people in background

Forensic Fundamentals

Highlighting fraud, cybercrime and forensic accounting issues from the fundamentals to advanced.
Jim Gee
Jim Gee, Partner, National Head of Forensic Services
Our regular updates will cover the basics through to advanced insights into cybercrime, fraud, bribery and corruption and forensic accounting issues impacting both individuals and businesses today. 

We will also share a number of real life case studies highlighting common problems so you are better placed to protect yourself and organisation.

Click below to find out more on the topics you may need insight on. 

This week's fundamental topic

Friday 16 October 2020
 ic_search_black_24px

  Fraud

 View our services  
Billions lost to fraudsters through the government’s Bounce Back Loan Scheme

The National Audit Office (NAO) has estimated that the UK Government will spend more than £210 billion on its response to the COVID-19 pandemic. This money has rightly been spent on supporting organisations and individuals across the country in this time of unprecedented economic stress and the vast majority of the money has been legitimately applied for and correctly received. 

However, there is always a dishonest minority and on Wednesday 7 October 2020 the NAO published its report, ‘Investigation into the Bounce Back Loan Scheme’, which has taken a closer look at how the Bounce Back Loan Scheme (BBLS) has been distributed.

How it works

The report notes that the HM Treasury, British Business Bank (the Bank) and Department of Business, Energy and Industrial Strategy (BEIS) developed BBLS provides registered and unregistered businesses with loans of up to £50,000 or a maximum of 25% of their annual turnover. This loan should help to maintain their financial health during the pandemic. The scheme launched on Monday 4 May 2020 and will remain open until Monday 30 November 2020, with the government retaining the right to extend the Scheme. 

The loans are provided by commercial lenders (for example, banks, building societies and peer to peer lenders) directly to businesses, who are expected to repay the debt in full. Failure to do so may have a negative impact on their credit score and may affect their ability to borrow in the future. The government provides lenders a 100% guarantee against the loans (both capital and interest). This means if the borrower does not repay the loan, it will step in and repay the lender. HM Treasury data shows that as of Sunday 6 September 2020, the Scheme delivered more than 1.2 million loans to businesses, totalling £36.9 billion. BEIS and the Bank expect BBLS to have lent between £38 billion to £48 billion by Wednesday 4 November 2020, substantially more than it initially expected.

The opportunity for fraud

The government recognises that the decision to provide funds quickly leaves taxpayers exposed to a significant risk of fraud, including fraud caused by self-certification; multiple applications; lack of legitimate business; impersonation; and organised crime. 

BEIS’s 2019-20 annual report and accounts highlights likely total credit and fraud losses of between 35% and 60%, based on historic losses observed in prior programmes which most closely resemble the Scheme. Assuming the Scheme lends £43 billion, this would imply a potential cost to the government and taxpayers of £15 billion to £26 billion – an enormous sum. 

The nature of the losses are likely to be on a spectrum from high volume, low value opportunistic fraud through multiple fraudulent BBLS applications from fake companies through to high value, low volume fraud by organised crime groups. The number of companies registered each week after the government announced the scheme rose by 285% to a record 21,616 by the end of June 2020.

What can be done?

So, what is to be done? For many years, police resources focussed on fraud have diminished and it is now very hard to persuade them to take on a case of fraud. BEIS and the Bank do not have the counter fraud resources to investigate this scale of fraud. Perhaps it is time for private sector forensic and legal specialists to help tackle this threat – and to ensure that there are clear and visible consequences for the dishonest minority. The government did the right thing in supporting UK business – could specialists from UK business now support the government in identifying and investigating the fraudsters and recovering the losses?

 The impact of ‘ghost patients’ on the NHS 

Fraud can take on many shapes and forms with far reaching impact. It costs the NHS £1.29 billion a year (with independent academic estimates actually putting this figure between £3-£5 billion) and is a good example of how it can touch everyone’s life in the UK in one way or another. That’s enough to pay for over 40,000 staff nurses or purchase 5,000 ambulances. Due to the scale and complexity of the NHS it is affected by lots of types of fraud, one of which is the phenomenon of ‘ghost patients’. Ghost patients are people registered with General Practices who do not actually use the practice because they have moved to a different neighbourhood or have died. 

NHS Digital records showed that in 2018 there were 3.6 million more patients registered with the NHS in England than there were people in England, and a 2018 investigation revealed the imbalance was the result of ‘ghost patients’. NHS General Practitioners (GPs) receive £150 a year for each patient registered with their practice, and with an average of 1,700 registered patients each the payment is a significant proportion of a GP’s income. The investigation revealed £550 million was wrongly allocated to GP’s who, either intentionally or mistakenly, kept ghost patients on their books.

