people and organisations have the right tools to do their jobs. This results in greater volume of assets available to be misappropriated, and the severity of the threat may result in staff stockpiling. |
1. Controls may be relaxed to allow prompt movement of supplies between sites and organisations 2. Black market value equipment and consumables incentivises individuals to steal |
1. Stock records and asset registers should be maintained as far as possible, with audit trails of urgent activity retained 2. Exception reporting should be utilised frequently 3. Concerns should be raised immediately |
Supplier interaction Higher demand and desire to procure equipment quickly can lead to a lapse in compliance with procurement processes |
1. Urgency to procure goods and services reduces time to complete adequate due diligence 2. Shortage of supplies may require organisations to engage with different and off framework suppliers 3. Controls around tender waiver and contract extension activity may be relaxed |
1. Due diligence should be pursued to the greatest extent in the time frame available, with checks continuing to progress to completion even post procurement 2. Provision should be allowed for retrospective challenge and cost recoveries 3. Cumulative supplier spend should be monitored regularly |
Accommodation Additional and often high cost accommodation may be required for key staff that need to remain away from their usual address due to others self-isolating |
1. Hotels may exploit the crisis by overcharging room rates or incidentals 2. Staff may exceed the permitted allowances in meal / incidental charges |
1. Accommodation should be booked centrally using arranged rates 2. Charges over and above an agreed threshold for subsistence should be agreed with the hotel that they will be paid by the employee and reclaimed through expenses |
Invoice fraud Accounts payable processes will be streamlined to ensure prompt and advance payments for urgently required goods and services |
1. Urgent payment requests exploiting coronavirus 2. Relaxed segregation and authorisation processes may allow false or inflated invoices to be paid 3. Mandate change requests cannot be easily verified as suppliers are under pressure and key contacts may be working remotely 4. Government advice to maintain supplier payments irrespective of performance |
1. Staff should follow the principles set out in our coronavirus email scams guidance document 2. Invoices should be carefully confirmed against orders and rates agreed specifically in the crisis 3. Goods receipt should be confirmed prior to payment 4. Supplier change requests must be confirmed using verified contact information 5. Queries to be resolved retrospectively must be logged for follow-up |
Credit cards Departments may rely more heavily on credit cards to promptly secure locally required goods, and inappropriate purchases may not be able to identified |
1. Credit card expenditure is anticipated to temporarily increase during this period 2. Cards are likely to be used by multiple individuals due to increasing pressure 3. Expenditure is reviewed retrospectively 4. Non-essential or inappropriate purchases may not be able to be promptly identified or attributed to an individual |
1. Records of card whereabouts should be maintained wherever possible 2. Itemised receipts should be retained for all credit card purchases 3. Statements should be reviewed and challenged promptly |
Expenses An anticipated increase in travel and subsistence expenses as a result of staff working additional hours and across various sites may obfuscate fraudulent claims |
1. Expenses claims may be subject to limited verification in the interest of prompt payment 2. Expenses may be incurred for remote working equipment 3. Claims may be made for expenses not incurred 4. Claims for subsistence may exceed daily allowances |
1. Evidence of original expenditure should be required 2. Guidance, updated as necessary to reflect changes to allowances and process during coronavirus, should be issued to staff |
Governance As audit committees and board meetings are suspended there may be limited reporting and oversight across operations |
1. Less frequent meetings or business critical focussed meetings may result in a period without scrutiny of financial and other decision 2.Staff and management may be acting with more autonomy in undertaking financial functions |
1. Wherever possible, virtual meetings should continue 2. Interim financial reports should be shared with members to ensure oversight remains in place 3. Changes to streamline control environments should be reported to members so that appropriate assurance measures can be considered |
Payroll Payroll processes will be streamlined to ensure prompt payment, increases in workforce may obfuscate payroll fraud and complex change and reimbursement arrangements may result in salary overpayments |
1. Ghost employees may be entered onto the system 2. Temporary staff that are added to the payroll may remain on the system post coronavirus |
