«The more regulated an industry, the more cases occur.»

Interview with Cristina Ferraris Gloor, Director, Advisory, Forensic KPMG Switzerland

Before I answer that question, I have to point out that criminal energy will always exist – but you can try to protect yourself against it as best you can.

In our opinion, this calls for a three-pronged approach: First of all, clear rules are needed, like the rules laid down in a Code of Conduct or corporate guidelines, as well as regular audits. Second, structures and processes need to be reviewed on a regular basis because fraudsters are adaptable and constantly on the lookout for new gaps. These reviews can also identify and eliminate even unexpected or new gaps. Technology like analytics tools, for example, can support this process by identifying patterns such as regularly occurring payments. Third, background checks should be conducted on employee resumes.

Looking at the cases we handle, it’s clear that many companies probably could have prevented some of the incidents if they had properly pre-screened prospective employees’ resumes.

Yes. The more regulated an industry, the more cases occur. That is particularly true in the financial and banking industry as well as the life sciences sector. On the other hand, we also see white-collar crime impacting public authorities and non-profit organizations frequently as well. Those institutions often have a lot of money flowing through them that can end up in the wrong hands or might not be used for the earmarked projects.

Ideally, a company should have a fraud response plan that’s triggered in the event of suspected cases of white-collar crime – which includes offenses like corruption and money laundering. What’s important is that you remain calm and first clarify which crime might be involved and which accusations have been made. Then you should define the responsibilities and the group of people to be informed.

Depending on the situation, an external company is also called in to investigate. The next step is to clarify which information is needed or available to deal with the case. As soon as those points have been cleared up, steps must be taken immediately to mitigate the damage. It’s especially important to ensure that the suspect no longer has access to the systems, for example. Ideally, a substitute will have already been named who can seamlessly take over the suspect’s tasks and has the same access rights. We once had a case where a fraudster had to leave the company immediately but was the only one who had access to the bank’s data.

We first meet to assess the facts of the case and determine whether we’re allowed to accept the mandate due to independence rules. During that initial discussion, the client describes the problem and identifies the people involved. That helps us ensure that we can conduct our work independently. As soon as the framework and the scope of our investigations have been defined together with the client, we collect the material facts, including documents, e-mails and other relevant data.

We also conduct standardized interviews with the employees as well as interviews in which we directly confront the employees under suspicion. Upon completion of each phase of this work, we present the results to the client, who then decides whether to continue or wrap up the investigation. At the end, we send the client an investigation report, which is used either for internal purposes or even for litigation.

Thanks to state-of-the-art technologies and IT systems: Our Forensic Technology team uses artificial intelligence to effectively and quickly examine and evaluate vast amounts of data for specific patterns or keywords. Of course, fraudsters use modern technologies as well, making it pivotal for us to be on the cutting edge.

Fraud risk assessment is about revealing where risks exist with respect to white-collar crime or opportunities. Our job is usually to find, list and prioritize every potential fraud risk. We then link those risks to the internal control mechanisms to find out where there might be gaps. Since they are an extremely important tool for preventing white-collar crime, companies should generally conduct fraud risk assessments once a year.