Ghost patients, and the additional payments associated with them, could be the result of poor record keeping rather than intentional dishonesty. Irrespective of the cause the result is similar, less funding available for the NHS to spend on the good work to keep the public healthy and save lives.

Any organisation thinking about where it may be losing money to fraud should always consult an expert before taking action. For more information on tackling fraud and to discuss measures to strengthen your organisation’s security, please contact Eoghan Daly

Fraud investigations

A fraud investigation often reveals a lot more than was originally suspected. Where fraud does take place, it is rarely an isolated incident and so an investigation into its full extent is very important. Investigations - using various techniques - can provide the opportunity to determine who is involved and the fraudsters’ modus operandi, and to identify the process and systems weaknesses which may have allowed the fraud to take place. 

A thorough investigation is the only way to resolve a suspicion of fraud. Following the findings of an investigation, a strategy to devise a proactive approach to reduce the nature and extent of fraud can be adopted, resulting in a long term beneficial impact on businesses’ approaches, company cultures and employees’ and suppliers’ outlooks.

How is an investigation carried out?

An investigation can be carried out using a number of different techniques and these are tailored to each specific investigation. Open source information resources are a common tool to gain insight and background knowledge concerning individuals, businesses, associated persons and assets. Additional methods can include examining (with permission) emails and other data, interviewing employees, and analysing relevant documents. When the relevant data has been identified, it can then be prepared for the most appropriate form of analysis in order to draw conclusions. 

Recent COVID-19 lockdown conditions have limited some face to face aspects of fraud investigations. Nevertheless, Crowe has the capacity to undertake remote investigations using its proprietary technology to remotely image computers and interview witnesses and suspects. This is highly effective.

Where do you start?

The first stages of a fraud investigation can be the most important to get right and we recommend to always seek specialist advice if you suspect a fraud to have taken place. We have compiled a list of ‘dos and don’ts’ if you find yourself in this position.  

A thorough investigation is very important. It doesn’t have to be a lengthy process but the thoroughness is crucial. Not to resolve a suspicion of fraud can be very damaging both to the organisation concerned and to those who are suspected. There is no substitute to a professional, legally compliant investigation in order to do this.

What is an ‘Expert Determination’?

One area where we often provide expert support is in the form of Expert Determinations (ED). ED is a procedure which involves a dispute, or difference, between two parties which are submitted to one or more experts who make a determination on the matter presented to it or them. The opinion reached is then binding on the parties, unless they both agree otherwise. 

An ED can be beneficial to the disputing parties as it is less costly than going to Court, a faster process, is usually binding on the parties, and is subject to the opinion of an independent accountant who has no allegiance to either side.

The resulting opinion can take one of two forms – non-speaking or speaking. There are pros and cons associated with each. A non-speaking approach is exactly as it sounds, say a company valuation is being undertaken, the non-speaking opinion will state is that ‘the shares are worth £X’. There are no report details to be challenged and as such it is difficult to challenge the outcome, although one side will invariably be happier with the outcome than the other. 

A speaking valuation is the opposite of a non-speaking valuation and will set out in detail how the value for those shares has been reached in a format more akin to a traditional report disclosed for Court. It has the benefit of covering the issues that may have been in debate between the parties, explaining why the conclusions have been reached. A speaking valuation may also raise matters which the parties wish to challenge that could end up protracting the process (for instance if they think something is factually incorrect). The threshold for challenging a determination on its findings is high, however, as the test is normally whether there has been manifest error. 

We can be instructed either as the expert undertaking the determination or assisting one of the parties in preparing their submissions. If you would like more information on our expert witness service please contact Chris Hine on 0161 214 7567.

What does an expert witness forensic accountant do?

In simple terms, we are the numbers support service to litigious disputes, investigations or advisory work and are frequently instructed to prepare reports for Court on what can be very complex, or hotly disputed, accounting/number issues.  Sometimes our work can be conducted on an urgent basis within a day, but often the work continues over many months, or even years.  Although our clients will always want the best outcome for themselves, our responsibility as an expert witness is to the Court while if we acts as advisors we will present both the strong and weak points of a client’s case, possibly ahead of mediation or consideration of a legal claim.  Our work can take us anywhere within the UK, and across any industry, while we also take on overseas matters due to our well established Crowe Global network of over 750 offices across 130 countries.

Our work is not supported by a portfolio of clients like it might be in audit or tax service line, each year a different set of challenges and scenarios is presented to us as we seek to assist our clients in either their dispute, investigation, or analysis.  While not professing to be the ultimate experts in every field of industry, we need to be sufficiently capable of being able to quickly pick up how various businesses operate, and what are the real issues that will drive the case either at Court, mediation, or in other negotiations.  While we always want to help our clients it is also important that we maintain an independent thought process which sets out the respective merits of a case, both good and bad from our client’s perspective.    

The matters we work on are often diverse and regularly challenging, examples of the range of casework we have been instructed on include:

  • Funding fraud alleged against a middle eastern bank and property developer.
  • Major supermarket contractual disputes with suppliers.
  • Defending an alleged associate of Bernie Madoff.
  • Representing Premier League and Championship clubs in financial matters.
  • Multi-million £/$ claims for wrongful trading.
  • Valuations in partnership and shareholder disputes involving global companies.
  • Reviewing the work of other accountants in professional negligence claims.

If you would like more information on our expert witness service please contact Chris Hine.

Case study – Mining and Energy Sector

Procurement fraud in a mine

A major mining company in Africa approached Crowe in May 2018 about a suspected invoice fraud of in excess of US$300,000. Crowe’s investigation identified a corrupt network involving suppliers, procurement and human resources and the recovery of over $1,000,000 from the supplier involved. 

The mine is located in a remote part of Africa so, rather than send a person to site, Crowe used specialised technology to obtain forensic images of several computers and other electronic data. A forensic image is a direct copy of all the files on a storage device, such as a hard drive.  A forensic image will typically include all files saved on a machine, included deleted documents.  The technology used by Crowe significantly reduces the upfront costs of starting an investigation and enables remote and covert data collection. 

Through the analysis of almost a million files and ten interviews with past and current employees, the investigation revealed the fraud was perpetrated by one employee from the mine and several employees from a supplier. The mine was defrauded through the submission and processing of false invoices. Payments for other goods and services were also concealed, for example the costs of hiring a vehicle were concealed within catering recharges to the mine. The procurement processes were easy to exploit, with a reliance on proof of shipping information rather than proof that the goods were received. In some cases the mine was charged for goods that were never delivered or even ordered in the first place. The individuals involved also committed fraud to obtain goods for their own personal use, including vehicles and expensive food and alcohol.  

The investigation also revealed multiple vulnerabilities in the organisation’s procurement processes, and a lack of any verification on the quantity and quality of goods and services provided by suppliers. In addition to rooting out the corrupt network, the investigation findings were used by the mine to renegotiate several supplier contracts and save significant sums of money. 

Before engaging Crowe the mine had conducted its own internal investigation that quickly hit a dead-end. By applying its expertise Crowe quickly and thoroughly established the truth of what happened and help the mine to put things right. 

You should always consult with an expert before you take action. Get in touch with the Forensics team if you require further information or to discuss our services.

The Dark Web: understand the Dark Web, understand the threat

The threat of the Dark Web is real, and it is growing.

A recent study carried out by Dr. Mike McGuire at the University of Surrey revealed that there has been a 20% increase since 2016 in the number of dark net listings that have the potential to directly harm an enterprise, with 4 in 10 dark net vendors selling targeted hacking services aimed at Fortune 500 and FTSE 100 businesses. 

What is it and how does it work?

The Dark Web is a component of the internet that cannot be reached through search engines, as it exists on an overlay of proxy servers. Proxy servers are a gateway between a user and the internet, and act as an intermediary directing online traffic to the requested address. These servers also allow the IP address of a user to remain unidentifiable and untraceable when accessing websites. An IP address is a digital address for your device, however it is subject to change depending on your location. To access the Dark Web, a specific piece of software called Tor is required, which conceals the users IP address and allows access to webpages which cannot be accessed through regular browsers, such as Google Chrome. 

Why is the Dark Web a threat?

The Dark Web has become a marketplace for illegal goods and confidential information. Crowe’s Dark Web: Bad for Business report, in collaboration with the University of Portsmouth, found tools and services designed to defraud or perpetuate cybercrime against 21 of the top 50 UK brands (as identified in the 2017 brand directory league table). The research team found template bank statements, utility bills and passports; bank account numbers and sort codes; advice on phishing and fraud packs containing guidance on how to carry out various forms of fraud. 

The true size of the Dark Web is unknown, but it is thought to form around 5% of the deep web. All content that cannot be found through a search engine is classified as the deep web, which forms part of the World Wide Web. The Dark Web has given way for a plethora of fraud, corruption and cybercrime to occur effecting both organisations and individuals. 

Policing criminal activity on the Dark Web is a particularly difficult challenge as a result of Tor’s complex data encryption, anonymity and hidden services/applications. The Dark Web has become a method favoured by criminals to target organisations, so it is vital that businesses understand the Dark Web, and the threat it poses. 