1. Backing data should be reviewed to confirm new employees being entered onto payroll are genuine 2. Segregation of duties should be maintained as far as possible 3. Management information should be reviewed regularly to identify multiple payroll records being paid into the same bank account 4. Payroll records created during coronavirus should be reviewed periodically |
Recruitment An increase in staffing demand due to self-isolation and increasing pressures will prevent the application of some existing pre-employment screening processes |
1. New applicants without the appropriate qualifications or right to work status, or with criminal records, will seek to exploit the opportunity to commence employment whilst screening is pending 2 Staff in training and former staff not currently regulated may be able to join or return to the workforce 3. Safely onboarding specialist staff whilst maintaining social distance will be challenging 4. Advanced Disclosure and Barring Service (DBS) checks may not be available |
1. Pre-employment screening should be pursued to the greatest extent in the time frame available, with checks continuing to progress to completion even post recruitment 2. In lieu of DBS confirmation, decisions to proceed should be risk assessed and documented. More stringent references, ideally from professional bodies, should be sought. 3. Document scanners should be utilised wherever possible |
Duties not fulfilled Significant volumes of staff will be working remotely, some having done so at short notice. |
1. Certain elements of some roles may not be able to be completed remotely 2. Systems may not be established to monitor staff activity remotely 3. Some staff may inflate symptoms to secure paid self-isolation periods from their substantive employer, in order to undertake lucrative agency or other work elsewhere 4. Organisations will be required to accept documentation in lieu of a fitness to work certificate |
1. Guidance should be provided to remote workers on how their workload should be managed and reported 2. Exception reporting should be utilised frequently 3. Management information should be reviewed regularly to identify staff abusing self-isolation requirements 4. Shielding documentation should be verified against known information |
Temporary workforce Additional staff usage may be increased due to self-isolation and increasing pressures |
1. Agency staff may commence engagements whilst screening is pending 2. Demand will increase cost of additional staffing 3. In some services additional overtime may be required, and timesheets may be subject to limited verification due to pressures |
1. Screening should be pursued to the greatest extent in the time frame available, with checks continuing to progress to completion even post engagement 2. Additional staff identity must be confirmed at their first shift 3. Invoices should be carefully confirmed against booking requests for hours and rates 4. Timesheets should be verified by individuals who were physically present at the time of the shift, and using local records and knowledge |
False claims Significant volumes of staff will be working from home, some having done so at short notice, and staff may be recruited prior to occupational health reviews, which may result in increased claims for compensation for injury |
1. Staff may be required to work from home for a prolonged period, which may result in inflated claims for injury as a result of the use of inappropriate home workstations 2. Staff may be required to commence work prior to completion of an occupational health assessment, which may result in inflated claims for injury or illness 3. Potential exposure to coronavirus due to limited availability of PPE may result in false claims |
1. Guidance should be provided to remote workers to assist them with the setup of home workstations 2. Occupational health assessments should be pursued as promptly as possible in the circumstances 3. Adequate audit trails of PPE whereabouts and availability should be maintained as far as possible |
The counter fraud team at RSM is closely monitoring the fraud risk developments to highlight areas of concern as well as best practice. The team will continue to provide guidance to ensure that organisations can remain astute to the risks.
In the meantime, staff should follow these key principles:
- Report any frauds promptly: report any and all concerns to your manager, the finance team and internal audit. Do not be concerned that you may be wrong as this may cause unnecessary delay.
- Verification: seek verification for invoices, requests for payment and changes to bank account information. Seek procurement advice when engaging with a new supplier, source confirmation of receipt of goods and check to see who you are corresponding with.
- Be alert to fraudulent communications: we already seeing criminals maximising on the situation. Contact your IT support immediately with any concerns.
- Confirm timesheets: and claims prior to authorisation. Time spent on this will mean budgets are not impacted by fraudulent claims at critical times.
For more guidance on fraud related risks, please contact: