Internal Fraud and Fintech
One big change with modern financial services is that clients can open accounts and send money without ever having met an adviser face to face.
The speed and ease at which accounts can be opened with different institutions is greatly welcomed when it comes to user experience. Even at a corporate account level, the options that are available for how a CFO might move a company’s funds, means that different financial service providers can be selected in as many ways as the company has transaction-types. E-commerce sales receipts, FX payments, direct-debits, treasury management, invoice finance - all with their own online account provider and all holding funds on behalf of the company.
For companies, charities and the funds industry there are many benefits; automation of the finance function, lower costs, faster on-boarding and a great customer experience. The increased speed in initiating relationships and transactions is what attracts businesses to fintech applications, but these same characteristics are exploited for ill-gotten gains.
The Traditional Fraud
Wirecard was a classic example of an accounting fraud. Inflating the company’s sales by crediting the revenue line, with the corresponding debit entry in the books going to inflate cash in the balance sheet. Then, when the auditors seek to confirm the cash exists, the company creates falsified statements and potentially intercepts any attempted correspondence between the auditor and the bank.
There have been many examples over the years. In 2015, an employee at BMW in the UK was found guilty of stealing £5.9 million from the company. The money was taken in 59 separate transactions listing the employee’s own bank account details under that of a supplier. The trouble is that this is not an easy or standard procedure which an auditor can test for on every company. The independent verification of transactions and the recipient’s IBAN are not traditionally part of a financial auditor’s toolkit
From an investor’s point of view, fraud issues are critical. However, governance of a company by it’s independent Board members becomes all that more difficult when the true cash position can be spread across potentially dozens of third-party providers. Traditional methods of gaining comfort over a company’s assets are impractical and often impossible. For example, auditors cannot send a postal letter to Stripe, asking them to confirm the funds held on account for a company. It’s simply not a service Stripe provides in the same way a traditional bank does.
The Fintech Fraud
Consider the internal fraud risks that come with an employee, a CFO or a treasurer being able to open new accounts and setup a simple process flow to channel transactions through them. Even with a Stripe account, a company can hold funds for 90 days. That is a full quarter’s worth of revenue which can be hidden or used to misstate the financial position of the company.
The intention of a fraud is not always to increase revenue. It could be to potentially hide revenue in one quarter in order to steal the cash later, or overstate a company’s performance in the subsequent year, to suit a particular market objective.
Fast, Independent Verification
At Circit, we have focused on delivering a real-time independent bank confirmation platform which eliminates many of the fraud risks associated with traditional systems. For the new risks posed by the next wave of Fintech, the platform provides automated verification of the existence, ownership and accuracy of the assets held.
As Fintech moves deeper into the core of every organisation, new service providers and new risks will emerge, and we will be part of the end-to-end solution to deliver the independent verification aspect for auditors and companies.