Crowe offers a low-cost subscription services for organisations interested in monitoring the Dark Web for emerging threats. It can be deployed quickly and provides a regular report of any discussions relevant to the organisation. For more information on how Crowe can help your organisation, please contact Jim Gee.

What is cybercrime?

How big an issue is it?

There is an epidemic of fraud and cybercrime in the UK, growing to represent almost half of all crime in the UK (45%). Cybercriminals target all demographics of individuals and sizes and types of businesses if they can see a weakness which can be exploited.

What constitutes cybercrime?

Cybercrime can be considered an umbrella term for all illegal activity that has used technology to perpetrate a crime. It is transnational, meaning that the borderless realm of the online world can reach and effect all those with an online presence. As technology continues to evolve and adapt, the nature of cybercrime coincides with this notion. Cybercrime continues to rise in scale and complexity affecting essential services, businesses and private individuals alike. 

What are the damages?

Failure to prevent a cyberattack goes beyond physical or digital damage, having the ability to inflict long term repercussions. Businesses in particular can suffer from reputational damage including the loss of customers or clients, loss of sales and a reduction in profits. Subsequently, economic damage is incurred from the attack itself in some instances, the disruption of production lines, and costs that have arisen from the need to resolve and investigate the issue at hand. For example, Honda recently experienced what was believed to be a ransomware attack effecting the company’s ability to access its computer servers and internal systems and hindered its production line in multiple countries.

Prepare for threats

It is essential that businesses ensure that the necessary processes and security measures are in place to protect company and client/customer information, going beyond the companies own measures and assessing any third parties involved in the management and storage of data. If a company is failing to actively take care of sensitive information it may be subject to regulatory sanctions and/or large fines. 

It is essential to remember that no business is exempt from cyber-attacks, and all companies must be prepared for any potential threats. 

Further information on tackling cybercrime can be found here.

Complete our Cybercrime Vulnerability Scorecard for a quick and free assessment of your cyber vulnerabilities.

Webinars

An introduction to cyber security
Covering the fundamentals of cyber security, including commonly used terms and
governance.
Diagnosing the organisa-tion’s vulnerabilities
Covering the steps you can take to diagnose its cyber vulnerabilities, addressing the identification, assessment and understanding of cyber security risks.
Strengthening resilience
Ensuring adequate cyber security requires core issues are actively managed. This sessions will describe what the core issues are and explain why they matter.
Incident response
It is not a question of if there will be a cyber incident, it is a question of when it will happen. We will cover how an organisation should prepare for an incident.
Fraud and international trade
In the current climate, fraud has become more prevalent within international trade, in this webinar Jim Gee, Partner, Head of Forensics and Counter Fraud looks at how to minimise the risk.
Cybercrime: effective protection for SMEs
Covering the best approach for managing your cybercrime protection and the five important stages to consider - Prevent, Protect, Defend, React, Recover.
COVID-19 and fraud 
What you need to do NOW, and in the current situation where face-to-face contact is difficult, and in what capacity,  Crowe can undertake investigations remotely.
COVID-19 and cybercrime
Addressing some immediate areas to think about and focus on e.g. what to look out for in the current pandemic, how to protect yourselves and your employees.
Cybercrime: fix the most common vulnerabilities
Looking at the cybercrime risks facing listed businesses and preventative measures you can put in place.
An introduction to cyber security
Covering the fundamentals of cyber security, including commonly used terms and
governance.
Diagnosing the organisa-tion’s vulnerabilities
Covering the steps you can take to diagnose its cyber vulnerabilities, addressing the identification, assessment and understanding of cyber security risks.
Strengthening resilience
Ensuring adequate cyber security requires core issues are actively managed. This sessions will describe what the core issues are and explain why they matter.
Incident response
It is not a question of if there will be a cyber incident, it is a question of when it will happen. We will cover how an organisation should prepare for an incident.
Fraud and international trade
In the current climate, fraud has become more prevalent within international trade, in this webinar Jim Gee, Partner, Head of Forensics and Counter Fraud looks at how to minimise the risk.
Cybercrime: effective protection for SMEs
Covering the best approach for managing your cybercrime protection and the five important stages to consider - Prevent, Protect, Defend, React, Recover.
COVID-19 and fraud 
What you need to do NOW, and in the current situation where face-to-face contact is difficult, and in what capacity,  Crowe can undertake investigations remotely.
COVID-19 and cybercrime
Addressing some immediate areas to think about and focus on e.g. what to look out for in the current pandemic, how to protect yourselves and your employees.
Cybercrime: fix the most common vulnerabilities
Looking at the cybercrime risks facing listed businesses and preventative measures you can put in place.

Contact us

Jim Gee
Jim Gee
Partner, National Head of Forensic Services
London