2021 outlook for fighting fraud in Europe

The pandemic is leading to increased fraud and criminals’ evolving tactics. Fraud examiners are facing budgetary and logistical constraints, and operational limitations. Here’s how these conditions could affect European anti-fraud efforts this year.

The ACFE Fraud in the Wake of COVID-19: Benchmarking Report, December 2020 Edition, said 79% of respondents have seen an increase in the overall level of fraud and 90% expect an increase in the next year.

Europol features these COVID-19 fraud scams on its website, among others:

• Bogus websites featuring fake news about the virus or posing as charities to steal personally identifiable information or infect visitors with malware.
• Fake apps claiming to display live information about the virus but will infect devices with malware or ransomware.
• Fake investment opportunities related to products or services that can prevent, detect or cure the virus.

In an interview with Fraud Magazine, Natina Thalien, CFE, the global head of security for governance, risk and compliance at Ingenico Group — a fintech company in Paris involved in electronic payment processing — discussed cyberfraud related to the pandemic.

“Anyone who downloads COVID-19-related applications can also be tricked into downloading ransomware because it was disguised as a legitimate application,” Thalien says.

Europol’s Internet Organised Crime Threat Assessment, published Oct. 5, 2020, reported organized criminal elements tweaking existing forms of cybercrime to exploit the pandemic, which caused an amplification of existing problems by limiting the investigative capacities of law enforcement authorities. The report also attributed the success of most social engineering and phishing attacks, which enabled other types of cybercrime, to inadequate security measures or insufficient awareness of victims.

“There has been a significant spike in phishing attacks since March 2020, and the vital necessity to prevent and detect is more crucial than ever,” Thalien says. “Attackers are using COVID-19 as bait to impersonate different media of information and thereby trying to mislead our employees or customers.”

The increased risks of cybercrime associated with COVID-19 are exacerbated by organizations’ shifts in business operations. “The means of working from home has increased usage of personal computers and phones, making it even more difficult to identify and protect systems and information,” Thalien says.

A report from the Council of Europe’s Committee of Experts on the Evaluation of Anti-money Laundering Measures and the Financing of Terrorism (MONEYVAL) found that “all jurisdictions noted a significant and rapid growth in the number of frauds related to COVID-19 and the adaptation of well-known fraud to the new (confined and more remote) lifestyle of individuals and businesses.”

MONEYVAL’s report also said that criminals are seeking to exploit temporary weaknesses in anti-money laundering (AML) and counterterrorism financing controls (CFT) of financial institutions, designated non-financial businesses and professions and virtual asset-service providers. MONEYVAL said that companies are adding to their risks when they relax or deprioritize measures and controls to boost economies. (See Money laundering and terrorism financing trends in MONEYVAL jurisdictions during the COVID-19 crisis, MONEYVAL, Sept. 2, 2020.)

Relaxation of anti-fraud controls doesn’t bode well for 2021 European fraud outlooks, especially when existing controls have failed to prevent major crimes. AML procedures, such as customer due diligence or know-your-customer requirements, couldn’t stop the laundering of billions of dollars through Danish Danske Bank, Swedish Swedbank AB, German Deutsche Bank and many other major financial institutions in Latvia, Malta and Portugal. (See Europe Seeks Greater Powers to Tackle Its Money-Laundering Problem, by Patricia Kowsmann, The Wall Street Journal, May 7, 2020.)

In the recent Wirecard fraud scandal, auditors signed off on Wirecard’s financial statements without independently verifying the existence of more than $2 billion of cash assets, which supposedly sat in Filipino banks. (See Wirecard Left Insolvent After Massive, Easily Avoidable Accounting Scandal, by Mason Wilder, The Fraud Examiner, July 2020.)

Following the Wirecard scandal, Germany’s coalition government agreed on reforms that would extend the powers of its national financial supervisory authority, BaFin, to include the ability to obtain information from third parties, conduct forensic investigations and inform the public earlier about its efforts. (See Wirecard scandal drives German coalition to tighter oversight, by Michael Nienaber, Reuters, Oct. 7, 2020.)

In another European fraud scandal, similar to the Wirecard incident, Martin Pucher, former CEO of Austria’s Commerizialbank, admitted to faking almost $950 million in assets, before the lender was shut down in July 2020. Internal and external audits didn’t detect the crimes. (See Wirecard Echoes in Austrian Bank Fraud Raise Awkward Questions, by Boris Groendahl, Bloomberg Quint, Aug. 15, 2020.)

Disparate regulations in EU nations

After a string of financial scandals, European organizations face major challenges. They’re paying the price from ignoring or insufficiently heeding the work of anti-fraud professionals against the backdrop of across-the-board fraud increases and operational limitations because of COVID-19.

The European Commission (EC), the European Union’s executive arm, has cited the disparate nature of European countries’ anti-fraud regulations and called for numerous uniform improvements to anti-money laundering requirements. (See Kowsmann’s article in The Wall Street Journal.)

In March 2020, the EC issued a call for advice on money laundering reforms to the European Banking Authority (EBA), which responded with its recommendations in September 2020:

Harmonizing the EU’s legal framework for customer due diligence measures and AML/CFT systems.

Increasing the powers that AML/CFT supervisors are afforded to ensure financial institutions’ compliance with their obligations.

Reevaluating the list of entities obliged to comply with AML/CFT legislation to potentially include virtual asset service providers, investment firms and investment funds.

Clarifying legislation to ensure money laundering risks are addressed consistently.

(See EBA Report on the Future AML/CFT Framework in the EU, European Banking Authority, Sept. 10, 2020).

Even if European countries standardize anti-money laundering expectations, organizations will still need to navigate the implementation of any changes during a stubborn pandemic that could still cause major recessions. (See European Businesses Could Face Historic Recession, PYMNTS.com, Sept. 28, 2020.)

Cybercrime risks continue to rise because of the pandemic. Thalien says organizations need to focus resources on security awareness to mitigate the risks of social engineering attacks such as phishing.

“It just takes one phishing e-mail to flip a company upside down, so a continuous phishing simulation is key,” she says. “With a continuous simulation, the reminders of phishing stay at the forefront of the employees, because people understand phishing, but they don’t practice it in reality,” she says. However, the task might prove more difficult than it sounds on the surface. “The challenge is having the budget, time and resources to be able to conduct a proper phishing simulation or campaign within a company,” Thalien says.

Fraud conditions increase, budgets decrease

The ACFE’s COVID-19 benchmarking report showed that between 14% and 38% of respondents anticipate budget decreases in their organizations for various anti-fraud expenses. (See Figure 1 below.)

Figure 1: Expected change in anti-fraud program budgets and resources over the next 12 months

Figure 2: Change in the difficulty level of anti-fraud activities

These difficulties will likely continue for European anti-fraud professionals in 2021. But these difficulties won’t only affect anti-fraud professionals, according to Britta Bohlinger, CFE, founding director of European risk mitigation firm, RisikoKlar, in an interview with Fraud Magazine conducted via email.

“I don’t see the anti-fraud profession in isolation,” she says. “It’s embedded in wider shifts and societal changes, whether resulting from COVID, economic downturn, elections ahead or in some parts of the world an increasing willingness to address climate change as a core matter spanning industries and professions.

“So, it is hard, some might argue — potentially misleading — to single out one biggest question mark for 2021 beyond the certainty that more change and requirement for agile solutions and cross-discipline collaboration are required in order to address the pressing issues,” Bohlinger says.