That is the question KPMG addresses in this recent report “Who Is The Typical Fraudster?” The study seeks to “identify patterns among individuals who have committed acts of fraud” and is based on research from “348 actual fraud investigations conducted by KPMG member firms in 69 countries.” Although not FCPA specific, the KPMG report identifies several fraud trends and indicators relevant to FCPA compliance.
The KPMG report notes that “typically, a fraudster is perceived as someone who is greedy and deceitful by nature,” however KPMG’s analysis found that “many fraudsters work within entities for several years without committing any fraud, before an influencing factor – financial worries, job dissatisfaction, aggressive targets, or simply an opportunity to commit fraud – tips the balance.”
According to the study, the “typical fraudster” is between the ages of 36 and 45, followed next by individuals between 46 and 55 years old. In terms of gender, men are the more likely perpetrators of detected fraud. According to KPMG, “the survey’s finding that men commit more fraud than women seems a reflection on the gender make-up of companies generally” and the “gender gap in fraud perpetration may reflect women’s under-representation in senior management positions and, as a consequence, fewer opportunities to commit fraud.”
In terms of job function, the KPMG report finds that people most often entrusted with a company’s sensitive information are able to override controls and thus are statistically more likely to become perpetrators. The report found that “most people involved in committing fraud work in the finance function” followed by those in the “chief executive’s / managing director’s office,” followed by those in “operations and sales.”
Other findings of note from the KPMG report include the following.
“One of the most significant findings of this survey is the very large increase in cases involving the exploitation of weak internal controls by fraudsters – up from 49 percent in 2007 to 74 percent in 2011. The difficult economic climate may be partially to blame. Tighter budgets are forcing some companies to cut costs in their control environments. Less robust controls, and fewer resources to monitor controls, allow for greater exploitation by fraudsters. Although necessary to preserve profits, such cost cutting should be balanced with effective risk management.”
“Many frauds continue to be exposed by formal or informal whistleblowing mechanisms. In 2007, companies were alerted to fraud by whistleblowers in one-quarter of cases, with complaints coming from customers or suppliers accounting for a further 13 percent. In 2011, formal internal whistleblower reports accounted for 10 percent of detections while anonymous tip-offs were responsible for uncovering 14 percent of frauds. A further 8 percent of frauds were identified due to customer or supplier complaints while 6 percent came in response to issues raised by third parties, including banks, tax authorities, regulators, competitors, or investors. That one in seven frauds is now discovered by chance puts question marks over the effectiveness of controls and management review at detecting and preventing fraud. […] The upshot is that companies seem to depend increasingly on the good conscience of staff or third parties, on accidental discovery or, in a few cases, on confessions, to identify potential fraud.”
“The number of fraud cases preceded by a red flags rose to 56 percent of cases in 2011, from 45 percent in 2007. However, instances where action was taken following the initial red flag fell massively. Just 6 percent of initial red flags were acted on in the 2011 analysis, compared with almost one-quarter (24 percent) in 2007. Companies are failing to read and to act quickly on the warning signs. Ignored red flags are a license for perpetrators to carry on operating and a missed opportunity for the business to detect or prevent fraud and to reduce losses and associated costs.”
“Fraud now takes longer to detect – up from an average 2.9 years from inception to detection in 2007 to 3.4 years in the 2011 analysis.” “In Asia […] the duration of fraud prior to detection is longest – on average five years – with 16 percent of frauds going undetected for ten years or more. This is possibly because employees in Asia tend not to challenge their superiors or to rock the boat as much as in Western Europe or North America …”.